• WELCOME
Welcome to the Myantispyware - free site offering help and assistance on spyware, malware and adware removal. As a guest you can only browse and view the various topics in the forums, but can not create a new topic and reply to an existing topic. If you are seeking help, you will need to be a logged into the forums with a registered account. Registering is free.
Click here to Create a free account and read How to use Spyware Removal Forum

DNSchanger Trojan (Vista OS)

This forum is for removing Malware, Spyware, Adware. Post your HijackThis, DDS, RSIT, Combofix logs here.

Moderator: Moderators

Forum rules
Post a reply

DNSchanger Trojan (Vista OS)

Postby icenola » Thu May 07, 2009 4:50 am

Keeps redirecting me to websites I do not want when I clik on a topic in my search engine. Also I cannot update anything...Windows Update....Panda ...nothing will update. Thanks for any help in this matter.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:41 PM, on 5/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApVxdWin.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\George\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\George.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\avciman.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} (NeroVersionCheckerControl Control) - http://www.nero.com/doc/NeroVersionCheckerControl.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbt_device - - C:\Windows\system32\lxbtcoms.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrvx86.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\psimsvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

--
End of file - 12820 bytes
icenola
 
Posts: 12
Joined: Thu May 07, 2009 3:15 am
Top

Re: DNSchanger Trojan (Vista OS)

Postby patrik » Thu May 07, 2009 11:25 am

Hello icenola, welcome to the Myantipyware forum.

Download Avenger from here and unzip to your desktop.
Run Avenger, make sure that the box next to "Scan for rootkits" has a tick in it and that the box next to "Automatically disable any rootkits found" does not have a tick in it, then click on ‘Execute’.
Afterwards, Windows restarts, and opens the log generated by The Avenger so you can see the results. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).

Post back with Avenger log.
patrik
Site Admin
 
Posts: 7034
Joined: Sun Jan 08, 2006 1:11 pm
Top

Re: DNSchanger Trojan (Vista OS)

Postby icenola » Thu May 07, 2009 11:55 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger
Thanks...
*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.
icenola
 
Posts: 12
Joined: Thu May 07, 2009 3:15 am
Top

Re: DNSchanger Trojan (Vista OS)

Postby patrik » Fri May 08, 2009 2:53 pm

Avenger log looks ok.
If you have previously downloaded ComboFix, please delete that version now.
Download Combofix from here. Close any open browsers. Double click on combofix.exe and follow the prompts.

Post back with combofix log.
patrik
Site Admin
 
Posts: 7034
Joined: Sun Jan 08, 2006 1:11 pm
Top

Re: DNSchanger Trojan (Vista OS)

Postby icenola » Fri May 08, 2009 9:05 pm

Again...thanks for the help...here's the combofix log.

ComboFix 09-05-08.01 - George 05/08/2009 15:56.8 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.2035 [GMT -5:00]
Running from: c:\users\George\Desktop\ComboFix.exe
AV: Panda Antivirus Pro 2009 *On-access scanning disabled* (Updated)
FW: Panda Personal Firewall 2009 *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-04-08 to 2009-05-08 )))))))))))))))))))))))))))))))
.

2009-05-08 20:53 . 2009-05-08 20:54 -------- d-----w C:\Combo-Fix
2009-05-07 03:24 . 2009-05-07 03:24 -------- d-sh--w C:\found.000
2009-05-05 22:10 . 2009-05-05 22:10 -------- d-----w C:\rsit
2009-05-05 21:52 . 2009-05-05 21:52 -------- d-----w c:\program files\Trend Micro
2009-05-05 03:40 . 2008-12-11 13:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-05 03:40 . 2008-12-10 16:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-05 03:40 . 2009-05-05 05:06 -------- d-----w c:\program files\Spyware Doctor
2009-05-05 03:40 . 2004-08-04 13:00 506368 ----a-w c:\windows\system32\msxml.dll
2009-05-05 03:10 . 2009-05-05 04:05 -------- d-----w c:\users\George\AppData\Roaming\PC Tools
2009-05-05 03:09 . 2009-04-03 16:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-05 03:09 . 2008-12-18 17:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-05 03:08 . 2009-05-05 03:41 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-05 03:08 . 2009-05-05 04:13 -------- d-----w c:\program files\PC Tools AntiVirus
2009-05-04 22:27 . 2009-05-04 22:27 249 ----a-w c:\windows\system32\PavCPL.dat
2009-05-03 15:58 . 2009-05-08 01:34 204908 ----a-w c:\windows\system32\drivers\APPFCONT.DAT
2009-05-03 15:58 . 2008-06-18 21:06 46720 ----a-w c:\windows\system32\drivers\wnmflt.sys
2009-05-03 15:58 . 2008-06-18 21:06 52992 ----a-w c:\windows\system32\drivers\dsaflt.sys
2009-05-03 15:58 . 2008-06-18 21:06 193792 ----a-w c:\windows\system32\drivers\idsflt.sys
2009-05-03 15:57 . 2008-03-28 16:25 22072 ----a-w c:\windows\system32\drivers\fnetmon.sys
2009-05-03 15:57 . 2008-06-25 20:42 73728 ----a-w c:\windows\system32\drivers\APPFLT.SYS
2009-05-03 15:57 . 2008-07-11 19:58 158848 ----a-w c:\windows\system32\drivers\NETFLTDI.SYS
2009-05-03 05:47 . 2009-05-03 05:47 -------- d-----w c:\users\George\AppData\Roaming\Malwarebytes
2009-05-03 03:03 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-03 03:03 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-03 03:03 . 2009-05-03 03:03 -------- d-----w c:\programdata\Malwarebytes
2009-05-03 03:03 . 2009-05-03 03:03 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-03 03:03 . 2009-05-03 06:25 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 01:56 . 2009-05-03 01:56 -------- d-----w c:\users\George\AppData\Local\Panda Security
2009-05-03 01:56 . 2008-02-14 03:14 49208 ----a-w c:\windows\system32\drivers\amm8660.sys
2009-05-03 01:55 . 2003-10-22 23:23 446464 ----a-w c:\windows\system32\HHActiveX.dll
2009-05-03 01:54 . 2008-06-24 19:48 193280 ----a-w c:\windows\system32\TpUtil.dll
2009-05-03 01:54 . 2007-02-08 16:53 107568 ----a-w c:\windows\system32\SYSTOOLS.DLL
2009-05-03 01:54 . 2008-06-18 23:03 87296 ----a-w c:\windows\system32\PavLspHook.dll
2009-05-03 01:54 . 2008-06-18 23:03 55552 ----a-w c:\windows\system32\pavipc.dll
2009-05-03 01:54 . 2008-06-18 23:03 520448 ----a-w c:\windows\system32\PavSHook.dll
2009-05-03 01:54 . 2008-06-26 16:25 197888 ----a-w c:\windows\system32\drivers\neti1634.sys
2009-05-03 01:54 . 2009-05-03 01:54 -------- d-----w c:\windows\system32\PAV
2009-05-03 01:54 . 2009-05-03 01:54 -------- d-----w c:\users\George\AppData\Roaming\Panda Security
2009-05-03 01:54 . 2009-05-03 01:54 -------- d-----w c:\programdata\Panda Security
2009-05-03 01:54 . 2009-05-03 01:54 -------- d-----w c:\users\All Users\Panda Security
2009-05-03 01:54 . 2009-05-05 05:03 -------- d-----w c:\program files\Panda Security
2009-05-03 01:52 . 2008-06-19 22:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-03 01:51 . 2008-03-04 13:59 41144 ----a-r c:\windows\system32\drivers\ShlDrv51.sys
2009-05-03 01:51 . 2008-02-07 10:03 179640 ----a-r c:\windows\system32\drivers\PavProc.sys
2009-05-03 01:36 . 2009-05-03 01:51 -------- d-----w c:\program files\Common Files\Panda Security
2009-04-25 23:28 . 2009-04-25 23:28 -------- d-----w c:\program files\QuickyPlaeyr
2009-04-11 12:18 . 2008-04-17 17:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-11 12:18 . 2009-03-19 21:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-11 12:18 . 2009-04-11 12:18 -------- d-----w c:\program files\iPod
2009-04-11 12:18 . 2009-04-11 12:18 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-11 12:18 . 2009-04-11 12:18 -------- d-----w c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-11 12:18 . 2009-04-11 12:18 -------- d-----w c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 20:41 . 2009-05-03 15:58 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-05-08 20:41 . 2009-05-03 15:58 1132 ----a-w c:\windows\system32\drivers\APPFLTR.CFG
2009-05-08 01:34 . 2009-05-03 15:58 204908 ----a-w c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-05-07 05:33 . 2008-12-02 06:53 -------- d-----w c:\program files\Roxio
2009-05-07 05:33 . 2008-12-02 06:46 -------- d-----w c:\program files\XPSMiniViewGadget
2009-05-07 05:33 . 2008-12-02 06:55 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-05-07 05:33 . 2008-12-02 06:52 -------- d-----w c:\program files\Microsoft Works
2009-05-05 03:45 . 2009-01-10 18:25 680 ----a-w c:\users\George\AppData\Local\d3d9caps.dat
2009-05-03 15:57 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-05-03 15:57 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-05-03 15:57 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-05-03 01:45 . 2008-12-02 06:40 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-17 21:32 . 2008-12-10 03:24 464 ----a-w c:\users\George\AppData\Roaming\wklnhst.dat
2009-04-16 08:08 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-11 12:22 . 2008-12-25 21:27 -------- d-----w c:\program files\DVD Shrink
2009-04-11 12:18 . 2008-12-12 21:17 -------- d-----w c:\program files\Common Files\Apple
2009-03-25 16:06 . 2008-12-02 06:49 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 16:06 . 2008-12-02 06:49 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 16:06 . 2008-12-02 06:49 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 16:06 . 2008-12-02 06:49 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 16:05 . 2008-12-02 06:49 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-23 17:04 . 2008-12-08 06:20 -------- d-----w c:\program files\Norton SystemWorks Basic Edition
2009-03-17 03:38 . 2009-04-15 19:37 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 19:37 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-13 00:19 . 2009-03-13 00:18 -------- d-----w c:\program files\QuickTime
2009-03-06 04:59 . 2009-03-06 04:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-06 04:59 . 2009-03-06 04:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-03 04:46 . 2009-04-15 19:37 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 19:37 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 19:37 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 19:37 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 19:37 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 19:37 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 19:37 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 19:37 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 19:37 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 19:37 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 19:37 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 19:37 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 19:37 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-14 00:00 . 2009-02-14 00:00 4608 ----a-w c:\windows\system32\w95inf32.dll
2009-02-14 00:00 . 2009-02-14 00:00 2272 ----a-w c:\windows\system32\w95inf16.dll
2009-02-13 08:49 . 2009-04-15 19:37 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-15 19:37 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 05:37 2033152 ----a-w c:\windows\system32\win32k.sys
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-12-02 09:18 . 2008-12-02 09:17 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-05-03_05.09.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-05-08 20:42 63146 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-08 20:42 80742 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-05-05 03:40 . 1996-01-12 23:00 24576 c:\windows\System32\STKIT432.DLL
+ 2008-02-03 15:16 . 2009-05-08 20:40 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-03 15:16 . 2009-05-03 05:09 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-03 15:16 . 2009-05-03 05:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-03 15:16 . 2009-05-08 20:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-03 15:16 . 2009-05-08 20:40 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-02-03 15:16 . 2009-05-03 05:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-07 20:59 . 2009-05-08 20:42 7266 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-499479793-1684756330-2423039934-1000_UserData.bin
- 2009-05-03 05:03 . 2009-05-03 05:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-08 20:40 . 2009-05-08 20:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-08 20:40 . 2009-05-08 20:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-03 05:03 . 2009-05-03 05:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-14 23:45 . 2009-05-07 05:38 168564 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2008-12-07 22:13 . 2009-05-07 05:40 236022 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-05-03 01:54 . 2008-06-26 16:25 197888 c:\windows\System32\DriverStore\FileRepository\netflt.inf_ae88956f\neti1634.sys
+ 2008-12-07 20:49 . 2009-05-08 06:53 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-12-07 20:49 . 2008-12-07 20:49 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-12-07 20:48 . 2009-05-08 06:53 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-12-07 20:48 . 2008-12-07 20:48 262144 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-06-30 15:39 . 2008-06-30 15:39 128256 c:\windows\Downloaded Program Files\as2stubie.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-12-25 160592]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"PhotoShow Deluxe Media Manager"="c:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2005-02-26 212992]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2005-09-08 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2008-11-03 1745648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-09-06 115560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" [2008-07-17 857344]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" [2008-07-07 50432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\program files\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-02 06:57 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{59CD2CA6-10C6-4FAC-9963-C05ABF0D42AB}"= UDP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{14B37D38-D6D1-4FF2-822C-C84E53E7A5BD}"= TCP:c:\program files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{FEF579A2-83C1-4114-94B7-FDCEF2B912F3}"= UDP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{A60F0077-3AC7-40BB-B19C-A377F0721CCA}"= TCP:c:\program files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{64D4A92D-D20D-4501-B359-26A6FBDA072E}"= UDP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{D05579C7-6FA9-41D3-B39C-9922445B3229}"= TCP:c:\program files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{5E208040-56F5-4AD4-AB69-B95E748F79D2}"= UDP:c:\program files\Common Files\AOL\1228690668\ee\aolsoftware.exe:AOL Shared Components
"{EE3E84AB-15DE-4585-B612-A00E6AB3608F}"= TCP:c:\program files\Common Files\AOL\1228690668\ee\aolsoftware.exe:AOL Shared Components
"{ADABCAA5-61DE-40D3-8D50-57047E6EE919}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{44385884-EC66-4EF1-B0E8-C7AF9425F3C8}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{04792BC1-1A6E-48CB-B326-24C245EF0BF1}"= UDP:c:\program files\Common Files\AOL\1228690668\ee\AOLDesktop.exe:AOL Desktop
"{20875910-AE56-4622-9D57-85ECC682E0A1}"= TCP:c:\program files\Common Files\AOL\1228690668\ee\AOLDesktop.exe:AOL Desktop
"{68F87451-3DCD-43F4-89A5-BF34196B7536}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{419B94D9-C0C3-43EB-B216-4EB8DFD25E84}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{F40C04E9-32E8-453E-9CBB-7076C19FEB58}"= UDP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{6E0E5A8E-C242-4905-B81A-13BB582B5760}"= TCP:c:\program files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{F53A834D-1415-4900-A983-0490F450E7A2}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3758D3BB-9085-4BA2-A518-7E6AA97ECC03}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DBF55D92-D8B9-4338-8E9C-6EEC9E998D7E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2E002771-F021-4B6C-897A-E80DD8AB49D0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BBC8F587-3594-4DE1-A779-BFD8D3479775}"= UDP:c:\windows\System32\lxbtcoms.exe:Lexmark Communications System
"{28A0A9A1-84D1-4ADE-911C-97F2891D272F}"= TCP:c:\windows\System32\lxbtcoms.exe:Lexmark Communications System
"{AAC0805C-41DB-43EF-A1D4-C115AE4D446A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A0122FCC-5FCB-40A0-B26C-E0DA8368F246}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 pavboot;Panda boot driver;c:\windows\System32\drivers\pavboot.sys [5/2/2009 8:52 PM 28544]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [5/4/2009 10:09 PM 130936]
R1 APPFLT;App Filter Plugin;c:\windows\System32\drivers\APPFLT.SYS [5/3/2009 10:57 AM 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\System32\drivers\dsaflt.sys [5/3/2009 10:58 AM 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\System32\drivers\fnetmon.sys [5/3/2009 10:57 AM 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\System32\drivers\idsflt.sys [5/3/2009 10:58 AM 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\System32\drivers\NETFLTDI.SYS [5/3/2009 10:57 AM 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\System32\drivers\ShlDrv51.sys [5/2/2009 8:51 PM 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\System32\drivers\wnmflt.sys [5/3/2009 10:58 AM 46720]
R2 AmFSM;AmFSM;c:\windows\System32\drivers\amm8660.sys [5/2/2009 8:56 PM 49208]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\System32\drivers\PavProc.sys [5/2/2009 8:51 PM 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe [5/2/2009 8:55 PM 28928]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\System32\drivers\neti1634.sys [5/2/2009 8:54 PM 197888]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [5/14/2008 10:32 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [5/14/2008 10:32 AM 166384]
S2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [5/14/2008 10:31 AM 1120752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/4/2009 10:40 PM 348752]

--- Other Services/Drivers In Memory ---

*Deregistered* - AvFlt
*Deregistered* - PavSRK.sys
*Deregistered* - PavTPK.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b5f7f9cd-c010-11dd-a267-806e6f6e6963}]
\shell\AutoRun\command - E:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-04 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks Basic Edition\OBC.exe [2007-09-18 17:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-US\local\search.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 15:59
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0
icenola
 
Posts: 12
Joined: Thu May 07, 2009 3:15 am
Top

Re: DNSchanger Trojan (Vista OS)

Postby patrik » Sat May 09, 2009 1:54 pm

Looks ok.

Download AVZ Antiviral Toolkit from here or here.
Unzip it to a folder that you create such as C:\AVZ\.
Double-click avz.exe to run the program.
Click File -> Database Update. Click Start.
When the update is finished click OK.
Click AVZPM > Install extended monitoring driver.
Click OK.
Close AVZ and reboot your computer.

Run AVZ.
Click File -> Starndart scripts.
Mark the Advanced System Analysis check box.
Click on the Execute selected scripts button.
Click YES for confirm.
A system check will be executed.
When the scan is finished, a logfile will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.
Click OK and click CLOSE.
Close AVZ.

Attach virusinfo_syscheck.zip in your reply.
patrik
Site Admin
 
Posts: 7034
Joined: Sun Jan 08, 2006 1:11 pm
Top

Re: DNSchanger Trojan (Vista OS)

Postby icenola » Mon May 11, 2009 4:56 am

Not sure the "install extended monitoring driver" did anything when I clicked on it. Rebooted and did the rest as instructed. Here is the Log. Thanks...

AVZ Antiviral Toolkit log; AVZ version is 4.30
Scanning started at 5/10/2009 11:50:05 PM
Database loaded: signatures - 222634, NN profile(s) - 2, microprograms of healing - 56, signature database released 10.05.2009 23:24
Heuristic microprograms loaded: 372
SPV microprograms loaded: 9
Digital signatures of system files loaded: 111004
Heuristic analyzer mode: Maximum heuristics level
Healing mode: disabled
Windows version: 6.0.6001, Service Pack 1 ; AVZ is launched with administrator rights
System Restore: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Function ws2_32.dll:WSAConnect (42) intercepted, method CodeHijack (method not defined)
Function ws2_32.dll:WSARecv (87) intercepted, method CodeHijack (method not defined)
Function ws2_32.dll:WSARecvFrom (89) intercepted, method CodeHijack (method not defined)
Function ws2_32.dll:WSASend (92) intercepted, method CodeHijack (method not defined)
Function ws2_32.dll:WSASendTo (95) intercepted, method CodeHijack (method not defined)
Function ws2_32.dll:closesocket (3) intercepted, method CodeHijack (method not defined)
Function ws2_32.dll:connect (4) intercepted, method CodeHijack (method not defined)
Function ws2_32.dll:recv (16) intercepted, method CodeHijack (method not defined)
Function ws2_32.dll:recvfrom (17) intercepted, method CodeHijack (method not defined)
Function ws2_32.dll:send (19) intercepted, method CodeHijack (method not defined)
Function ws2_32.dll:sendto (20) intercepted, method CodeHijack (method not defined)
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Error loading driver - checking interrupted [C0000061]
1.4 Searching for masking processes and drivers
Checking not performed: extended monitoring driver (AVZPM) is not installed
Error loading driver - checking interrupted [C0000061]
2. Scanning memory
Number of processes found: 21
Analyzer: process under analysis is 3684 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[ES]:Contains network functionality
[ES]:Application has no visible windows
[ES]:Registered in autoruns !!
Analyzer: process under analysis is 3080 C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
[ES]:Application has no visible windows
Number of modules loaded: 387
Scanning memory - complete
3. Scanning disks
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious programs
Checking disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun are allowed
>> Autorun from network drives are allowed
>> Removable media autorun are allowed
Checking - complete
Files scanned: 408, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 5/10/2009 11:50:29 PM
Time of scanning: 00:00:25
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
System Analysis in progress
System Analysis - complete
icenola
 
Posts: 12
Joined: Thu May 07, 2009 3:15 am
Top

Re: DNSchanger Trojan (Vista OS)

Postby icenola » Mon May 11, 2009 5:08 am

Hmmmm...perhaps I posted the wrong log.... see if this is the correct log... too many..have to post in two replys...Thanks

<?xml version="1.0" encoding="windows-1251" ?>
- <!-- AVZ XML Report
-->
- <AVZ>
- <PROCESS>
<ITEM PID="3132" File="AluSchedulerSvc.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="1352" File="AppleMobileDeviceService.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="3588" File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE" CheckResult="-1" Descr="Enhanced On-Access Anti-Malware Protection" LegalCopyright="© Panda 2008" CmdLine="" Size="193792" Attr="rsAh" CreateDate="5/2/2009 8:54:29 PM" ChageDate="7/2/2008 1:26:56 PM" MD5="FA943FFB594583AFB8C68A1C1A1E842D" />
<ITEM PID="3684" File="c:\program files\common files\symantec shared\ccapp.exe" CheckResult="-1" Descr="Symantec User Session" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." CmdLine="@quot;C:\Program Files\Common Files\Symantec Shared\ccApp.exe@quot;" Size="115560" Attr="rsAh" CreateDate="9/6/2007 5:30:18 PM" ChageDate="9/6/2007 5:30:18 PM" MD5="885BC61E68D9A6616761CBC13F1BDCAC" />
<ITEM PID="2424" File="c:\program files\ati technologies\ati.ace\core-static\ccc.exe" CheckResult="0" Descr="Catalyst Control Centre: Host application" LegalCopyright="2002-2006" Hidden="-1" CmdLine="@quot;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe@quot; 0" Size="49152" Attr="rsAh" CreateDate="7/17/2007 11:13:34 AM" ChageDate="7/17/2007 11:13:34 AM" MD5="25CA1677AAA3CDC99CD4FCF940886F3C" />
<ITEM PID="1160" File="ccSvcHst.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="3308" File="c:\program files\dell datasafe online\datasafeonline.exe" CheckResult="-1" Descr="DataSafeOnline" LegalCopyright="Copyright © 2007" CmdLine="@quot;C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe@quot; /m" Size="1745648" Attr="rsAh" CreateDate="11/3/2008 10:54:00 AM" ChageDate="11/3/2008 10:54:00 AM" MD5="14D1A292A9F0613BF8A432AD89222A31" />
<ITEM PID="1460" File="c:\windows\explorer.exe" CheckResult="0" Descr="Windows Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\Windows\Explorer.EXE" Size="2927104" Attr="rsAh" CreateDate="12/10/2008 9:53:42 PM" ChageDate="10/29/2008 1:29:41 AM" MD5="4F554999D7D5F05DAAEBBA7B5BA1089D" />
<ITEM PID="2540" File="c:\program files\intel\intel matrix storage manager\iaanotif.exe" CheckResult="0" Descr="Event Monitor User Notification Tool" LegalCopyright="Copyright(C) Intel Corporation 2003-2007" Hidden="-1" CmdLine="@quot;C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe@quot;" Size="178712" Attr="rsAh" CreateDate="12/2/2008 1:40:29 AM" ChageDate="10/3/2007 3:44:58 PM" MD5="EC9B27B37D8E9D361C38E8D364F09611" />
<ITEM PID="3104" File="IAANTmon.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="4180" File="iPodService.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="3516" File="mcupdate.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="3224" File="mDNSResponder.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="4092" File="c:\program files\ati technologies\ati.ace\core-static\mom.exe" CheckResult="0" Descr="Catalyst Control Center: Monitoring program" LegalCopyright="2002-2007" Hidden="-1" CmdLine="@quot;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM@quot;" Size="49152" Attr="rsAh" CreateDate="7/17/2007 11:13:56 AM" ChageDate="7/17/2007 11:13:56 AM" MD5="E681281D9BFC9D45D3B72532717E5880" />
<ITEM PID="3080" File="c:\program files\ahead\nero photoshow\data\xtras\mssysmgr.exe" CheckResult="-1" Descr="Nero PhotoShow Media Manager" LegalCopyright="Copyright © 2005 Ahead Software AG" CmdLine="@quot;C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe@quot;" Size="212992" Attr="rsAh" CreateDate="2/13/2009 6:10:37 PM" ChageDate="2/25/2005 7:28:03 PM" MD5="917BAFA5FC295611A401692F56DA7829" />
<ITEM PID="2512" File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe" CheckResult="-1" Descr="Panda Function Service" LegalCopyright="© Panda 2008" CmdLine="" Size="169216" Attr="rsAh" CreateDate="5/2/2009 8:54:43 PM" ChageDate="7/10/2008 12:02:00 PM" MD5="4A7D3F1D86617F0A5A6B241C4A777794" />
<ITEM PID="3968" File="PavPrSrv.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="4068" File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrvx86.exe" CheckResult="-1" Descr="Enhanced On-Access Anti-Malware Service" LegalCopyright="© Panda 2008" CmdLine="" Size="290048" Attr="rsAh" CreateDate="5/2/2009 8:54:30 PM" ChageDate="7/4/2008 2:28:34 PM" MD5="9137CEEF24399B33E7E912CC5C35D0E9" />
<ITEM PID="2332" File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrlS.exe" CheckResult="-1" Descr="Panda Software Controler" LegalCopyright="© Panda 2008" CmdLine="" Size="181504" Attr="rsAh" CreateDate="5/2/2009 8:55:47 PM" ChageDate="7/16/2008 2:45:20 PM" MD5="F3B754B54BB737FD2C904BD4411217CC" />
<ITEM PID="4488" File="PSHost.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="3472" File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe" CheckResult="-1" Descr="Panda Interface Manager Service" LegalCopyright="© Panda 2008" CmdLine="" Size="108288" Attr="rsAh" CreateDate="5/2/2009 8:54:48 PM" ChageDate="6/19/2008 12:59:50 PM" MD5="196C450F2779D0B462C444DA4906EA7F" />
<ITEM PID="1172" File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe" CheckResult="-1" Descr="Anti-malware protection support executable" LegalCopyright="© Panda 2008" CmdLine="" Size="28928" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/25/2008 4:43:08 PM" MD5="F1B9981E2E6AF1A6030CB49EF4FDC513" />
<ITEM PID="3188" File="c:\program files\windows sidebar\sidebar.exe" CheckResult="0" Descr="Windows Sidebar" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="@quot;C:\Program Files\Windows Sidebar\sidebar.exe@quot; /autoRun" Size="1233920" Attr="rsAh" CreateDate="1/20/2008 9:23:29 PM" ChageDate="1/20/2008 9:23:29 PM" MD5="FD278E51A7D6F52D22FCE6C67E037AD6" />
<ITEM PID="3480" File="c:\program files\dell support center\bin\sprtcmd.exe" CheckResult="0" Descr="" LegalCopyright="Copyright 1997-2008 SupportSoft" Hidden="-1" CmdLine="@quot;C:\Program Files\Dell Support Center\bin\sprtcmd.exe@quot; /P dellsupportcenter" Size="206064" Attr="rsAh" CreateDate="8/14/2008 1:04:42 AM" ChageDate="8/14/2008 1:04:42 AM" MD5="3917664C26B4344768C288BBA6FEFCB6" />
<ITEM PID="2204" File="sprtsvc.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="1220" File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe" CheckResult="-1" Descr="TPSrv Application" LegalCopyright="© Panda 2008" CmdLine="" Size="157440" Attr="rsAh" CreateDate="5/2/2009 8:54:45 PM" ChageDate="7/17/2008 1:35:58 PM" MD5="89AE68D19C3FE4B1E4FAA79FDB6B5E10" />
<ITEM PID="6124" File="wmpnetwk.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="4340" File="c:\program files\xpsminiviewgadget\xpsminiviewgadget.exe" CheckResult="-1" Descr="XPS MiniView Gadget" LegalCopyright="© Copyright 2007 NVIDIA Corporation. All rights reserved." CmdLine="@quot;C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe@quot; {887DE107-1E5F-4f7f-A1E0-83EE25646D61}" Size="2070000" Attr="rsAh" CreateDate="8/23/2007 3:58:58 PM" ChageDate="8/23/2007 3:58:58 PM" MD5="2431D62FA27201F724C77F37F841B775" />
</PROCESS>
- <DLL>
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccL60U.dll" CheckResult="-1" Descr="Symantec Library" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="3684" Hidden="-1" Size="534888" Attr="rsAh" CreateDate="9/6/2007 5:40:32 PM" ChageDate="9/6/2007 5:40:32 PM" MD5="E00E8E9B4CE1BDBCCFFD510E28D6635B" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll" CheckResult="-1" Descr="Symantec Trust Validation Engine" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="3684" Hidden="-1" Size="132456" Attr="rsAh" CreateDate="9/6/2007 5:29:52 PM" ChageDate="9/6/2007 5:29:52 PM" MD5="C354EA5277ADE904BB5BB90F2A6F4640" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccSet.dll" CheckResult="-1" Descr="Symantec Settings Manager Engine" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="3684" Hidden="-1" Size="144744" Attr="rsAh" CreateDate="9/6/2007 5:29:30 PM" ChageDate="9/6/2007 5:29:30 PM" MD5="52C132C500CE833DE3A4E4CACC720118" />
<ITEM File="C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL" CheckResult="-1" Descr="Symantec Alert and Notification" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="3684" Hidden="-1" Size="267624" Attr="rsAh" CreateDate="9/6/2007 5:28:48 PM" ChageDate="9/6/2007 5:28:48 PM" MD5="1586F8DF1522CBF2915EC597572ABD54" />
<ITEM File="C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL" CheckResult="-1" Descr="Symantec Email Proxy" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="3684" Hidden="-1" Size="349544" Attr="rsAh" CreateDate="9/6/2007 5:29:00 PM" ChageDate="9/6/2007 5:29:00 PM" MD5="748D7B9719AA941C4F0C50AAC321EE2A" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\NPC\npcTRAY.dll" CheckResult="-1" Descr="Norton Protection Center NSCTray" LegalCopyright="Copyright (c) 1997-2008 Symantec Corporation" UsedBy="3684" Hidden="-1" Size="142712" Attr="rsAh" CreateDate="7/6/2007 4:24:22 PM" ChageDate="9/22/2008 6:09:22 PM" MD5="89BAE9629CFDB0B6CCD5684D28ECA099" />
<ITEM File="C:\PROGRA~1\NORTON~1\NSWALERT.DLL" CheckResult="-1" Descr="NSW Alert" LegalCopyright="Copyright (c) 2007 Symantec Corporation" UsedBy="3684" Hidden="-1" Size="310656" Attr="rsAh" CreateDate="9/18/2007 12:17:56 PM" ChageDate="9/18/2007 12:17:56 PM" MD5="A37E71913A21D32D33B930A8FB65DD3B" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll" CheckResult="-1" Descr="Symantec Settings Manager Event Factory" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="3684" Hidden="-1" Size="71016" Attr="rsAh" CreateDate="9/6/2007 5:29:32 PM" ChageDate="9/6/2007 5:29:32 PM" MD5="BDC3F838A87A5E0C90BD586089C08ABF" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccProSub.dll" CheckResult="-1" Descr="Symantec Proxy Factory" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="3684" Hidden="-1" Size="62824" Attr="rsAh" CreateDate="9/6/2007 5:29:12 PM" ChageDate="9/6/2007 5:29:12 PM" MD5="1E910C71D6A7D77DEF6FCB7B50A72CE1" />
<ITEM File="C:\PROGRA~1\NORTON~1\AlertRes.dll" CheckResult="-1" Descr="Norton SystemWorks Alert Resource" LegalCopyright="Copyright (c) 2007 Symantec Corporation" UsedBy="3684" Hidden="-1" Size="80224" Attr="rsAh" CreateDate="9/18/2007 12:18:58 PM" ChageDate="9/18/2007 12:18:58 PM" MD5="9CCA846A408355A5C5CC881D9F7836E6" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccSvc.dll" CheckResult="-1" Descr="Symantec ccService Engine" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="3684" Hidden="-1" Size="308584" Attr="rsAh" CreateDate="9/6/2007 5:29:36 PM" ChageDate="9/6/2007 5:29:36 PM" MD5="6FD85B21A1C7C957B2C880B702F6CC33" />
<ITEM File="C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtCli.dll" CheckResult="-1" Descr="Symantec Event Manager Client Side Interface" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="3684" Hidden="-1" Size="218472" Attr="rsAh" CreateDate="9/6/2007 5:30:20 PM" ChageDate="9/6/2007 5:30:20 PM" MD5="3EAABE38E25F9E7A6D2D07AFED02B94C" />
<ITEM File="C:\Program Files\Norton SystemWorks Basic Edition\SWDataCl.dll" CheckResult="-1" Descr="Norton SystemWorks data provider" LegalCopyright="Copyright (c) 2007 Symantec Corporation" UsedBy="3684" Hidden="-1" Size="218464" Attr="rsAh" CreateDate="9/18/2007 12:19:04 PM" ChageDate="9/18/2007 12:19:04 PM" MD5="EB27B1B90D2CAD71ECCF103104F43356" />
<ITEM File="C:\PROGRA~1\COMMON~1\SYMANT~1\rcEmlPxy.dll" CheckResult="-1" Descr="Symantec Email Proxy Resources" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="3684" Hidden="-1" Size="14184" Attr="rsAh" CreateDate="9/6/2007 5:30:30 PM" ChageDate="9/6/2007 5:30:30 PM" MD5="E12C06E8AFA77DF2F765D377D8B9EFD2" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\NPC\pcStatus.dll" CheckResult="-1" Descr="Norton Protection Center NPC Status Plugin" LegalCopyright="Copyright (c) 1997-2008 Symantec Corporation" UsedBy="3684" Hidden="-1" Size="669048" Attr="rsAh" CreateDate="7/6/2007 4:24:28 PM" ChageDate="9/22/2008 6:09:34 PM" MD5="6BA6077F7548AEC8EF7A63B365FF3E80" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\bd6ef85e16d5071c5c18212a522de06f\mscorlib.ni.dll" CheckResult="-1" Descr="Microsoft Common Language Runtime Class Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2424,3308,4092,3480" Hidden="-1" Size="11436032" Attr="rsAh" CreateDate="12/1/2008 8:33:00 PM" ChageDate="12/1/2008 8:33:01 PM" MD5="566F66E2D7026AF75D88373A5A5FEAAE" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5224cbcd6772ec31a8674ef12a56df50\System.ni.dll" CheckResult="-1" Descr=".NET Framework" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2424,3308,4092,3480" Hidden="-1" Size="8310784" Attr="rsAh" CreateDate="12/1/2008 8:33:06 PM" ChageDate="12/1/2008 8:33:06 PM" MD5="D035D7C0F66FBE07731FAFD1A628F5AD" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1b12e4d67d9a3a34fd0a65e95f62f4ec\System.Drawing.ni.dll" CheckResult="-1" Descr=".NET Framework" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2424,3308,4092" Hidden="-1" Size="1667072" Attr="rsAh" CreateDate="12/7/2008 3:58:49 PM" ChageDate="12/7/2008 3:58:49 PM" MD5="FF8BAC3D64486AC12E1B76E2D077F8F6" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1036a2f057d7518e7a106bed4918b864\System.Windows.Forms.ni.dll" CheckResult="-1" Descr=".NET Framework" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2424,3308,4092" Hidden="-1" Size="13193216" Attr="rsAh" CreateDate="12/7/2008 3:58:57 PM" ChageDate="12/7/2008 3:58:57 PM" MD5="0D91CF115A37AA4D5DEC4A03A8B25631" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8a3632f241d817cfbd1c50c006b2d78a\System.Runtime.Remoting.ni.dll" CheckResult="-1" Descr="Microsoft .NET Runtime Object Remoting" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2424,4092" Hidden="-1" Size="815104" Attr="rsAh" CreateDate="2/15/2009 4:02:34 AM" ChageDate="2/15/2009 4:02:34 AM" MD5="B0315FB1964D7279A410B785D6EF14BE" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\124c27a0de08036b2529d6acfbf7aa70\System.Xml.ni.dll" CheckResult="-1" Descr=".NET Framework" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2424,3308,3480" Hidden="-1" Size="5771264" Attr="rsAh" CreateDate="12/7/2008 3:59:10 PM" ChageDate="12/7/2008 3:59:11 PM" MD5="2600AD4F94CE8ABC1557772879B68872" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7e580fdf85fae22ab6c20d3636130213\System.Configuration.ni.dll" CheckResult="-1" Descr="System.Configuration.dll" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2424,3308" Hidden="-1" Size="1011712" Attr="rsAh" CreateDate="2/15/2009 4:02:21 AM" ChageDate="2/15/2009 4:02:21 AM" MD5="A3744D6C9FE082FF5BCBE232BD753EA6" />
<ITEM File="C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3054.18959__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll" CheckResult="-1" Descr="Runtime OverDrive5 Aspect" LegalCopyright="2002-2008" UsedBy="2424" Hidden="-1" Size="65536" Attr="rsAh" CreateDate="12/2/2008 1:42:54 AM" ChageDate="12/2/2008 1:42:54 AM" MD5="373BC9A885B7A8CBD0E569C101F2DCF9" />
<ITEM File="C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3005.17553__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll" CheckResult="-1" Descr="Shared Graphics Caste OverDrive5 Aspect" LegalCopyright="2002-2008" UsedBy="2424" Hidden="-1" Size="57344" Attr="rsAh" CreateDate="12/2/2008 1:42:53 AM" ChageDate="12/2/2008 1:42:53 AM" MD5="937CA1225297D2B29915EA68A1681C1E" />
<ITEM File="C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3054.18921__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll" CheckResult="-1" Descr="Runtime Graphics Caste PowerPlayDPPE Aspect" LegalCopyright="2002-2008" UsedBy="2424" Hidden="-1" Size="45056" Attr="rsAh" CreateDate="12/2/2008 1:42:54 AM" ChageDate="12/2/2008 1:42:54 AM" MD5="02CFD8A2EAA169C9DCAE220F6A649446" />
<ITEM File="C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll" CheckResult="-1" Descr="Shared Graphics Caste PowerPlayDPPE Aspect" LegalCopyright="2002-2008" UsedBy="2424" Hidden="-1" Size="28672" Attr="rsAh" CreateDate="12/2/2008 1:42:53 AM" ChageDate="12/2/2008 1:42:53 AM" MD5="185D9AF9B0EBCA371079729732FB30D7" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a83ea5c374d018016a35b2c3b38b1b15\System.Web.ni.dll" CheckResult="-1" Descr="System.Web.dll" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2424,4092" Hidden="-1" Size="12521472" Attr="rsAh" CreateDate="2/15/2009 4:02:31 AM" ChageDate="2/15/2009 4:02:31 AM" MD5="652FD1A6BA23580F7FB10EE2CB8C553B" />
<ITEM File="C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3054.18960__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll" CheckResult="-1" Descr="Dashboard Graphics Caste OverDrive5 Aspect" LegalCopyright="2002-2008" UsedBy="2424" Hidden="-1" Size="442368" Attr="rsAh" CreateDate="12/2/2008 1:42:54 AM" ChageDate="12/2/2008 1:42:54 AM" MD5="6E21CF50601DBC18CEA05DDE5339D6D7" />
<ITEM File="C:\Program Files\Dell DataSafe Online\SdbShared.dll" CheckResult="-1" Descr="Shared" LegalCopyright="Copyright © 2007" UsedBy="3308" Hidden="-1" Size="262384" Attr="rsAh" CreateDate="11/3/2008 10:54:00 AM" ChageDate="11/3/2008 10:54:00 AM" MD5="AC8728BDE884517F7A106B4F48268843" />
<ITEM File="C:\Program Files\Dell DataSafe Online\BalloonWindow.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright (c) 2002-2003 by Peter Rilling" UsedBy="3308" Hidden="-1" Size="58608" Attr="rsAh" CreateDate="10/3/2008 10:18:00 AM" ChageDate="10/3/2008 10:18:00 AM" MD5="C4C99EBCF0CA8BABF642CF027D2EF7A6" />
<ITEM File="C:\Program Files\Dell DataSafe Online\SdbUI.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="3308" Hidden="-1" Size="95472" Attr="rsAh" CreateDate="11/3/2008 10:54:00 AM" ChageDate="11/3/2008 10:54:00 AM" MD5="949F8683B91AAEE5B17A7641E26DB15F" />
<ITEM File="C:\Program Files\Dell DataSafe Online\OlbEng.dll" CheckResult="-1" Descr="TODO: @lt;File description@gt;" LegalCopyright="TODO: (c) @lt;Company name@gt;. All rights reserved." UsedBy="3308" Hidden="-1" Size="336624" Attr="rsAh" CreateDate="10/3/2008 10:19:00 AM" ChageDate="10/3/2008 10:19:00 AM" MD5="EB8BE39A5C46046627269DAA479CBA7E" />
<ITEM File="C:\Program Files\Dell DataSafe Online\BuEng.dll" CheckResult="-1" Descr="SwapDrive Backup Engine" LegalCopyright="Copyright © 1996-2008 SwapDrive Inc., All Rights Reserved" UsedBy="3308" Hidden="-1" Size="1647104" Attr="rsAh" CreateDate="7/2/2008 11:44:06 AM" ChageDate="7/2/2008 11:44:06 AM" MD5="B2A31DFEEEA314104B16EA238FF24E26" />
<ITEM File="C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="3308" Hidden="-1" Size="132336" Attr="rsAh" CreateDate="11/3/2008 10:54:00 AM" ChageDate="11/3/2008 10:54:00 AM" MD5="92FD167BF8C1E6217E19C1CD31A0AC96" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\95029675dbfd764449877c306287434f\System.Web.Services.ni.dll" CheckResult="-1" Descr=".NET Framework" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3308" Hidden="-1" Size="1986560" Attr="rsAh" CreateDate="2/15/2009 4:02:36 AM" ChageDate="2/15/2009 4:02:36 AM" MD5="01F0408FD40D4D3672BF87DC1C96AF20" />
<ITEM File="C:\Program Files\Dell DataSafe Online\cpputils.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="3308,1460" Hidden="-1" Size="17648" Attr="rsAh" CreateDate="11/3/2008 10:54:00 AM" ChageDate="11/3/2008 10:54:00 AM" MD5="6FDA72F9A72C4E03F93085A097DC39A3" />
<ITEM File="C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_ENU.dll" CheckResult="-1" Descr="Event Monitor User Notification Tool" LegalCopyright="Copyright(C) Intel Corporation 2003-2007" UsedBy="2540" Hidden="-1" Size="69632" Attr="rsAh" CreateDate="12/2/2008 1:40:29 AM" ChageDate="10/3/2007 3:39:56 PM" MD5="47373897D92B005F6EA8BE6D5ADF5F29" />
<ITEM File="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\AUTOPL~1.DLL" CheckResult="-1" Descr="PhotoShow Deluxe AutoPlay2 Cancel" LegalCopyright="Copyright © 2003 Simple Star, Inc." UsedBy="3080" Hidden="-1" Size="106496" Attr="rsAh" CreateDate="2/13/2009 6:10:35 PM" ChageDate="11/17/2004 4:29:08 PM" MD5="39D6AAB3C10DB1ACDCE66A64EA3F2B7C" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\WPApi.dll" CheckResult="-1" Descr="Internet Resident API @amp; Configuration" LegalCopyright="© Panda 2008" UsedBy="3188" Hidden="-1" Size="173312" Attr="rsAh" CreateDate="5/2/2009 8:54:33 PM" ChageDate="7/3/2008 1:35:44 PM" MD5="66320EA942DCD7FAAB754CC7680AB3E3" />
<ITEM File="C:\Program Files\XPSMiniViewGadget\chartdir41.dll" CheckResult="-1" Descr="ChartDirector DLL" LegalCopyright="Advanced Software Engineering © 2006" UsedBy="4340" Hidden="-1" Size="1822720" Attr="RsAh" CreateDate="4/6/2007 1:06:20 PM" ChageDate="4/6/2007 1:06:20 PM" MD5="AD27AD0F0B1429B6B45E925B5AAA1176" />
</DLL>
- <KERNELOBJ>
<ITEM File="C:\Windows\System32\Drivers\a1rn7kyc.SYS" CheckResult="-1" Base="8DD88000" MemSize="036000" Descr="ATAPI IDE Miniport Driver" LegalCopyright="© Microsoft Corporation. All rights reserved." />
<ITEM File="C:\Windows\system32\DRIVERS\amm8660.sys" CheckResult="-1" Base="8F08B000" MemSize="010000" Descr="Panda Anti-Malware File System Minifilter" LegalCopyright="© Panda 2008" Size="49208" Attr="rsAh" CreateDate="5/2/2009 8:56:00 PM" ChageDate="2/13/2008 10:14:02 PM" MD5="B57D8F7749DA70078C43C756BAA7F419" />
<ITEM File="C:\Windows\system32\drivers\av5flt.sys" CheckResult="-1" Base="A1151000" MemSize="017000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\System32\Drivers\dump_iaStor.sys" CheckResult="-1" Base="8F0CF000" MemSize="0C8000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\system32\drivers\mfehidk.sys" CheckResult="-1" Base="8EDCB000" MemSize="033000" Descr="Host Intrusion Detection Link Driver" LegalCopyright="Copyright© 1995-2008 McAfee, Inc. All Rights Reserved." Size="214024" Attr="rsAh" CreateDate="12/2/2008 1:49:24 AM" ChageDate="3/25/2009 11:06:28 AM" MD5="F817BFCA67475CF04925ECE4FCF9C3C0" />
<ITEM File="C:\Windows\system32\PavSRK.sys" CheckResult="-1" Base="98C16000" MemSize="008000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\system32\PavTPK.sys" CheckResult="-1" Base="8F1E7000" MemSize="00C000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\system32\drivers\PCTCore.sys" CheckResult="-1" Base="8A179000" MemSize="023000" Descr="PC Tools KDS Core Driver" LegalCopyright="Copyright (c) 2008 PC Tools. All rights reserved." Size="130936" Attr="rsAh" CreateDate="5/4/2009 10:09:01 PM" ChageDate="4/3/2009 11:18:26 AM" MD5="AA9CFA67850893FBB168B9C4E4C86952" />
<ITEM File="C:\Windows\System32\Drivers\spuw.sys" CheckResult="-1" Base="80690000" MemSize="100000" Descr="" LegalCopyright="" />
</KERNELOBJ>
- <Service>
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" Name="ccEvtMgr" CheckResult="-1" Type="32" State="4" Size="108392" Attr="rsAh" CreateDate="9/6/2007 5:29:46 PM" ChageDate="9/6/2007 5:29:46 PM" MD5="D1C87CD3BD90EE509D1BF3973C7D5B0A" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" Name="ccSetMgr" CheckResult="-1" Type="32" State="4" Size="108392" Attr="rsAh" CreateDate="9/6/2007 5:29:46 PM" ChageDate="9/6/2007 5:29:46 PM" MD5="D1C87CD3BD90EE509D1BF3973C7D5B0A" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" Name="CLTNetCnService" CheckResult="-1" Type="32" State="4" Size="108392" Attr="rsAh" CreateDate="9/6/2007 5:29:46 PM" ChageDate="9/6/2007 5:29:46 PM" MD5="D1C87CD3BD90EE509D1BF3973C7D5B0A" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe" Name="Panda Software Controller" CheckResult="-1" Type="16" State="4" Size="181504" Attr="rsAh" CreateDate="5/2/2009 8:55:47 PM" ChageDate="7/16/2008 2:45:20 PM" MD5="F3B754B54BB737FD2C904BD4411217CC" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe" Name="PAVFNSVR" CheckResult="-1" Type="272" State="4" Size="169216" Attr="rsAh" CreateDate="5/2/2009 8:54:43 PM" ChageDate="7/10/2008 12:02:00 PM" MD5="4A7D3F1D86617F0A5A6B241C4A777794" />
<ITEM File="C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe" Name="PavPrSrv" CheckResult="-1" Type="16" State="4" Size="62768" Attr="RsAh" CreateDate="5/2/2009 8:51:31 PM" ChageDate="2/4/2008 10:26:48 AM" MD5="2AE3F6B23448443BBEF5DE207159213B" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrvx86.exe" Name="PAVSRV" CheckResult="-1" Type="272" State="4" Size="290048" Attr="rsAh" CreateDate="5/2/2009 8:54:30 PM" ChageDate="7/4/2008 2:28:34 PM" MD5="9137CEEF24399B33E7E912CC5C35D0E9" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE" Name="PSHost" CheckResult="-1" Type="16" State="4" Size="226608" Attr="rsAh" CreateDate="5/2/2009 8:54:36 PM" ChageDate="6/12/2008 3:31:40 PM" MD5="EF3F6137900022FDA04967669821BFC8" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\psimsvc.exe" Name="PSIMSVC" CheckResult="-1" Type="272" State="4" Size="108288" Attr="rsAh" CreateDate="5/2/2009 8:54:48 PM" ChageDate="6/19/2008 12:59:50 PM" MD5="196C450F2779D0B462C444DA4906EA7F" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe" Name="PskSvcRetail" CheckResult="-1" Type="16" State="4" Size="28928" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/25/2008 4:43:08 PM" MD5="F1B9981E2E6AF1A6030CB49EF4FDC513" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe" Name="TPSrv" CheckResult="-1" Type="16" State="4" Size="157440" Attr="rsAh" CreateDate="5/2/2009 8:54:45 PM" ChageDate="7/17/2008 1:35:58 PM" MD5="89AE68D19C3FE4B1E4FAA79FDB6B5E10" />
<ITEM File="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" Name="AOL ACS" CheckResult="-1" Type="272" State="1" Size="46640" Attr="RsAh" CreateDate="10/23/2006 7:50:35 AM" ChageDate="10/23/2006 7:50:35 AM" MD5="85180CF88C5EBAD73B452A43A004CA51" />
<ITEM File="C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Name="GoToAssist" CheckResult="-1" Type="16" State="1" Size="16680" Attr="rsAh" CreateDate="12/2/2008 2:01:25 AM" ChageDate="12/2/2008 1:57:39 AM" MD5="D3316F6E3C011435F36E3D6E49B3196C" />
<ITEM File="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" Name="RoxLiveShare10" CheckResult="-1" Type="272" State="1" Size="309744" Attr="rsAh" CreateDate="5/14/2008 10:32:18 AM" ChageDate="5/14/2008 10:32:18 AM" MD5="FDED778DAF09235E4580F1B9046946B6" />
<ITEM File="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" Name="RoxMediaDB10" CheckResult="-1" Type="272" State="1" Size="1120752" Attr="rsAh" CreateDate="5/14/2008 10:31:38 AM" ChageDate="5/14/2008 10:31:38 AM" MD5="E054A2CAF0E2A55C9AAC0BF1CCC558A5" />
<ITEM File="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" Name="RoxWatch10" CheckResult="-1" Type="272" State="1" Size="166384" Attr="rsAh" CreateDate="5/14/2008 10:32:10 AM" ChageDate="5/14/2008 10:32:10 AM" MD5="C75FDA9AB3314E555123673E08F9D86D" />
<ITEM File="C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe" Name="SessionLauncher" CheckResult="-1" Type="272" State="1" />
<ITEM File="C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" Name="stllssvr" CheckResult="-1" Type="16" State="1" Size="74384" Attr="RsAh" CreateDate="3/24/2008 7:35:22 AM" ChageDate="3/24/2008 7:35:22 AM" MD5="1D0063597C3666404FCF97698ABEB019" />
</Service>
icenola
 
Posts: 12
Joined: Thu May 07, 2009 3:15 am
Top

Re: DNSchanger Trojan (Vista OS)

Postby icenola » Mon May 11, 2009 5:09 am

- <Drivers>
<ITEM File="C:\Windows\system32\DRIVERS\amm8660.sys" Name="AmFSM" CheckResult="-1" Type="2" State="4" Size="49208" Attr="rsAh" CreateDate="5/2/2009 8:56:00 PM" ChageDate="2/13/2008 10:14:02 PM" MD5="B57D8F7749DA70078C43C756BAA7F419" />
<ITEM File="C:\Windows\system32\drivers\av5flt.sys" Name="AvFlt" CheckResult="-1" Type="2" State="4" />
<ITEM File="C:\Windows\system32\drivers\mfehidk.sys" Name="mfehidk" CheckResult="-1" Type="1" State="4" Size="214024" Attr="rsAh" CreateDate="12/2/2008 1:49:24 AM" ChageDate="3/25/2009 11:06:28 AM" MD5="F817BFCA67475CF04925ECE4FCF9C3C0" />
<ITEM File="C:\Windows\system32\drivers\PCTCore.sys" Name="PCTCore" CheckResult="-1" Type="2" State="4" Size="130936" Attr="rsAh" CreateDate="5/4/2009 10:09:01 PM" ChageDate="4/3/2009 11:18:26 AM" MD5="AA9CFA67850893FBB168B9C4E4C86952" />
<ITEM File="C:\Windows\System32\Drivers\sptd.sys" Name="sptd" CheckResult="-1" Type="1" State="4" Size="717296" Attr="rsAh" CreateDate="12/26/2008 3:45:53 PM" ChageDate="12/26/2008 3:45:53 PM" MD5="" />
<ITEM File="C:\Windows\system32\drivers\InCDFs.sys" Name="InCDFs" CheckResult="-1" Type="2" State="1" />
<ITEM File="C:\Windows\system32\drivers\InCDPass.sys" Name="InCDPass" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\drivers\InCDRm.sys" Name="InCDRm" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\ipinip.sys" Name="IpInIp" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\drivers\mfeavfk.sys" Name="mfeavfk" CheckResult="-1" Type="1" State="1" Size="79880" Attr="rsAh" CreateDate="12/2/2008 1:49:24 AM" ChageDate="3/25/2009 11:06:28 AM" MD5="26653763D99EA717FC9E069F6BE6771E" />
<ITEM File="C:\Windows\system32\drivers\mfebopk.sys" Name="mfebopk" CheckResult="-1" Type="1" State="1" Size="35272" Attr="rsAh" CreateDate="12/2/2008 1:49:24 AM" ChageDate="3/25/2009 11:06:28 AM" MD5="E65CE1279F2C1FD9BD81184CEB7F5468" />
<ITEM File="C:\Windows\system32\drivers\mferkdk.sys" Name="mferkdk" CheckResult="-1" Type="1" State="1" Size="34216" Attr="rsAh" CreateDate="12/2/2008 1:49:24 AM" ChageDate="3/25/2009 11:05:54 AM" MD5="FE03BE0B990983A08A33389C00636175" />
<ITEM File="C:\Windows\system32\drivers\mfesmfk.sys" Name="mfesmfk" CheckResult="-1" Type="1" State="1" Size="40552" Attr="rsAh" CreateDate="12/2/2008 1:49:24 AM" ChageDate="3/25/2009 11:06:30 AM" MD5="9C73ACA963AD8883B9FC44B410E70B71" />
<ITEM File="C:\Windows\system32\Drivers\iqvw32.sys" Name="NAL" CheckResult="-1" Type="1" State="1" Size="30816" Attr="rsAh" CreateDate="11/26/2008 8:20:38 PM" ChageDate="11/26/2008 8:20:38 PM" MD5="D02734423B59B3AC14CDFE91E9665FF0" />
<ITEM File="C:\Windows\system32\DRIVERS\nwlnkflt.sys" Name="NwlnkFlt" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\nwlnkfwd.sys" Name="NwlnkFwd" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\PavSRK.sys" Name="PavSRK.sys" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\PavTPK.sys" Name="PavTPK.sys" CheckResult="-1" Type="1" State="1" />
</Drivers>
- <AUTORUN>
<ITEM File="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" CheckResult="-1" Enabled="1" Type="REG" Size="212992" Attr="rsAh" CreateDate="2/13/2009 6:10:37 PM" ChageDate="2/25/2005 7:28:03 PM" MD5="917BAFA5FC295611A401692F56DA7829" X1="HKEY_CURRENT_USER" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="PhotoShow Deluxe Media Manager" />
<ITEM File="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" CheckResult="-1" Enabled="1" Type="REG" Size="177472" Attr="rsAh" CreateDate="2/6/2009 5:27:40 PM" ChageDate="2/6/2009 5:27:40 PM" MD5="3C9C9DE765412F8CB483F115EE34B05D" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="AppleSyncNotifier" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" CheckResult="-1" Enabled="1" Type="REG" Size="115560" Attr="rsAh" CreateDate="9/6/2007 5:30:18 PM" ChageDate="9/6/2007 5:30:18 PM" MD5="885BC61E68D9A6616761CBC13F1BDCAC" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="ccApp" />
<ITEM File="C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" CheckResult="-1" Enabled="1" Type="REG" Size="1745648" Attr="rsAh" CreateDate="11/3/2008 10:54:00 AM" ChageDate="11/3/2008 10:54:00 AM" MD5="14D1A292A9F0613BF8A432AD89222A31" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="Dell DataSafe Online" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" CheckResult="-1" Enabled="1" Type="REG" Size="857344" Attr="rsAh" CreateDate="5/2/2009 8:54:54 PM" ChageDate="7/16/2008 9:08:10 PM" MD5="F71DBC60AEF4D8A1BCE2FBA0E9319062" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="APVXDWIN" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" CheckResult="-1" Enabled="1" Type="REG" Size="50432" Attr="rsAh" CreateDate="5/2/2009 8:55:50 PM" ChageDate="7/7/2008 2:43:56 PM" MD5="9213312BDBB142A1806ED67BFBB73BF3" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="SCANINICIO" />
<ITEM File="rdpclip" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" X3="StartupPrograms" />
</AUTORUN>
- <BHO>
<ITEM File="C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{02478D38-C3F9-4efb-9B51-7695ECA05670}" Descr="Yahoo! Toolbar" LegalCopyright="(c) Yahoo! Inc. All rights reserved." Size="882416" Attr="rsAh" CreateDate="7/28/2008 5:47:40 AM" ChageDate="7/28/2008 5:47:40 AM" MD5="6A2E0E49A4F2A9DF3E6293E37E7486BD" />
<ITEM File="C:\Program Files\AOL Toolbar\aoltb.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}" Descr="AOL IE Toolbar Dynamic Link Library" LegalCopyright="© 2008 AOL LLC. All rights reserved." Size="1275232" Attr="rsAh" CreateDate="7/7/2008 3:36:06 PM" ChageDate="7/7/2008 3:36:06 PM" MD5="E9DAD7B441AEE9FC6A8C6D456EE17207" />
<ITEM File="C:\Program Files\Dell\BAE\BAE.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{CA6319C0-31B7-401E-A518-A07C3DB8F777}" Descr="BAE.dll" LegalCopyright="(c) 2006. Dell Inc. All rights reserved." Size="98304" Attr="rsAh" CreateDate="11/9/2006 9:56:48 AM" ChageDate="11/9/2006 9:56:48 AM" MD5="1A4F60EF6DA38621F1091B0CB0FA2C09" />
<ITEM File="C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" Descr="Yahoo! Single Instance for Mail" LegalCopyright="(c) Yahoo! Inc. All rights reserved." Size="160496" Attr="rsAh" CreateDate="7/28/2008 5:47:42 AM" ChageDate="7/28/2008 5:47:42 AM" MD5="F64C4241FE5E519F62C47C361DC671D7" />
<ITEM File="C:\Program Files\AOL Toolbar\aoltb.dll" CheckResult="-1" Enabled="1" BHOType="2" RegKey="SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{DE9C389F-3316-41A7-809B-AA305ED9D922}" Descr="AOL IE Toolbar Dynamic Link Library" LegalCopyright="© 2008 AOL LLC. All rights reserved." Size="1275232" Attr="rsAh" CreateDate="7/7/2008 3:36:06 PM" ChageDate="7/7/2008 3:36:06 PM" MD5="E9DAD7B441AEE9FC6A8C6D456EE17207" />
<ITEM File="C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll" CheckResult="-1" Enabled="1" BHOType="2" RegKey="SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{EF99BD32-C1FB-11D2-892F-0090271D4F88}" Descr="Yahoo! Toolbar" LegalCopyright="(c) Yahoo! Inc. All rights reserved." Size="882416" Attr="rsAh" CreateDate="7/28/2008 5:47:40 AM" ChageDate="7/28/2008 5:47:40 AM" MD5="6A2E0E49A4F2A9DF3E6293E37E7486BD" />
<ITEM File="/C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="{320AF880-6646-11D3-ABEE-C5DBF3571F46}" Descr="" LegalCopyright="" />
<ITEM File="/C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="{320AF880-6646-11D3-ABEE-C5DBF3571F49}" Descr="" LegalCopyright="" />
<ITEM File="C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="{5E638779-1818-4754-A595-EF1C63B87A56}" Descr="" LegalCopyright="" Size="935" Attr="rsAh" CreateDate="12/8/2008 1:21:38 AM" ChageDate="12/8/2008 1:21:38 AM" MD5="53D469A86AC54F87EA405EE650956065" />
<ITEM File="/C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="{724d43aa-0d85-11d4-9908-00400523e39a}" Descr="" LegalCopyright="" />
</BHO>
- <ExplorerExt>
<ITEM File="%CommonProgramFiles%\System\Ole DB\oledb32.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Data Link" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="lnkfile" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00020d75-0000-0000-c000-000000000046}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Color Control Panel Applet" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{b2c761c6-29bc-4f19-9251-e6195265baf1}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Add New Hardware" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A979262-40CE-46ff-AEEE-7884AC3B6136}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Get Programs Online" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3e7efb4c-faf1-453d-89eb-56026875ef90}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Taskbar and Start Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="ActiveDirectory Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{1b24a030-9b20-49bc-97ac-1be4426f9e59}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="ActiveDirectory Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{34449847-FD14-4fc8-A75A-7432F5181EFB}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Sam Account Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{C8494E42-ACDD-4739-B0FB-217361E4894F}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Sam Account Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E29F9716-5C08-4FCD-955A-119FDB5A522D}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Control Panel command object for Start menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Default Programs command object for Start menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E44E5D18-0652-4508-A4E2-8A090067BCB0}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Folder Options" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Explorer Query Band" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2C2577C2-63A7-40e3-9B7F-586602617ECB}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="View Available Networks" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\System\wab32.dll" CheckResult="-1" Enabled="1" ExtName="Windows Contact Preview Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{13D3C4B8-B179-4ebb-BF62-F704173E7448}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Contacts folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\System\wab32.dll" CheckResult="-1" Enabled="1" ExtName=".group shell extension handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{4F58F63F-244B-4c07-B29F-210BE59BE9B4}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\System\wab32.dll" CheckResult="-1" Enabled="1" ExtName=".contact shell extension handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{8082C5E6-4C27-48ec-A809-B8E1122E8F97}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\System\wab32.dll" CheckResult="-1" Enabled="1" ExtName="group_wab_auto_file" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{16C2C29D-0E5F-45f3-A445-03E03F587B7D}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\System\wab32.dll" CheckResult="-1" Enabled="1" ExtName="contact_wab_auto_file" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{CF67796C-F57F-45F8-92FB-AD698826C602}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Windows Firewall" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{4026492f-2f69-46b8-b9bf-5654fc07e423}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Problem Reports and Solutions" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{fcfeecae-ee1b-4849-ae50-685dcf7717ec}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="iSCSI Initiator" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{a304259d-52b8-4526-8b1a-a1d6cecc8243}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName=".cab or .zip files" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{911051fa-c21c-4246-b470-070cd8df6dc4}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Windows Search Shell Service" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{da67b8ad-e81b-4c70-9b91b417b5e33527}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Microsoft.ScannersAndCameras" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}" Descr="" LegalCopyright="" />
<ITEM File="@quot;C:\Windows\System32\rundll32.exe@quot; @quot;C:\Program Files\\Windows Photo Gallery\PhotoViewer.dll@quot;,ImageView_COMServer {9D687A4C-1404-41ef-A089-883B6FBECDE6}" CheckResult="-1" Enabled="1" ExtName="Windows Photo Gallery Viewer Autoplay Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{9D687A4C-1404-41ef-A089-883B6FBECDE6}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Windows Sidebar Properties" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{37efd44d-ef8d-41b1-940d-96973a50e9e0}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Windows Features" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{67718415-c450-4f3c-bf8a-b487642dc39b}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Windows Defender" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{d8559eb9-20c0-410e-beda-7ed416aecc2a}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Mobility Center Control Panel" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{5ea4f148-308c-46d7-98a9-49041b1dd468}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\microsoft shared\ink\TipBand.dll" CheckResult="-1" Enabled="1" ExtName="Tablet PC Input Panel" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{15D633E2-AD00-465b-9EC7-F56B7CDF8E27}" Descr="" LegalCopyright="" />
<ITEM File="@quot;C:\Program Files\\Windows Media Player\wmprph.exe@quot;" CheckResult="-1" Enabled="1" ExtName="Windows Media Player Rich Preview Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{031EE060-67BC-460d-8847-E4A7C5E45A27}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="User Accounts" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" Descr="" LegalCopyright="" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavOLE.dll" CheckResult="-1" Enabled="1" ExtName="Panda Antivirus" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{65756541-C65C-11CD-0000-4B656E696100}" Descr="PAVOLE" LegalCopyright="© Panda 2008" Size="140544" Attr="rsAh" CreateDate="5/2/2009 8:55:46 PM" ChageDate="7/3/2008 5:55:10 PM" MD5="DA4827514EF4F07C36D04E6AD1C2B32E" />
</ExplorerExt>
<PrintEXT />
<TaskScheduler />
- <DPF>
<ITEM File="C:\Windows\DOWNLO~1\NEROVE~1.OCX" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{680285A8-96D3-43DA-9D3D-51DD987D0B77}" CodeBase="http://www.nero.com/doc/NeroVersionCheckerControl.cab" Descr="Nero VersionChecker ActiveX Control Module" LegalCopyright="Copyright (C) 2008 Nero AG and its licensors" Size="54568" Attr="rsAh" CreateDate="7/14/2008 2:20:32 PM" ChageDate="7/14/2008 2:20:32 PM" MD5="350DEBAAEC890CCDFA6AC6185FA6A047" />
<ITEM File="C:\Windows\Downloaded Program Files\ActiveX_ATL_Lexmark.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{C52439A0-2693-4E40-B141-9F9AD5257241}" CodeBase="https://ediagnostics.lexmark.com/serval.cab" Descr="Lexmark eDiagnostics ActiveX" LegalCopyright="Copyright 2006" Size="126976" Attr="rsAh" CreateDate="8/11/2006 5:01:04 PM" ChageDate="8/11/2006 5:01:04 PM" MD5="1E64297E91B1A30A4C0398775DD5AC18" />
</DPF>
<CPL />
<ActiveSetup />
- <HOSTS>
<ITEM Line="127.0.0.1 localhost" />
<ITEM Line="::1 localhost" />
</HOSTS>
<SuspFiles />
- <RK_UM>
<ITEM DLL="ws2_32.dll" FNaim="WSAConnect" FIndx="28" HookPtr="7709D7B0" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="WSARecv" FIndx="68" HookPtr="77098400" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="WSARecvFrom" FIndx="70" HookPtr="770A8B38" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="WSASend" FIndx="73" HookPtr="77094496" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="WSASendTo" FIndx="76" HookPtr="770AA474" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="closesocket" FIndx="134" HookPtr="7709330C" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="connect" FIndx="135" HookPtr="770940D9" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="recv" FIndx="159" HookPtr="7709343A" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="recvfrom" FIndx="160" HookPtr="77098E15" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="send" FIndx="162" HookPtr="7709659B" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="sendto" FIndx="163" HookPtr="770967C5" HookType="2" />
</RK_UM>
- <WIZARD-TSW>
<ITEM ID="58" Level="3" Fixed="0" />
<ITEM ID="59" Level="3" Fixed="0" />
<ITEM ID="61" Level="2" Fixed="0" />
</WIZARD-TSW>
</AVZ>
icenola
 
Posts: 12
Joined: Thu May 07, 2009 3:15 am
Top

Re: DNSchanger Trojan (Vista OS)

Postby patrik » Tue May 12, 2009 11:38 am

Run AVZ.
Click File > Custom scripts
Copy & paste the text in the code box below into textarea:
Code: Select all
begin
SetAVZPMStatus(True);
RebootWindows(true);
end.

Click Run.
AVZ should run and may restart your computer. Restart your PC if it doesn't do it automatically.

Run AVZ.
Click File -> Starndart scripts.
Mark the Advanced System Analysis check box.
Click on the Execute selected scripts button.
Click YES for confirm.
A system check will be executed.
When the scan is finished, a logfile will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.
Click OK and click CLOSE.
Close AVZ.

Open AVZ folder, then LOG folder. Locate a virusinfo_syscheck.zip file and attach it in to your reply.
patrik
Site Admin
 
Posts: 7034
Joined: Sun Jan 08, 2006 1:11 pm
Top

Re: DNSchanger Trojan (Vista OS)

Postby icenola » Wed May 13, 2009 1:08 am

<?xml version="1.0" encoding="windows-1251" ?>
- <!-- AVZ XML Report
-->
- <AVZ>
- <PROCESS>
<ITEM PID="2480" File="AluSchedulerSvc.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="2312" File="AppleMobileDeviceService.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="2200" File="c:\program files\panda security\panda antivirus pro 2009\apvxdwin.exe" CheckResult="-1" Descr="Panda permanent protection" LegalCopyright="© Panda 2008" CmdLine="@quot;C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApVxdWin.exe@quot; /s" Size="857344" Attr="rsAh" CreateDate="5/2/2009 8:54:54 PM" ChageDate="7/16/2008 9:08:10 PM" MD5="F71DBC60AEF4D8A1BCE2FBA0E9319062" />
<ITEM PID="4536" File="AUPDATE.EXE" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="2708" File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE" CheckResult="-1" Descr="Enhanced On-Access Anti-Malware Protection" LegalCopyright="© Panda 2008" CmdLine="" Size="193792" Attr="rsAh" CreateDate="5/2/2009 8:54:29 PM" ChageDate="7/2/2008 1:26:56 PM" MD5="FA943FFB594583AFB8C68A1C1A1E842D" />
<ITEM PID="4076" File="c:\program files\common files\symantec shared\ccapp.exe" CheckResult="-1" Descr="Symantec User Session" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." CmdLine="@quot;C:\Program Files\Common Files\Symantec Shared\ccApp.exe@quot;" Size="115560" Attr="rsAh" CreateDate="9/6/2007 5:30:18 PM" ChageDate="9/6/2007 5:30:18 PM" MD5="885BC61E68D9A6616761CBC13F1BDCAC" />
<ITEM PID="3244" File="c:\program files\ati technologies\ati.ace\core-static\ccc.exe" CheckResult="0" Descr="Catalyst Control Centre: Host application" LegalCopyright="2002-2006" Hidden="-1" CmdLine="@quot;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe@quot; 0" Size="49152" Attr="rsAh" CreateDate="7/17/2007 11:13:34 AM" ChageDate="7/17/2007 11:13:34 AM" MD5="25CA1677AAA3CDC99CD4FCF940886F3C" />
<ITEM PID="328" File="ccSvcHst.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="3980" File="c:\program files\dell datasafe online\datasafeonline.exe" CheckResult="-1" Descr="DataSafeOnline" LegalCopyright="Copyright © 2007" CmdLine="@quot;C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe@quot; /m" Size="1745648" Attr="rsAh" CreateDate="11/3/2008 10:54:00 AM" ChageDate="11/3/2008 10:54:00 AM" MD5="14D1A292A9F0613BF8A432AD89222A31" />
<ITEM PID="1636" File="c:\windows\explorer.exe" CheckResult="0" Descr="Windows Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\Windows\Explorer.EXE" Size="2927104" Attr="rsAh" CreateDate="12/10/2008 9:53:42 PM" ChageDate="10/29/2008 1:29:41 AM" MD5="4F554999D7D5F05DAAEBBA7B5BA1089D" />
<ITEM PID="3232" File="c:\program files\intel\intel matrix storage manager\iaanotif.exe" CheckResult="0" Descr="Event Monitor User Notification Tool" LegalCopyright="Copyright(C) Intel Corporation 2003-2007" Hidden="-1" CmdLine="@quot;C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe@quot;" Size="178712" Attr="rsAh" CreateDate="12/2/2008 1:40:29 AM" ChageDate="10/3/2007 3:44:58 PM" MD5="EC9B27B37D8E9D361C38E8D364F09611" />
<ITEM PID="2072" File="IAANTmon.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="5936" File="iPodService.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="608" File="LuComServer_3_2.EXE" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="2940" File="mDNSResponder.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="2432" File="c:\program files\ati technologies\ati.ace\core-static\mom.exe" CheckResult="0" Descr="Catalyst Control Center: Monitoring program" LegalCopyright="2002-2007" Hidden="-1" CmdLine="@quot;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM@quot;" Size="49152" Attr="rsAh" CreateDate="7/17/2007 11:13:56 AM" ChageDate="7/17/2007 11:13:56 AM" MD5="E681281D9BFC9D45D3B72532717E5880" />
<ITEM PID="4008" File="c:\program files\ahead\nero photoshow\data\xtras\mssysmgr.exe" CheckResult="-1" Descr="Nero PhotoShow Media Manager" LegalCopyright="Copyright © 2005 Ahead Software AG" CmdLine="@quot;C:\Program Files\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe@quot;" Size="212992" Attr="rsAh" CreateDate="2/13/2009 6:10:37 PM" ChageDate="2/25/2005 7:28:03 PM" MD5="917BAFA5FC295611A401692F56DA7829" />
<ITEM PID="2456" File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe" CheckResult="-1" Descr="Panda Function Service" LegalCopyright="© Panda 2008" CmdLine="" Size="169216" Attr="rsAh" CreateDate="5/2/2009 8:54:43 PM" ChageDate="7/10/2008 12:02:00 PM" MD5="4A7D3F1D86617F0A5A6B241C4A777794" />
<ITEM PID="2080" File="PavPrSrv.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="3832" File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrvx86.exe" CheckResult="-1" Descr="Enhanced On-Access Anti-Malware Service" LegalCopyright="© Panda 2008" CmdLine="" Size="290048" Attr="rsAh" CreateDate="5/2/2009 8:54:30 PM" ChageDate="7/4/2008 2:28:34 PM" MD5="9137CEEF24399B33E7E912CC5C35D0E9" />
<ITEM PID="3344" File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrlS.exe" CheckResult="-1" Descr="Panda Software Controler" LegalCopyright="© Panda 2008" CmdLine="" Size="181504" Attr="rsAh" CreateDate="5/2/2009 8:55:47 PM" ChageDate="7/16/2008 2:45:20 PM" MD5="F3B754B54BB737FD2C904BD4411217CC" />
<ITEM PID="4256" File="PSHost.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="2148" File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe" CheckResult="-1" Descr="Panda Interface Manager Service" LegalCopyright="© Panda 2008" CmdLine="" Size="108288" Attr="rsAh" CreateDate="5/2/2009 8:54:48 PM" ChageDate="6/19/2008 12:59:50 PM" MD5="196C450F2779D0B462C444DA4906EA7F" />
<ITEM PID="1164" File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\psksvc.exe" CheckResult="-1" Descr="Anti-malware protection support executable" LegalCopyright="© Panda 2008" CmdLine="" Size="28928" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/25/2008 4:43:08 PM" MD5="F1B9981E2E6AF1A6030CB49EF4FDC513" />
<ITEM PID="3384" File="c:\program files\windows sidebar\sidebar.exe" CheckResult="0" Descr="Windows Sidebar" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="@quot;C:\Program Files\Windows Sidebar\sidebar.exe@quot; /autoRun" Size="1233920" Attr="rsAh" CreateDate="1/20/2008 9:23:29 PM" ChageDate="1/20/2008 9:23:29 PM" MD5="FD278E51A7D6F52D22FCE6C67E037AD6" />
<ITEM PID="2884" File="c:\program files\dell support center\bin\sprtcmd.exe" CheckResult="0" Descr="" LegalCopyright="Copyright 1997-2008 SupportSoft" Hidden="-1" CmdLine="@quot;C:\Program Files\Dell Support Center\bin\sprtcmd.exe@quot; /P dellsupportcenter" Size="206064" Attr="rsAh" CreateDate="8/14/2008 1:04:42 AM" ChageDate="8/14/2008 1:04:42 AM" MD5="3917664C26B4344768C288BBA6FEFCB6" />
<ITEM PID="2300" File="sprtsvc.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="1212" File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe" CheckResult="-1" Descr="TPSrv Application" LegalCopyright="© Panda 2008" CmdLine="" Size="157440" Attr="rsAh" CreateDate="5/2/2009 8:54:45 PM" ChageDate="7/17/2008 1:35:58 PM" MD5="89AE68D19C3FE4B1E4FAA79FDB6B5E10" />
<ITEM PID="2632" File="TrustedInstaller.exe" CheckResult="-1" Descr="" LegalCopyright="" CmdLine="" />
<ITEM PID="1832" File="c:\program files\panda security\panda antivirus pro 2009\webproxy.exe" CheckResult="-1" Descr="Internet resident proxy" LegalCopyright="© Panda 2008" CmdLine="@quot;C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe@quot; oso_XGCGLR" Size="107824" Attr="rsAh" CreateDate="5/2/2009 8:54:33 PM" ChageDate="5/14/2008 6:21:02 PM" MD5="C80FA4136EF032C2617E68F5AC89B8B2" />
<ITEM PID="4176" File="c:\program files\xpsminiviewgadget\xpsminiviewgadget.exe" CheckResult="-1" Descr="XPS MiniView Gadget" LegalCopyright="© Copyright 2007 NVIDIA Corporation. All rights reserved." CmdLine="@quot;C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe@quot; {887DE107-1E5F-4f7f-A1E0-83EE25646D60}" Size="2070000" Attr="rsAh" CreateDate="8/23/2007 3:58:58 PM" ChageDate="8/23/2007 3:58:58 PM" MD5="2431D62FA27201F724C77F37F841B775" />
</PROCESS>
- <DLL>
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PSWLRes.dll" CheckResult="-1" Descr="PSWLRes. Panda Security, S.L." LegalCopyright="© Panda 2008" UsedBy="2200" Hidden="-1" Size="922880" Attr="rsAh" CreateDate="5/2/2009 8:55:52 PM" ChageDate="7/7/2008 7:47:44 PM" MD5="4EA90F99656AFE2411CB85AACA29E0E3" />
<ITEM File="C:\Program Files\Common Files\Panda Security\PavShld\PAVSHLD.DLL" CheckResult="-1" Descr="PavShld" LegalCopyright="© Panda 2008" UsedBy="2200,1832" Hidden="-1" Size="242992" Attr="RsAh" CreateDate="6/5/2008 11:51:36 AM" ChageDate="6/5/2008 11:51:36 AM" MD5="C62DF4012A2B3AE8C088AC2BC773FD6E" />
<ITEM File="C:\Program Files\Common Files\Panda Security\PavShld\PROCPROT.DLL" CheckResult="-1" Descr="PandaShield Library" LegalCopyright="© Panda 2008" UsedBy="2200,1832" Hidden="-1" Size="152880" Attr="RsAh" CreateDate="5/2/2009 8:51:31 PM" ChageDate="4/17/2008 5:04:42 AM" MD5="004E67882C50E54BD315D50B4D70BFA3" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\StoreMan.dll" CheckResult="-1" Descr="StoreMan" LegalCopyright="© Panda 2008" UsedBy="2200" Hidden="-1" Size="132352" Attr="rsAh" CreateDate="5/2/2009 8:55:48 PM" ChageDate="7/3/2008 5:55:20 PM" MD5="B9A66CBB71E5055562F2ADF1DE375BC1" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Config.dll" CheckResult="-1" Descr="Configuration Library" LegalCopyright="© Panda 2008" UsedBy="2200" Hidden="-1" Size="1988352" Attr="rsAh" CreateDate="5/2/2009 8:54:55 PM" ChageDate="7/21/2008 12:17:22 PM" MD5="2F2435DB5886F91A2E0C1EB933916F74" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PLATCTRL.BPL" CheckResult="-1" Descr="PlatCtrl" LegalCopyright="© Panda 2008" UsedBy="2200" Hidden="-1" Size="821248" Attr="rsAh" CreateDate="5/2/2009 8:55:01 PM" ChageDate="7/3/2008 5:30:16 PM" MD5="4BD3C32AEE96DFD19D4A3125D0095F62" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PNDCTRLB.BPL" CheckResult="-1" Descr="" LegalCopyright="© Panda Software 2007" UsedBy="2200" Hidden="-1" Size="145664" Attr="rsAh" CreateDate="5/2/2009 8:55:07 PM" ChageDate="7/3/2008 5:55:18 PM" MD5="0AC022C9B4CD4658941DCC06884BB4E3" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\SCANOBJS.DLL" CheckResult="-1" Descr="" LegalCopyright="© Panda 2008" UsedBy="2200" Hidden="-1" Size="79616" Attr="rsAh" CreateDate="5/2/2009 8:55:09 PM" ChageDate="7/7/2008 2:44:04 PM" MD5="EB0872780EF40B79AA1A1A010322583B" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\UTILPLAT.DLL" CheckResult="-1" Descr="Biblioteca auxiliar" LegalCopyright="© Panda 2008" UsedBy="2200" Hidden="-1" Size="175360" Attr="rsAh" CreateDate="5/2/2009 8:55:10 PM" ChageDate="7/11/2008 4:14:08 PM" MD5="0FCEB30A160D5AAB09E561C81D3D750A" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\LangM5.dll" CheckResult="-1" Descr="" LegalCopyright="© Panda 2008" UsedBy="2200" Hidden="-1" Size="197424" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="4/18/2008 1:28:32 PM" MD5="142F3F5F9CB8579C4F652394051EBF2E" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\RsdnApi.dll" CheckResult="-1" Descr="" LegalCopyright="© Panda 2008" UsedBy="2200" Hidden="-1" Size="230656" Attr="rsAh" CreateDate="5/2/2009 8:55:09 PM" ChageDate="7/10/2008 3:32:34 PM" MD5="DE156702AE933DAF7637A8B516830116" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Icl_mtr.dll" CheckResult="-1" Descr="Internet Resident Monitor" LegalCopyright="© Panda 2008" UsedBy="2200,1832" Hidden="-1" Size="18224" Attr="rsAh" CreateDate="5/2/2009 8:54:30 PM" ChageDate="5/2/2008 9:46:48 AM" MD5="3CEDDCCA355860E27DB3A9242CFF6C93" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\WPApi.dll" CheckResult="-1" Descr="Internet Resident API @amp; Configuration" LegalCopyright="© Panda 2008" UsedBy="2200,3384,1832,4176" Hidden="-1" Size="173312" Attr="rsAh" CreateDate="5/2/2009 8:54:33 PM" ChageDate="7/3/2008 1:35:44 PM" MD5="66320EA942DCD7FAAB754CC7680AB3E3" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVCIC.DLL" CheckResult="-1" Descr="Panda Interface Manager Communication Client" LegalCopyright="© Panda 2008" UsedBy="2200,1832" Hidden="-1" Size="63232" Attr="rsAh" CreateDate="5/2/2009 8:54:47 PM" ChageDate="6/19/2008 12:59:48 PM" MD5="5A4072C952223AE8FABC3A83FA24109E" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PAVSRVDL.DLL" CheckResult="-1" Descr="On-Access Anti-Malware Communication Provider" LegalCopyright="© Panda 2008" UsedBy="2200" Hidden="-1" Size="66864" Attr="rsAh" CreateDate="5/2/2009 8:54:30 PM" ChageDate="5/14/2008 1:15:06 PM" MD5="644D79FE7523129198CA7F3F18FA694E" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavexcfg.dll" CheckResult="-1" Descr="" LegalCopyright="© Panda 2008" UsedBy="2200" Hidden="-1" Size="124296" Attr="rsAh" CreateDate="5/2/2009 8:54:28 PM" ChageDate="5/14/2008 7:33:22 PM" MD5="DE1632A24C861012565D5180954D3331" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pskalloc.dll" CheckResult="-1" Descr="Anti-malware protection support library" LegalCopyright="© Panda 2008" UsedBy="2200,1832" Hidden="-1" Size="28416" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="7/16/2008 1:27:22 PM" MD5="67BE21F4D87757E9276B9AAA05A120A6" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pskrpc.dll" CheckResult="-1" Descr="Anti-malware protection service library" LegalCopyright="© Panda Software 2008" UsedBy="2200,1832" Hidden="-1" Size="58624" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/26/2008 9:04:52 AM" MD5="BEB4801FAF22D81069CE8D3283B46D9C" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\icl_trf.dll" CheckResult="-1" Descr="Internet resident activity" LegalCopyright="© Panda 2008" UsedBy="2200,1832" Hidden="-1" Size="42288" Attr="rsAh" CreateDate="5/2/2009 8:54:31 PM" ChageDate="5/2/2008 9:46:48 AM" MD5="5714B422AD3B92D906940512812B62E1" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PSCalc.dll" CheckResult="-1" Descr="Panda protection diagnostic" LegalCopyright="© Panda Security 2008" UsedBy="2200" Hidden="-1" Size="30976" Attr="rsAh" CreateDate="5/2/2009 8:55:07 PM" ChageDate="6/27/2008 7:54:54 AM" MD5="7A2E60177F7266A20C2A4FBC5AB075A4" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccL60U.dll" CheckResult="-1" Descr="Symantec Library" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="4076" Hidden="-1" Size="534888" Attr="rsAh" CreateDate="9/6/2007 5:40:32 PM" ChageDate="9/6/2007 5:40:32 PM" MD5="E00E8E9B4CE1BDBCCFFD510E28D6635B" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll" CheckResult="-1" Descr="Symantec Trust Validation Engine" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="4076" Hidden="-1" Size="132456" Attr="rsAh" CreateDate="9/6/2007 5:29:52 PM" ChageDate="9/6/2007 5:29:52 PM" MD5="C354EA5277ADE904BB5BB90F2A6F4640" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccSet.dll" CheckResult="-1" Descr="Symantec Settings Manager Engine" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="4076" Hidden="-1" Size="144744" Attr="rsAh" CreateDate="9/6/2007 5:29:30 PM" ChageDate="9/6/2007 5:29:30 PM" MD5="52C132C500CE833DE3A4E4CACC720118" />
<ITEM File="C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL" CheckResult="-1" Descr="Symantec Alert and Notification" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="4076" Hidden="-1" Size="267624" Attr="rsAh" CreateDate="9/6/2007 5:28:48 PM" ChageDate="9/6/2007 5:28:48 PM" MD5="1586F8DF1522CBF2915EC597572ABD54" />
<ITEM File="C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL" CheckResult="-1" Descr="Symantec Email Proxy" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="4076" Hidden="-1" Size="349544" Attr="rsAh" CreateDate="9/6/2007 5:29:00 PM" ChageDate="9/6/2007 5:29:00 PM" MD5="748D7B9719AA941C4F0C50AAC321EE2A" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\NPC\npcTRAY.dll" CheckResult="-1" Descr="Norton Protection Center NSCTray" LegalCopyright="Copyright (c) 1997-2008 Symantec Corporation" UsedBy="4076" Hidden="-1" Size="142712" Attr="rsAh" CreateDate="7/6/2007 4:24:22 PM" ChageDate="9/22/2008 6:09:22 PM" MD5="89BAE9629CFDB0B6CCD5684D28ECA099" />
<ITEM File="C:\PROGRA~1\NORTON~1\NSWALERT.DLL" CheckResult="-1" Descr="NSW Alert" LegalCopyright="Copyright (c) 2007 Symantec Corporation" UsedBy="4076" Hidden="-1" Size="310656" Attr="rsAh" CreateDate="9/18/2007 12:17:56 PM" ChageDate="9/18/2007 12:17:56 PM" MD5="A37E71913A21D32D33B930A8FB65DD3B" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccSvc.dll" CheckResult="-1" Descr="Symantec ccService Engine" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="4076" Hidden="-1" Size="308584" Attr="rsAh" CreateDate="9/6/2007 5:29:36 PM" ChageDate="9/6/2007 5:29:36 PM" MD5="6FD85B21A1C7C957B2C880B702F6CC33" />
<ITEM File="C:\PROGRA~1\NORTON~1\AlertRes.dll" CheckResult="-1" Descr="Norton SystemWorks Alert Resource" LegalCopyright="Copyright (c) 2007 Symantec Corporation" UsedBy="4076" Hidden="-1" Size="80224" Attr="rsAh" CreateDate="9/18/2007 12:18:58 PM" ChageDate="9/18/2007 12:18:58 PM" MD5="9CCA846A408355A5C5CC881D9F7836E6" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll" CheckResult="-1" Descr="Symantec Settings Manager Event Factory" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="4076" Hidden="-1" Size="71016" Attr="rsAh" CreateDate="9/6/2007 5:29:32 PM" ChageDate="9/6/2007 5:29:32 PM" MD5="BDC3F838A87A5E0C90BD586089C08ABF" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccProSub.dll" CheckResult="-1" Descr="Symantec Proxy Factory" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="4076" Hidden="-1" Size="62824" Attr="rsAh" CreateDate="9/6/2007 5:29:12 PM" ChageDate="9/6/2007 5:29:12 PM" MD5="1E910C71D6A7D77DEF6FCB7B50A72CE1" />
<ITEM File="C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtCli.dll" CheckResult="-1" Descr="Symantec Event Manager Client Side Interface" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="4076" Hidden="-1" Size="218472" Attr="rsAh" CreateDate="9/6/2007 5:30:20 PM" ChageDate="9/6/2007 5:30:20 PM" MD5="3EAABE38E25F9E7A6D2D07AFED02B94C" />
<ITEM File="C:\Program Files\Norton SystemWorks Basic Edition\SWDataCl.dll" CheckResult="-1" Descr="Norton SystemWorks data provider" LegalCopyright="Copyright (c) 2007 Symantec Corporation" UsedBy="4076" Hidden="-1" Size="218464" Attr="rsAh" CreateDate="9/18/2007 12:19:04 PM" ChageDate="9/18/2007 12:19:04 PM" MD5="EB27B1B90D2CAD71ECCF103104F43356" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\NPC\pcStatus.dll" CheckResult="-1" Descr="Norton Protection Center NPC Status Plugin" LegalCopyright="Copyright (c) 1997-2008 Symantec Corporation" UsedBy="4076" Hidden="-1" Size="669048" Attr="rsAh" CreateDate="7/6/2007 4:24:28 PM" ChageDate="9/22/2008 6:09:34 PM" MD5="6BA6077F7548AEC8EF7A63B365FF3E80" />
<ITEM File="C:\PROGRA~1\COMMON~1\SYMANT~1\rcEmlPxy.dll" CheckResult="-1" Descr="Symantec Email Proxy Resources" LegalCopyright="Copyright (c) 2000-2007 Symantec Corporation. All rights reserved." UsedBy="4076" Hidden="-1" Size="14184" Attr="rsAh" CreateDate="9/6/2007 5:30:30 PM" ChageDate="9/6/2007 5:30:30 PM" MD5="E12C06E8AFA77DF2F765D377D8B9EFD2" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\bd6ef85e16d5071c5c18212a522de06f\mscorlib.ni.dll" CheckResult="-1" Descr="Microsoft Common Language Runtime Class Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3244,3980,2432,2884" Hidden="-1" Size="11436032" Attr="rsAh" CreateDate="12/1/2008 8:33:00 PM" ChageDate="12/1/2008 8:33:01 PM" MD5="566F66E2D7026AF75D88373A5A5FEAAE" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5224cbcd6772ec31a8674ef12a56df50\System.ni.dll" CheckResult="-1" Descr=".NET Framework" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3244,3980,2432,2884" Hidden="-1" Size="8310784" Attr="rsAh" CreateDate="12/1/2008 8:33:06 PM" ChageDate="12/1/2008 8:33:06 PM" MD5="D035D7C0F66FBE07731FAFD1A628F5AD" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1b12e4d67d9a3a34fd0a65e95f62f4ec\System.Drawing.ni.dll" CheckResult="-1" Descr=".NET Framework" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3244,3980,2432" Hidden="-1" Size="1667072" Attr="rsAh" CreateDate="12/7/2008 3:58:49 PM" ChageDate="12/7/2008 3:58:49 PM" MD5="FF8BAC3D64486AC12E1B76E2D077F8F6" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1036a2f057d7518e7a106bed4918b864\System.Windows.Forms.ni.dll" CheckResult="-1" Descr=".NET Framework" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3244,3980,2432" Hidden="-1" Size="13193216" Attr="rsAh" CreateDate="12/7/2008 3:58:57 PM" ChageDate="12/7/2008 3:58:57 PM" MD5="0D91CF115A37AA4D5DEC4A03A8B25631" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8a3632f241d817cfbd1c50c006b2d78a\System.Runtime.Remoting.ni.dll" CheckResult="-1" Descr="Microsoft .NET Runtime Object Remoting" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3244,2432" Hidden="-1" Size="815104" Attr="rsAh" CreateDate="2/15/2009 4:02:34 AM" ChageDate="2/15/2009 4:02:34 AM" MD5="B0315FB1964D7279A410B785D6EF14BE" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\124c27a0de08036b2529d6acfbf7aa70\System.Xml.ni.dll" CheckResult="-1" Descr=".NET Framework" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3244,3980,2884" Hidden="-1" Size="5771264" Attr="rsAh" CreateDate="12/7/2008 3:59:10 PM" ChageDate="12/7/2008 3:59:11 PM" MD5="2600AD4F94CE8ABC1557772879B68872" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7e580fdf85fae22ab6c20d3636130213\System.Configuration.ni.dll" CheckResult="-1" Descr="System.Configuration.dll" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3244,3980" Hidden="-1" Size="1011712" Attr="rsAh" CreateDate="2/15/2009 4:02:21 AM" ChageDate="2/15/2009 4:02:21 AM" MD5="A3744D6C9FE082FF5BCBE232BD753EA6" />
<ITEM File="C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3054.18959__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll" CheckResult="-1" Descr="Runtime OverDrive5 Aspect" LegalCopyright="2002-2008" UsedBy="3244" Hidden="-1" Size="65536" Attr="rsAh" CreateDate="12/2/2008 1:42:54 AM" ChageDate="12/2/2008 1:42:54 AM" MD5="373BC9A885B7A8CBD0E569C101F2DCF9" />
<ITEM File="C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3005.17553__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll" CheckResult="-1" Descr="Shared Graphics Caste OverDrive5 Aspect" LegalCopyright="2002-2008" UsedBy="3244" Hidden="-1" Size="57344" Attr="rsAh" CreateDate="12/2/2008 1:42:53 AM" ChageDate="12/2/2008 1:42:53 AM" MD5="937CA1225297D2B29915EA68A1681C1E" />
<ITEM File="C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3054.18921__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll" CheckResult="-1" Descr="Runtime Graphics Caste PowerPlayDPPE Aspect" LegalCopyright="2002-2008" UsedBy="3244" Hidden="-1" Size="45056" Attr="rsAh" CreateDate="12/2/2008 1:42:54 AM" ChageDate="12/2/2008 1:42:54 AM" MD5="02CFD8A2EAA169C9DCAE220F6A649446" />
<ITEM File="C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3005.17556__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll" CheckResult="-1" Descr="Shared Graphics Caste PowerPlayDPPE Aspect" LegalCopyright="2002-2008" UsedBy="3244" Hidden="-1" Size="28672" Attr="rsAh" CreateDate="12/2/2008 1:42:53 AM" ChageDate="12/2/2008 1:42:53 AM" MD5="185D9AF9B0EBCA371079729732FB30D7" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a83ea5c374d018016a35b2c3b38b1b15\System.Web.ni.dll" CheckResult="-1" Descr="System.Web.dll" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3244,2432" Hidden="-1" Size="12521472" Attr="rsAh" CreateDate="2/15/2009 4:02:31 AM" ChageDate="2/15/2009 4:02:31 AM" MD5="652FD1A6BA23580F7FB10EE2CB8C553B" />
<ITEM File="C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3054.18960__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll" CheckResult="-1" Descr="Dashboard Graphics Caste OverDrive5 Aspect" LegalCopyright="2002-2008" UsedBy="3244" Hidden="-1" Size="442368" Attr="rsAh" CreateDate="12/2/2008 1:42:54 AM" ChageDate="12/2/2008 1:42:54 AM" MD5="6E21CF50601DBC18CEA05DDE5339D6D7" />
<ITEM File="C:\Program Files\Dell DataSafe Online\SdbShared.dll" CheckResult="-1" Descr="Shared" LegalCopyright="Copyright © 2007" UsedBy="3980" Hidden="-1" Size="262384" Attr="rsAh" CreateDate="11/3/2008 10:54:00 AM" ChageDate="11/3/2008 10:54:00 AM" MD5="AC8728BDE884517F7A106B4F48268843" />
<ITEM File="C:\Program Files\Dell DataSafe Online\BalloonWindow.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright (c) 2002-2003 by Peter Rilling" UsedBy="3980" Hidden="-1" Size="58608" Attr="rsAh" CreateDate="10/3/2008 10:18:00 AM" ChageDate="10/3/2008 10:18:00 AM" MD5="C4C99EBCF0CA8BABF642CF027D2EF7A6" />
<ITEM File="C:\Program Files\Dell DataSafe Online\SdbUI.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="3980" Hidden="-1" Size="95472" Attr="rsAh" CreateDate="11/3/2008 10:54:00 AM" ChageDate="11/3/2008 10:54:00 AM" MD5="949F8683B91AAEE5B17A7641E26DB15F" />
<ITEM File="C:\Program Files\Dell DataSafe Online\OlbEng.dll" CheckResult="-1" Descr="TODO: @lt;File description@gt;" LegalCopyright="TODO: (c) @lt;Company name@gt;. All rights reserved." UsedBy="3980" Hidden="-1" Size="336624" Attr="rsAh" CreateDate="10/3/2008 10:19:00 AM" ChageDate="10/3/2008 10:19:00 AM" MD5="EB8BE39A5C46046627269DAA479CBA7E" />
<ITEM File="C:\Program Files\Dell DataSafe Online\BuEng.dll" CheckResult="-1" Descr="SwapDrive Backup Engine" LegalCopyright="Copyright © 1996-2008 SwapDrive Inc., All Rights Reserved" UsedBy="3980" Hidden="-1" Size="1647104" Attr="rsAh" CreateDate="7/2/2008 11:44:06 AM" ChageDate="7/2/2008 11:44:06 AM" MD5="B2A31DFEEEA314104B16EA238FF24E26" />
<ITEM File="C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="3980" Hidden="-1" Size="132336" Attr="rsAh" CreateDate="11/3/2008 10:54:00 AM" ChageDate="11/3/2008 10:54:00 AM" MD5="92FD167BF8C1E6217E19C1CD31A0AC96" />
<ITEM File="C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\95029675dbfd764449877c306287434f\System.Web.Services.ni.dll" CheckResult="-1" Descr=".NET Framework" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3980" Hidden="-1" Size="1986560" Attr="rsAh" CreateDate="2/15/2009 4:02:36 AM" ChageDate="2/15/2009 4:02:36 AM" MD5="01F0408FD40D4D3672BF87DC1C96AF20" />
<ITEM File="C:\Program Files\Dell DataSafe Online\cpputils.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="3980,1636" Hidden="-1" Size="17648" Attr="rsAh" CreateDate="11/3/2008 10:54:00 AM" ChageDate="11/3/2008 10:54:00 AM" MD5="6FDA72F9A72C4E03F93085A097DC39A3" />
<ITEM File="C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_ENU.dll" CheckResult="-1" Descr="Event Monitor User Notification Tool" LegalCopyright="Copyright(C) Intel Corporation 2003-2007" UsedBy="3232" Hidden="-1" Size="69632" Attr="rsAh" CreateDate="12/2/2008 1:40:29 AM" ChageDate="10/3/2007 3:39:56 PM" MD5="47373897D92B005F6EA8BE6D5ADF5F29" />
<ITEM File="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\AUTOPL~1.DLL" CheckResult="-1" Descr="PhotoShow Deluxe AutoPlay2 Cancel" LegalCopyright="Copyright © 2003 Simple Star, Inc." UsedBy="4008" Hidden="-1" Size="106496" Attr="rsAh" CreateDate="2/13/2009 6:10:35 PM" ChageDate="11/17/2004 4:29:08 PM" MD5="39D6AAB3C10DB1ACDCE66A64EA3F2B7C" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\pskas.dll" CheckResult="-1" Descr="Anti-malware protection access library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="70912" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="7/2/2008 2:28:56 PM" MD5="689223217619030650E9367C25ABCAD3" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\pskutil.dll" CheckResult="-1" Descr="Anti-Malware Protection support library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="84736" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/25/2008 4:42:00 PM" MD5="5633F45BC1D4A871CD7EAE0CBA20F77F" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\pskvfile.dll" CheckResult="-1" Descr="Anti-malware protection support library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="20736" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/26/2008 9:13:24 AM" MD5="FAB2E88C2FEEE6B3366900338C7D2CCF" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Pavpop3.dll" CheckResult="-1" Descr="Plugin POP3" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="91440" Attr="rsAh" CreateDate="5/2/2009 8:54:32 PM" ChageDate="5/2/2008 9:46:52 AM" MD5="4DC79FE04C140845A891431792FD5F4C" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavAmw.dll" CheckResult="-1" Descr="Plugin Antimalware" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="185600" Attr="rsAh" CreateDate="5/2/2009 8:54:31 PM" ChageDate="7/14/2008 1:56:42 PM" MD5="F5E22BC93C336464D858F78AB44506C4" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavMiCli.dll" CheckResult="-1" Descr="PavMiCli" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="91392" Attr="rsAh" CreateDate="5/2/2009 8:54:32 PM" ChageDate="7/17/2008 5:32:16 PM" MD5="A845D4A52A6950A6DB8AE6752820F867" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\PSSARF.dll" CheckResult="-1" Descr="Anti-Malware Protection Service Library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="54528" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/26/2008 3:17:26 PM" MD5="093D7AF4225C2914BF112C41750D91E3" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\pssuts.dll" CheckResult="-1" Descr="Anti-Malware Protection Service Library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="58112" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/26/2008 3:17:00 PM" MD5="17833F190C0CDBA2CACAAB08428C83DD" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavSInet.dll" CheckResult="-1" Descr="PavSInet Dynamic Link Library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="50432" Attr="rsAh" CreateDate="5/2/2009 8:54:41 PM" ChageDate="6/18/2008 6:03:26 PM" MD5="98DC04C862E3FCBCD187174D74E446D7" />
<ITEM File="C:\Windows\system32\pavipc.dll" CheckResult="-1" Descr="PavIpc Dynamic Link Library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="55552" Attr="rsAh" CreateDate="5/2/2009 8:54:45 PM" ChageDate="6/18/2008 6:03:20 PM" MD5="E166C643B59C376A11BE7D5A75F5923E" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavSmtp.dll" CheckResult="-1" Descr="Plugin SMTP" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="91392" Attr="rsAh" CreateDate="5/2/2009 8:54:32 PM" ChageDate="6/27/2008 2:13:14 PM" MD5="7CE3EC833579540A952503805A159C14" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavNntp.dll" CheckResult="-1" Descr="Plugin NNTP" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="91440" Attr="rsAh" CreateDate="5/2/2009 8:54:32 PM" ChageDate="5/2/2008 9:46:52 AM" MD5="CA9EE8728677E362BA84891E89D74DF8" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavHttp.dll" CheckResult="-1" Descr="Plugin HTTP" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="152832" Attr="rsAh" CreateDate="5/2/2009 8:54:32 PM" ChageDate="7/2/2008 2:45:38 PM" MD5="F57C0438A61FC63FD7E796C5759D9C28" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavWMAIL.dll" CheckResult="-1" Descr="Plugin Webmail" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="181552" Attr="rsAh" CreateDate="5/2/2009 8:54:33 PM" ChageDate="5/2/2008 9:46:54 AM" MD5="F992BC758E0407042903DF78F026E084" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavTftp.dll" CheckResult="-1" Descr="Plugin TFTP" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="79152" Attr="rsAh" CreateDate="5/2/2009 8:54:32 PM" ChageDate="5/2/2008 9:46:54 AM" MD5="221B5FB8117DF9DC31A1BDD3D8F992EF" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFtp.dll" CheckResult="-1" Descr="Plugin FTP" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="91392" Attr="rsAh" CreateDate="5/2/2009 8:54:31 PM" ChageDate="7/15/2008 12:27:02 PM" MD5="3C8045E4BBE8A1C6A69F45136EACBA2A" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\pskvfs.dll" CheckResult="-1" Descr="Anti-malware protection service library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="78080" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="7/7/2008 9:58:28 AM" MD5="C5E5F45D4E7B8A3E06F31A737B790281" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\PSKCMP.dll" CheckResult="-1" Descr="Anti-malware protection support library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="447744" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/25/2008 4:39:22 PM" MD5="2D218274939E272E56B064D1FDE12B11" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\PSKPACK.DLL" CheckResult="-1" Descr="Anti-malware protection support library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="40192" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/25/2008 4:40:58 PM" MD5="F5E3158C8FFFC9BBB914BF1030CCE42C" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\PSKVM.DLL" CheckResult="-1" Descr="Anti-malware protection service library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="187136" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/26/2008 9:06:30 AM" MD5="752F9D6C5DFEB697A7DBAAAEA009F7D6" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\PSKHTML.dll" CheckResult="-1" Descr="Anti-malware protection support library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="218368" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/26/2008 9:03:16 AM" MD5="820044F9205565D20E0017916BA54CEE" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\vplatdis.dll" CheckResult="-1" Descr="VPLATDIS" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="152832" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="7/17/2008 3:28:06 PM" MD5="B0BD7C1808C423EFDF24A445865A9478" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\pskfss.dll" CheckResult="-1" Descr="Anti-malware protection service" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="103680" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="7/2/2008 2:19:22 PM" MD5="191E4455B92F5C27E4F584B686B39838" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\pskufts.dll" CheckResult="-1" Descr="Anti-malware protection service library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="24832" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/25/2008 4:44:24 PM" MD5="04D08083D4EC096B4551C2648F9F179B" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\PutXML.dll" CheckResult="-1" Descr="Anti-malware protection service library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="213760" Attr="rsAh" CreateDate="5/2/2009 8:55:58 PM" ChageDate="6/18/2008 5:49:06 PM" MD5="CCFA56DF0064A37D3F979029C43FB385" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\pskads.dll" CheckResult="-1" Descr="Anti-malware protection service library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="34560" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="7/2/2008 2:23:26 PM" MD5="C736519E8ABBA45559D94B472E09AC7A" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\pskmdfs.dll" CheckResult="-1" Descr="Anti-malware protection service library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="20736" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="7/2/2008 2:26:44 PM" MD5="E97D91B446F43C0C67ED64C8C67542E7" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\pskavs.dll" CheckResult="-1" Descr="Anti-Malware Protection Service Library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="239872" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="7/17/2008 5:12:08 PM" MD5="9FF79DBF4704C19F8D812A14F7A091E2" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\pskmfs.dll" CheckResult="-1" Descr="Anti-malware protection service library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="54528" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="7/7/2008 2:09:08 PM" MD5="9A8342EA2A4A32E3F5498F2B0898C4BA" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavCntrs.dll" CheckResult="-1" Descr="Panda Counters Module" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="91392" Attr="rsAh" CreateDate="5/2/2009 8:55:46 PM" ChageDate="6/25/2008 12:33:36 PM" MD5="A4022BF0387CF6AFD3E00D8FE6E57EAB" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\putstr.dll" CheckResult="-1" Descr="Panda Utilities System" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="27392" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/18/2008 5:42:02 PM" MD5="E10C70E138EC4F95D2C2452BCE6825A7" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\memvfile.dll" CheckResult="-1" Descr="Anti-malware protection access library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="9984" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/26/2008 1:42:50 PM" MD5="C39FD155863450F542B2B6F7D01B6059" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\pskahk.dll" CheckResult="-1" Descr="Anti-malware protection service library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="2196736" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/25/2008 4:49:56 PM" MD5="277AAAAA855F6451DC0030074A58AF9C" />
<ITEM File="C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\pskscs.dll" CheckResult="-1" Descr="Anti-malware protection service library" LegalCopyright="© Panda 2008" UsedBy="1832" Hidden="-1" Size="258304" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="7/11/2008 4:30:22 PM" MD5="07212908AE84699ED7A47B62A40A0DAB" />
<ITEM File="C:\Program Files\XPSMiniViewGadget\chartdir41.dll" CheckResult="-1" Descr="ChartDirector DLL" LegalCopyright="Advanced Software Engineering © 2006" UsedBy="4176" Hidden="-1" Size="1822720" Attr="RsAh" CreateDate="4/6/2007 1:06:20 PM" ChageDate="4/6/2007 1:06:20 PM" MD5="AD27AD0F0B1429B6B45E925B5AAA1176" />
</DLL>
- <KERNELOBJ>
<ITEM File="C:\Windows\System32\Drivers\ak70atta.SYS" CheckResult="-1" Base="8DD86000" MemSize="036000" Descr="ATAPI IDE Miniport Driver" LegalCopyright="© Microsoft Corporation. All rights reserved." />
<ITEM File="C:\Windows\system32\DRIVERS\amm8660.sys" CheckResult="-1" Base="8F06A000" MemSize="010000" Descr="Panda Anti-Malware File System Minifilter" LegalCopyright="© Panda 2008" Size="49208" Attr="rsAh" CreateDate="5/2/2009 8:56:00 PM" ChageDate="2/13/2008 10:14:02 PM" MD5="B57D8F7749DA70078C43C756BAA7F419" />
<ITEM File="C:\Windows\system32\drivers\av5flt.sys" CheckResult="-1" Base="A1526000" MemSize="017000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\System32\Drivers\dump_iaStor.sys" CheckResult="-1" Base="8F0C9000" MemSize="0C8000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\system32\drivers\mfehidk.sys" CheckResult="-1" Base="8EDCC000" MemSize="033000" Descr="Host Intrusion Detection Link Driver" LegalCopyright="Copyright© 1995-2008 McAfee, Inc. All Rights Reserved." Size="214024" Attr="rsAh" CreateDate="12/2/2008 1:49:24 AM" ChageDate="3/25/2009 11:06:28 AM" MD5="F817BFCA67475CF04925ECE4FCF9C3C0" />
<ITEM File="C:\Windows\system32\PavSRK.sys" CheckResult="-1" Base="8EA00000" MemSize="008000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\system32\PavTPK.sys" CheckResult="-1" Base="8F07A000" MemSize="00C000" Descr="" LegalCopyright="" />
<ITEM File="C:\Windows\system32\drivers\PCTCore.sys" CheckResult="-1" Base="8A17A000" MemSize="023000" Descr="PC Tools KDS Core Driver" LegalCopyright="Copyright (c) 2008 PC Tools. All rights reserved." Size="130936" Attr="rsAh" CreateDate="5/4/2009 10:09:01 PM" ChageDate="4/3/2009 11:18:26 AM" MD5="AA9CFA67850893FBB168B9C4E4C86952" />
<ITEM File="C:\Windows\System32\Drivers\spof.sys" CheckResult="-1" Base="80693000" MemSize="100000" Descr="" LegalCopyright="" />
</KERNELOBJ>
icenola
 
Posts: 12
Joined: Thu May 07, 2009 3:15 am
Top

Re: DNSchanger Trojan (Vista OS)

Postby icenola » Wed May 13, 2009 1:10 am

- <Service>
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" Name="ccEvtMgr" CheckResult="-1" Type="32" State="4" Size="108392" Attr="rsAh" CreateDate="9/6/2007 5:29:46 PM" ChageDate="9/6/2007 5:29:46 PM" MD5="D1C87CD3BD90EE509D1BF3973C7D5B0A" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" Name="ccSetMgr" CheckResult="-1" Type="32" State="4" Size="108392" Attr="rsAh" CreateDate="9/6/2007 5:29:46 PM" ChageDate="9/6/2007 5:29:46 PM" MD5="D1C87CD3BD90EE509D1BF3973C7D5B0A" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" Name="CLTNetCnService" CheckResult="-1" Type="32" State="4" Size="108392" Attr="rsAh" CreateDate="9/6/2007 5:29:46 PM" ChageDate="9/6/2007 5:29:46 PM" MD5="D1C87CD3BD90EE509D1BF3973C7D5B0A" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe" Name="Panda Software Controller" CheckResult="-1" Type="16" State="4" Size="181504" Attr="rsAh" CreateDate="5/2/2009 8:55:47 PM" ChageDate="7/16/2008 2:45:20 PM" MD5="F3B754B54BB737FD2C904BD4411217CC" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe" Name="PAVFNSVR" CheckResult="-1" Type="272" State="4" Size="169216" Attr="rsAh" CreateDate="5/2/2009 8:54:43 PM" ChageDate="7/10/2008 12:02:00 PM" MD5="4A7D3F1D86617F0A5A6B241C4A777794" />
<ITEM File="C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe" Name="PavPrSrv" CheckResult="-1" Type="16" State="4" Size="62768" Attr="RsAh" CreateDate="5/2/2009 8:51:31 PM" ChageDate="2/4/2008 10:26:48 AM" MD5="2AE3F6B23448443BBEF5DE207159213B" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrvx86.exe" Name="PAVSRV" CheckResult="-1" Type="272" State="4" Size="290048" Attr="rsAh" CreateDate="5/2/2009 8:54:30 PM" ChageDate="7/4/2008 2:28:34 PM" MD5="9137CEEF24399B33E7E912CC5C35D0E9" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE" Name="PSHost" CheckResult="-1" Type="16" State="4" Size="226608" Attr="rsAh" CreateDate="5/2/2009 8:54:36 PM" ChageDate="6/12/2008 3:31:40 PM" MD5="EF3F6137900022FDA04967669821BFC8" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\psimsvc.exe" Name="PSIMSVC" CheckResult="-1" Type="272" State="4" Size="108288" Attr="rsAh" CreateDate="5/2/2009 8:54:48 PM" ChageDate="6/19/2008 12:59:50 PM" MD5="196C450F2779D0B462C444DA4906EA7F" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe" Name="PskSvcRetail" CheckResult="-1" Type="16" State="4" Size="28928" Attr="rsAh" CreateDate="5/2/2009 8:55:57 PM" ChageDate="6/25/2008 4:43:08 PM" MD5="F1B9981E2E6AF1A6030CB49EF4FDC513" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe" Name="TPSrv" CheckResult="-1" Type="16" State="4" Size="157440" Attr="rsAh" CreateDate="5/2/2009 8:54:45 PM" ChageDate="7/17/2008 1:35:58 PM" MD5="89AE68D19C3FE4B1E4FAA79FDB6B5E10" />
<ITEM File="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" Name="AOL ACS" CheckResult="-1" Type="272" State="1" Size="46640" Attr="RsAh" CreateDate="10/23/2006 7:50:35 AM" ChageDate="10/23/2006 7:50:35 AM" MD5="85180CF88C5EBAD73B452A43A004CA51" />
<ITEM File="C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Name="GoToAssist" CheckResult="-1" Type="16" State="1" Size="16680" Attr="rsAh" CreateDate="12/2/2008 2:01:25 AM" ChageDate="12/2/2008 1:57:39 AM" MD5="D3316F6E3C011435F36E3D6E49B3196C" />
<ITEM File="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" Name="RoxLiveShare10" CheckResult="-1" Type="272" State="1" Size="309744" Attr="rsAh" CreateDate="5/14/2008 10:32:18 AM" ChageDate="5/14/2008 10:32:18 AM" MD5="FDED778DAF09235E4580F1B9046946B6" />
<ITEM File="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" Name="RoxMediaDB10" CheckResult="-1" Type="272" State="1" Size="1120752" Attr="rsAh" CreateDate="5/14/2008 10:31:38 AM" ChageDate="5/14/2008 10:31:38 AM" MD5="E054A2CAF0E2A55C9AAC0BF1CCC558A5" />
<ITEM File="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" Name="RoxWatch10" CheckResult="-1" Type="272" State="1" Size="166384" Attr="rsAh" CreateDate="5/14/2008 10:32:10 AM" ChageDate="5/14/2008 10:32:10 AM" MD5="C75FDA9AB3314E555123673E08F9D86D" />
<ITEM File="C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe" Name="SessionLauncher" CheckResult="-1" Type="272" State="1" />
<ITEM File="C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" Name="stllssvr" CheckResult="-1" Type="16" State="1" Size="74384" Attr="RsAh" CreateDate="3/24/2008 7:35:22 AM" ChageDate="3/24/2008 7:35:22 AM" MD5="1D0063597C3666404FCF97698ABEB019" />
</Service>
- <Drivers>
<ITEM File="C:\Windows\system32\DRIVERS\amm8660.sys" Name="AmFSM" CheckResult="-1" Type="2" State="4" Size="49208" Attr="rsAh" CreateDate="5/2/2009 8:56:00 PM" ChageDate="2/13/2008 10:14:02 PM" MD5="B57D8F7749DA70078C43C756BAA7F419" />
<ITEM File="C:\Windows\system32\drivers\av5flt.sys" Name="AvFlt" CheckResult="-1" Type="2" State="4" />
<ITEM File="C:\Windows\system32\drivers\mfehidk.sys" Name="mfehidk" CheckResult="-1" Type="1" State="4" Size="214024" Attr="rsAh" CreateDate="12/2/2008 1:49:24 AM" ChageDate="3/25/2009 11:06:28 AM" MD5="F817BFCA67475CF04925ECE4FCF9C3C0" />
<ITEM File="C:\Windows\system32\drivers\PCTCore.sys" Name="PCTCore" CheckResult="-1" Type="2" State="4" Size="130936" Attr="rsAh" CreateDate="5/4/2009 10:09:01 PM" ChageDate="4/3/2009 11:18:26 AM" MD5="AA9CFA67850893FBB168B9C4E4C86952" />
<ITEM File="C:\Windows\System32\Drivers\sptd.sys" Name="sptd" CheckResult="-1" Type="1" State="4" Size="717296" Attr="rsAh" CreateDate="12/26/2008 3:45:53 PM" ChageDate="12/26/2008 3:45:53 PM" MD5="" />
<ITEM File="C:\Windows\system32\drivers\InCDFs.sys" Name="InCDFs" CheckResult="-1" Type="2" State="1" />
<ITEM File="C:\Windows\system32\drivers\InCDPass.sys" Name="InCDPass" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\drivers\InCDRm.sys" Name="InCDRm" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\ipinip.sys" Name="IpInIp" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\drivers\mfeavfk.sys" Name="mfeavfk" CheckResult="-1" Type="1" State="1" Size="79880" Attr="rsAh" CreateDate="12/2/2008 1:49:24 AM" ChageDate="3/25/2009 11:06:28 AM" MD5="26653763D99EA717FC9E069F6BE6771E" />
<ITEM File="C:\Windows\system32\drivers\mfebopk.sys" Name="mfebopk" CheckResult="-1" Type="1" State="1" Size="35272" Attr="rsAh" CreateDate="12/2/2008 1:49:24 AM" ChageDate="3/25/2009 11:06:28 AM" MD5="E65CE1279F2C1FD9BD81184CEB7F5468" />
<ITEM File="C:\Windows\system32\drivers\mferkdk.sys" Name="mferkdk" CheckResult="-1" Type="1" State="1" Size="34216" Attr="rsAh" CreateDate="12/2/2008 1:49:24 AM" ChageDate="3/25/2009 11:05:54 AM" MD5="FE03BE0B990983A08A33389C00636175" />
<ITEM File="C:\Windows\system32\drivers\mfesmfk.sys" Name="mfesmfk" CheckResult="-1" Type="1" State="1" Size="40552" Attr="rsAh" CreateDate="12/2/2008 1:49:24 AM" ChageDate="3/25/2009 11:06:30 AM" MD5="9C73ACA963AD8883B9FC44B410E70B71" />
<ITEM File="C:\Windows\system32\Drivers\iqvw32.sys" Name="NAL" CheckResult="-1" Type="1" State="1" Size="30816" Attr="rsAh" CreateDate="11/26/2008 8:20:38 PM" ChageDate="11/26/2008 8:20:38 PM" MD5="D02734423B59B3AC14CDFE91E9665FF0" />
<ITEM File="C:\Windows\system32\DRIVERS\nwlnkflt.sys" Name="NwlnkFlt" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\DRIVERS\nwlnkfwd.sys" Name="NwlnkFwd" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\PavSRK.sys" Name="PavSRK.sys" CheckResult="-1" Type="1" State="1" />
<ITEM File="C:\Windows\system32\PavTPK.sys" Name="PavTPK.sys" CheckResult="-1" Type="1" State="1" />
</Drivers>
- <AUTORUN>
<ITEM File="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" CheckResult="-1" Enabled="1" Type="REG" Size="212992" Attr="rsAh" CreateDate="2/13/2009 6:10:37 PM" ChageDate="2/25/2005 7:28:03 PM" MD5="917BAFA5FC295611A401692F56DA7829" X1="HKEY_CURRENT_USER" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="PhotoShow Deluxe Media Manager" />
<ITEM File="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" CheckResult="-1" Enabled="1" Type="REG" Size="177472" Attr="rsAh" CreateDate="2/6/2009 5:27:40 PM" ChageDate="2/6/2009 5:27:40 PM" MD5="3C9C9DE765412F8CB483F115EE34B05D" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="AppleSyncNotifier" />
<ITEM File="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" CheckResult="-1" Enabled="1" Type="REG" Size="115560" Attr="rsAh" CreateDate="9/6/2007 5:30:18 PM" ChageDate="9/6/2007 5:30:18 PM" MD5="885BC61E68D9A6616761CBC13F1BDCAC" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="ccApp" />
<ITEM File="C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" CheckResult="-1" Enabled="1" Type="REG" Size="1745648" Attr="rsAh" CreateDate="11/3/2008 10:54:00 AM" ChageDate="11/3/2008 10:54:00 AM" MD5="14D1A292A9F0613BF8A432AD89222A31" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="Dell DataSafe Online" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" CheckResult="-1" Enabled="1" Type="REG" Size="857344" Attr="rsAh" CreateDate="5/2/2009 8:54:54 PM" ChageDate="7/16/2008 9:08:10 PM" MD5="F71DBC60AEF4D8A1BCE2FBA0E9319062" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="APVXDWIN" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe" CheckResult="-1" Enabled="1" Type="REG" Size="50432" Attr="rsAh" CreateDate="5/2/2009 8:55:50 PM" ChageDate="7/7/2008 2:43:56 PM" MD5="9213312BDBB142A1806ED67BFBB73BF3" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="SCANINICIO" />
<ITEM File="rdpclip" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd" X3="StartupPrograms" />
</AUTORUN>
- <BHO>
<ITEM File="C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{02478D38-C3F9-4efb-9B51-7695ECA05670}" Descr="Yahoo! Toolbar" LegalCopyright="(c) Yahoo! Inc. All rights reserved." Size="882416" Attr="rsAh" CreateDate="7/28/2008 5:47:40 AM" ChageDate="7/28/2008 5:47:40 AM" MD5="6A2E0E49A4F2A9DF3E6293E37E7486BD" />
<ITEM File="C:\Program Files\AOL Toolbar\aoltb.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}" Descr="AOL IE Toolbar Dynamic Link Library" LegalCopyright="© 2008 AOL LLC. All rights reserved." Size="1275232" Attr="rsAh" CreateDate="7/7/2008 3:36:06 PM" ChageDate="7/7/2008 3:36:06 PM" MD5="E9DAD7B441AEE9FC6A8C6D456EE17207" />
<ITEM File="C:\Program Files\Dell\BAE\BAE.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{CA6319C0-31B7-401E-A518-A07C3DB8F777}" Descr="BAE.dll" LegalCopyright="(c) 2006. Dell Inc. All rights reserved." Size="98304" Attr="rsAh" CreateDate="11/9/2006 9:56:48 AM" ChageDate="11/9/2006 9:56:48 AM" MD5="1A4F60EF6DA38621F1091B0CB0FA2C09" />
<ITEM File="C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" Descr="Yahoo! Single Instance for Mail" LegalCopyright="(c) Yahoo! Inc. All rights reserved." Size="160496" Attr="rsAh" CreateDate="7/28/2008 5:47:42 AM" ChageDate="7/28/2008 5:47:42 AM" MD5="F64C4241FE5E519F62C47C361DC671D7" />
<ITEM File="C:\Program Files\AOL Toolbar\aoltb.dll" CheckResult="-1" Enabled="1" BHOType="2" RegKey="SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{DE9C389F-3316-41A7-809B-AA305ED9D922}" Descr="AOL IE Toolbar Dynamic Link Library" LegalCopyright="© 2008 AOL LLC. All rights reserved." Size="1275232" Attr="rsAh" CreateDate="7/7/2008 3:36:06 PM" ChageDate="7/7/2008 3:36:06 PM" MD5="E9DAD7B441AEE9FC6A8C6D456EE17207" />
<ITEM File="C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll" CheckResult="-1" Enabled="1" BHOType="2" RegKey="SOFTWARE\Microsoft\Internet Explorer\Toolbar" CLSID="{EF99BD32-C1FB-11D2-892F-0090271D4F88}" Descr="Yahoo! Toolbar" LegalCopyright="(c) Yahoo! Inc. All rights reserved." Size="882416" Attr="rsAh" CreateDate="7/28/2008 5:47:40 AM" ChageDate="7/28/2008 5:47:40 AM" MD5="6A2E0E49A4F2A9DF3E6293E37E7486BD" />
<ITEM File="/C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="{320AF880-6646-11D3-ABEE-C5DBF3571F46}" Descr="" LegalCopyright="" />
<ITEM File="/C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="{320AF880-6646-11D3-ABEE-C5DBF3571F49}" Descr="" LegalCopyright="" />
<ITEM File="C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="{5E638779-1818-4754-A595-EF1C63B87A56}" Descr="" LegalCopyright="" Size="935" Attr="rsAh" CreateDate="12/8/2008 1:21:38 AM" ChageDate="12/8/2008 1:21:38 AM" MD5="53D469A86AC54F87EA405EE650956065" />
<ITEM File="/C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="{724d43aa-0d85-11d4-9908-00400523e39a}" Descr="" LegalCopyright="" />
</BHO>
- <ExplorerExt>
<ITEM File="%CommonProgramFiles%\System\Ole DB\oledb32.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Data Link" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="lnkfile" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00020d75-0000-0000-c000-000000000046}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Color Control Panel Applet" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{b2c761c6-29bc-4f19-9251-e6195265baf1}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Add New Hardware" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A979262-40CE-46ff-AEEE-7884AC3B6136}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Get Programs Online" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3e7efb4c-faf1-453d-89eb-56026875ef90}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Taskbar and Start Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="ActiveDirectory Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{1b24a030-9b20-49bc-97ac-1be4426f9e59}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="ActiveDirectory Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{34449847-FD14-4fc8-A75A-7432F5181EFB}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Sam Account Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{C8494E42-ACDD-4739-B0FB-217361E4894F}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Sam Account Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E29F9716-5C08-4FCD-955A-119FDB5A522D}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Control Panel command object for Start menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Default Programs command object for Start menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E44E5D18-0652-4508-A4E2-8A090067BCB0}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Folder Options" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{6dfd7c5c-2451-11d3-a299-00c04f8ef6af}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Explorer Query Band" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2C2577C2-63A7-40e3-9B7F-586602617ECB}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="View Available Networks" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\System\wab32.dll" CheckResult="-1" Enabled="1" ExtName="Windows Contact Preview Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{13D3C4B8-B179-4ebb-BF62-F704173E7448}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Contacts folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\System\wab32.dll" CheckResult="-1" Enabled="1" ExtName=".group shell extension handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{4F58F63F-244B-4c07-B29F-210BE59BE9B4}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\System\wab32.dll" CheckResult="-1" Enabled="1" ExtName=".contact shell extension handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{8082C5E6-4C27-48ec-A809-B8E1122E8F97}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\System\wab32.dll" CheckResult="-1" Enabled="1" ExtName="group_wab_auto_file" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{16C2C29D-0E5F-45f3-A445-03E03F587B7D}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\System\wab32.dll" CheckResult="-1" Enabled="1" ExtName="contact_wab_auto_file" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{CF67796C-F57F-45F8-92FB-AD698826C602}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Windows Firewall" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{4026492f-2f69-46b8-b9bf-5654fc07e423}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Problem Reports and Solutions" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{fcfeecae-ee1b-4849-ae50-685dcf7717ec}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="iSCSI Initiator" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{a304259d-52b8-4526-8b1a-a1d6cecc8243}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName=".cab or .zip files" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{911051fa-c21c-4246-b470-070cd8df6dc4}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Windows Search Shell Service" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{da67b8ad-e81b-4c70-9b91b417b5e33527}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Microsoft.ScannersAndCameras" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3}" Descr="" LegalCopyright="" />
<ITEM File="@quot;C:\Windows\System32\rundll32.exe@quot; @quot;C:\Program Files\\Windows Photo Gallery\PhotoViewer.dll@quot;,ImageView_COMServer {9D687A4C-1404-41ef-A089-883B6FBECDE6}" CheckResult="-1" Enabled="1" ExtName="Windows Photo Gallery Viewer Autoplay Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{9D687A4C-1404-41ef-A089-883B6FBECDE6}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Windows Sidebar Properties" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{37efd44d-ef8d-41b1-940d-96973a50e9e0}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Windows Features" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{67718415-c450-4f3c-bf8a-b487642dc39b}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Windows Defender" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{d8559eb9-20c0-410e-beda-7ed416aecc2a}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Mobility Center Control Panel" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{5ea4f148-308c-46d7-98a9-49041b1dd468}" Descr="" LegalCopyright="" />
<ITEM File="%CommonProgramFiles%\microsoft shared\ink\TipBand.dll" CheckResult="-1" Enabled="1" ExtName="Tablet PC Input Panel" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{15D633E2-AD00-465b-9EC7-F56B7CDF8E27}" Descr="" LegalCopyright="" />
<ITEM File="@quot;C:\Program Files\\Windows Media Player\wmprph.exe@quot;" CheckResult="-1" Enabled="1" ExtName="Windows Media Player Rich Preview Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{031EE060-67BC-460d-8847-E4A7C5E45A27}" Descr="" LegalCopyright="" />
<ITEM File="" CheckResult="-1" Enabled="1" ExtName="User Accounts" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" Descr="" LegalCopyright="" />
<ITEM File="C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavOLE.dll" CheckResult="-1" Enabled="1" ExtName="Panda Antivirus" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{65756541-C65C-11CD-0000-4B656E696100}" Descr="PAVOLE" LegalCopyright="© Panda 2008" Size="140544" Attr="rsAh" CreateDate="5/2/2009 8:55:46 PM" ChageDate="7/3/2008 5:55:10 PM" MD5="DA4827514EF4F07C36D04E6AD1C2B32E" />
</ExplorerExt>
<PrintEXT />
<TaskScheduler />
- <DPF>
<ITEM File="C:\Windows\DOWNLO~1\NEROVE~1.OCX" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{680285A8-96D3-43DA-9D3D-51DD987D0B77}" CodeBase="http://www.nero.com/doc/NeroVersionCheckerControl.cab" Descr="Nero VersionChecker ActiveX Control Module" LegalCopyright="Copyright (C) 2008 Nero AG and its licensors" Size="54568" Attr="rsAh" CreateDate="7/14/2008 2:20:32 PM" ChageDate="7/14/2008 2:20:32 PM" MD5="350DEBAAEC890CCDFA6AC6185FA6A047" />
<ITEM File="C:\Windows\Downloaded Program Files\ActiveX_ATL_Lexmark.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{C52439A0-2693-4E40-B141-9F9AD5257241}" CodeBase="https://ediagnostics.lexmark.com/serval.cab" Descr="Lexmark eDiagnostics ActiveX" LegalCopyright="Copyright 2006" Size="126976" Attr="rsAh" CreateDate="8/11/2006 5:01:04 PM" ChageDate="8/11/2006 5:01:04 PM" MD5="1E64297E91B1A30A4C0398775DD5AC18" />
</DPF>
<CPL />
<ActiveSetup />
- <HOSTS>
<ITEM Line="127.0.0.1 localhost" />
<ITEM Line="::1 localhost" />
</HOSTS>
<SuspFiles />
- <RK_UM>
<ITEM DLL="kernel32.dll" FNaim="CopyFileExW" FIndx="99" HookPtr="76A7BFA1" HookType="2" />
<ITEM DLL="kernel32.dll" FNaim="CreateFileMappingA" FIndx="122" HookPtr="76A99366" HookType="2" />
<ITEM DLL="kernel32.dll" FNaim="CreateFileMappingW" FIndx="125" HookPtr="76A922E8" HookType="2" />
<ITEM DLL="kernel32.dll" FNaim="CreateRemoteThread" FIndx="153" HookPtr="76AB46EF" HookType="2" />
<ITEM DLL="kernel32.dll" FNaim="MoveFileWithProgressW" FIndx="797" HookPtr="76A9104C" HookType="2" />
<ITEM DLL="kernel32.dll" FNaim="TerminateProcess" FIndx="1080" HookPtr="76A718EF" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtClose" FIndx="205" HookPtr="77CF7F48" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtCreateFile" FIndx="221" HookPtr="77CF8008" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtCreateKey" FIndx="225" HookPtr="77CF8048" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtDeleteFile" FIndx="257" HookPtr="77CF83E8" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtDeleteKey" FIndx="258" HookPtr="77CF83F8" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtDeleteValueKey" FIndx="261" HookPtr="77CF8428" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtDuplicateObject" FIndx="264" HookPtr="77CF8458" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtEnumerateKey" FIndx="268" HookPtr="77CF8498" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtEnumerateValueKey" FIndx="271" HookPtr="77CF84C8" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtLoadDriver" FIndx="308" HookPtr="77CF8698" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtOpenFile" FIndx="331" HookPtr="77CF87E8" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtQueryMultipleValueKey" FIndx="396" HookPtr="77CF8AF8" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtQueryValueKey" FIndx="414" HookPtr="77CF8C08" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtReadFile" FIndx="420" HookPtr="77CF8C68" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtSetContextThread" FIndx="465" HookPtr="77CF8E58" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtSetInformationFile" FIndx="478" HookPtr="77CF8F18" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtSetValueKey" FIndx="505" HookPtr="77CF9088" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtUnloadKey" FIndx="526" HookPtr="77CF91B8" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtWriteFile" FIndx="542" HookPtr="77CF9278" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="NtWriteVirtualMemory" FIndx="545" HookPtr="77CF92A8" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwClose" FIndx="1344" HookPtr="77CF7F48" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwCreateFile" FIndx="1360" HookPtr="77CF8008" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwCreateKey" FIndx="1364" HookPtr="77CF8048" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwDeleteFile" FIndx="1395" HookPtr="77CF83E8" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwDeleteKey" FIndx="1396" HookPtr="77CF83F8" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwDeleteValueKey" FIndx="1399" HookPtr="77CF8428" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwDuplicateObject" FIndx="1402" HookPtr="77CF8458" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwEnumerateKey" FIndx="1406" HookPtr="77CF8498" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwEnumerateValueKey" FIndx="1409" HookPtr="77CF84C8" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwLoadDriver" FIndx="1445" HookPtr="77CF8698" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwOpenFile" FIndx="1468" HookPtr="77CF87E8" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwQueryMultipleValueKey" FIndx="1533" HookPtr="77CF8AF8" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwQueryValueKey" FIndx="1551" HookPtr="77CF8C08" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwReadFile" FIndx="1557" HookPtr="77CF8C68" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwSetContextThread" FIndx="1602" HookPtr="77CF8E58" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwSetInformationFile" FIndx="1615" HookPtr="77CF8F18" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwSetValueKey" FIndx="1642" HookPtr="77CF9088" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwUnloadKey" FIndx="1663" HookPtr="77CF91B8" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwWriteFile" FIndx="1679" HookPtr="77CF9278" HookType="2" />
<ITEM DLL="ntdll.dll" FNaim="ZwWriteVirtualMemory" FIndx="1682" HookPtr="77CF92A8" HookType="2" />
<ITEM DLL="user32.dll" FNaim="AttachThreadInput" FIndx="12" HookPtr="76760B13" HookType="2" />
<ITEM DLL="user32.dll" FNaim="BeginDeferWindowPos" FIndx="13" HookPtr="767427CF" HookType="2" />
<ITEM DLL="user32.dll" FNaim="CreateAcceleratorTableW" FIndx="82" HookPtr="7673E2D0" HookType="2" />
<ITEM DLL="user32.dll" FNaim="DdeConnect" FIndx="114" HookPtr="7677997F" HookType="2" />
<ITEM DLL="user32.dll" FNaim="DispatchMessageA" FIndx="168" HookPtr="76745A1D" HookType="2" />
<ITEM DLL="user32.dll" FNaim="DispatchMessageW" FIndx="169" HookPtr="76750051" HookType="2" />
<ITEM DLL="user32.dll" FNaim="GetAsyncKeyState" FIndx="256" HookPtr="76738DF4" HookType="2" />
<ITEM DLL="user32.dll" FNaim="GetKeyState" FIndx="305" HookPtr="767487C7" HookType="2" />
<ITEM DLL="user32.dll" FNaim="GetKeyboardState" FIndx="310" HookPtr="7673B18D" HookType="2" />
<ITEM DLL="user32.dll" FNaim="PostMessageA" FIndx="542" HookPtr="767411CE" HookType="2" />
<ITEM DLL="user32.dll" FNaim="PostMessageW" FIndx="543" HookPtr="7674A064" HookType="2" />
<ITEM DLL="user32.dll" FNaim="SetClipboardData" FIndx="621" HookPtr="767762F8" HookType="2" />
<ITEM DLL="user32.dll" FNaim="SetWinEventHook" FIndx="674" HookPtr="7673915C" HookType="2" />
<ITEM DLL="user32.dll" FNaim="SetWindowsHookExA" FIndx="687" HookPtr="7675BB0E" HookType="2" />
<ITEM DLL="user32.dll" FNaim="SetWindowsHookExW" FIndx="688" HookPtr="76737B69" HookType="2" />
<ITEM DLL="user32.dll" FNaim="TranslateMessage" FIndx="725" HookPtr="76750069" HookType="2" />
<ITEM DLL="advapi32.dll" FNaim="ChangeServiceConfig2A" FIndx="72" HookPtr="76636A69" HookType="2" />
<ITEM DLL="advapi32.dll" FNaim="ChangeServiceConfig2W" FIndx="73" HookPtr="76636BB1" HookType="2" />
<ITEM DLL="advapi32.dll" FNaim="ChangeServiceConfigA" FIndx="74" HookPtr="766367A9" HookType="2" />
<ITEM DLL="advapi32.dll" FNaim="ChangeServiceConfigW" FIndx="75" HookPtr="76636951" HookType="2" />
<ITEM DLL="advapi32.dll" FNaim="CloseServiceHandle" FIndx="83" HookPtr="765D00CD" HookType="2" />
<ITEM DLL="advapi32.dll" FNaim="ControlService" FIndx="88" HookPtr="765F3B2D" HookType="2" />
<ITEM DLL="advapi32.dll" FNaim="CreateServiceA" FIndx="124" HookPtr="76636C71" HookType="2" />
<ITEM DLL="advapi32.dll" FNaim="CreateServiceW" FIndx="125" HookPtr="765F38FF" HookType="2" />
<ITEM DLL="advapi32.dll" FNaim="DeleteService" FIndx="214" HookPtr="765F3BEE" HookType="2" />
<ITEM DLL="advapi32.dll" FNaim="LsaAddAccountRights" FIndx="404" HookPtr="7661B609" HookType="2" />
<ITEM DLL="advapi32.dll" FNaim="LsaRemoveAccountRights" FIndx="452" HookPtr="7661B699" HookType="2" />
<ITEM DLL="advapi32.dll" FNaim="OpenServiceA" FIndx="500" HookPtr="765CA383" HookType="2" />
<ITEM DLL="advapi32.dll" FNaim="OpenServiceW" FIndx="501" HookPtr="765CFFC3" HookType="2" />
<ITEM DLL="advapi32.dll" FNaim="StartServiceA" FIndx="704" HookPtr="765F10DB" HookType="2" />
<ITEM DLL="advapi32.dll" FNaim="StartServiceW" FIndx="707" HookPtr="765C2A49" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="WSAConnect" FIndx="28" HookPtr="76B5D7B0" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="WSARecv" FIndx="68" HookPtr="76B58400" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="WSARecvFrom" FIndx="70" HookPtr="76B68B38" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="WSASend" FIndx="73" HookPtr="76B54496" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="WSASendTo" FIndx="76" HookPtr="76B6A474" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="closesocket" FIndx="134" HookPtr="76B5330C" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="connect" FIndx="135" HookPtr="76B540D9" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="recv" FIndx="159" HookPtr="76B5343A" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="recvfrom" FIndx="160" HookPtr="76B58E15" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="send" FIndx="162" HookPtr="76B5659B" HookType="2" />
<ITEM DLL="ws2_32.dll" FNaim="sendto" FIndx="163" HookPtr="76B567C5" HookType="2" />
</RK_UM>
- <WIZARD-TSW>
<ITEM ID="58" Level="3" Fixed="0" />
<ITEM ID="59" Level="3" Fixed="0" />
<ITEM ID="61" Level="2" Fixed="0" />
</WIZARD-TSW>
</AVZ>
icenola
 
Posts: 12
Joined: Thu May 07, 2009 3:15 am
Top

Re: DNSchanger Trojan (Vista OS)

Postby patrik » Wed May 13, 2009 3:16 pm

Locate a virusinfo_syscheck.zip file and attach it in to your reply.

Find file virusinfo_syscheck.zip in the LOG folder, then click Postreply button.
Click Upload attachment tab (under Save, Preview, Submit).
Click Browse and select virusinfo_syscheck.zip file.
Click Add the file.
Click Submit button.
patrik
Site Admin
 
Posts: 7034
Joined: Sun Jan 08, 2006 1:11 pm
Top

Re: DNSchanger Trojan (Vista OS)

Postby icenola » Thu May 14, 2009 2:23 am

Sorry, here is the zip file I believe you asked for...Thanks.
Attachments
virusinfo_syscheck.zip
(38.59 KiB) Downloaded 54 times
icenola
 
Posts: 12
Joined: Thu May 07, 2009 3:15 am
Top

Re: DNSchanger Trojan (Vista OS)

Postby patrik » Thu May 14, 2009 1:18 pm

Looks ok.
Download GMER Antirootkit from here and uzip it to a folder that you create such as C:\Gmer\.

Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
Double-click Gmer.exe to run the program.
When the program opens, click the ">>>" Tab
Click the "Rootkit/Malware" Tab.
Select all drives that are connected to your system to be scanned.
Click the Scan button.
When the scan is finished, click Copy to save the scan log to the Windows clipboard.
Open Notepad or a similar text editor.
Paste the clipboard contents into a text file by clicking Edit -> Paste or Ctrl + V
Save the gmer scan log to your desktop.
Close Gmer.

Post back with GMER log.
patrik
Site Admin
 
Posts: 7034
Joined: Sun Jan 08, 2006 1:11 pm
Top
Next
Post a reply

Return to Spyware Removal

Who is online

Users browsing this forum: Google Adsense [Bot] and 0 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

phpBB SEO
Advertisements by Advertisement Management