Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
 
 Closed TopicStart new topic
help with virus/malware [RESOLVED]
dawg3
post Aug 16 2008, 10:00 PM
Post #1


Member
**
Posts: 33
OS: xp
all of a sudden i started getting pop ups after the kids used the computer. (now grounded)
finding different malware/spyware everytime i run a new scan. get a virus alert from avg.

here is the hjt log:
QUOTE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:25 PM, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DellNSCST_GRNCH] "C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [A00FAE74280.exe] C:\DOCUME~1\RABIDD~1\LOCALS~1\Temp\_A00FAE74280.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillground.com/cab1819/SkillGround.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/16.43/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1187446712968
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1187446670609
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: __c006EE1E - C:\WINDOWS\system32\__c006EE1E.dat (file missing)
O20 - Winlogon Notify: __c00DADC8 - C:\WINDOWS\system32\__c00DADC8.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10243 bytes


malware bytes log file:
QUOTE
Malwarebytes' Anti-Malware 1.24
Database version: 1059
Windows 5.1.2600 Service Pack 2

11:56:11 PM 8/16/2008
mbam-log-8-16-2008 (23-56-11).txt

Scan type: Quick Scan
Objects scanned: 42704
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\__c00DADC8.dat (Trojan.Zlob) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00dadc8 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c006ee1e (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\__c00DADC8.dat (Trojan.Agent) -> Delete on reboot.
Go to the top of the page
 
+Quote Post
Jimmy2012
post Aug 20 2008, 11:02 PM
Post #2


Trusted Helper
Group Icon
Posts: 3,944
From: Ohio, USA
OS: linux, Windows XP
Hello dawg3, sorry about the delay everyone here has been very busy.
If you could please post a new HijackThis log in your next reply.
Go to the top of the page
 
+Quote Post
dawg3
post Aug 20 2008, 11:33 PM
Post #3


Member
**
Posts: 33
OS: xp
should be the same i have not used it since i posted

lol. i am a buckeye also. go bucks.
what part are you in... cols here

This post has been edited by dawg3: Aug 20 2008, 11:35 PM
Go to the top of the page
 
+Quote Post
Jimmy2012
post Aug 21 2008, 04:59 PM
Post #4


Trusted Helper
Group Icon
Posts: 3,944
From: Ohio, USA
OS: linux, Windows XP
Hello dawg3,
QUOTE
should be the same i have not used it since i posted

Please post a fresh HijackThis log just to make sure nothing has changed. Also please do not post any of the logs in the quote box.

QUOTE
lol. i am a buckeye also. go bucks.
what part are you in... cols here

Around the Akron area.
Go to the top of the page
 
+Quote Post
dawg3
post Aug 21 2008, 05:16 PM
Post #5


Member
**
Posts: 33
OS: xp
sorry for the quotes thing. just thought it would be wasier to read and seperate from the others.

go zips.

browns fan?

here is the hjt log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:12 PM, on 8/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DellNSCST_GRNCH] "C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [A00FAE74280.exe] C:\DOCUME~1\RABIDD~1\LOCALS~1\Temp\_A00FAE74280.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cab
O16 - DPF: {0F733F27-5BBB-4D03-8D6B-19E2143880BF} (SkillGround Game Manager) - http://www1.skillground.com/cab1819/SkillGround.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/16.43/uploader2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218946248484
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1218946226468
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: __c0091A10 - C:\WINDOWS\system32\__c0091A10.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10172 bytes
Go to the top of the page
 
+Quote Post
Jimmy2012
post Aug 21 2008, 05:52 PM
Post #6


Trusted Helper
Group Icon
Posts: 3,944
From: Ohio, USA
OS: linux, Windows XP
Hello dawg3,
QUOTE
sorry for the quotes thing. just thought it would be wasier to read and seperate from the others.

No problem. smile.gif
QUOTE
browns fan?

Yep, think they will make the playoffs this year?



STEP 1
I do not see a Firewall on your computer. A firewall can help protect you from Hackers and some types of Malware. I recommend you download a firewall. Here are a few to chose from(all are free).
Comodo
Zone Alarm
OutPost
Out of these I would recommend Comodo, please only install one firewall at a time. If you need any help installing/using one of these firewalls please let me know.

STEP 2
Please reopen HijackThis and click on Do a system scan only. And put a check next to the following lines.

O4 - HKCU\..\Run: [A00FAE74280.exe] C:\DOCUME~1\RABIDD~1\LOCALS~1\Temp\_A00FAE74280.exe
O20 - Winlogon Notify: __c0091A10 - C:\WINDOWS\system32\__c0091A10.dat

Once you have the checks in those lines please make sure all open windows are closed (keep HijackThis open) and click Fix checked on HijackThis. A box will open up asking if you want to fix the selected items, please click Yes. After you have fixed those lines you can close HijackThis.


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    CODE
    [kill explorer]
    C:\WINDOWS\system32\__c0091A10.dat
    purity
    EmptyTemp
    [start explorer]

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 3
Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you (it gets saved on your desktop as well ), post that log here.
~~~~~~~~~~~
In your next reply please have these logs.
The OTMoveIt2 log
The OTViewIt log
And a fresh HijackThis log
Go to the top of the page
 
+Quote Post
dawg3
post Aug 21 2008, 06:15 PM
Post #7


Member
**
Posts: 33
OS: xp
i hope they make the playoffs. they have the 2nd hardest schedule this year.

otmoveit it log
Explorer killed successfully
File move failed. C:\WINDOWS\system32\__c0091A10.dat scheduled to be moved on reboot.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\RABIDD~1\LOCALS~1\Temp\Perflib_Perfdata_a1c.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RABIDD~1\LOCALS~1\Temp\Perflib_Perfdata_e1c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_580.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08212008_200201

Files moved on Reboot...
C:\WINDOWS\system32\__c0091A10.dat moved successfully.
File C:\DOCUME~1\RABIDD~1\LOCALS~1\Temp\Perflib_Perfdata_a1c.dat not found!
File C:\DOCUME~1\RABIDD~1\LOCALS~1\Temp\Perflib_Perfdata_e1c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_580.dat not found!


otviewit log file

OTViewIt logfile created on: 8/21/2008 8:06:31 PM
OTViewIt by OldTimer - Version 1.0.0.0 Folder = C:\Documents and Settings\Rabiddawgs\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.50% Memory free
3.35 Gb Paging File | 2.89 Gb Available in Paging File | 86.29% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.09 Gb Total Space | 68.53 Gb Free Space | 65.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GAMEFREAK2
Current User Name: Rabiddawgs
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
[ATI Technologies Inc.] - C:\WINDOWS\system32\ati2evxx.exe
[Intel Corporation] - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[Intel Corporation ] - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[Intel® Corporation] - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
[ATI Technologies Inc.] - C:\WINDOWS\system32\ati2evxx.exe
[GRISOFT, s.r.o.] - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
[GRISOFT, s.r.o.] - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
[GRISOFT, s.r.o.] - C:\Program Files\Grisoft\AVG Free\avgemc.exe
[Dell Inc.] - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
[Intel Corporation] - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[Intel Corporation] - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[Intel Corporation] - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[SigmaTel, Inc.] - C:\WINDOWS\stsystra.exe
[Dell Inc] - C:\Program Files\Dell\QuickSet\quickset.exe
[Synaptics, Inc.] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[ATI Technologies Inc.] - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[Sonic Solutions] - C:\WINDOWS\system32\dla\tfswctrl.exe
[InstallShield Software Corporation] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[CyberLink Corp.] - C:\Program Files\Dell\MediaDirect\PCMService.exe
[GRISOFT, s.r.o.] - C:\Program Files\Grisoft\AVG Free\avgcc.exe
[Dell] - C:\Program Files\Dell\Dell Laser MFP 1815\NetworkScan\DNSCST.exe
[] - C:\Program Files\NetWaiting\netwaiting.exe
[Gteko Ltd.] - C:\Program Files\Dell Support\DSAgnt.exe
[Google Inc.] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[SUPERAntiSpyware.com] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[Intel Corporation] - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
[Adobe Systems Incorporated] - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[BVRP Software] - C:\Program Files\Digital Line Detect\DLG.exe
[ATI Technologies Inc.] - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[OldTimer Tools] - C:\Documents and Settings\Rabiddawgs\Desktop\OTViewIt.exe

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [ATI Technologies Inc.] - C:\WINDOWS\system32\ati2evxx.exe
(Avg7Alrt) AVG7 Alert Manager Server [GRISOFT, s.r.o.] - C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
(Avg7UpdSvc) AVG7 Update Service [GRISOFT, s.r.o.] - C:\Program Files\Grisoft\AVG Free\avgupsvc.exe
(AVGEMS) AVG E-mail Scanner [GRISOFT, s.r.o.] - C:\Program Files\Grisoft\AVG Free\avgemc.exe
(dmadmin) Logical Disk Manager Administrative Service [Microsoft Corp., Veritas Software] - C:\WINDOWS\system32\dmadmin.exe
(EvtEng) Intel® PROSet/Wireless Event Log [Intel Corporation] - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(gusvc) Google Updater Service [Google] - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
(NICCONFIGSVC) NICCONFIGSVC [Dell Inc.] - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
(RegSrvc) Intel® PROSet/Wireless Registry Service [Intel Corporation] - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(S24EventMonitor) Intel® PROSet/Wireless Service [Intel Corporation ] - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(WLANKEEPER) Intel® PROSet/Wireless SSO Service [Intel® Corporation] - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

[Driver Services - Non-Microsoft Only]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.10.0 [Meetinghouse Data Communications] - C:\WINDOWS\system32\drivers\AegisP.sys
(AliIde) AliIde [Acer Laboratories Inc.] - C:\WINDOWS\system32\drivers\aliide.sys
(amdagp) AMD AGP Bus Filter Driver [Advanced Micro Devices, Inc.] - C:\WINDOWS\system32\drivers\amdagp.sys
(AngelUsb) Angel USB MPEG Device [Lumanate, Inc.] - C:\WINDOWS\system32\drivers\AngelUsb.sys
(APPDRV) APPDRV [Dell Inc] - C:\WINDOWS\system32\drivers\APPDRV.SYS
(ASAPIW2k) ASAPIW2k [Pinnacle Systems GmbH] - C:\WINDOWS\system32\drivers\asapiW2k.sys
(asc) asc [Advanced System Products, Inc.] - C:\WINDOWS\system32\drivers\asc.sys
(asc3550) asc3550 [Advanced System Products, Inc.] - C:\WINDOWS\system32\drivers\asc3550.sys
(ati2mtag) ati2mtag [ATI Technologies Inc.] - C:\WINDOWS\system32\drivers\ati2mtag.sys
(Avg7Core) AVG7 Kernel [GRISOFT, s.r.o.] - C:\WINDOWS\system32\drivers\avg7core.sys
(Avg7RsW) AVG7 Wrap Driver [GRISOFT, s.r.o.] - C:\WINDOWS\system32\drivers\avg7rsw.sys
(Avg7RsXP) AVG7 Resident Driver XP [GRISOFT, s.r.o.] - C:\WINDOWS\system32\drivers\avg7rsxp.sys
(AvgClean) AVG7 Clean Driver [GRISOFT, s.r.o.] - C:\WINDOWS\system32\drivers\avgclean.sys
(AvgTdi) AVG Network Redirector [GRISOFT, s.r.o.] - C:\WINDOWS\system32\drivers\avgtdi.sys
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Broadcom Corporation] - C:\WINDOWS\system32\drivers\bcm4sbxp.sys
(CmdIde) CmdIde [CMD Technology, Inc.] - C:\WINDOWS\system32\drivers\cmdide.sys
(dac2w2k) dac2w2k [Mylex Corporation] - C:\WINDOWS\system32\drivers\dac2w2k.sys
(dmboot) dmboot [Microsoft Corp., Veritas Software] - C:\WINDOWS\system32\drivers\dmboot.sys
(dmio) Logical Disk Manager Driver [Microsoft Corp., Veritas Software] - C:\WINDOWS\system32\drivers\dmio.sys
(dmload) dmload [Microsoft Corp., Veritas Software.] - C:\WINDOWS\system32\drivers\dmload.sys
(drvmcdb) drvmcdb [Sonic Solutions] - C:\WINDOWS\system32\drivers\drvmcdb.sys
(drvnddm) drvnddm [Sonic Solutions] - C:\WINDOWS\system32\drivers\drvnddm.sys
(DSproct) DSproct [GTek Technologies Ltd.] - C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
(E100B) Intel® PRO Adapter Driver [Intel Corporation] - C:\WINDOWS\system32\drivers\e100b325.sys
(Hardlock) Hardlock [Aladdin Knowledge Systems] - C:\WINDOWS\system32\drivers\hardlock.sys
(Haspnt) Haspnt [Aladdin Knowledge Systems] - C:\WINDOWS\system32\drivers\Haspnt.sys
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Windows ® Server 2003 DDK provider] - C:\WINDOWS\system32\drivers\hdaudbus.sys
(HSFHWAZL) HSFHWAZL [Conexant Systems, Inc.] - C:\WINDOWS\system32\drivers\HSFHWAZL.sys
(HSF_DPV) HSF_DPV [Conexant Systems, Inc.] - C:\WINDOWS\system32\drivers\HSF_DPV.sys
(mdmxsdk) mdmxsdk [Conexant] - C:\WINDOWS\system32\drivers\mdmxsdk.sys
(mraid35x) mraid35x [American Megatrends Inc.] - C:\WINDOWS\system32\drivers\mraid35x.sys
(nv) nv [NVIDIA Corporation] - C:\WINDOWS\system32\drivers\nv4_mini.sys
(omci) OMCI WDM Device Driver [Dell Inc] - C:\WINDOWS\system32\drivers\omci.sys
(Ptilink) Direct Parallel Link Driver [Parallel Technologies, Inc.] - C:\WINDOWS\system32\drivers\ptilink.sys
(PxHelp20) PxHelp20 [Sonic Solutions] - C:\WINDOWS\system32\drivers\pxhelp20.sys
(ql1080) ql1080 [QLogic Corporation] - C:\WINDOWS\system32\drivers\ql1080.sys
(ql12160) ql12160 [QLogic Corporation] - C:\WINDOWS\system32\drivers\ql12160.sys
(ql1280) ql1280 [QLogic Corporation] - C:\WINDOWS\system32\drivers\ql1280.sys
(rimmptsk) rimmptsk [REDC] - C:\WINDOWS\system32\drivers\rimmptsk.sys
(rimsptsk) rimsptsk [REDC] - C:\WINDOWS\system32\drivers\rimsptsk.sys
(rismxdp) Ricoh xD-Picture Card Driver [REDC] - C:\WINDOWS\system32\drivers\rixdptsk.sys
(s24trans) WLAN Transport [Intel Corporation] - C:\WINDOWS\system32\drivers\s24trans.sys
(SASDIFSV) SASDIFSV [SUPERAdBlocker.com and SUPERAntiSpyware.com] - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
(SASENUM) SASENUM [ SUPERAdBlocker.com and SUPERAntiSpyware.com] - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
(SASKUTIL) SASKUTIL [SUPERAdBlocker.com and SUPERAntiSpyware.com] - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
(Secdrv) Secdrv [Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.] - C:\WINDOWS\system32\drivers\secdrv.sys
(sisagp) SIS AGP Bus Filter [Silicon Integrated Systems Corporation] - C:\WINDOWS\system32\drivers\sisagp.sys
(Sparrow) Sparrow [Adaptec, Inc.] - C:\WINDOWS\system32\drivers\sparrow.sys
(sscdbhk5) sscdbhk5 [Sonic Solutions] - C:\WINDOWS\system32\drivers\sscdbhk5.sys
(ssrtln) ssrtln [Sonic Solutions] - C:\WINDOWS\system32\drivers\ssrtln.sys
(STHDA) SigmaTel High Definition Audio CODEC [SigmaTel, Inc.] - C:\WINDOWS\system32\drivers\sthda.sys
(symc810) symc810 [Symbios Logic Inc.] - C:\WINDOWS\system32\drivers\symc810.sys
(symc8xx) symc8xx [LSI Logic] - C:\WINDOWS\system32\drivers\symc8xx.sys
(sym_hi) sym_hi [LSI Logic] - C:\WINDOWS\system32\drivers\sym_hi.sys
(sym_u3) sym_u3 [LSI Logic] - C:\WINDOWS\system32\drivers\sym_u3.sys
(SynTP) Synaptics TouchPad Driver [Synaptics, Inc.] - C:\WINDOWS\system32\drivers\SynTP.sys
(tfsnboio) tfsnboio [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsnboio.sys
(tfsncofs) tfsncofs [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsncofs.sys
(tfsndrct) tfsndrct [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsndrct.sys
(tfsndres) tfsndres [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsndres.sys
(tfsnifs) tfsnifs [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsnifs.sys
(tfsnopio) tfsnopio [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsnopio.sys
(tfsnpool) tfsnpool [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsnpool.sys
(tfsnudf) tfsnudf [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsnudf.sys
(tfsnudfa) tfsnudfa [Sonic Solutions] - C:\WINDOWS\system32\dla\tfsnudfa.sys
(tmcomm) tmcomm [Trend Micro Inc.] - C:\WINDOWS\system32\drivers\tmcomm.sys
(ultra) ultra [Promise Technology, Inc.] - C:\WINDOWS\system32\drivers\ultra.sys
(w39n51) Intel® PRO/Wireless 3945ABG Adapter Driver [Intel® Corporation] - C:\WINDOWS\system32\drivers\w39n51.sys
(winachsf) winachsf [Conexant Systems, Inc.] - C:\WINDOWS\system32\drivers\HSF_CNXT.sys

[Registry - Non-Microsoft Only]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC" = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay [ATI Technologies Inc.]
"AVG7_CC" = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP [GRISOFT, s.r.o.]
"Dell QuickSet" = C:\Program Files\Dell\QuickSet\quickset.exe [Dell Inc]
"DellNSCST_GRNCH" = "C:\Program Files\DELL\Dell Laser MFP 1815\NetworkScan\DNSCST.exe" /HIDEUI [Dell]
"dla" = C:\WINDOWS\system32\dla\tfswctrl.exe [Sonic Solutions]
"IntelWireless" = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless [Intel Corporation]
"IntelZeroConfig" = "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [Intel Corporation]
"ISUSPM Startup" = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [InstallShield Software Corporation]
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [InstallShield Software Corporation]
"MSKDetectorExe" = C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
"PCMService" = "C:\Program Files\Dell\MediaDirect\PCMService.exe" [CyberLink Corp.]
"PinnacleDriverCheck" = C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg []
"SigmatelSysTrayApp" = stsystra.exe [SigmaTel, Inc.]
"SynTPEnh" = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [Synaptics, Inc.]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport" = "C:\Program Files\Dell Support\DSAgnt.exe" /startup [Gteko Ltd.]
"ModemOnHold" = C:\Program Files\NetWaiting\netWaiting.exe []
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [SUPERAntiSpyware.com]
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [Google Inc.]
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [Adobe Systems Incorporated]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"run" = Reg Error: Value run does not exist or could not be read.

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[Adobe Systems Incorporated] - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[BVRP Software] - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

[Rabiddawgs Startup Folder - C:\Documents and Settings\Rabiddawgs\Start Menu\Programs\Startup]



[Files/Folders - Created Within 30 days]
[Folder | 8/16/2008 10:06:25 PM | RH ] - C:\$VAULT$.AVG
[Folder | 8/17/2008 1:20:49 AM | HS] - C:\Config.Msi
[Folder | 8/21/2008 8:02:01 PM | ] - C:\_OTMoveIt
[ATI Technologies Inc. | 56623 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1btxx.sys
[ATI Technologies Inc. | 11615 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[ATI Technologies Inc. | 12047 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[ATI Technologies Inc. | 30671 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1raxx.sys
[ATI Technologies Inc. | 63663 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[ATI Technologies Inc. | 26367 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1snxx.sys
[ATI Technologies Inc. | 21343 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[ATI Technologies Inc. | 36463 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[ATI Technologies Inc. | 29455 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[ATI Technologies Inc. | 34735 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[ATI Technologies Inc. | 327040 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[ATI Technologies Inc. | 57856 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinbtxx.sys
[ATI Technologies Inc. | 13824 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinmdxx.sys
[ATI Technologies Inc. | 14336 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinpdxx.sys
[ATI Technologies Inc. | 52224 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinraxx.sys
[ATI Technologies Inc. | 104960 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinrvxx.sys
[ATI Technologies Inc. | 28672 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinsnxx.sys
[ATI Technologies Inc. | 13824 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinttxx.sys
[ATI Technologies Inc. | 73216 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atintuxx.sys
[ATI Technologies Inc. | 31744 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinxbxx.sys
[ATI Technologies Inc. | 63488 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\atinxsxx.sys
[ | 64352 | Created = 8/17/2008 12:27:58 AM | ] - C:\WINDOWS\System32\drivers\ativmc20.cod
[ | 129045 | Created = 8/17/2008 12:28:40 AM | ] - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[Conexant Systems, Inc. | 220032 | Created = 8/17/2008 12:28:43 AM | ] - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[Conexant Systems, Inc. | 685056 | Created = 8/17/2008 12:28:43 AM | ] - C:\WINDOWS\System32\drivers\hsfcxts2.sys
[Conexant Systems, Inc. | 1041536 | Created = 8/17/2008 12:28:43 AM | ] - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[Malwarebytes Corporation | 17144 | Created = 8/16/2008 10:23:19 PM | ] - C:\WINDOWS\System32\drivers\mbam.sys
[Malwarebytes Corporation | 38472 | Created = 8/16/2008 10:23:19 PM | ] - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[Smart Link | 126686 | Created = 8/17/2008 12:28:48 AM | ] - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[Smart Link | 1309184 | Created = 8/17/2008 12:28:48 AM | ] - C:\WINDOWS\System32\drivers\mtlstrm.sys
[Matrox Graphics Inc. | 452736 | Created = 8/17/2008 12:28:48 AM | ] - C:\WINDOWS\System32\drivers\mtxparhm.sys
[ | 67866 | Created = 8/17/2008 12:28:49 AM | ] - C:\WINDOWS\System32\drivers\netwlan5.img
[Smart Link | 180360 | Created = 8/17/2008 12:28:49 AM | ] - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[Smart Link | 13776 | Created = 8/17/2008 12:28:50 AM | ] - C:\WINDOWS\System32\drivers\recagent.sys
[S3 Graphics, Inc. | 166912 | Created = 8/17/2008 12:28:50 AM | ] - C:\WINDOWS\System32\drivers\s3gnbm.sys
[Smart Link | 129535 | Created = 8/17/2008 12:28:50 AM | ] - C:\WINDOWS\System32\drivers\slnt7554.sys
[Smart Link | 404990 | Created = 8/17/2008 12:28:50 AM | ] - C:\WINDOWS\System32\drivers\slntamr.sys
[Smart Link | 95424 | Created = 8/17/2008 12:28:50 AM | ] - C:\WINDOWS\System32\drivers\slnthal.sys
[Smart Link | 13240 | Created = 8/17/2008 12:28:51 AM | ] - C:\WINDOWS\System32\drivers\slwdmsup.sys
[Trend Micro Inc. | 102664 | Created = 8/16/2008 10:12:20 PM | ] - C:\WINDOWS\System32\drivers\tmcomm.sys
[Intel® Corporation | 11807 | Created = 8/17/2008 12:28:55 AM | ] - C:\WINDOWS\System32\drivers\wadv07nt.sys
[Intel® Corporation | 11295 | Created = 8/17/2008 12:28:55 AM | ] - C:\WINDOWS\System32\drivers\wadv08nt.sys
[Intel® Corporation | 11871 | Created = 8/17/2008 12:28:55 AM | ] - C:\WINDOWS\System32\drivers\wadv09nt.sys
[Intel® Corporation | 11935 | Created = 8/17/2008 12:28:55 AM | ] - C:\WINDOWS\System32\drivers\wadv11nt.sys
[Intel® Corporation | 22271 | Created = 8/17/2008 12:28:55 AM | ] - C:\WINDOWS\System32\drivers\watv06nt.sys
[Intel® Corporation | 25471 | Created = 8/17/2008 12:28:55 AM | ] - C:\WINDOWS\System32\drivers\watv10nt.sys
[Folder | 8/17/2008 12:42:53 AM | ] - C:\WINDOWS\System32\bits
[1 C:\WINDOWS\System32\*.tmp files]
[Folder | 8/17/2008 12:42:53 AM | ] - C:\WINDOWS\System32\en
[Folder | 8/17/2008 12:42:54 AM | ] - C:\WINDOWS\System32\scripting
[Folder | 8/17/2008 12:34:51 AM | H ] - C:\WINDOWS\$NtServicePackUninstall$
[2 C:\WINDOWS\*.tmp files]
[Folder | 8/17/2008 1:25:42 AM | ] - C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
[Folder | 8/17/2008 12:42:54 AM | ] - C:\WINDOWS\l2schemas
[Folder | 8/17/2008 12:53:51 AM | ] - C:\WINDOWS\Prefetch
[Folder | 8/17/2008 12:40:40 AM | ] - C:\WINDOWS\ServicePackFiles
[Folder | 8/16/2008 10:23:18 PM | ] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[Folder | 8/16/2008 10:25:32 PM | ] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[Folder | 8/16/2008 10:23:21 PM | ] - C:\Documents and Settings\Rabiddawgs\Application Data\Malwarebytes
[Folder | 8/16/2008 10:25:25 PM | ] - C:\Documents and Settings\Rabiddawgs\Application Data\SUPERAntiSpyware.com
[Atribune.org | 50688 | Created = 8/16/2008 10:15:46 PM | ] - C:\Documents and Settings\Rabiddawgs\My Documents\ATF_Cleaner.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\ATF_Cleaner.exe:Zone.Identifier
[Digital River | 128368 | Created = 8/16/2008 10:16:03 PM | ] - C:\Documents and Settings\Rabiddawgs\My Documents\Download_mbam-setup.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Download_mbam-setup.exe:Zone.Identifier
[Trend Micro Inc. | 401720 | Created = 8/16/2008 11:46:18 PM | ] - C:\Documents and Settings\Rabiddawgs\My Documents\HiJackThis.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\HiJackThis.exe:Zone.Identifier
[ | 6467096 | Created = 8/16/2008 10:21:02 PM | ] - C:\Documents and Settings\Rabiddawgs\My Documents\SUPERAntiSpyware.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\SUPERAntiSpyware.exe:Zone.Identifier
[ | 696 | Created = 8/16/2008 10:23:20 PM | ] - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[ | 780 | Created = 8/16/2008 10:25:26 PM | ] - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[OldTimer Tools | 291840 | Created = 8/21/2008 7:59:34 PM | ] - C:\Documents and Settings\Rabiddawgs\Desktop\OTMoveIt2.exe
[OldTimer Tools | 1395200 | Created = 8/21/2008 8:05:51 PM | ] - C:\Documents and Settings\Rabiddawgs\Desktop\OTViewIt.exe
[Folder | 8/16/2008 10:23:02 PM | ] - C:\Program Files\Common Files\Download Manager
[Folder | 8/16/2008 11:48:57 PM | ] - C:\Program Files\Hijackthis
[Folder | 8/16/2008 10:23:18 PM | ] - C:\Program Files\Malwarebytes' Anti-Malware
[Folder | 8/16/2008 10:25:25 PM | ] - C:\Program Files\SUPERAntiSpyware

[Files/Folders - Modified Within 30 days]
[Folder | Modified = 8/16/2008 11:18:07 PM | RH ] - C:\$VAULT$.AVG
[Folder | Modified = 8/17/2008 1:30:34 AM | HS] - C:\Config.Msi
[ | 2145845248 | Modified = 8/21/2008 8:03:39 PM | HS] - C:\hiberfil.sys
[Folder | Modified = 8/21/2008 8:04:02 PM | ] - C:\MDT
[ | 250048 | Modified = 8/17/2008 12:38:02 AM | RHS] - C:\ntldr
[Folder | Modified = 8/16/2008 11:49:05 PM | R ] - C:\Program Files
[Folder | Modified = 8/16/2008 10:43:47 PM | HS] - C:\System Volume Information
[Folder | Modified = 8/21/2008 8:04:21 PM | ] - C:\WINDOWS
[Folder | Modified = 8/21/2008 8:02:01 PM | ] - C:\_OTMoveIt
[Malwarebytes Corporation | 17144 | Modified = 7/30/2008 8:07:52 PM | ] - C:\WINDOWS\System32\drivers\mbam.sys
[Malwarebytes Corporation | 38472 | Modified = 7/30/2008 8:07:56 PM | ] - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[Trend Micro Inc. | 102664 | Modified = 8/16/2008 10:12:03 PM | ] - C:\WINDOWS\System32\drivers\tmcomm.sys
[Folder | Modified = 8/17/2008 12:42:53 AM | ] - C:\WINDOWS\System32\bits
[1 C:\WINDOWS\System32\*.tmp files]
[Folder | Modified = 8/17/2008 12:46:55 AM | ] - C:\WINDOWS\System32\CatRoot
[Folder | Modified = 8/17/2008 1:43:33 AM | ] - C:\WINDOWS\System32\CatRoot2
[Folder | Modified = 8/17/2008 12:40:21 AM | ] - C:\WINDOWS\System32\Com
[Folder | Modified = 8/17/2008 1:43:42 AM | ] - C:\WINDOWS\System32\dllcache
[Folder | Modified = 8/17/2008 1:26:26 AM | ] - C:\WINDOWS\System32\drivers
[Folder | Modified = 8/17/2008 12:42:53 AM | ] - C:\WINDOWS\System32\en
[Folder | Modified = 8/17/2008 12:42:54 AM | ] - C:\WINDOWS\System32\en-US
[ | 287704 | Modified = 8/17/2008 1:43:15 AM | ] - C:\WINDOWS\System32\FNTCACHE.DAT
[Folder | Modified = 8/17/2008 12:43:05 AM | ] - C:\WINDOWS\System32\inetsrv
[Folder | Modified = 8/17/2008 12:40:27 AM | ] - C:\WINDOWS\System32\npp
[Folder | Modified = 8/17/2008 12:40:02 AM | ] - C:\WINDOWS\System32\oobe
[ | 62434 | Modified = 8/21/2008 7:15:13 PM | ] - C:\WINDOWS\System32\perfc009.dat
[ | 402994 | Modified = 8/21/2008 7:15:13 PM | ] - C:\WINDOWS\System32\perfh009.dat
[ | 471976 | Modified = 8/21/2008 7:15:13 PM | ] - C:\WINDOWS\System32\PerfStringBackup.INI
[Folder | Modified = 8/17/2008 12:40:27 AM | ] - C:\WINDOWS\System32\Restore
[Folder | Modified = 8/17/2008 12:42:54 AM | ] - C:\WINDOWS\System32\scripting
[Folder | Modified = 8/17/2008 12:53:13 AM | ] - C:\WINDOWS\System32\Setup
[Folder | Modified = 8/17/2008 12:42:54 AM | ] - C:\WINDOWS\System32\usmt
[Folder | Modified = 8/17/2008 12:53:12 AM | ] - C:\WINDOWS\System32\wbem
[ | 2206 | Modified = 8/21/2008 8:03:53 PM | ] - C:\WINDOWS\System32\wpa.dbl
[Folder | Modified = 8/17/2008 1:28:49 AM | H ] - C:\WINDOWS\$hf_mig$
[2 C:\WINDOWS\*.tmp files]
[Folder | Modified = 8/17/2008 12:37:09 AM | H ] - C:\WINDOWS\$NtServicePackUninstall$
[Folder | Modified = 8/17/2008 1:25:42 AM | ] - C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
[Folder | Modified = 8/17/2008 12:53:12 AM | ] - C:\WINDOWS\AppPatch
[ | 2048 | Modified = 8/21/2008 8:03:42 PM | S] - C:\WINDOWS\bootstat.dat
[Folder | Modified = 8/16/2008 11:35:49 PM | HS] - C:\WINDOWS\CSC
[Folder | Modified = 8/17/2008 1:26:54 AM | ] - C:\WINDOWS\Debug
[Folder | Modified = 8/17/2008 12:11:01 AM | S] - C:\WINDOWS\Downloaded Program Files
[Folder | Modified = 8/17/2008 12:34:50 AM | ] - C:\WINDOWS\ehome
[Folder | Modified = 8/17/2008 1:23:43 AM | R S] - C:\WINDOWS\Fonts
[Folder | Modified = 8/17/2008 12:43:05 AM | ] - C:\WINDOWS\Help
[Folder | Modified = 8/17/2008 1:28:17 AM | ] - C:\WINDOWS\ie7updates
[Folder | Modified = 8/17/2008 12:43:05 AM | ] - C:\WINDOWS\ime
[ | 1374 | Modified = 8/17/2008 1:28:48 AM | ] - C:\WINDOWS\imsins.BAK
[Folder | Modified = 8/17/2008 1:28:52 AM | H ] - C:\WINDOWS\inf
[Folder | Modified = 8/17/2008 1:30:34 AM | HS] - C:\WINDOWS\Installer
[Folder | Modified = 8/17/2008 12:42:54 AM | ] - C:\WINDOWS\l2schemas
[Folder | Modified = 8/17/2008 12:40:26 AM | ] - C:\WINDOWS\msagent
[Folder | Modified = 8/17/2008 12:40:27 AM | ] - C:\WINDOWS\mui
[Folder | Modified = 8/17/2008 12:43:05 AM | ] - C:\WINDOWS\network diagnostic
[Folder | Modified = 8/17/2008 12:42:53 AM | ] - C:\WINDOWS\Pee