Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows 2008 Antivirus - Joke Blusod [RESOLVED]

Started by RobotCody , Aug 19 2008 09:54 AM

  • This topic is locked This topic is locked

#1
RobotCody
Posted 19 August 2008 - 09:54 AM

RobotCody

    Member

  • Member
  • PipPip
  • 60 posts
So I just got reformatted andddd a week later I got that stupid joke blusod...I went through the FixIde on the walkthrough just to make SURE, because the last time BEFORE i wiped the "schools" scanner that I used defined the virus I had as a ZLOB. So I used the FixIDe or whatever. Now Im posting my HiJackthis just in case.

Here is my hijackthis I probably still have the joke blusod. Please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:17 AM, on 8/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Desktop Firewall\WDF.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Adobe Audition 3.0\Audition.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Explorer-] c:\windows\explorer-.exe
O4 - HKLM\..\Run: [InitDataWin64] c:\windows\explorer-.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152134665937
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.local
O17 - HKLM\Software\..\Telephony: DomainName = student.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = student.local
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software, Inc. - C:\Program Files\Webroot\Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14127 bytes
  • 0

Advertisements

#2
fenzodahl512
Posted 25 August 2008 - 03:30 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello and welcome to GTG..


Please uninstall Viewpoint and Ask Toolbar from your computer..


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



NEXT


Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
RobotCody
Posted 25 August 2008 - 08:04 PM

RobotCody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Malwarebytes' Anti-Malware 1.25
Database version: 1087
Windows 5.1.2600 Service Pack 3

9:02:09 PM 8/25/2008
mbam-log-08-25-2008 (21-02-09).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 159677
Time elapsed: 57 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



The Kapersky said that the license had expired so i couldnt do that one. Also this log isnt perfectly correct i ran two, the first had removed 4 programs, but i forgot to post it before i removed the Malebytes so i reinstalled it and scanned again.
  • 0

#4
fenzodahl512
Posted 25 August 2008 - 08:29 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Don't worry about it.. How is your computer now?.. Lets do this..


Please download OTViewIt to your desktop.
  • Close all windows and double click OTViewIt
  • Place a tick in the Scan all Users box
  • In the File Age drop down box select 60 days
  • Click Run Scan and let the program run uninterrupted
  • On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

  • 0

#5
RobotCody
Posted 26 August 2008 - 08:01 AM

RobotCody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Edited for Simplicity, posted new log below.

Edited by RobotCody, 26 August 2008 - 11:48 AM.

  • 0

#6
fenzodahl512
Posted 26 August 2008 - 09:47 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Your log seems to be cut-off.. Please find OTViewIt.txt (or run the scan again) and attach the log here..
  • 0

#7
RobotCody
Posted 26 August 2008 - 11:40 AM

RobotCody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
OTViewIt logfile created on: 8/26/2008 8:59:18 AM - Run 2
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\copeterson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.23% Memory free
3.35 Gb Paging File | 2.45 Gb Available in Paging File | 73.31% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 2.33 Gb Free Space | 7.96% Space Free | Partition Type: NTFS
Drive D: | 45.15 Gb Total Space | 41.49 Gb Free Space | 91.88% Space Free | Partition Type: NTFS
Drive E: | 388.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D9CRS2C1
Current User Name: copeterson
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[12/18/2007 07:03 PM | 02,569,600 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
[11/09/2007 03:15 PM | 00,108,392 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[11/01/2006 09:48 PM | 00,020,480 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE
[11/01/2006 09:48 PM | 01,253,376 | ---- | M] (Dell Inc.) - C:\WINDOWS\system32\BCMWLTRY.EXE
[04/04/2005 06:58 PM | 00,163,840 | ---- | M] (Adobe Systems Incorporated) - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
[08/07/2008 06:40 PM | 00,079,360 | ---- | M] (Autodesk) - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
[03/25/2006 05:24 PM | 00,315,392 | ---- | M] (Wave Systems Corp.) - C:\Program Files\Wave Systems Corp\common\DataServer.exe
[03/10/2008 12:04 AM | 00,065,536 | ---- | M] () - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
[04/06/2006 02:57 PM | 00,380,928 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
[01/19/2006 08:14 AM | 00,143,428 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[03/01/2006 03:37 PM | 00,031,232 | ---- | M] () - C:\WINDOWS\system32\rpcnet.exe
[12/18/2007 09:08 PM | 02,189,240 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
[04/04/2005 06:58 PM | 03,502,080 | ---- | M] () - C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
[11/30/2005 01:33 PM | 00,180,224 | ---- | M] () - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
[12/18/2007 07:03 PM | 01,643,904 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
[07/02/2008 01:26 PM | 00,353,672 | ---- | M] (Webroot Software Inc (www.webroot.com)) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
[01/04/2008 08:56 PM | 03,572,592 | ---- | M] (Webroot Software, Inc.) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
[10/07/2005 12:13 PM | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.) - C:\Program Files\Apoint\Apoint.exe
[06/28/2004 09:56 PM | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) - C:\Program Files\Apoint\hidfind.exe
[07/27/2005 02:41 PM | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) - C:\Program Files\Apoint\ApntEx.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[11/01/2006 09:48 PM | 01,392,640 | ---- | M] (Dell Inc.) - C:\WINDOWS\system32\WLTRAY.EXE
[03/24/2006 04:30 PM | 00,282,624 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\stsystra.exe
[03/09/2006 12:26 PM | 00,098,304 | ---- | M] (Wave Systems Corp.) - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
[12/09/2005 08:29 PM | 00,049,152 | ---- | M] (CyberLink Corp.) - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[04/06/2006 02:58 PM | 01,032,192 | ---- | M] (Dell Inc) - C:\Program Files\Dell\QuickSet\quickset.exe
[09/08/2005 05:20 AM | 00,122,940 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[07/27/2004 04:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation) - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[11/09/2007 03:15 PM | 00,115,560 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[08/07/2008 05:46 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.) - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[04/04/2005 06:58 PM | 00,856,064 | ---- | M] (Adobe Sytems Incorporated) - C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
[12/14/2004 02:12 AM | 00,483,328 | ---- | M] (Adobe Systems Inc.) - C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
[01/04/2008 08:56 PM | 05,367,664 | ---- | M] (Webroot Software, Inc.) - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
[09/10/2003 02:24 AM | 00,020,480 | ---- | M] () - C:\Program Files\NetWaiting\netwaiting.exe
[08/06/2008 10:21 AM | 00,050,472 | ---- | M] (AOL LLC) - C:\Program Files\AIM6\aim6.exe
[10/29/2003 02:06 AM | 00,024,576 | ---- | M] (BVRP Software) - C:\Program Files\Digital Line Detect\DLG.exe
[08/05/2008 07:26 PM | 03,065,168 | ---- | M] (Xfire Inc.) - C:\Program Files\Xfire\xfire.exe
[10/08/2007 04:50 PM | 00,041,824 | ---- | M] (AOL LLC) - C:\Program Files\AIM6\aolsoftware.exe
[07/02/2008 08:52 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[01/04/2008 08:34 PM | 00,214,384 | ---- | M] () - C:\Program Files\Webroot\Spy Sweeper\ssu.exe
[08/26/2008 08:57 AM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\copeterson\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Adobe LM Service) Adobe LM Service [On_Demand | Stopped]
[08/07/2008 06:50 PM | 00,072,704 | ---- | M] (Adobe Systems) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

(Adobe Version Cue CS2) Adobe Version Cue CS2 [Auto | Running]
[04/04/2005 06:58 PM | 00,163,840 | ---- | M] (Adobe Systems Incorporated) - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

(Autodesk Licensing Service) Autodesk Licensing Service [Auto | Running]
[08/07/2008 06:40 PM | 00,079,360 | ---- | M] (Autodesk) - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

(ccEvtMgr) Symantec Event Manager [Auto | Running]
[11/09/2007 03:15 PM | 00,108,392 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(ccSetMgr) Symantec Settings Manager [Auto | Running]
[11/09/2007 03:15 PM | 00,108,392 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(DataSvr2) DataSvr2 [Auto | Running]
[03/25/2006 05:24 PM | 00,315,392 | ---- | M] (Wave Systems Corp.) - C:\Program Files\Wave Systems Corp\common\DataServer.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/13/2008 07:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(LiveUpdate) LiveUpdate [On_Demand | Stopped]
[08/11/2007 08:05 PM | 03,093,872 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE

(mi-raysat_3dsMax2009_32) mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit [Auto | Running]
[03/10/2008 12:04 AM | 00,065,536 | ---- | M] () - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe

(NICCONFIGSVC) NICCONFIGSVC [Auto | Running]
[04/06/2006 02:57 PM | 00,380,928 | ---- | M] (Dell Inc.) - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[01/19/2006 08:14 AM | 00,143,428 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(Rpcnet) Remote Procedure Call (RPC) Net [Auto | Running]
[03/01/2006 03:37 PM | 00,031,232 | ---- | M] () - C:\WINDOWS\system32\rpcnet.exe

(SmcService) Symantec Management Client [Auto | Running]
[12/18/2007 07:03 PM | 02,569,600 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

(SNAC) Symantec Network Access Control [On_Demand | Stopped]
[12/18/2007 07:04 PM | 00,234,888 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE

(Symantec AntiVirus) Symantec Endpoint Protection [Auto | Running]
[12/18/2007 09:08 PM | 02,189,240 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

(tcsd_win32.exe) NTRU Hybrid TSS v2.0.7 TCS [Auto | Running]
[11/30/2005 01:33 PM | 00,180,224 | ---- | M] () - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe

(WDFNet) Webroot Desktop Firewall network service [Auto | Running]
[07/02/2008 01:26 PM | 00,353,672 | ---- | M] (Webroot Software Inc (www.webroot.com)) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe

(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Auto | Running]
[01/04/2008 08:56 PM | 03,572,592 | ---- | M] (Webroot Software, Inc.) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

(wltrysvc) Dell Wireless WLAN Tray Service [Auto | Running]
[11/01/2006 09:48 PM | 00,020,480 | ---- | M] () - C:\WINDOWS\system32\WLTRYSVC.EXE

===== Driver Services - Non-Microsoft Only =====

(AliIde) AliIde [Disabled | Stopped]
[08/17/2001 01:51 PM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys

(amdagp) AMD AGP Bus Filter Driver [Disabled | Stopped]
[04/13/2008 01:36 PM | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) - C:\WINDOWS\system32\drivers\amdagp.sys

(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [On_Demand | Running]
[09/28/2005 06:57 PM | 00,113,847 | R--- | M] (Alps Electric Co., Ltd.) - C:\WINDOWS\system32\drivers\Apfiltr.sys

(APPDRV) APPDRV [System | Running]
[08/12/2005 05:50 PM | 00,016,128 | ---- | M] (Dell Inc) - C:\WINDOWS\system32\drivers\APPDRV.SYS

(asc) asc [Disabled | Stopped]
[08/17/2001 01:52 PM | 00,026,496 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc.sys

(asc3550) asc3550 [Disabled | Stopped]
[08/17/2001 01:51 PM | 00,014,848 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc3550.sys

(b57w2k) Broadcom NetXtreme Gigabit Ethernet [On_Demand | Running]
[11/10/2005 09:25 AM | 00,142,720 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\b57xp32.sys

(BCM43XX) Dell Wireless WLAN Card Driver [On_Demand | Running]
[10/13/2006 12:28 AM | 00,604,928 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\BCMWL5.SYS

(CmdIde) CmdIde [Disabled | Stopped]
[08/17/2001 01:51 PM | 00,006,656 | ---- | M] (CMD Technology, Inc.) - C:\WINDOWS\system32\drivers\cmdide.sys

(dac2w2k) dac2w2k [Disabled | Stopped]
[08/17/2001 01:52 PM | 00,179,584 | ---- | M] (Mylex Corporation) - C:\WINDOWS\system32\drivers\dac2w2k.sys

(DLABOIOM) DLABOIOM [Auto | Running]
[09/08/2005 05:20 AM | 00,025,628 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLABOIOM.SYS

(DLACDBHM) DLACDBHM [System | Running]
[08/25/2005 12:16 PM | 00,005,628 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DLACDBHM.SYS

(DLADResN) DLADResN [Auto | Running]
[09/08/2005 05:20 AM | 00,002,496 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLADResN.SYS

(DLAIFS_M) DLAIFS_M [Auto | Running]
[09/08/2005 05:20 AM | 00,086,524 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

(DLAOPIOM) DLAOPIOM [Auto | Running]
[09/08/2005 05:20 AM | 00,014,684 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

(DLAPoolM) DLAPoolM [Auto | Running]
[09/08/2005 05:20 AM | 00,006,364 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAPoolM.SYS

(DLARTL_N) DLARTL_N [System | Running]
[08/25/2005 12:16 PM | 00,022,684 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DLARTL_N.SYS

(DLAUDFAM) DLAUDFAM [Auto | Running]
[09/08/2005 05:20 AM | 00,094,332 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

(DLAUDF_M) DLAUDF_M [Auto | Running]
[09/08/2005 05:20 AM | 00,087,036 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

(dmboot) dmboot [Disabled | Stopped]
[04/13/2008 01:44 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[04/13/2008 01:44 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[08/04/2004 05:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(DRVMCDB) DRVMCDB [Boot | Running]
[09/12/2005 03:30 AM | 00,089,264 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVMCDB.SYS

(DRVNDDM) DRVNDDM [Auto | Running]
[08/12/2005 05:20 AM | 00,040,544 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVNDDM.SYS

(DS1410D) DS1410D [Auto | Stopped]
File not found - C:\WINDOWS\system32\drivers\ds1410d.sys

(E100B) Intel® PRO Adapter Driver [On_Demand | Stopped]
[08/17/2001 12:12 PM | 00,117,760 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(eeCtrl) Symantec Eraser Control driver [System | Running]
[08/18/2008 03:00 AM | 00,371,248 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

(EraserUtilRebootDrv) EraserUtilRebootDrv [On_Demand | Running]
[08/18/2008 03:00 AM | 00,099,376 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

(guardian2) guardian2 [On_Demand | Running]
[01/31/2007 02:37 AM | 00,056,320 | ---- | M] (O2Micro) - C:\WINDOWS\system32\drivers\oz776.sys

(Hardlock) Hardlock [Auto | Running]
[07/28/2005 08:18 AM | 00,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) - C:\WINDOWS\system32\drivers\hardlock.sys

(Haspnt) Haspnt [Auto | Running]
[08/07/2008 08:23 PM | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) - C:\WINDOWS\system32\drivers\Haspnt.sys

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [On_Demand | Running]
[04/13/2008 11:36 AM | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\system32\drivers\hdaudbus.sys

(HSF_DPV) HSF_DPV [On_Demand | Running]
[12/01/2005 12:40 AM | 00,936,960 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSX_DPV.sys

(HSXHWAZL) HSXHWAZL [On_Demand | Running]
[12/01/2005 12:40 AM | 00,192,512 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSXHWAZL.sys

(mdmxsdk) mdmxsdk [Auto | Running]
[10/04/2005 09:57 PM | 00,012,544 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 01:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/21/2008 03:00 AM | 00,089,104 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080825.034\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/21/2008 03:00 AM | 00,873,552 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080825.034\NAVEX15.SYS

(nv) nv [On_Demand | Running]
[01/19/2006 08:14 AM | 03,595,296 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(PBADRV) PBADRV [Boot | Running]
[12/09/2005 03:35 PM | 00,018,816 | ---- | M] (Dell Inc) - C:\WINDOWS\system32\drivers\PBADRV.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 05:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(pwipf6) pwipf6 [System | Running]
[07/02/2008 01:26 PM | 00,103,304 | ---- | M] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\system32\drivers\pwipf6.sys

(PxHelp20) PxHelp20 [Boot | Running]
[01/26/2005 02:03 AM | 00,020,576 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(ql1080) ql1080 [Disabled | Stopped]
[08/17/2001 01:52 PM | 00,040,320 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1080.sys

(ql12160) ql12160 [Disabled | Stopped]
[08/17/2001 01:52 PM | 00,045,312 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql12160.sys

(ql1280) ql1280 [Disabled | Stopped]
[08/17/2001 01:52 PM | 00,049,024 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1280.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 05:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(Sentinel) Sentinel [Auto | Running]
[06/21/2001 09:39 PM | 00,073,728 | ---- | M] (Rainbow Technologies, Inc.) - C:\WINDOWS\system32\drivers\SENTINEL.SYS

(sisagp) SIS AGP Bus Filter [Disabled | Stopped]
[04/13/2008 01:36 PM | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\sisagp.sys

(SMCIRDA) SMC IrCC Miniport Device Driver [On_Demand | Stopped]
[08/17/2001 01:10 PM | 00,035,913 | ---- | M] (SMC) - C:\WINDOWS\system32\drivers\smcirda.sys

(Sntnlusb) Rainbow USB SuperPro [On_Demand | Stopped]
[06/21/2001 09:39 PM | 00,020,032 | R--- | M] (Rainbow Technologies Inc.) - C:\WINDOWS\system32\drivers\SNTNLUSB.SYS

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 02:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(SPBBCDrv) SPBBCDrv [System | Running]
[07/31/2007 02:17 AM | 00,418,864 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

(SRTSP) SRTSP [System | Running]
[11/30/2007 11:57 PM | 00,279,088 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtsp.sys

(SRTSPL) SRTSPL [On_Demand | Stopped]
[11/30/2007 11:57 PM | 00,317,616 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspl.sys

(SRTSPX) SRTSPX [System | Running]
[11/30/2007 11:57 PM | 00,043,696 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspx.sys

(SSFS0BB9) Spy Sweeper File System Filer Driver: 0BB9 [Boot | Running]
[01/04/2008 08:34 PM | 00,020,336 | ---- | M] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\system32\drivers\SSFS0BB9.sys

(SSHRMD) Spy Sweeper Hookrack MiniDriver [Boot | Running]
[01/04/2008 08:34 PM | 00,021,872 | ---- | M] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\system32\drivers\sshrmd.sys

(SSIDRV) Spy Sweeper Interdiction Driver [Boot | Running]
[01/04/2008 08:34 PM | 00,163,696 | ---- | M] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\system32\drivers\ssidrv.sys

(SSKBFD) Webroot Spy Sweeper Keylogger Shield Keyboard Filter [On_Demand | Running]
[01/04/2008 08:34 PM | 00,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\system32\drivers\sskbfd.sys

(STHDA) SigmaTel High Definition Audio CODEC [On_Demand | Running]
[03/24/2006 04:34 PM | 01,156,648 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\system32\drivers\sthda.sys

(symc810) symc810 [Disabled | Stopped]
[08/17/2001 02:07 PM | 00,016,256 | ---- | M] (Symbios Logic Inc.) - C:\WINDOWS\system32\drivers\symc810.sys

(symc8xx) symc8xx [Disabled | Stopped]
[08/17/2001 02:07 PM | 00,032,640 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\symc8xx.sys

(SymEvent) SymEvent [On_Demand | Running]
[06/19/2008 12:15 PM | 00,136,496 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SYMEVENT.SYS

(symlcbrd) symlcbrd [Auto | Running]
[07/06/2006 02:27 PM | 00,010,344 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symlcbrd.sys

(SYMREDRV) SYMREDRV [On_Demand | Running]
[01/09/2007 04:46 PM | 00,027,576 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symredrv.sys

(SYMTDI) SYMTDI [System | Running]
[01/09/2007 04:46 PM | 00,191,544 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symtdi.sys

(sym_hi) sym_hi [Disabled | Stopped]
[08/17/2001 02:07 PM | 00,028,384 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_hi.sys

(sym_u3) sym_u3 [Disabled | Stopped]
[08/17/2001 02:07 PM | 00,030,688 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_u3.sys

(ultra) ultra [Disabled | Stopped]
[08/17/2001 01:52 PM | 00,036,736 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\ultra.sys

(vsdatant) vsdatant [Disabled | Stopped]
File not found - a

(winachsf) winachsf [On_Demand | Running]
[12/01/2005 12:40 AM | 00,669,696 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSX_CNXT.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"" = File not found
"Acrobat Assistant 7.0" = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [12/14/2004 02:12 AM | 00,483,328 | ---- | M] (Adobe Systems Inc.)
"Adobe Version Cue CS2" = "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04/04/2005 06:58 PM | 00,856,064 | ---- | M] (Adobe Sytems Incorporated)
"Apoint" = "C:\Program Files\Apoint\Apoint.exe" [10/07/2005 12:13 PM | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.)
"Broadcom Wireless Manager UI" = C:\WINDOWS\system32\WLTRAY.exe [11/01/2006 09:48 PM | 01,392,640 | ---- | M] (Dell Inc.)
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/09/2007 03:15 PM | 00,115,560 | ---- | M] (Symantec Corporation)
"Dell QuickSet" = "C:\Program Files\Dell\QuickSet\quickset.exe" [04/06/2006 02:58 PM | 01,032,192 | ---- | M] (Dell Inc)
"DLA" = C:\WINDOWS\System32\DLA\DLACTRLW.EXE [09/08/2005 05:20 AM | 00,122,940 | ---- | M] (Sonic Solutions)
"Document Manager" = "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [03/09/2006 12:26 PM | 00,098,304 | ---- | M] (Wave Systems Corp.)
"DVDLauncher" = "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 08:29 PM | 00,049,152 | ---- | M] (CyberLink Corp.)
"Explorer-" = c:\windows\explorer-.exe File not found
"InitDataWin64" = c:\windows\explorer-.exe File not found
"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup [07/27/2004 04:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [07/27/2004 04:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"NvCplDaemon" = "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup [01/19/2006 08:14 AM | 07,401,472 | ---- | M] (NVIDIA Corporation)
"NVHotkey" = "rundll32.exe" nvHotkey.dll,Start [01/19/2006 08:14 AM | 00,073,728 | ---- | M] (NVIDIA Corporation)
"nwiz" = "nwiz.exe" /installquiet [01/19/2006 08:14 AM | 01,519,616 | ---- | M] ()
"SigmatelSysTrayApp" = stsystra.exe [03/24/2006 04:30 PM | 00,282,624 | ---- | M] (SigmaTel, Inc.)
"SpySweeper" = C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray [01/04/2008 08:56 PM | 05,367,664 | ---- | M] (Webroot Software, Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [08/07/2008 05:46 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"Webroot Desktop Firewall" = "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe" [07/02/2008 01:26 PM | 02,401,672 | ---- | M] (Webroot Software Inc (www.webroot.com))

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [08/06/2008 10:21 AM | 00,050,472 | ---- | M] (AOL LLC)
"ModemOnHold" = "C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 02:24 AM | 00,020,480 | ---- | M] ()
"Steam" = "C:\Program Files\Steam\Steam.exe" -silent [08/21/2008 08:33 PM | 01,271,032 | ---- | M] (Valve Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-1665011553-906448321-1714775081-21989\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [08/06/2008 10:21 AM | 00,050,472 | ---- | M] (AOL LLC)
"ModemOnHold" = "C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 02:24 AM | 00,020,480 | ---- | M] ()
"Steam" = "C:\Program Files\Steam\Steam.exe" -silent [08/21/2008 08:33 PM | 01,271,032 | ---- | M] (Valve Corporation)

[HKEY_USERS\S-1-5-21-1665011553-906448321-1714775081-21989\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[08/07/2008 07:15 PM | 00,025,214 | R--- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
[03/16/2005 07:16 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[10/29/2003 02:06 AM | 00,024,576 | ---- | M] (BVRP Software) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

[Computer User Startup Folder - C:\Documents and Settings\Computer User\Start Menu\Programs\Startup]

[copeterson Startup Folder - C:\Documents and Settings\copeterson\Start Menu\Programs\Startup]
[08/05/2008 07:26 PM | 03,065,168 | ---- | M] (Xfire Inc.) - C:\Documents and Settings\copeterson\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\xfire.exe

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
HKLM CLSID: (&Yahoo! Toolbar Helper) - [05/15/2008 02:40 PM | 00,817,936 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [12/14/2004 01:56 AM | 00,063,136 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
HKLM CLSID: (Yahoo! IE Services Button) - [12/12/2007 05:09 PM | 00,222,448 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
HKLM CLSID: (DriveLetterAccess) - [09/08/2005 05:20 AM | 00,110,652 | ---- | M] (Sonic Solutions) C:\WINDOWS\system32\DLA\DLASHX_W.DLL

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
HKLM CLSID: (AcroIEToolbarHelper Class) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
HKLM CLSID: (CBrowserHelperObject Object) - [02/17/2006 10:28 AM | 00,094,208 | ---- | M] (Dell Inc.) c:\Program Files\BAE\BAE.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [05/15/2008 02:40 PM | 00,817,936 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_USERS\S-1-5-21-1665011553-906448321-1714775081-21989\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-1665011553-906448321-1714775081-21989\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-1665011553-906448321-1714775081-21989\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
"wxvault.dll" - [03/09/2006 12:25 PM | 00,286,720 | ---- | M] () C:\WINDOWS\system32\wxvault.dll

===== Lsa Authentication Packages =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages]
"wvauth" - [03/24/2006 03:19 PM | 00,360,448 | ---- | M] (Wave Systems Corp.) C:\WINDOWS\system32\wvauth.dll

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 07:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 01:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 11:34 AM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 05:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [08/30/2007 05:43 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe [08/06/2008 10:21 AM | 00,050,472 | ---- | M] (AOL LLC)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe [08/21/2008 08:33 PM | 01,271,032 | ---- | M] (Valve Corporation)
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe [08/05/2008 07:26 PM | 03,065,168 | ---- | M] (Xfire Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 07:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 01:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [12/18/2007 07:03 PM | 02,569,600 | ---- | M] (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [12/18/2007 07:04 PM | 00,234,888 | ---- | M] (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe [11/09/2007 03:15 PM | 00,115,560 | ---- | M] (Symantec Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [08/30/2007 05:43 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe [08/30/2007 05:43 PM | 00,091,376 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe [02/20/2008 03:26 PM | 00,425,984 | ---- | M] (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe [02/20/2008 03:26 PM | 00,532,480 | ---- | M] (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe [02/20/2008 03:26 PM | 00,110,592 | ---- | M] (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe [03/10/2008 01:22 AM | 07,299,072 | ---- | M] (Autodesk, Inc.)
"C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [04/04/2005 06:58 PM | 00,163,840 | ---- | M] (Adobe Systems Incorporated)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe [04/13/2008 07:12 PM | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe [10/18/2007 11:34 AM | 05,724,184 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe [10/02/2007 05:18 PM | 00,304,488 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe [11/03/2006 02:17 AM | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe [08/06/2008 10:21 AM | 00,050,472 | ---- | M] (AOL LLC)
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe [08/05/2008 07:26 PM | 03,065,168 | ---- | M] (Xfire Inc.)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 07:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 07:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 07:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 07:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"DllName" = C:\WINDOWS\system32\WRLogonNtf.dll [01/04/2008 08:34 PM | 00,219,504 | ---- | M] (Webroot Software, Inc.)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = YahooMessenger
"hkey" = HKCU
"command" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [08/30/2007 05:43 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 0
"startup" = 2

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{25E78321-B6C7-4032-877F-9AB260B8EEF0}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{4FA47D39-444D-40D3-AE8D-3C5F1F914F64}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{5223089D-ECC5-479D-A7EB-EF96799B462B}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{95427291-79D6-4FA1-985B-7166CE25EE69}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{E168A95F-EBD3-4657-BCB6-B2A65D5C8FB4}]
Servers: | Description: Broadcom NetXtreme 57xx Gigabit Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F317AC1C-0D7A-4CF2-99FC-31B7551204D0}]
Servers: | Description: Dell Wireless 1390 WLAN Mini-Card

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[08/11/2004 05:15 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

autorun.inf [[autorun] | open=GPGTCDLauncher.exe | icon=torque.ico | ]
[02/03/2006 03:45 PM | 00,000,051 | R--- | M] () E:\autorun.inf [ CDFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c891beb-64d1-11dd-8f9e-0015c5bc1566}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c891beb-64d1-11dd-8f9e-0015c5bc1566}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c891beb-64d1-11dd-8f9e-0015c5bc1566}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c891c00-64d1-11dd-8f9e-0015c5bc1566}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c891c00-64d1-11dd-8f9e-0015c5bc1566}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c891c00-64d1-11dd-8f9e-0015c5bc1566}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c88d133b-6ed5-11dd-8fa3-0015c5bc1566}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c88d133b-6ed5-11dd-8fa3-0015c5bc1566}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c88d133b-6ed5-11dd-8fa3-0015c5bc1566}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 60 days]
[08/07/2008 03:04 PM | ---D | C] - C:\Printers
[08/07/2008 04:20 PM | 00,000,164 | ---- | C] () - C:\install.dat
[08/07/2008 07:53 PM | ---D | C] - C:\Torque
[08/15/2008 10:10 PM | 00,000,730 | -H-- | C] () - C:\IPH.PH
[08/21/2008 08:43 PM | -HSD | C] - C:\Config.Msi
[01/04/2008 08:34 PM | 00,020,336 | ---- | C] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\System32\drivers\SSFS0BB9.sys
[01/04/2008 08:34 PM | 00,021,872 | ---- | C] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\System32\drivers\sshrmd.sys
[01/04/2008 08:34 PM | 00,023,920 | ---- | C] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\System32\drivers\sskbfd.sys
[01/04/2008 08:34 PM | 00,163,696 | ---- | C] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\System32\drivers\ssidrv.sys
[06/21/2001 09:39 PM | 00,020,032 | R--- | C] (Rainbow Technologies Inc.) - C:\WINDOWS\System32\drivers\SNTNLUSB.SYS
[06/21/2001 09:39 PM | 00,073,728 | ---- | C] (Rainbow Technologies, Inc.) - C:\WINDOWS\System32\drivers\SENTINEL.SYS
[07/02/2008 01:26 PM | 00,103,304 | ---- | C] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\System32\drivers\pwipf6.sys
[07/28/2005 08:18 AM | 00,685,056 | ---- | C] (Aladdin Knowledge Systems Ltd.) - C:\WINDOWS\System32\drivers\hardlock.sys
[08/07/2008 08:23 PM | 00,047,616 | ---- | C] (Aladdin Knowledge Systems) - C:\WINDOWS\System32\drivers\Haspnt.sys
[1 C:\WINDOWS\System32\*.tmp files]
[01/04/2008 08:34 PM | 00,016,240 | ---- | C] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\System32\ssiefr.EXE
[01/04/2008 08:34 PM | 00,026,480 | ---- | C] () - C:\WINDOWS\System32\wrlzma.dll
[01/04/2008 08:34 PM | 00,219,504 | ---- | C] (Webroot Software, Inc.) - C:\WINDOWS\System32\WRLogonNtf.dll
[06/08/2002 08:00 PM | 00,466,944 | ---- | C] (InterVideo Inc.) - C:\WINDOWS\System32\iviaudio.ax
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[06/10/2008 01:21 AM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[06/10/2008 02:32 AM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[06/20/2006 03:56 AM | 00,225,280 | ---- | C] (Propellerhead Software AB) - C:\WINDOWS\System32\rewire.dll
[06/21/2001 09:39 PM | 00,009,949 | ---- | C] () - C:\WINDOWS\System32\SENTINEL.HLP
[06/21/2001 09:39 PM | 00,018,432 | ---- | C] (Rainbow Technologies, Inc.) - C:\WINDOWS\System32\RNBOVDD.DLL
[06/21/2001 09:39 PM | 00,049,664 | ---- | C] (Rainbow Technologies, Inc.) - C:\WINDOWS\System32\SNTI386.DLL
[07/02/2008 01:26 PM | 00,173,448 | ---- | C] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\System32\wdfproc.dll
[07/07/2002 05:14 PM | 01,294,336 | ---- | C] (HMS http://hp.vector.co....hors/VA012897/) - C:\WINDOWS\System32\vorbis.acm
[07/10/2008 07:28 PM | 00,026,292 | ---- | C] () - C:\WINDOWS\System32\SQLServerManager10.msc
[08/05/2008 07:26 PM | 00,042,320 | ---- | C] () - C:\WINDOWS\System32\xfcodec.dll
[08/07/2008 05:46 PM | 00,005,632 | ---- | C] (RealNetworks, Inc.) - C:\WINDOWS\System32\pndx5032.dll
[08/07/2008 05:46 PM | 00,006,656 | ---- | C] (RealNetworks, Inc.) - C:\WINDOWS\System32\pndx5016.dll
[08/07/2008 05:46 PM | 00,185,944 | ---- | C] (RealNetworks, Inc.) - C:\WINDOWS\System32\rmoc3260.dll
[08/07/2008 05:46 PM | 00,278,528 | ---- | C] (Real Networks, Inc) - C:\WINDOWS\System32\pncrt.dll
[08/07/2008 07:05 PM | ---D | C] - C:\WINDOWS\System32\Adobe
[08/07/2008 08:20 PM | ---D | C] - C:\WINDOWS\System32\RNBOSENT
[08/07/2008 08:21 PM | 00,002,624 | ---- | C] () - C:\WINDOWS\System32\config.hsp
[08/07/2008 08:23 PM | 00,000,383 | ---- | C] () - C:\WINDOWS\System32\haspdos.sys
[08/07/2008 08:23 PM | 00,006,656 | ---- | C] (Aladdin Knowledge Systems.) - C:\WINDOWS\System32\haspvdd.dll
[08/07/2008 11:22 PM | ---D | C] - C:\WINDOWS\System32\DRVSTORE
[08/13/2008 01:13 PM | ---D | C] - C:\WINDOWS\System32\appmgmt
[08/16/2004 07:40 PM | 00,016,384 | ---- | C] () - C:\WINDOWS\System32\FileOps.exe
[08/18/2008 03:26 PM | ---D | C] - C:\WINDOWS\System32\RsFx
[08/18/2008 12:53 PM | ---D | C] - C:\WINDOWS\System32\XPSViewer
[08/25/2008 07:53 PM | ---D | C] - C:\WINDOWS\System32\Kaspersky Lab
[1 C:\WINDOWS\*.tmp files]
[01/04/2008 08:56 PM | 01,526,640 | ---- | C] (Webroot Software, Inc.) - C:\WINDOWS\WRSetup.dll
[03/16/2003 12:15 AM | 00,090,112 | ---- | C] (MindVision Software) - C:\WINDOWS\unvise32.exe
[08/07/2008 03:07 PM | ---D | C] - C:\WINDOWS\SchCache
[08/07/2008 03:09 PM | -HSD | C] - C:\WINDOWS\CSC
[08/07/2008 03:46 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\nsreg.dat
[08/07/2008 05:48 PM | 00,000,025 | ---- | C] () - C:\WINDOWS\cdplayer.ini
[08/07/2008 05:57 PM | ---D | C] - C:\WINDOWS\pss
[08/07/2008 07:56 PM | 00,004,096 | ---- | C] () - C:\WINDOWS\d3dx.dat
[08/13/2008 02:48 PM | ---D | C] - C:\WINDOWS\Sun
[08/18/2008 03:15 PM | ---D | C] - C:\WINDOWS\SxsCaPendDel
[08/18/2008 09:54 AM | ---D | C] - C:\WINDOWS\Logs
[08/26/2008 08:50 AM | 00,000,000 | ---- | C] () - C:\WINDOWS\TempFile
[08/26/2008 08:55 AM | 00,000,274 | ---- | C] () - C:\WINDOWS\tasks\Symantec NetDetect.job
[08/07/2008 04:32 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Webroot
[08/07/2008 06:02 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[08/07/2008 06:51 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Autodesk
[08/07/2008 06:54 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Adobe Systems
[08/07/2008 11:12 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\WLInstaller
[08/08/2008 01:33 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Yahoo!
[08/12/2008 12:16 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\AOL
[08/12/2008 12:18 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\AOL OCP
[08/15/2008 10:09 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\acccore
[08/18/2008 03:09 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Microsoft Help
[08/18/2008 10:30 AM | 00,000,044 | ---- | C] () - C:\Documents and Settings\All Users\Application Data\{5E70RQU4-N865-6307-D5423453040Q}
[08/25/2008 06:11 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Viewpoint
[08/25/2008 06:17 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[06/28/2006 08:05 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\Sun
[06/28/2006 08:14 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\Google
[08/07/2008 03:46 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\Mozilla
[08/07/2008 04:17 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\Macromedia
[08/07/2008 04:25 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\Webroot
[08/07/2008 06:04 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\Real
[08/07/2008 06:38 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\Yahoo!
[08/07/2008 06:52 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\Autodesk
[08/10/2008 01:14 AM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\Help
[08/11/2004 05:07 PM | 00,000,062 | -HS- | C] () - C:\Documents and Settings\copeterson\Application Data\desktop.ini
[08/11/2004 05:20 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\Identities
[08/13/2008 02:22 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\AdobeUM
[08/15/2008 10:11 PM | ---D | C] - C:\Documents and Setting
  • 0

#8
RobotCody
Posted 26 August 2008 - 11:46 AM

RobotCody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
here is the rest it would let me print the whole thing

[08/15/2008 10:11 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\acccore
[08/16/2008 08:39 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\Adobe
[08/17/2008 08:52 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\WinRAR
[08/18/2008 03:08 PM | --SD | C] - C:\Documents and Settings\copeterson\Application Data\Microsoft
[08/18/2008 04:11 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\Deckadance
[08/20/2008 05:34 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\CyberLink
[08/21/2008 04:02 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\Xfire
[08/25/2008 06:17 PM | ---D | C] - C:\Documents and Settings\copeterson\Application Data\Malwarebytes
[06/28/2006 08:04 PM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[06/28/2006 08:11 PM | 00,000,136 | ---- | C] () - C:\Documents and Settings\copeterson\Local Settings\Application Data\fusioncache.dat
[06/28/2006 08:14 PM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\BVRP Software
[06/28/2006 08:14 PM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Google
[08/07/2008 03:10 PM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Symantec
[08/07/2008 03:46 PM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Mozilla
[08/07/2008 06:50 PM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Autodesk
[08/10/2008 01:14 AM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Help
[08/10/2008 09:17 PM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Identities
[08/10/2008 09:21 PM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Adobe
[08/11/2004 05:22 PM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\ApplicationHistory
[08/11/2008 11:12 AM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\WMTools Downloaded Files
[08/12/2008 12:17 AM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\AOL
[08/15/2008 10:10 PM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\AOL OCP
[08/16/2008 10:42 PM | 00,005,632 | ---- | C] () - C:\Documents and Settings\copeterson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/18/2008 03:02 PM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Microsoft Help
[08/18/2008 05:51 PM | 00,065,424 | ---- | C] () - C:\Documents and Settings\copeterson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/19/2008 09:36 AM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Microsoft
[08/20/2008 05:39 PM | ---D | C] - C:\Documents and Settings\copeterson\Local Settings\Application Data\PowerDVD
[08/07/2008 07:11 PM | ---D | C] - C:\Documents and Settings\All Users\Documents\Adobe PDF
[08/07/2008 04:14 PM | 04,815,008 | ---- | C] () - D:\Data\My Documents\xfire_installer_33230.exe
[08/07/2008 05:40 PM | 00,024,064 | ---- | C] () - D:\Data\My Documents\Networkkey.doc
[08/07/2008 05:44 PM | 01,495,112 | ---- | C] (Adobe Systems Incorporated) - D:\Data\My Documents\install_flash_player.exe
[08/07/2008 06:51 PM | ---D | C] - D:\Data\My Documents\3dsmax
[08/07/2008 06:51 PM | R--D | C] - D:\Data\My Documents\Adlm
[08/08/2008 08:15 PM | 00,025,088 | ---- | C] () - D:\Data\My Documents\Cody_peterson_assignment8.doc
[08/08/2008 11:51 PM | 00,028,672 | ---- | C] () - D:\Data\My Documents\The Aeneid.doc
[08/10/2008 01:12 AM | 02,055,878 | ---- | C] () - D:\Data\My Documents\mushclient427.exe
[08/10/2008 01:46 AM | 00,008,253 | ---- | C] () - D:\Data\My Documents\Muffin.MCL
[08/10/2008 09:19 PM | ---D | C] - D:\Data\My Documents\Updater
[08/11/2008 08:23 AM | ---D | C] - D:\Data\My Documents\Adobe
[08/11/2008 08:55 AM | 13,554,607 | ---- | C] (Direct-Soft Inc. ) - D:\Data\My Documents\WinMPG_VideoConvert_Setup-19793.exe
[08/11/2008 08:57 AM | 11,613,932 | ---- | C] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt.avi
[08/11/2008 09:01 AM | 23,417,201 | ---- | C] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(0).mov
[08/11/2008 09:05 AM | 05,536,031 | ---- | C] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt.ogg
[08/11/2008 09:07 AM | 40,896,047 | ---- | C] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt.mov
@Alternate Data Stream - 88 bytes -> D:\Data\My Documents\xeno3_ot_ps2_060106_qt.mov:SummaryInformation
@Alternate Data Stream - 0 bytes -> D:\Data\My Documents\xeno3_ot_ps2_060106_qt.mov:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[08/11/2008 09:20 AM | 08,762,041 | ---- | C] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt.wmv
[08/11/2008 09:20 AM | R--D | C] - D:\Data\My Documents\My Videos
[08/11/2008 09:46 AM | 03,512,567 | ---- | C] (Koyote Soft ) - D:\Data\My Documents\Setup_FreeVideoConverter.exe
[08/11/2008 09:51 AM | 14,415,530 | ---- | C] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(1).avi
[08/11/2008 09:52 AM | 09,899,733 | ---- | C] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(1).wmv
[08/11/2008 09:54 AM | 00,002,828 | ---- | C] () - D:\Data\My Documents\Cody_peterson_assignment8.zip
[08/11/2008 10:03 AM | 09,899,733 | ---- | C] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(2).wmv
[08/11/2008 10:08 AM | 02,858,303 | ---- | C] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(3).wmv
[08/11/2008 10:10 AM | 14,601,141 | ---- | C] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(4).wmv
[08/11/2008 10:15 AM | 12,741,941 | ---- | C] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(5).wmv
[08/11/2008 10:15 AM | 12,741,941 | ---- | C] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(6).wmv
[08/12/2008 10:12 AM | ---D | C] - D:\Data\My Documents\My Received Files
[08/12/2008 12:09 PM | 10,247,6000 | ---- | C] () - D:\Data\My Documents\flstudio_8.0_install.exe
[08/12/2008 12:14 AM | 13,602,184 | ---- | C] (AOL LLC.) - D:\Data\My Documents\Install_AIM.exe
[08/13/2008 08:24 PM | 00,010,879 | ---- | C] () - D:\Data\My Documents\1.jpg
[08/13/2008 08:24 PM | 00,011,360 | ---- | C] () - D:\Data\My Documents\2.jpg
[08/13/2008 08:24 PM | 00,014,669 | ---- | C] () - D:\Data\My Documents\3.jpg
[08/13/2008 12:28 AM | 01,282,048 | ---- | C] () - D:\Data\My Documents\test.avi
[08/20/2008 02:45 PM | ---D | C] - D:\Data\My Documents\Visual Studio 2008
[08/20/2008 05:34 PM | ---D | C] - D:\Data\My Documents\Cyberlink
[08/20/2008 12:20 PM | ---D | C] - D:\Data\My Documents\Sociology
[08/22/2008 09:02 PM | 00,027,136 | ---- | C] () - D:\Data\My Documents\R5 Petronius.doc
[08/25/2008 09:26 PM | 00,000,396 | ---- | C] () - D:\Data\My Documents\My Sharing Folders.lnk
[08/07/2008 03:46 PM | 00,001,602 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[08/07/2008 04:15 PM | 00,000,638 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[08/07/2008 04:25 PM | 00,001,641 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[08/07/2008 05:55 PM | 00,000,812 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[08/07/2008 05:56 PM | 00,001,535 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Yahoo! Mail.lnk
[08/07/2008 06:40 PM | 00,001,741 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Autodesk 3ds Max 2009 32-bit.lnk
[08/07/2008 06:44 PM | 00,001,578 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Turbo Squid Tentacles 32-bit.lnk
[08/07/2008 07:12 PM | 00,001,764 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk
[08/07/2008 07:28 PM | 00,001,762 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Adobe Audition 3.0.lnk
[08/07/2008 08:20 PM | 00,000,935 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\MotionBuilder 7.5.lnk
[08/15/2008 10:09 PM | 00,001,674 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[08/20/2008 11:17 AM | 00,002,193 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Steam.lnk
[08/21/2008 08:41 PM | 00,000,853 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Webroot Desktop Firewall.lnk
[05/08/2008 09:06 AM | 09,075,364 | ---- | C] () - C:\Documents and Settings\copeterson\Desktop\TorqueShowToolPro-1-04.exe
[07/08/2008 08:18 PM | 00,223,945 | ---- | C] () - C:\Documents and Settings\copeterson\Desktop\GENESIS_PROJECT_concept_by_Grafik.jpg
[08/07/2008 07:55 PM | 00,001,831 | ---- | C] () - C:\Documents and Settings\copeterson\Desktop\Torque Game Engine 1.5.2 SDK.lnk
[08/07/2008 08:04 PM | 00,001,752 | ---- | C] () - C:\Documents and Settings\copeterson\Desktop\Combustion 2008.lnk
[08/10/2008 09:20 PM | 05,711,652 | ---- | C] () - C:\Documents and Settings\copeterson\Desktop\weltall.psd
[08/10/2008 09:21 PM | 00,592,492 | ---- | C] () - C:\Documents and Settings\copeterson\Desktop\weltall copy.jpg
[08/11/2008 08:55 AM | 00,000,809 | ---- | C] () - C:\Documents and Settings\copeterson\Desktop\WinMPG Video Convert.lnk
[08/11/2008 09:15 AM | 04,645,073 | ---- | C] () - C:\Documents and Settings\copeterson\Desktop\tutorial.base with crossbow.zip
[08/11/2008 09:47 AM | 00,000,816 | ---- | C] () - C:\Documents and Settings\copeterson\Desktop\Free Video Converter.lnk
[08/11/2008 10:04 AM | ---D | C] - C:\Documents and Settings\copeterson\Desktop\tutorial.base with crossbow
[08/11/2008 11:59 AM | 04,828,560 | ---- | C] () - C:\Documents and Settings\copeterson\Desktop\Cody_peterson_assignment9.zip
[08/11/2008 11:59 AM | ---D | C] - C:\Documents and Settings\copeterson\Desktop\Cody_peterson_assignment9
[08/11/2008 12:02 PM | ---D | C] - C:\Documents and Settings\copeterson\Desktop\TorqueTemplate
[08/12/2008 09:38 AM | 00,000,825 | ---- | C] () - C:\Documents and Settings\copeterson\Desktop\Torque ShowTool Pro.lnk
[08/18/2008 07:37 AM | 00,001,657 | ---- | C] () - C:\Documents and Settings\copeterson\Desktop\Collab.lnk
[08/19/2008 10:00 AM | 00,001,734 | ---- | C] () - C:\Documents and Settings\copeterson\Desktop\HijackThis.lnk
[08/26/2008 08:57 AM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\copeterson\Desktop\OTViewIt.exe
[08/07/2008 06:52 PM | 00,000,988 | ---- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
[08/26/2008 08:52 AM | 00,002,359 | ---- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[08/07/2008 04:15 PM | 00,000,650 | ---- | C] () - C:\Documents and Settings\copeterson\Start Menu\Programs\Startup\Xfire.lnk
[08/11/2004 05:15 PM | 00,000,084 | -HS- | C] () - C:\Documents and Settings\copeterson\Start Menu\Programs\Startup\desktop.ini
[08/07/2008 05:46 PM | ---D | C] - C:\Program Files\Common Files\Real
[08/07/2008 05:47 PM | ---D | C] - C:\Program Files\Common Files\xing shared
[08/07/2008 06:40 PM | ---D | C] - C:\Program Files\Common Files\Autodesk Shared
[08/07/2008 06:50 PM | ---D | C] - C:\Program Files\Common Files\Adobe Systems Shared
[08/07/2008 08:19 PM | ---D | C] - C:\Program Files\Common Files\Alias Shared
[08/07/2008 11:21 PM | -HSD | C] - C:\Program Files\Common Files\WindowsLiveInstaller
[08/12/2008 12:15 AM | ---D | C] - C:\Program Files\Common Files\AOL
[08/18/2008 03:06 PM | ---D | C] - C:\Program Files\Common Files\Merge Modules
[08/07/2008 05:46 PM | ---D | C] - C:\Program Files\Real
[08/07/2008 05:56 PM | ---D | C] - C:\Program Files\Yahoo!
[08/07/2008 06:34 PM | ---D | C] - C:\Program Files\Reference Assemblies
[08/07/2008 06:36 PM | ---D | C] - C:\Program Files\MSBuild
[08/07/2008 06:44 PM | ---D | C] - C:\Program Files\Microsoft WSE
[08/07/2008 06:44 PM | ---D | C] - C:\Program Files\Turbo Squid Tentacles
[08/07/2008 08:16 PM | ---D | C] - C:\Program Files\Autodesk
[08/07/2008 11:22 PM | ---D | C] - C:\Program Files\Windows Live
[08/10/2008 01:14 AM | ---D | C] - C:\Program Files\MUSHclient
[08/11/2008 08:56 AM | ---D | C] - C:\Program Files\WinMPG VideoConvert
[08/11/2008 09:48 AM | ---D | C] - C:\Program Files\Free Video Converter
[08/12/2008 09:38 AM | ---D | C] - C:\Program Files\TorqueShowToolPro-1-04
[08/14/2008 06:42 PM | ---D | C] - C:\Program Files\Xfire
[08/15/2008 10:10 PM | ---D | C] - C:\Program Files\AIM6
[08/17/2008 08:52 PM | ---D | C] - C:\Program Files\WinRAR
[08/18/2008 03:07 PM | ---D | C] - C:\Program Files\Microsoft Visual Studio 9.0
[08/18/2008 03:26 PM | ---D | C] - C:\Program Files\Microsoft SQL Server
[08/18/2008 07:36 AM | ---D | C] - C:\Program Files\Outsim
[08/18/2008 07:41 AM | ---D | C] - C:\Program Files\Image-Line
[08/18/2008 09:57 AM | ---D | C] - C:\Program Files\Microsoft DirectX SDK (June 2008)
[08/18/2008 12:56 PM | ---D | C] - C:\Program Files\Microsoft SDKs
[08/19/2008 10:00 AM | ---D | C] - C:\Program Files\Trend Micro
[08/21/2008 08:43 PM | ---D | C] - C:\Program Files\Webroot
[08/26/2008 08:52 AM | ---D | C] - C:\Program Files\Steam
[08/26/2008 08:55 AM | ---D | C] - C:\Program Files\Mozilla Firefox

[Files/Folders - Modified Within 60 days]
[08/07/2008 03:04 PM | ---D | M] - C:\Printers
[08/07/2008 03:10 PM | ---D | M] - C:\Documents and Settings
[08/07/2008 04:20 PM | 00,000,164 | ---- | M] () - C:\install.dat
[08/07/2008 05:57 PM | 00,000,211 | RHS- | M] () - C:\boot.ini
[08/07/2008 07:53 PM | ---D | M] - C:\Torque
[08/11/2008 12:02 PM | -HSD | M] - C:\RECYCLER
[08/15/2008 10:10 PM | 00,000,730 | -H-- | M] () - C:\IPH.PH
[08/19/2008 08:19 AM | -HSD | M] - C:\System Volume Information
[08/21/2008 08:43 PM | -HSD | M] - C:\Config.Msi
[08/26/2008 08:50 AM | R--D | M] - C:\Program Files
[08/26/2008 08:52 AM | ---D | M] - C:\WINDOWS
[07/02/2008 01:26 PM | 00,103,304 | ---- | M] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\System32\drivers\pwipf6.sys
[08/07/2008 08:23 PM | 00,047,616 | ---- | M] (Aladdin Knowledge Systems) - C:\WINDOWS\System32\drivers\Haspnt.sys
[1 C:\WINDOWS\System32\*.tmp files]
[07/02/2008 01:26 PM | 00,173,448 | ---- | M] (Webroot Software Inc (www.webroot.com)) - C:\WINDOWS\System32\wdfproc.dll
[07/10/2008 07:28 PM | 00,026,292 | ---- | M] () - C:\WINDOWS\System32\SQLServerManager10.msc
[08/05/2008 07:26 PM | 00,042,320 | ---- | M] () - C:\WINDOWS\System32\xfcodec.dll
[08/07/2008 02:30 PM | 00,017,408 | ---- | M] () - C:\WINDOWS\System32\rpcnetp.dll
[08/07/2008 03:07 PM | ---D | M] - C:\WINDOWS\System32\config
[08/07/2008 05:46 PM | 00,005,632 | ---- | M] (RealNetworks, Inc.) - C:\WINDOWS\System32\pndx5032.dll
[08/07/2008 05:46 PM | 00,006,656 | ---- | M] (RealNetworks, Inc.) - C:\WINDOWS\System32\pndx5016.dll
[08/07/2008 05:46 PM | 00,185,944 | ---- | M] (RealNetworks, Inc.) - C:\WINDOWS\System32\rmoc3260.dll
[08/07/2008 05:46 PM | 00,278,528 | ---- | M] (Real Networks, Inc) - C:\WINDOWS\System32\pncrt.dll
[08/07/2008 06:34 PM | ---D | M] - C:\WINDOWS\System32\spool
[08/07/2008 07:05 PM | ---D | M] - C:\WINDOWS\System32\Adobe
[08/07/2008 08:20 PM | ---D | M] - C:\WINDOWS\System32\RNBOSENT
[08/07/2008 08:20 PM | ---D | M] - C:\WINDOWS\System32\Setup
[08/07/2008 08:21 PM | 00,002,624 | ---- | M] () - C:\WINDOWS\System32\config.hsp
[08/07/2008 08:23 PM | 00,000,383 | ---- | M] () - C:\WINDOWS\System32\haspdos.sys
[08/07/2008 08:23 PM | 00,002,622 | ---- | M] () - C:\WINDOWS\System32\config.nt
[08/07/2008 08:23 PM | 00,006,656 | ---- | M] (Aladdin Knowledge Systems.) - C:\WINDOWS\System32\haspvdd.dll
[08/07/2008 11:22 PM | ---D | M] - C:\WINDOWS\System32\DRVSTORE
[08/09/2008 09:13 PM | ---D | M] - C:\WINDOWS\System32\LogFiles
[08/13/2008 01:13 PM | ---D | M] - C:\WINDOWS\System32\appmgmt
[08/14/2008 06:31 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/18/2008 03:12 PM | ---D | M] - C:\WINDOWS\System32\mui
[08/18/2008 03:15 PM | 00,251,880 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/18/2008 03:15 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/18/2008 03:24 PM | ---D | M] - C:\WINDOWS\System32\1033
[08/18/2008 03:26 PM | ---D | M] - C:\WINDOWS\System32\RsFx
[08/18/2008 09:55 AM | ---D | M] - C:\WINDOWS\System32\DirectX
[08/18/2008 12:53 PM | ---D | M] - C:\WINDOWS\System32\en-US
[08/18/2008 12:53 PM | ---D | M] - C:\WINDOWS\System32\XPSViewer
[08/19/2008 08:19 AM | ---D | M] - C:\WINDOWS\System32\Restore
[08/21/2008 08:44 PM | 00,055,636 | ---- | M] () - C:\WINDOWS\System32\nvModes.dat
[08/21/2008 08:49 PM | 00,096,536 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/21/2008 08:49 PM | 00,508,346 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/21/2008 08:49 PM | 00,615,852 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/25/2008 07:53 PM | ---D | M] - C:\WINDOWS\System32\Kaspersky Lab
[08/26/2008 08:48 AM | ---D | M] - C:\WINDOWS\System32\drivers
[08/26/2008 08:48 AM | ---D | M] - C:\WINDOWS\System32\FxsTmp
[08/26/2008 08:51 AM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\NvwsApps.xml
[08/26/2008 08:51 AM | 00,017,408 | ---- | M] () - C:\WINDOWS\System32\rpcnetp.exe
[08/26/2008 08:51 AM | 00,031,232 | ---- | M] () - C:\WINDOWS\System32\rpcnet.dll
[08/26/2008 08:51 AM | 00,055,636 | ---- | M] () - C:\WINDOWS\System32\nvModes.001
[08/26/2008 08:53 AM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/26/2008 08:54 AM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[1 C:\WINDOWS\*.tmp files]
[08/07/2008 03:04 PM | --SD | M] - C:\WINDOWS\Tasks
[08/07/2008 03:07 PM | ---D | M] - C:\WINDOWS\Debug
[08/07/2008 03:07 PM | ---D | M] - C:\WINDOWS\SchCache
[08/07/2008 03:09 PM | -HSD | M] - C:\WINDOWS\CSC
[08/07/2008 03:46 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\nsreg.dat
[08/07/2008 05:48 PM | 00,000,025 | ---- | M] () - C:\WINDOWS\cdplayer.ini
[08/07/2008 05:57 PM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[08/07/2008 05:57 PM | ---D | M] - C:\WINDOWS\pss
[08/07/2008 07:56 PM | 00,004,096 | ---- | M] () - C:\WINDOWS\d3dx.dat
[08/13/2008 02:48 PM | ---D | M] - C:\WINDOWS\Sun
[08/14/2008 06:32 PM | 00,000,603 | ---- | M] () - C:\WINDOWS\win.ini
[08/14/2008 06:35 PM | ---D | M] - C:\WINDOWS\ie7updates
[08/14/2008 06:39 PM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/16/2008 03:02 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/18/2008 03:15 PM | ---D | M] - C:\WINDOWS\SxsCaPendDel
[08/18/2008 03:23 PM | ---D | M] - C:\WINDOWS\WinSxS
[08/18/2008 04:01 PM | ---D | M] - C:\WINDOWS\Microsoft.NET
[08/18/2008 04:01 PM | R-SD | M] - C:\WINDOWS\assembly
[08/18/2008 09:54 AM | ---D | M] - C:\WINDOWS\Logs
[08/18/2008 12:53 PM | R-SD | M] - C:\WINDOWS\Fonts
[08/21/2008 08:41 PM | 00,000,494 | ---- | M] () - C:\WINDOWS\ODBC.INI
[08/21/2008 08:41 PM | -HSD | M] - C:\WINDOWS\Installer
[08/25/2008 06:58 PM | ---D | M] - C:\WINDOWS\security
[08/25/2008 07:53 PM | ---D | M] - C:\WINDOWS\system32
[08/25/2008 07:53 PM | -H-D | M] - C:\WINDOWS\inf
[08/25/2008 07:53 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/26/2008 08:50 AM | 00,000,000 | ---- | M] () - C:\WINDOWS\TempFile
[08/26/2008 08:50 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/26/2008 08:58 AM | ---D | M] - C:\WINDOWS\Prefetch
[08/26/2008 08:58 AM | ---D | M] - C:\WINDOWS\Temp
[08/26/2008 08:50 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/26/2008 08:55 AM | 00,000,274 | ---- | M] () - C:\WINDOWS\tasks\Symantec NetDetect.job
[08/07/2008 02:57 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Symantec
[08/07/2008 04:32 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Webroot
[08/07/2008 06:02 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[08/07/2008 06:51 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Autodesk
[08/07/2008 06:54 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe Systems
[08/07/2008 07:24 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Adobe
[08/07/2008 11:12 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\WLInstaller
[08/08/2008 01:33 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Yahoo!
[08/12/2008 12:16 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\AOL
[08/12/2008 12:18 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\AOL OCP
[08/15/2008 10:09 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\acccore
[08/18/2008 03:08 PM | --SD | M] - C:\Documents and Settings\All Users\Application Data\Microsoft
[08/18/2008 03:09 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Microsoft Help
[08/18/2008 10:30 AM | 00,000,044 | ---- | M] () - C:\Documents and Settings\All Users\Application Data\{5E70RQU4-N865-6307-D5423453040Q}
[08/25/2008 06:11 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Viewpoint
[08/25/2008 06:17 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/07/2008 03:46 PM | ---D | M] - C:\Documents and Settings\copeterson\Application Data\Mozilla
[08/07/2008 04:17 PM | ---D | M] - C:\Documents and Settings\copeterson\Application Data\Macromedia
[08/07/2008 04:25 PM | ---D | M] - C:\Documents and Settings\copeterson\Application Data\Webroot
[08/07/2008 06:04 PM | ---D | M] - C:\Documents and Settings\copeterson\Application Data\Real
[08/07/2008 06:38 PM | ---D | M] - C:\Documents and Settings\copeterson\Application Data\Yahoo!
[08/07/2008 06:52 PM | ---D | M] - C:\Documents and Settings\copeterson\Application Data\Autodesk
[08/10/2008 01:14 AM | ---D | M] - C:\Documents and Settings\copeterson\Application Data\Help
[08/13/2008 02:22 PM | ---D | M] - C:\Documents and Settings\copeterson\Application Data\AdobeUM
[08/15/2008 10:11 PM | ---D | M] - C:\Documents and Settings\copeterson\Application Data\acccore
[08/16/2008 08:39 PM | ---D | M] - C:\Documents and Settings\copeterson\Application Data\Adobe
[08/17/2008 08:52 PM | ---D | M] - C:\Documents and Settings\copeterson\Application Data\WinRAR
[08/18/2008 03:08 PM | --SD | M] - C:\Documents and Settings\copeterson\Application Data\Microsoft
[08/18/2008 04:11 PM | ---D | M] - C:\Documents and Settings\copeterson\Application Data\Deckadance
[08/20/2008 05:34 PM | ---D | M] - C:\Documents and Settings\copeterson\Application Data\CyberLink
[08/21/2008 04:02 PM | ---D | M] - C:\Documents and Settings\copeterson\Application Data\Xfire
[08/25/2008 06:17 PM | ---D | M] - C:\Documents and Settings\copeterson\Application Data\Malwarebytes
[08/07/2008 03:10 PM | ---D | M] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Symantec
[08/07/2008 03:46 PM | ---D | M] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Mozilla
[08/07/2008 06:50 PM | ---D | M] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Autodesk
[08/10/2008 01:14 AM | ---D | M] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Help
[08/10/2008 09:17 PM | ---D | M] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Identities
[08/10/2008 09:21 PM | ---D | M] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Adobe
[08/11/2008 11:12 AM | ---D | M] - C:\Documents and Settings\copeterson\Local Settings\Application Data\WMTools Downloaded Files
[08/12/2008 12:17 AM | ---D | M] - C:\Documents and Settings\copeterson\Local Settings\Application Data\AOL
[08/15/2008 10:10 PM | ---D | M] - C:\Documents and Settings\copeterson\Local Settings\Application Data\AOL OCP
[08/16/2008 10:42 PM | 00,005,632 | ---- | M] () - C:\Documents and Settings\copeterson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/18/2008 03:02 PM | ---D | M] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Microsoft Help
[08/18/2008 05:51 PM | 00,065,424 | ---- | M] () - C:\Documents and Settings\copeterson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/19/2008 09:36 AM | ---D | M] - C:\Documents and Settings\copeterson\Local Settings\Application Data\Microsoft
[08/20/2008 05:39 PM | ---D | M] - C:\Documents and Settings\copeterson\Local Settings\Application Data\PowerDVD
[08/07/2008 07:11 PM | ---D | M] - C:\Documents and Settings\All Users\Documents\Adobe PDF
[08/07/2008 04:14 PM | 04,815,008 | ---- | M] () - D:\Data\My Documents\xfire_installer_33230.exe
[08/07/2008 05:40 PM | 00,024,064 | ---- | M] () - D:\Data\My Documents\Networkkey.doc
[08/07/2008 05:44 PM | 01,495,112 | ---- | M] (Adobe Systems Incorporated) - D:\Data\My Documents\install_flash_player.exe
[08/07/2008 05:56 PM | R--D | M] - D:\Data\My Documents\My Pictures
[08/07/2008 06:51 PM | ---D | M] - D:\Data\My Documents\3dsmax
[08/07/2008 06:51 PM | R--D | M] - D:\Data\My Documents\Adlm
[08/08/2008 08:15 PM | 00,025,088 | ---- | M] () - D:\Data\My Documents\Cody_peterson_assignment8.doc
[08/08/2008 11:51 PM | 00,028,672 | ---- | M] () - D:\Data\My Documents\The Aeneid.doc
[08/10/2008 01:12 AM | 02,055,878 | ---- | M] () - D:\Data\My Documents\mushclient427.exe
[08/10/2008 01:46 AM | 00,008,253 | ---- | M] () - D:\Data\My Documents\Muffin.MCL
[08/10/2008 09:19 PM | ---D | M] - D:\Data\My Documents\Updater
[08/11/2008 08:23 AM | ---D | M] - D:\Data\My Documents\Adobe
[08/11/2008 08:55 AM | 13,554,607 | ---- | M] (Direct-Soft Inc. ) - D:\Data\My Documents\WinMPG_VideoConvert_Setup-19793.exe
[08/11/2008 08:57 AM | 11,613,932 | ---- | M] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt.avi
[08/11/2008 09:01 AM | 23,417,201 | ---- | M] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(0).mov
[08/11/2008 09:05 AM | 05,536,031 | ---- | M] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt.ogg
[08/11/2008 09:07 AM | 40,896,047 | ---- | M] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt.mov
@Alternate Data Stream - 88 bytes -> D:\Data\My Documents\xeno3_ot_ps2_060106_qt.mov:SummaryInformation
@Alternate Data Stream - 0 bytes -> D:\Data\My Documents\xeno3_ot_ps2_060106_qt.mov:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[08/11/2008 09:20 AM | 08,762,041 | ---- | M] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt.wmv
[08/11/2008 09:20 AM | R--D | M] - D:\Data\My Documents\My Videos
[08/11/2008 09:46 AM | 03,512,567 | ---- | M] (Koyote Soft ) - D:\Data\My Documents\Setup_FreeVideoConverter.exe
[08/11/2008 09:51 AM | 14,415,530 | ---- | M] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(1).avi
[08/11/2008 09:52 AM | 09,899,733 | ---- | M] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(1).wmv
[08/11/2008 09:54 AM | 00,002,828 | ---- | M] () - D:\Data\My Documents\Cody_peterson_assignment8.zip
[08/11/2008 10:03 AM | 09,899,733 | ---- | M] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(2).wmv
[08/11/2008 10:08 AM | 02,858,303 | ---- | M] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(3).wmv
[08/11/2008 10:10 AM | 14,601,141 | ---- | M] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(4).wmv
[08/11/2008 10:15 AM | 12,741,941 | ---- | M] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(5).wmv
[08/11/2008 10:15 AM | 12,741,941 | ---- | M] () - D:\Data\My Documents\xeno3_ot_ps2_060106_qt(6).wmv
[08/12/2008 10:12 AM | ---D | M] - D:\Data\My Documents\My Received Files
[08/12/2008 12:09 PM | 10,247,6000 | ---- | M] () - D:\Data\My Documents\flstudio_8.0_install.exe
[08/12/2008 12:14 AM | 13,602,184 | ---- | M] (AOL LLC.) - D:\Data\My Documents\Install_AIM.exe
[08/13/2008 08:24 PM | 00,010,879 | ---- | M] () - D:\Data\My Documents\1.jpg
[08/13/2008 08:24 PM | 00,011,360 | ---- | M] () - D:\Data\My Documents\2.jpg
[08/13/2008 08:24 PM | 00,014,669 | ---- | M] () - D:\Data\My Documents\3.jpg
[08/13/2008 12:28 AM | 01,282,048 | ---- | M] () - D:\Data\My Documents\test.avi
[08/20/2008 02:45 PM | ---D | M] - D:\Data\My Documents\Visual Studio 2008
[08/20/2008 05:34 PM | ---D | M] - D:\Data\My Documents\Cyberlink
[08/20/2008 12:20 PM | ---D | M] - D:\Data\My Documents\Sociology
[08/22/2008 09:02 PM | 00,027,136 | ---- | M] () - D:\Data\My Documents\R5 Petronius.doc
[08/25/2008 08:27 AM | R--D | M] - D:\Data\My Documents\My Music
[08/25/2008 09:26 PM | 00,000,396 | ---- | M] () - D:\Data\My Documents\My Sharing Folders.lnk
[08/07/2008 03:46 PM | 00,001,602 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[08/07/2008 04:15 PM | 00,000,638 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Xfire.lnk
[08/07/2008 04:25 PM | 00,001,641 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[08/07/2008 05:55 PM | 00,000,812 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[08/07/2008 05:56 PM | 00,001,535 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Yahoo! Mail.lnk
[08/07/2008 06:40 PM | 00,001,741 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Autodesk 3ds Max 2009 32-bit.lnk
[08/07/2008 06:44 PM | 00,001,578 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Turbo Squid Tentacles 32-bit.lnk
[08/07/2008 07:12 PM | 00,001,764 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 7.0 Professional.lnk
[08/07/2008 07:28 PM | 00,001,762 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Adobe Audition 3.0.lnk
[08/07/2008 08:20 PM | 00,000,935 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\MotionBuilder 7.5.lnk
[08/15/2008 10:09 PM | 00,001,674 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[08/20/2008 11:17 AM | 00,002,193 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Steam.lnk
[08/21/2008 08:41 PM | 00,000,853 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Webroot Desktop Firewall.lnk
[07/08/2008 08:18 PM | 00,223,945 | ---- | M] () - C:\Documents and Settings\copeterson\Desktop\GENESIS_PROJECT_concept_by_Grafik.jpg
[08/07/2008 07:55 PM | 00,001,831 | ---- | M] () - C:\Documents and Settings\copeterson\Desktop\Torque Game Engine 1.5.2 SDK.lnk
[08/07/2008 08:04 PM | 00,001,752 | ---- | M] () - C:\Documents and Settings\copeterson\Desktop\Combustion 2008.lnk
[08/10/2008 09:20 PM | 05,711,652 | ---- | M] () - C:\Documents and Settings\copeterson\Desktop\weltall.psd
[08/10/2008 09:21 PM | 00,592,492 | ---- | M] () - C:\Documents and Settings\copeterson\Desktop\weltall copy.jpg
[08/11/2008 08:55 AM | 00,000,809 | ---- | M] () - C:\Documents and Settings\copeterson\Desktop\WinMPG Video Convert.lnk
[08/11/2008 09:15 AM | 04,645,073 | ---- | M] () - C:\Documents and Settings\copeterson\Desktop\tutorial.base with crossbow.zip
[08/11/2008 09:47 AM | 00,000,816 | ---- | M] () - C:\Documents and Settings\copeterson\Desktop\Free Video Converter.lnk
[08/11/2008 10:04 AM | ---D | M] - C:\Documents and Settings\copeterson\Desktop\tutorial.base with crossbow
[08/11/2008 11:59 AM | 04,828,560 | ---- | M] () - C:\Documents and Settings\copeterson\Desktop\Cody_peterson_assignment9.zip
[08/11/2008 11:59 AM | ---D | M] - C:\Documents and Settings\copeterson\Desktop\Cody_peterson_assignment9
[08/11/2008 12:02 PM | ---D | M] - C:\Documents and Settings\copeterson\Desktop\TorqueTemplate
[08/12/2008 09:38 AM | 00,000,825 | ---- | M] () - C:\Documents and Settings\copeterson\Desktop\Torque ShowTool Pro.lnk
[08/18/2008 07:37 AM | 00,001,657 | ---- | M] () - C:\Documents and Settings\copeterson\Desktop\Collab.lnk
[08/19/2008 10:00 AM | 00,001,734 | ---- | M] () - C:\Documents and Settings\copeterson\Desktop\HijackThis.lnk
[08/26/2008 08:57 AM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\copeterson\Desktop\OTViewIt.exe
[08/07/2008 06:52 PM | 00,000,988 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
[08/26/2008 08:52 AM | 00,002,359 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[08/07/2008 04:15 PM | 00,000,650 | ---- | M] () - C:\Documents and Settings\copeterson\Start Menu\Programs\Startup\Xfire.lnk
[08/07/2008 02:57 PM | ---D | M] - C:\Program Files\Common Files\Symantec Shared
[08/07/2008 05:46 PM | ---D | M] - C:\Program Files\Common Files\Real
[08/07/2008 05:47 PM | ---D | M] - C:\Program Files\Common Files\xing shared
[08/07/2008 06:40 PM | ---D | M] - C:\Program Files\Common Files\Autodesk Shared
[08/07/2008 06:50 PM | ---D | M] - C:\Program Files\Common Files\Adobe Systems Shared
[08/07/2008 07:25 PM | ---D | M] - C:\Program Files\Common Files\Adobe
[08/07/2008 08:19 PM | ---D | M] - C:\Program Files\Common Files\Alias Shared
[08/07/2008 11:21 PM | -HSD | M] - C:\Program Files\Common Files\WindowsLiveInstaller
[08/12/2008 12:15 AM | ---D | M] - C:\Program Files\Common Files\AOL
[08/18/2008 03:06 PM | ---D | M] - C:\Program Files\Common Files\Merge Modules
[08/18/2008 03:24 PM | ---D | M] - C:\Program Files\Common Files\Microsoft Shared

< End of report >
  • 0

#9
fenzodahl512
Posted 26 August 2008 - 02:55 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
surprisingly your log looks very good to me.. How is your computer now? :)
  • 0

#10
RobotCody
Posted 27 August 2008 - 08:26 AM

RobotCody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
It seems fine for now, so I guess for now this can be set to resolved. If future problems persist I will post again.
  • 0

#11
fenzodahl512
Posted 27 August 2008 - 02:59 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Great!.. Now lets do this...

Please download OTCleanIt and save it to Desktop.
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes




NEXT


Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK. This will flush your old System Restore.
  • Then please UNCHECK the Turn off System Restore.
  • Click again on Apply, and then click OK. This will create a new Restore Point
System Restore will now be active again

If you are using Windows Vista, please go HERE for tutorial on how to use, disable and enable System Restore

Then please create a fresh Restore Point... Please visit this webpage if you do not know how..

If you are using Windows Vista, please visit this webpage for more information.



Lastly, to keep your operating system up to date please visit the link below monthly

Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#12
RobotCody
Posted 28 August 2008 - 11:43 AM

RobotCody

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Nothing suspicious so far but i complete your most recent steps.
  • 0

#13
fenzodahl512
Posted 28 August 2008 - 04:01 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP