Win32:Trojan-gen{other} [RESOLVED], the log |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
  |
 Aug 20 2008, 06:43 PM
Post
#1
|
|
|
Member  Posts: 18 From: st. louis OS: Windows XP  |
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:42:41 PM, on 8/20/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ALCXMNTR.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\iPod\bin\iPodService.exe c:\program files\internet explorer\iexplore.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\svyQLA5b.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Signature Health Services O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SignatureHealth.net O17 - HKLM\Software\..\Telephony: DomainName = SignatureHealth.net O17 - HKLM\System\CCS\Services\Tcpip\..\{CC82E7B5-76F9-4F1C-B0D4-FF69D49D5F47}: NameServer = 192.168.1.249,24.217.0.5,24.217.201.67 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SignatureHealth.net O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- End of file - 8138 bytes ----------------------------------------- UNINSTALL LIST Adobe Acrobat 7.0 Standard - English, Français, Deutsch Adobe Flash Player 9 ActiveX Adobe Flash Player Plugin Adobe Reader 8.1.2 Apple Mobile Device Support Apple Software Update ATI Display Driver avast! Antivirus Big Fish Games Client Burger Rush CCScore Creative Memories StoryBook Creator ESSCDBK ESScore ESSgui ESSini ESSPCD ESSSONIC ESSTOOLS essvatgt Google Talk (remove only) HijackThis 2.0.2 Home Sweet Home (remove only) Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 kgcbaby kgcbase kgchday kgchlwn kgcinvt kgckids kgcmove kgcvday Kodak EasyShare software KSU LClock Logitech Audio Echo Cancellation Component Logitech QuickCam Logitech Video Enumerator Logitech® Camera Driver Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Standard Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Mozilla Firefox (2.0.0.16) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) MultiView 2000 MVision netbrdg Notifier NVIDIA Drivers OfotoXMI Olympus DSS Player Pro Pack Vista Inspirat 1.1 PCDADDIN PCDHELP Picasa 2 QuickTime RealArcade Scrubbles Scrubbles Scrubbles (remove only) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Setup_EZTwain SFR SHASTA SKIN0001 SKINXSDK Snood for Windows version 3.52-W SonicWALL Global VPN Client staticcr Stedman's Plus Premium Edition Stedman's Plus Spellchecker 2008 Premium Edition (Shared Components) tooltips Transcription Buddy 3.1a Player Edition Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Ventrilo Client VPRINTOL Windows Imaging Component Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Media Player 11 Windows Presentation Foundation Windows XP Service Pack 3 WinRAR archiver WIRELESS World of Warcraft |
 |
 
|
|
Aug 25 2008, 03:24 PM
Post
#2
|
|
 Trusted Helper  Posts: 5,223 OS: Windows XP |
Hello and welcome to GTG..
Please download RUNSCANNER to your desktop and run it.
Then upload that as an attachment in your next post. |
|
|
|
|
Aug 25 2008, 05:03 PM
Post
#3
|
|
|
Member Posts: 18 From: st. louis OS: Windows XP |
Ok, did exactly what you asked and here is the zip with the log and .run file.
Attached File(s)
|
|
|
|
|
Aug 25 2008, 05:22 PM
Post
#4
|
|
|
Trusted Helper Posts: 5,223 OS: Windows XP |
Download the uploaded file from the link I gave you below (this will be your runscanner as fixed by me)
http://www.2shared.com/file/3823148/f5537c58/usethis.html NEXT Please download OTViewIt to your desktop.
|
|
|
|
|
Aug 25 2008, 06:59 PM
Post
#5
|
|
|
Member Posts: 18 From: st. louis OS: Windows XP |
OTViewIt logfile created on: 8/25/2008 8:02:02 PM - Run 1 OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\mwatson\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 73.87% Memory free 3.85 Gb Paging File | 2.60 Gb Available in Paging File | 67.47% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 152.66 Gb Total Space | 120.46 Gb Free Space | 78.91% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PS-MWATSON Current User Name: mwatson Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users ===== Processes - Non-Microsoft Only ===== [07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe [02/06/2007 06:45 PM | 00,109,344 | ---- | M] (Logitech Inc.) - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [09/06/2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [08/30/2006 12:51 PM | 00,155,715 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe [07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [09/07/2004 02:47 PM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\ALCXMNTR.EXE [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe [07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashDisp.exe [07/16/2008 09:39 AM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe [02/25/2008 08:23 PM | 00,443,968 | ---- | M] (Google Inc.) - C:\Program Files\Picasa2\PicasaMediaDetector.exe [03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe [08/18/2008 06:20 PM | 01,900,288 | ---- | M] (Runscanner.net) - C:\Documents and Settings\mwatson\Desktop\RunScanner.exe [08/25/2008 08:01 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\mwatson\Desktop\OTViewIt.exe ===== Win32 Services - Non-Microsoft Only ===== (Apple Mobile Device) Apple Mobile Device [Auto | Running] [09/06/2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (aswUpdSv) avast! iAVS4 Control Service [Auto | Running] [07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (Ati HotKey Poller) Ati HotKey Poller [Disabled | Stopped] [11/21/2006 10:18 PM | 00,430,080 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe (ATI Smart) ATI Smart [Disabled | Stopped] [11/22/2006 11:52 AM | 00,520,192 | ---- | M] () - C:\WINDOWS\system32\ati2sgag.exe (avast! Antivirus) avast! Antivirus [Auto | Running] [07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running] [07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! Web Scanner) avast! Web Scanner [On_Demand | Running] [07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (DM1Service) DM1Service [Disabled | Stopped] [10/18/2004 11:51 AM | 00,065,536 | ---- | M] (OLYMPUS Corporation) - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe (dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped] [04/13/2008 07:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe (gusvc) Google Updater Service [On_Demand | Stopped] [01/03/2007 08:40 PM | 00,136,120 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (iPod Service) iPod Service [On_Demand | Running] [03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe (LVPrcSrv) Process Monitor [Auto | Running] [02/06/2007 06:45 PM | 00,109,344 | ---- | M] (Logitech Inc.) - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (LVSrvLauncher) LVSrvLauncher [Auto | Stopped] [02/06/2007 06:47 PM | 00,105,248 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (LWWLicenseService) LWWLicenseService [On_Demand | Stopped] [03/18/2008 04:30 PM | 00,079,360 | ---- | M] (WoltersKluwerLWW) - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe (NVSvc) NVIDIA Display Driver Service [Auto | Running] [08/30/2006 12:51 PM | 00,155,715 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe (RampartSvc) SonicWall VPN Client Service [On_Demand | Stopped] [10/15/2004 10:12 AM | 00,131,072 | ---- | M] (SonicWALL, Inc.) - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe ===== Driver Services - Non-Microsoft Only ===== (Aavmker4) avast! Asynchronous Virus Monitor [System | Running] [07/19/2008 09:32 AM | 00,026,944 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys (ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running] [10/01/2004 11:24 AM | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS (aswFsBlk) aswFsBlk [Auto | Running] [07/19/2008 09:37 AM | 00,020,560 | ---- | M] (ALWIL Software) - C:\WINDOWS\system32\drivers\aswFsBlk.sys (aswMon2) avast! Standard Shield Support [Auto | Running] [07/19/2008 09:37 AM | 00,094,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys (aswRdr) aswRdr [On_Demand | Running] [07/19/2008 09:33 AM | 00,023,152 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys (aswSP) avast! Self Protection [System | Running] [07/19/2008 09:35 AM | 00,078,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys (aswTdi) avast! Network Shield Support [System | Running] [07/19/2008 09:32 AM | 00,042,912 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys (ati2mtag) ati2mtag [On_Demand | Stopped] [11/21/2006 10:25 PM | 02,829,824 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\ati2mtag.sys (dmboot) dmboot [Disabled | Stopped] [04/13/2008 01:44 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys (dmio) Logical Disk Manager Driver [Boot | Running] [04/13/2008 01:44 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys (dmload) dmload [Boot | Running] [08/04/2004 07:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys (DNE) Deterministic Network Enhancer Miniport [On_Demand | Running] [05/14/2004 05:15 PM | 00,147,236 | ---- | M] (Deterministic Networks, Inc.) - C:\WINDOWS\system32\drivers\dne2000.sys (FilterService) UVC Filter Service [On_Demand | Running] [02/03/2007 11:33 AM | 00,022,560 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvuvcflt.sys (GEARAspiWDM) GEARAspiWDM [On_Demand | Running] [01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (HPZid412) IEEE-1284.4 Driver HPZid412 [On_Demand | Running] [10/21/2005 07:58 PM | 00,049,920 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZid412.sys (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [On_Demand | Running] [10/21/2005 07:58 PM | 00,016,496 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZipr12.sys (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [On_Demand | Running] [10/21/2005 07:52 PM | 00,021,568 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZius12.sys (ltmodem5) LT Modem Driver [On_Demand | Running] [08/03/2004 05:41 PM | 00,606,684 | ---- | M] (LT) - C:\WINDOWS\system32\drivers\ltmdmnt.sys (LVcKap) Logitech AEC Driver [On_Demand | Running] [02/06/2007 06:42 PM | 01,691,808 | ---- | M] () - C:\WINDOWS\system32\drivers\Lvckap.sys (LVMVDrv) Logitech Machine Vision Engine Loader [On_Demand | Running] [02/06/2007 06:44 PM | 01,964,064 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVMVdrv.sys (lvpopflt) Logitech POP Suppression Filter [On_Demand | Running] [02/03/2007 11:30 AM | 01,507,232 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvpopflt.sys (LVPr2Mon) Logitech LVPr2Mon Driver [On_Demand | Running] [02/06/2007 06:45 PM | 00,025,632 | ---- | M] () - C:\WINDOWS\system32\drivers\LVPr2Mon.sys (LVUSBSta) Logitech USB Monitor Filter [On_Demand | Running] [02/03/2007 11:32 AM | 00,041,504 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVUSBSta.sys (LVUVC) Logitech QuickCam Fusion(UVC) [On_Demand | Running] [02/03/2007 11:32 AM | 01,939,360 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvuvc.sys (MBAMSwissArmy) MBAMSwissArmy [On_Demand | Stopped] [08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\system32\drivers\mbamswissarmy.sys (nv) nv [On_Demand | Running] [08/30/2006 12:51 PM | 03,958,496 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys (Ptilink) Direct Parallel Link Driver [On_Demand | Running] [08/04/2004 07:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys (PxHelp20) PxHelp20 [Boot | Running] [10/18/2006 03:00 AM | 00,036,624 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys (RCFOX) SonicWALL IPsec Driver [System | Running] [10/15/2004 10:46 AM | 00,091,136 | ---- | M] (SonicWALL, Inc.) - C:\WINDOWS\system32\drivers\RCFOX.SYS (rcvpn) SonicWALL VPN Adapter [On_Demand | Running] [08/20/2003 02:01 PM | 00,023,180 | ---- | M] (SonicWALL, Inc.) - C:\WINDOWS\system32\drivers\rcvpn.sys (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Running] [08/03/2004 05:31 PM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\RTL8139.sys (Secdrv) Secdrv [On_Demand | Stopped] [11/13/2007 05:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys ===== Run Keys ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcxMonitor" = ALCXMNTR.EXE [09/07/2004 02:47 PM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) "avast!" = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software) "iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.) "NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [08/30/2006 12:51 PM | 07,630,848 | ---- | M] (NVIDIA Corporation) "NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [08/30/2006 12:51 PM | 00,086,016 | ---- | M] (NVIDIA Corporation) "nwiz" = nwiz.exe /install [08/30/2006 12:51 PM | 01,519,616 | ---- | M] () "QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] "" = File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Value load does not exist or could not be read. "run" = Reg Error: Value run does not exist or could not be read. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector" = C:\Program Files\Picasa2\PicasaMediaDetector.exe [02/25/2008 08:23 PM | 00,443,968 | ---- | M] (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-21-1993962763-1606980848-1801674531-1846\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector" = C:\Program Files\Picasa2\PicasaMediaDetector.exe [02/25/2008 08:23 PM | 00,443,968 | ---- | M] (Google Inc.) [HKEY_USERS\S-1-5-21-1993962763-1606980848-1801674531-1846\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. ===== Startup Folders ===== [Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup] [All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup] [casey watson Startup Folder - C:\Documents and Settings\casey watson\Start Menu\Programs\Startup] [Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup] [mwatson Startup Folder - C:\Documents and Settings\mwatson\Start Menu\Programs\Startup] [sigadmin Startup Folder - C:\Documents and Settings\sigadmin\Start Menu\Programs\Startup] ===== BHO's ===== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] HKLM CLSID: (AcroIEHlprObj Class) - [12/14/2004 01:56 AM | 00,063,136 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] HKLM CLSID: (SSVHelper Class) - [12/15/2006 04:23 AM | 00,440,056 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] HKLM CLSID: (AcroIEToolbarHelper Class) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll ===== Toolbars ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [HKEY_USERS\S-1-5-21-1993962763-1606980848-1801674531-1846\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll ===== Policies ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] Unable to open key or key not present! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername" = 0 "legalnoticecaption" = "legalnoticetext" = "shutdownwithoutlogon" = 1 "undockwithoutlogon" = 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-21-1993962763-1606980848-1801674531-1846\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-21-1993962763-1606980848-1801674531-1846\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! ===== Desktop Components ===== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "FriendlyName" = "My Current Home Page" "Source" = "About:Home" "SubscribedURL" = "About:Home" ===== Shared Task Scheduler ===== ===== AppInit_Dlls ===== ===== Lsa Authentication Packages ===== ===== Lsa Security Packages ===== ===== Authorized Applications List ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 07:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 01:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe File not found "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [02/20/2007 05:10 AM | 00,282,624 | ---- | M] (Eastman Kodak Company) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/30/2008 10:36 AM | 20,638,504 | ---- | M] (Apple Inc.) "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 07:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 01:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe File not found "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe [01/01/2007 04:22 PM | 03,739,648 | ---- | M] (Google) "C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe [01/08/2007 11:34 PM | 00,807,252 | ---- | M] (Blizzard Entertainment) "C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe [01/27/2007 05:12 PM | 00,784,032 | ---- | M] (Blizzard Entertainment) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/30/2008 10:36 AM | 20,638,504 | ---- | M] (Apple Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe File not found "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [02/20/2007 05:10 AM | 00,282,624 | ---- | M] (Eastman Kodak Company) "C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation) ===== HKLM Winlogon Settings ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell] "Explorer.exe" - [04/13/2008 07:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit] "C:\WINDOWS\system32\userinit.exe" - [04/13/2008 07:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost] "logonui.exe" - [04/13/2008 07:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet] "rundll32 shell32" - [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll "Control_RunDLL "sysdm.cpl"" - [04/13/2008 07:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl ===== User's Winlogon Settings ===== ===== Winlogon Notify Settings ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] "DllName" = C:\WINDOWS\system32\ati2evxx.dll [11/21/2006 10:19 PM | 00,090,112 | ---- | M] (ATI Technologies Inc.) ===== Safeboot Options ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] "AlternateShell" = cmd.exe ===== Disabled MsConfig Items ===== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services] "WMPNetworkSvc" = 3 "usnjsvc" = 3 "ose" = 3 "iPod Service" = 3 "idsvc" = 3 "gusvc" = 3 "DM1Service" = 2 "ATI Smart" = 2 "Ati HotKey Poller" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk File not found "backup" = C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnk File not found "location" = Common Startup "command" = C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [03/18/2008 02:30 PM | 00,025,214 | R--- | M] () "item" = Adobe Acrobat Speed Launcher [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk File not found "backup" = C:\WINDOWS\pss\Device Detector 3.lnk File not found "location" = Common Startup "command" = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [11/04/2004 08:21 PM | 00,114,688 | ---- | M] (OLYMPUS Imaging Corporation.) "item" = Device Detector 3 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk File not found "backup" = C:\WINDOWS\pss\Kodak EasyShare software.lnk File not found "location" = Common Startup "command" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [02/20/2007 05:10 AM | 00,282,624 | ---- | M] (Eastman Kodak Company) "item" = Kodak EasyShare software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk] "path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk File not found "backup" = C:\WINDOWS\pss\KODAK Software Updater.lnk File not found "location" = Common Startup "command" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [02/13/2004 02:12 PM | 00,016,423 | ---- | M] () "item" = KODAK Software Updater [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = "hkey" = HKLM "command" = "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 7.0] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = Acrotray "hkey" = HKLM "command" = C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe [12/14/2004 02:12 AM | 00,483,328 | ---- | M] (Adobe Systems Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = Reader_sl "hkey" = HKLM "command" = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [01/11/2008 11:16 PM | 00,039,792 | ---- | M] (Adobe Systems Incorporated) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\googletalk] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = googletalk "hkey" = HKLM "command" = C:\Program Files\Google\Google Talk\googletalk.exe [01/01/2007 04:22 PM | 03,739,648 | ---- | M] (Google) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = iTunesHelper "hkey" = HKLM "command" = C:\Program Files\iTunes\iTunesHelper.exe [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechCommunicationsManager] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = Communications_Helper "hkey" = HKLM "command" = C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [02/08/2007 02:12 AM | 00,488,984 | ---- | M] (Logitech Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechQuickCamRibbon] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = QuickCam10 "hkey" = HKLM "command" = C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [02/08/2007 02:13 AM | 00,774,168 | ---- | M] () "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Picasa Media Detector] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = PicasaMediaDetector "hkey" = HKLM "command" = C:\Program Files\Picasa2\PicasaMediaDetector.exe [02/25/2008 08:23 PM | 00,443,968 | ---- | M] (Google Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run "item" = QTTask "hkey" = HKLM "command" = C:\Program Files\QuickTime\QTTask.exe [03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.) "inimapping" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state] "system.ini" = 0 "win.ini" = 0 "bootini" = 0 "services" = 2 "startup" = 2 ===== DNS Name Servers ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{059B7636-C5AA-44D4-9322-BDB7C54C3FE7}] Servers: | Description: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{33EA049C-CC03-49DB-95B7-80A443806E5D}] Servers: | Description: 1394 Net Adapter [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8C05637B-22CE-4F0B-B466-404075A31ED6}] Servers: | Description: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{CC82E7B5-76F9-4F1C-B0D4-FF69D49D5F47}] Servers: 192.168.1.249,24.217.0.5,24.217.201.67 | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC ===== CDRom AutoRun Settings ===== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ===== Autorun Files on Drives ===== AUTOEXEC.BAT [] [01/08/2007 08:31 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ] ===== MountPoints2 ===== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a03586c-f517-11dc-99ba-000c6e76fe81}\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a03586c-f517-11dc-99ba-000c6e76fe81}\Shell\AutoRun] "" = Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a03586c-f517-11dc-99ba-000c6e76fe81}\Shell\AutoRun\command] "" = J:\LaunchU3.exe File not found ===== Hosts File ===== HOSTS File = (842 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost 192.168.1.247 ps-plexus 192.168.1.246 premiernas 192.168.1.247 premier4 192.168.1.249 signaturehealth.net [Files/Folders - Created Within 60 days] [01/17/2008 11:34 AM | 00,093,264 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon.sys [04/13/2008 01:36 PM | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) - C:\WINDOWS\System32\drivers\sisagp.sys [04/13/2008 01:36 PM | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) - C:\WINDOWS\System32\drivers\amdagp.sys [04/13/2008 07:11 PM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll [04/13/2008 07:11 PM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll [04/13/2008 07:11 PM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll [04/13/2008 07:11 PM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll [04/13/2008 07:11 PM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll [04/13/2008 07:11 PM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll [04/13/2008 07:11 PM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll [04/13/2008 07:11 PM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll [04/13/2008 07:11 PM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll [04/13/2008 07:11 PM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll [04/13/2008 07:11 PM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll [04/13/2008 07:11 PM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll [04/13/2008 07:11 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll [04/13/2008 07:12 PM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll [04/13/2008 07:12 PM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll [04/13/2008 11:36 AM | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\System32\drivers\hdaudbus.sys [07/17/2004 10:55 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty [07/17/2004 11:35 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img [07/17/2004 11:36 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod [07/19/2008 09:32 AM | 00,026,944 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys [07/19/2008 09:32 AM | 00,042,912 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys [07/19/2008 09:33 AM | 00,023,152 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys [07/19/2008 09:35 AM | 00,078,416 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys [07/19/2008 09:37 AM | 00,020,560 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswFsBlk.sys [07/19/2008 09:37 AM | 00,094,416 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys [08/03/2004 10:29 PM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys [08/03/2004 10:29 PM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys [08/03/2004 10:29 PM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys [08/03/2004 10:29 PM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys [08/03/2004 10:29 PM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys [08/03/2004 10:29 PM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys [08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys [08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys [08/03/2004 10:29 PM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys [08/03/2004 10:29 PM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys [08/03/2004 10:29 PM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys [08/03/2004 10:29 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys [08/03/2004 10:29 PM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys [08/03/2004 10:29 PM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys [08/03/2004 10:29 PM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys [08/03/2004 10:29 PM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys [08/03/2004 10:29 PM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys [08/03/2004 10:29 PM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys [08/03/2004 10:29 PM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys [08/03/2004 10:29 PM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys [08/03/2004 10:29 PM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys [08/03/2004 10:29 PM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys [08/03/2004 10:29 PM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys [08/03/2004 10:29 PM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys [08/03/2004 10:29 PM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys [08/03/2004 10:29 PM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys [08/03/2004 10:29 PM | 00,166,912 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\drivers\s3gnbm.sys [08/03/2004 10:29 PM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys [08/03/2004 10:29 PM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys [08/03/2004 10:41 PM | 00,011,868 | ---- | C] (Conexant) - C:\WINDOWS\System32\drivers\mdmxsdk.sys [08/03/2004 10:41 PM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys [08/03/2004 10:41 PM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys [08/03/2004 10:41 PM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys [08/03/2004 10:41 PM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys [08/03/2004 10:41 PM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys [08/03/2004 10:41 PM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys [08/03/2004 10:41 PM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys [08/03/2004 10:41 PM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys [08/03/2004 10:41 PM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts2.sys [08/03/2004 10:41 PM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys [08/03/2004 10:41 PM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys [08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys [08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2 C:\WINDOWS\System32\*.tmp files] [01/09/2004 04:13 AM | 00,380,928 | ---- | C] () - C:\WINDOWS\System32\actskin4.ocx [04/13/2008 07:11 PM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll [04/13/2008 07:11 PM | 00,032,768 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativtmxx.dll [04/13/2008 07:11 PM | 00,086,016 | ---- | C] (Conexant) - C:\WINDOWS\System32\mdmxsdk.dll [04/13/2008 07:11 PM | 00,377,984 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvaa.dll [04/13/2008 07:11 PM | 00,870,784 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3d1ag.dll [04/13/2008 07:12 PM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax [04/13/2008 07:12 PM | 00,023,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativmvxx.ax [04/13/2008 07:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe [04/13/2008 07:12 PM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe [04/13/2008 07:12 PM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll [04/13/2008 07:12 PM | 00,188,508 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slgen.dll [04/13/2008 07:12 PM | 00,286,792 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slextspk.dll [04/13/2008 07:12 PM | 00,397,056 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\s3gnb.dll [04/13/2008 07:12 PM | 01,737,856 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\mtxparhd.dll [06/21/2007 12:52 AM | 00,000,974 | ---- | C] () - C:\WINDOWS\System32\pid.inf [07/19/2008 09:30 AM | 00,094,392 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\AvastSS.scr [07/19/2008 09:43 AM | 01,163,960 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\aswBoot.exe [08/17/2008 07:00 PM | ---D | C] - C:\WINDOWS\System32\bits [08/17/2008 07:00 PM | ---D | C] - C:\WINDOWS\System32\en [08/17/2008 07:00 PM | ---D | C] - C:\WINDOWS\System32\scripting [08/18/2008 08:18 PM | 00,029,760 | ---- | C] () - C:\WINDOWS\System32\mccvC7qL.exe [5 C:\WINDOWS\*.tmp files] [04/13/2008 07:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\slrundll.exe [08/17/2008 06:54 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$ [08/17/2008 06:58 PM | ---D | C] - C:\WINDOWS\ServicePackFiles [08/17/2008 07:00 PM | ---D | C] - C:\WINDOWS\l2schemas [08/25/2008 06:01 PM | ---D | C] - C:\WINDOWS\Prefetch [08/19/2008 11:42 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes [07/02/2008 02:09 PM | ---D | C] - C:\Documents and Settings\mwatson\Application Data\AdobeUM [08/19/2008 11:42 PM | ---D | C] - C:\Documents and Settings\mwatson\Application Data\Malwarebytes [08/25/2008 06:00 PM | ---D | C] - C:\Documents and Settings\mwatson\Application Data\WinRAR [08/25/2008 08:00 PM | ---D | C] - C:\Documents and Settings\mwatson\Local Settings\Application Data\Runscanner.net [08/17/2008 08:36 PM | 00,001,736 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk [08/19/2008 11:42 PM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [08/19/2008 11:57 PM | 00,001,709 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [07/06/2008 10:28 PM | 01,699,840 | ---- | C] (NISSAN MOTOR CO., LTD.) - C:\Documents and Settings\mwatson\Desktop\TitleInfoSearch.exe [08/17/2008 06:45 PM | ---D | C] - C:\Documents and Settings\mwatson\Desktop\Unused Desktop Shortcuts [08/18/2008 06:20 PM | 01,900,288 | ---- | C] (Runscanner.net) - C:\Documents and Settings\mwatson\Desktop\RunScanner.exe [08/19/2008 11:37 PM | 00,050,688 | ---- | C] (Atribune.org) - C:\Documents and Settings\mwatson\Desktop\ATF_Cleaner.exe [08/19/2008 11:57 PM | 26,401,600 | ---- | C] () - C:\Documents and Settings\mwatson\Desktop\setupeng.exe [08/20/2008 07:40 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\mwatson\Desktop\HijackThis.lnk [08/25/2008 06:03 PM | 00,180,620 | ---- | C] () - C:\Documents and Settings\mwatson\Desktop\runscanner.run [08/25/2008 06:05 PM | 00,182,660 | ---- | C] () - C:\Documents and Settings\mwatson\Desktop\runscanner.zip [08/25/2008 08:01 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\mwatson\Desktop\OTViewIt.exe [08/19/2008 11:42 PM | ---D | C] - C:\Program Files\Common Files\Download Manager [07/06/2008 10:29 PM | ---D | C] - C:\Program Files\AIM [08/19/2008 11:42 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware [08/19/2008 11:57 PM | ---D | C] - C:\Program Files\Alwil Software [08/20/2008 07:40 PM | ---D | C] - C:\Program Files\Trend Micro [Files/Folders - Modified Within 60 days] [07/03/2008 12:06 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt03.sqm [07/03/2008 12:06 AM | 00,000,268 | -H-- | M] () - C:\sqmdata03.sqm [07/29/2008 09:48 PM | ---D | M] - C:\My Games [08/15/2008 07:58 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt04.sqm [08/15/2008 07:58 AM | 00,000,268 | -H-- | M] () - C:\sqmdata04.sqm [08/17/2008 06:56 PM | 00,250,048 | RHS- | M] () - C:\ntldr [08/17/2008 08:36 PM | -HSD | M] - C:\Config.Msi [08/20/2008 07:40 PM | R--D | M] - C:\Program Files [08/22/2008 09:13 PM | ---D | M] - C:\WINDOWS [08/25/2008 06:52 PM | -HSD | M] - C:\RECYCLER [07/19/2008 09:32 AM | 00,026,944 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys [07/19/2008 09:32 AM | 00,042,912 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys [07/19/2008 09:33 AM | 00,023,152 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys [07/19/2008 09:35 AM | 00,078,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys [07/19/2008 09:37 AM | 00,020,560 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswFsBlk.sys [07/19/2008 09:37 AM | 00,094,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys [08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys [08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys [08/25/2008 06:59 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\drivers\lvuvc.hs [2 C:\WINDOWS\System32\*.tmp files] [07/19/2008 09:30 AM | 00,094,392 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\AvastSS.scr [07/19/2008 09:43 AM | 01,163,960 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\aswBoot.exe [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\System32\Com [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\System32\npp [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\System32\oobe [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\System32\Restore [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\bits [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\en [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\en-US [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\inetsrv [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\scripting [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\usmt [08/17/2008 08:31 PM | 00,121,336 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT [08/17/2008 08:31 PM | ---D | M] - C:\WINDOWS\System32\Setup [08/17/2008 08:31 PM | ---D | M] - C:\WINDOWS\System32\wbem [08/17/2008 08:33 PM | 00,072,094 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat [08/17/2008 08:33 PM | 00,444,088 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat [08/17/2008 08:33 PM | 00,526,212 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI [08/18/2008 08:18 PM | 00,029,760 | ---- | M] () - C:\WINDOWS\System32\mccvC7qL.exe [08/19/2008 11:57 PM | 00,002,626 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT [08/19/2008 11:57 PM | ---D | M] - C:\WINDOWS\System32\drivers [08/20/2008 07:10 AM | ---D | M] - C:\WINDOWS\System32\config [08/20/2008 12:03 AM | ---D | M] - C:\WINDOWS\System32\CatRoot [08/22/2008 09:11 PM | RHSD | M] - C:\WINDOWS\System32\dllcache [08/25/2008 06:10 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2 [08/25/2008 07:02 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml [08/25/2008 07:02 PM | 00,013,702 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl [5 C:\WINDOWS\*.tmp files] [08/05/2008 01:59 AM | ---D | M] - C:\WINDOWS\Debug [08/17/2008 06:50 PM | ---D | M] - C:\WINDOWS\ehome [08/17/2008 06:54 PM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstall$ [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\msagent [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\mui [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\srchasst [08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\system [08/17/2008 06:58 PM | ---D | M] - C:\WINDOWS\ServicePackFiles [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\ime [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\l2schemas [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\network diagnostic [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\PeerNet [08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\WinSxS [08/17/2008 07:05 PM | -H-D | M] - C:\WINDOWS\$hf_mig$ [08/17/2008 07:06 PM | 00,002,675 | ---- | M] () - C:\WINDOWS\imsins.BAK [08/17/2008 08:31 PM | ---D | M] - C:\WINDOWS\AppPatch [08/17/2008 08:31 PM | R-SD | M] - C:\WINDOWS\Fonts [08/17/2008 08:36 PM | -HSD | M] - C:\WINDOWS\Installer [08/20/2008 06:15 PM | ---D | M] - C:\WINDOWS\security [08/21/2008 10:34 PM | ---D | M] - C:\WINDOWS\Help [08/21/2008 10:34 PM | -H-D | M] - C:\WINDOWS\inf [08/22/2008 09:12 PM | -HSD | M] - C:\WINDOWS\CSC [08/25/2008 06:52 PM | ---D | M] - C:\WINDOWS\system32 [08/25/2008 06:59 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat [08/25/2008 07:02 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn [08/25/2008 07:02 PM | ---D | M] - C:\WINDOWS\Temp [08/25/2008 08:00 PM | --SD | M] - C:\WINDOWS\Tasks [08/25/2008 08:01 PM | ---D | M] - C:\WINDOWS\Prefetch [08/16/2008 10:01 PM | 00,000,450 | ---- | M] () - C:\WINDOWS\tasks\EasyShare Registration Task.job [08/23/2008 08:29 AM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job [08/25/2008 06:59 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT [08/19/2008 11:42 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes [07/02/2008 02:09 PM | ---D | M] - C:\Documents and Settings\mwatson\Application Data\AdobeUM [07/23/2008 02:12 PM | --SD | M] - C:\Documents and Settings\mwatson\Application Data\Microsoft [08/19/2008 11:42 PM | ---D | M] - C:\Documents and Settings\mwatson\Application Data\Malwarebytes [08/25/2008 06:00 PM | ---D | M] - C:\Documents and Settings\mwatson\Application Data\WinRAR [07/27/2008 11:18 PM | 04,808,680 | -H-- | M] () - C:\Documents and Settings\mwatson\Local Settings\Application Data\IconCache.db [08/03/2008 06:48 PM | ---D | M] - C:\Documents and Settings\mwatson\Local Settings\Application Data\Microsoft [08/17/2008 07:47 PM | 00,020,040 | ---- | M] () - C:\Documents and Settings\mwatson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [08/24/2008 07:16 PM | ---D | M] - C:\Documents and Settings\mwatson\Local Settings\Application Data\Deployment [08/25/2008 08:00 PM | ---D | M] - C:\Documents and Settings\mwatson\Local Settings\Application Data\Runscanner.net [08/17/2008 07:33 PM | R--D | M] - C:\Documents and Settings\mwatson\My Documents\My Pictures [08/20/2008 08:47 PM | ---D | M] - C:\Documents and Settings\mwatson\My Documents\WORK TO BE PUT IN T [08/20/2008 11:38 AM | 00,000,582 | |