Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Win32:Trojan-gen{other} [RESOLVED]

Started by eyerock , Aug 20 2008 06:43 PM

This topic is locked

#1
eyerock

Posted 20 August 2008 - 06:43 PM

Member

Member
18 posts

Followed all the steps, but avast! is still randomly popping up with said virus infected no matter how many times i delete it or put it in the chest. Please help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:41 PM, on 8/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svyQLA5b.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Signature Health Services
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SignatureHealth.net
O17 - HKLM\Software\..\Telephony: DomainName = SignatureHealth.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC82E7B5-76F9-4F1C-B0D4-FF69D49D5F47}: NameServer = 192.168.1.249,24.217.0.5,24.217.201.67
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SignatureHealth.net
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

--
End of file - 8138 bytes

-----------------------------------------

UNINSTALL LIST

Adobe Acrobat 7.0 Standard - English, Français, Deutsch
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
avast! Antivirus
Big Fish Games Client
Burger Rush
CCScore
Creative Memories StoryBook Creator
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSSONIC
ESSTOOLS
essvatgt
Google Talk (remove only)
HijackThis 2.0.2
Home Sweet Home (remove only)
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
LClock
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.16)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
MultiView 2000
MVision
netbrdg
Notifier
NVIDIA Drivers
OfotoXMI
Olympus DSS Player Pro
Pack Vista Inspirat 1.1
PCDADDIN
PCDHELP
Picasa 2
QuickTime
RealArcade
Scrubbles
Scrubbles
Scrubbles (remove only)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Setup_EZTwain
SFR
SHASTA
SKIN0001
SKINXSDK
Snood for Windows version 3.52-W
SonicWALL Global VPN Client
staticcr
Stedman's Plus Premium Edition
Stedman's Plus Spellchecker 2008 Premium Edition (Shared Components)
tooltips
Transcription Buddy 3.1a Player Edition
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Ventrilo Client
VPRINTOL
Windows Imaging Component
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
WIRELESS
World of Warcraft

#2
fenzodahl512

Posted 25 August 2008 - 03:24 PM

Malware Removal
9,863 posts

Hello and welcome to GTG..

Please download RUNSCANNER to your desktop and run it.

When the first page comes up select Beginner Mode
On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
It will then ask you to save two files, the .run file and the log. Save both of them in your Desktop.
You will see the .run file on your desktop. Please zip the .run file and attach it in your next reply

Then upload that as an attachment in your next post.

#3
eyerock

Posted 25 August 2008 - 05:03 PM

Member

Topic Starter
Member
18 posts

Ok, did exactly what you asked and here is the zip with the log and .run file.

Attached Files

runscanner.zip 178.38KB 80 downloads

#4
fenzodahl512

Posted 25 August 2008 - 05:22 PM

Malware Removal
9,863 posts

Download the uploaded file from the link I gave you below (this will be your runscanner as fixed by me)

Double click the runscanner icon this will run the program.
Click on the "Item Fixer" tab
You will notice several entries with a tick, click Fix checked or Fix selected items.
Accept the warning then repeat until they are all gone.

http://www.2shared.c...58/usethis.html

NEXT

Please download OTViewIt to your desktop.

Close all windows and double click OTViewIt
Place a tick in the Scan all Users box
In the File Age drop down box select 60 days
Click Run Scan and let the program run uninterrupted
On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

#5
eyerock

Posted 25 August 2008 - 06:59 PM

Member

Topic Starter
Member
18 posts

OTViewIt logfile created on: 8/25/2008 8:02:02 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\Documents and Settings\mwatson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 73.87% Memory free
3.85 Gb Paging File | 2.60 Gb Available in Paging File | 67.47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 152.66 Gb Total Space | 120.46 Gb Free Space | 78.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PS-MWATSON
Current User Name: mwatson
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
[02/06/2007 06:45 PM | 00,109,344 | ---- | M] (Logitech Inc.) - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[09/06/2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[08/30/2006 12:51 PM | 00,155,715 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[09/07/2004 02:47 PM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\ALCXMNTR.EXE
[03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[07/16/2008 09:39 AM | 07,667,312 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[02/25/2008 08:23 PM | 00,443,968 | ---- | M] (Google Inc.) - C:\Program Files\Picasa2\PicasaMediaDetector.exe
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[08/18/2008 06:20 PM | 01,900,288 | ---- | M] (Runscanner.net) - C:\Documents and Settings\mwatson\Desktop\RunScanner.exe
[08/25/2008 08:01 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\mwatson\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[09/06/2007 01:28 PM | 00,110,592 | ---- | M] (Apple, Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(aswUpdSv) avast! iAVS4 Control Service [Auto | Running]
[07/19/2008 09:25 AM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

(Ati HotKey Poller) Ati HotKey Poller [Disabled | Stopped]
[11/21/2006 10:18 PM | 00,430,080 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\ati2evxx.exe

(ATI Smart) ATI Smart [Disabled | Stopped]
[11/22/2006 11:52 AM | 00,520,192 | ---- | M] () - C:\WINDOWS\system32\ati2sgag.exe

(avast! Antivirus) avast! Antivirus [Auto | Running]
[07/19/2008 09:38 AM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe

(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running]
[07/19/2008 09:38 AM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

(avast! Web Scanner) avast! Web Scanner [On_Demand | Running]
[07/23/2008 09:25 AM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

(DM1Service) DM1Service [Disabled | Stopped]
[10/18/2004 11:51 AM | 00,065,536 | ---- | M] (OLYMPUS Corporation) - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/13/2008 07:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(gusvc) Google Updater Service [On_Demand | Stopped]
[01/03/2007 08:40 PM | 00,136,120 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(iPod Service) iPod Service [On_Demand | Running]
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(LVPrcSrv) Process Monitor [Auto | Running]
[02/06/2007 06:45 PM | 00,109,344 | ---- | M] (Logitech Inc.) - c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

(LVSrvLauncher) LVSrvLauncher [Auto | Stopped]
[02/06/2007 06:47 PM | 00,105,248 | ---- | M] (Logitech Inc.) - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

(LWWLicenseService) LWWLicenseService [On_Demand | Stopped]
[03/18/2008 04:30 PM | 00,079,360 | ---- | M] (WoltersKluwerLWW) - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[08/30/2006 12:51 PM | 00,155,715 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(RampartSvc) SonicWall VPN Client Service [On_Demand | Stopped]
[10/15/2004 10:12 AM | 00,131,072 | ---- | M] (SonicWALL, Inc.) - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

===== Driver Services - Non-Microsoft Only =====

(Aavmker4) avast! Asynchronous Virus Monitor [System | Running]
[07/19/2008 09:32 AM | 00,026,944 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[10/01/2004 11:24 AM | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

(aswFsBlk) aswFsBlk [Auto | Running]
[07/19/2008 09:37 AM | 00,020,560 | ---- | M] (ALWIL Software) - C:\WINDOWS\system32\drivers\aswFsBlk.sys

(aswMon2) avast! Standard Shield Support [Auto | Running]
[07/19/2008 09:37 AM | 00,094,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys

(aswRdr) aswRdr [On_Demand | Running]
[07/19/2008 09:33 AM | 00,023,152 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys

(aswSP) avast! Self Protection [System | Running]
[07/19/2008 09:35 AM | 00,078,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys

(aswTdi) avast! Network Shield Support [System | Running]
[07/19/2008 09:32 AM | 00,042,912 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys

(ati2mtag) ati2mtag [On_Demand | Stopped]
[11/21/2006 10:25 PM | 02,829,824 | ---- | M] (ATI Technologies Inc.) - C:\WINDOWS\system32\drivers\ati2mtag.sys

(dmboot) dmboot [Disabled | Stopped]
[04/13/2008 01:44 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[04/13/2008 01:44 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/04/2004 07:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(DNE) Deterministic Network Enhancer Miniport [On_Demand | Running]
[05/14/2004 05:15 PM | 00,147,236 | ---- | M] (Deterministic Networks, Inc.) - C:\WINDOWS\system32\drivers\dne2000.sys

(FilterService) UVC Filter Service [On_Demand | Running]
[02/03/2007 11:33 AM | 00,022,560 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvuvcflt.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HPZid412) IEEE-1284.4 Driver HPZid412 [On_Demand | Running]
[10/21/2005 07:58 PM | 00,049,920 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZid412.sys

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [On_Demand | Running]
[10/21/2005 07:58 PM | 00,016,496 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZipr12.sys

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [On_Demand | Running]
[10/21/2005 07:52 PM | 00,021,568 | ---- | M] (HP) - C:\WINDOWS\system32\drivers\HPZius12.sys

(ltmodem5) LT Modem Driver [On_Demand | Running]
[08/03/2004 05:41 PM | 00,606,684 | ---- | M] (LT) - C:\WINDOWS\system32\drivers\ltmdmnt.sys

(LVcKap) Logitech AEC Driver [On_Demand | Running]
[02/06/2007 06:42 PM | 01,691,808 | ---- | M] () - C:\WINDOWS\system32\drivers\Lvckap.sys

(LVMVDrv) Logitech Machine Vision Engine Loader [On_Demand | Running]
[02/06/2007 06:44 PM | 01,964,064 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVMVdrv.sys

(lvpopflt) Logitech POP Suppression Filter [On_Demand | Running]
[02/03/2007 11:30 AM | 01,507,232 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvpopflt.sys

(LVPr2Mon) Logitech LVPr2Mon Driver [On_Demand | Running]
[02/06/2007 06:45 PM | 00,025,632 | ---- | M] () - C:\WINDOWS\system32\drivers\LVPr2Mon.sys

(LVUSBSta) Logitech USB Monitor Filter [On_Demand | Running]
[02/03/2007 11:32 AM | 00,041,504 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVUSBSta.sys

(LVUVC) Logitech QuickCam Fusion(UVC) [On_Demand | Running]
[02/03/2007 11:32 AM | 01,939,360 | ---- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\lvuvc.sys

(MBAMSwissArmy) MBAMSwissArmy [On_Demand | Stopped]
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\system32\drivers\mbamswissarmy.sys

(nv) nv [On_Demand | Running]
[08/30/2006 12:51 PM | 03,958,496 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 07:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[10/18/2006 03:00 AM | 00,036,624 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(RCFOX) SonicWALL IPsec Driver [System | Running]
[10/15/2004 10:46 AM | 00,091,136 | ---- | M] (SonicWALL, Inc.) - C:\WINDOWS\system32\drivers\RCFOX.SYS

(rcvpn) SonicWALL VPN Adapter [On_Demand | Running]
[08/20/2003 02:01 PM | 00,023,180 | ---- | M] (SonicWALL, Inc.) - C:\WINDOWS\system32\drivers\rcvpn.sys

(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [On_Demand | Running]
[08/03/2004 05:31 PM | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) - C:\WINDOWS\system32\drivers\RTL8139.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 05:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor" = ALCXMNTR.EXE [09/07/2004 02:47 PM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.)
"avast!" = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [07/19/2008 09:38 AM | 00,078,008 | ---- | M] (ALWIL Software)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [08/30/2006 12:51 PM | 07,630,848 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [08/30/2006 12:51 PM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install [08/30/2006 12:51 PM | 01,519,616 | ---- | M] ()
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
"" = File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector" = C:\Program Files\Picasa2\PicasaMediaDetector.exe [02/25/2008 08:23 PM | 00,443,968 | ---- | M] (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-1993962763-1606980848-1801674531-1846\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector" = C:\Program Files\Picasa2\PicasaMediaDetector.exe [02/25/2008 08:23 PM | 00,443,968 | ---- | M] (Google Inc.)

[HKEY_USERS\S-1-5-21-1993962763-1606980848-1801674531-1846\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[casey watson Startup Folder - C:\Documents and Settings\casey watson\Start Menu\Programs\Startup]

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

[mwatson Startup Folder - C:\Documents and Settings\mwatson\Start Menu\Programs\Startup]

[sigadmin Startup Folder - C:\Documents and Settings\sigadmin\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (AcroIEHlprObj Class) - [12/14/2004 01:56 AM | 00,063,136 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [12/15/2006 04:23 AM | 00,440,056 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
HKLM CLSID: (AcroIEToolbarHelper Class) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_USERS\S-1-5-21-1993962763-1606980848-1801674531-1846\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [12/14/2004 02:13 AM | 00,225,280 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
Unable to open key or key not present!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-21-1993962763-1606980848-1801674531-1846\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-21-1993962763-1606980848-1801674531-1846\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 07:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 01:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [02/20/2007 05:10 AM | 00,282,624 | ---- | M] (Eastman Kodak Company)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/30/2008 10:36 AM | 20,638,504 | ---- | M] (Apple Inc.)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 07:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 01:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe File not found
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe [01/01/2007 04:22 PM | 03,739,648 | ---- | M] (Google)
"C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe" = C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe [01/08/2007 11:34 PM | 00,807,252 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.0.3-enUS-downloader.exe [01/27/2007 05:12 PM | 00,784,032 | ---- | M] (Blizzard Entertainment)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [03/30/2008 10:36 AM | 20,638,504 | ---- | M] (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe File not found
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [02/20/2007 05:10 AM | 00,282,624 | ---- | M] (Eastman Kodak Company)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [01/19/2007 12:54 PM | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe [01/04/2007 04:10 PM | 00,297,752 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 07:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 07:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 07:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 07:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 07:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DllName" = C:\WINDOWS\system32\ati2evxx.dll [11/21/2006 10:19 PM | 00,090,112 | ---- | M] (ATI Technologies Inc.)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"WMPNetworkSvc" = 3
"usnjsvc" = 3
"ose" = 3
"iPod Service" = 3
"idsvc" = 3
"gusvc" = 3
"DM1Service" = 2
"ATI Smart" = 2
"Ati HotKey Poller" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk File not found
"backup" = C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnk File not found
"location" = Common Startup
"command" = C:\WINDOWS\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [03/18/2008 02:30 PM | 00,025,214 | R--- | M] ()
"item" = Adobe Acrobat Speed Launcher

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk File not found
"backup" = C:\WINDOWS\pss\Device Detector 3.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [11/04/2004 08:21 PM | 00,114,688 | ---- | M] (OLYMPUS Imaging Corporation.)
"item" = Device Detector 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk File not found
"backup" = C:\WINDOWS\pss\Kodak EasyShare software.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [02/20/2007 05:10 AM | 00,282,624 | ---- | M] (Eastman Kodak Company)
"item" = Kodak EasyShare software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
"path" = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk File not found
"backup" = C:\WINDOWS\pss\KODAK Software Updater.lnk File not found
"location" = Common Startup
"command" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [02/13/2004 02:12 PM | 00,016,423 | ---- | M] ()
"item" = KODAK Software Updater

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" =
"hkey" = HKLM
"command" =
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 7.0]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Acrotray
"hkey" = HKLM
"command" = C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe [12/14/2004 02:12 AM | 00,483,328 | ---- | M] (Adobe Systems Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Reader_sl
"hkey" = HKLM
"command" = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [01/11/2008 11:16 PM | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\googletalk]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = googletalk
"hkey" = HKLM
"command" = C:\Program Files\Google\Google Talk\googletalk.exe [01/01/2007 04:22 PM | 03,739,648 | ---- | M] (Google)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = iTunesHelper
"hkey" = HKLM
"command" = C:\Program Files\iTunes\iTunesHelper.exe [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechCommunicationsManager]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = Communications_Helper
"hkey" = HKLM
"command" = C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [02/08/2007 02:12 AM | 00,488,984 | ---- | M] (Logitech Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechQuickCamRibbon]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = QuickCam10
"hkey" = HKLM
"command" = C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [02/08/2007 02:13 AM | 00,774,168 | ---- | M] ()
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Picasa Media Detector]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = PicasaMediaDetector
"hkey" = HKLM
"command" = C:\Program Files\Picasa2\PicasaMediaDetector.exe [02/25/2008 08:23 PM | 00,443,968 | ---- | M] (Google Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key" = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"item" = QTTask
"hkey" = HKLM
"command" = C:\Program Files\QuickTime\QTTask.exe [03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.)
"inimapping" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
"system.ini" = 0
"win.ini" = 0
"bootini" = 0
"services" = 2
"startup" = 2

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{059B7636-C5AA-44D4-9322-BDB7C54C3FE7}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{33EA049C-CC03-49DB-95B7-80A443806E5D}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{8C05637B-22CE-4F0B-B466-404075A31ED6}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{CC82E7B5-76F9-4F1C-B0D4-FF69D49D5F47}]
Servers: 192.168.1.249,24.217.0.5,24.217.201.67 | Description: Realtek RTL8139 Family PCI Fast Ethernet NIC

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[01/08/2007 08:31 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a03586c-f517-11dc-99ba-000c6e76fe81}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a03586c-f517-11dc-99ba-000c6e76fe81}\Shell\AutoRun]
"" = Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a03586c-f517-11dc-99ba-000c6e76fe81}\Shell\AutoRun\command]
"" = J:\LaunchU3.exe File not found

===== Hosts File =====

HOSTS File = (842 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
192.168.1.247 ps-plexus
192.168.1.246 premiernas
192.168.1.247 premier4
192.168.1.249 signaturehealth.net

[Files/Folders - Created Within 60 days]
[01/17/2008 11:34 AM | 00,093,264 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon.sys
[04/13/2008 01:36 PM | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) - C:\WINDOWS\System32\drivers\sisagp.sys
[04/13/2008 01:36 PM | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) - C:\WINDOWS\System32\drivers\amdagp.sys
[04/13/2008 07:11 PM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[04/13/2008 07:11 PM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[04/13/2008 07:11 PM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[04/13/2008 07:11 PM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[04/13/2008 07:11 PM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[04/13/2008 07:11 PM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[04/13/2008 07:11 PM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[04/13/2008 07:11 PM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[04/13/2008 07:11 PM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[04/13/2008 07:11 PM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[04/13/2008 07:11 PM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[04/13/2008 07:11 PM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[04/13/2008 07:11 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[04/13/2008 07:12 PM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll
[04/13/2008 07:12 PM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll
[04/13/2008 11:36 AM | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\System32\drivers\hdaudbus.sys
[07/17/2004 10:55 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[07/17/2004 11:35 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[07/17/2004 11:36 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[07/19/2008 09:32 AM | 00,026,944 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys
[07/19/2008 09:32 AM | 00,042,912 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys
[07/19/2008 09:33 AM | 00,023,152 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys
[07/19/2008 09:35 AM | 00,078,416 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys
[07/19/2008 09:37 AM | 00,020,560 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswFsBlk.sys
[07/19/2008 09:37 AM | 00,094,416 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys
[08/03/2004 10:29 PM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys
[08/03/2004 10:29 PM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[08/03/2004 10:29 PM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys
[08/03/2004 10:29 PM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys
[08/03/2004 10:29 PM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys
[08/03/2004 10:29 PM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys
[08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys
[08/03/2004 10:29 PM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys
[08/03/2004 10:29 PM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[08/03/2004 10:29 PM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys
[08/03/2004 10:29 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys
[08/03/2004 10:29 PM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys
[08/03/2004 10:29 PM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys
[08/03/2004 10:29 PM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[08/03/2004 10:29 PM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys
[08/03/2004 10:29 PM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys
[08/03/2004 10:29 PM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[08/03/2004 10:29 PM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[08/03/2004 10:29 PM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys
[08/03/2004 10:29 PM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys
[08/03/2004 10:29 PM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys
[08/03/2004 10:29 PM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys
[08/03/2004 10:29 PM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[08/03/2004 10:29 PM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys
[08/03/2004 10:29 PM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys
[08/03/2004 10:29 PM | 00,166,912 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\drivers\s3gnbm.sys
[08/03/2004 10:29 PM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[08/03/2004 10:29 PM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys
[08/03/2004 10:41 PM | 00,011,868 | ---- | C] (Conexant) - C:\WINDOWS\System32\drivers\mdmxsdk.sys
[08/03/2004 10:41 PM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys
[08/03/2004 10:41 PM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys
[08/03/2004 10:41 PM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys
[08/03/2004 10:41 PM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[08/03/2004 10:41 PM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys
[08/03/2004 10:41 PM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[08/03/2004 10:41 PM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[08/03/2004 10:41 PM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys
[08/03/2004 10:41 PM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts2.sys
[08/03/2004 10:41 PM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[08/03/2004 10:41 PM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2 C:\WINDOWS\System32\*.tmp files]
[01/09/2004 04:13 AM | 00,380,928 | ---- | C] () - C:\WINDOWS\System32\actskin4.ocx
[04/13/2008 07:11 PM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll
[04/13/2008 07:11 PM | 00,032,768 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativtmxx.dll
[04/13/2008 07:11 PM | 00,086,016 | ---- | C] (Conexant) - C:\WINDOWS\System32\mdmxsdk.dll
[04/13/2008 07:11 PM | 00,377,984 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvaa.dll
[04/13/2008 07:11 PM | 00,870,784 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3d1ag.dll
[04/13/2008 07:12 PM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax
[04/13/2008 07:12 PM | 00,023,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativmvxx.ax
[04/13/2008 07:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe
[04/13/2008 07:12 PM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe
[04/13/2008 07:12 PM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll
[04/13/2008 07:12 PM | 00,188,508 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slgen.dll
[04/13/2008 07:12 PM | 00,286,792 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slextspk.dll
[04/13/2008 07:12 PM | 00,397,056 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\s3gnb.dll
[04/13/2008 07:12 PM | 01,737,856 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\mtxparhd.dll
[06/21/2007 12:52 AM | 00,000,974 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[07/19/2008 09:30 AM | 00,094,392 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\AvastSS.scr
[07/19/2008 09:43 AM | 01,163,960 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\aswBoot.exe
[08/17/2008 07:00 PM | ---D | C] - C:\WINDOWS\System32\bits
[08/17/2008 07:00 PM | ---D | C] - C:\WINDOWS\System32\en
[08/17/2008 07:00 PM | ---D | C] - C:\WINDOWS\System32\scripting
[08/18/2008 08:18 PM | 00,029,760 | ---- | C] () - C:\WINDOWS\System32\mccvC7qL.exe
[5 C:\WINDOWS\*.tmp files]
[04/13/2008 07:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\slrundll.exe
[08/17/2008 06:54 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$
[08/17/2008 06:58 PM | ---D | C] - C:\WINDOWS\ServicePackFiles
[08/17/2008 07:00 PM | ---D | C] - C:\WINDOWS\l2schemas
[08/25/2008 06:01 PM | ---D | C] - C:\WINDOWS\Prefetch
[08/19/2008 11:42 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[07/02/2008 02:09 PM | ---D | C] - C:\Documents and Settings\mwatson\Application Data\AdobeUM
[08/19/2008 11:42 PM | ---D | C] - C:\Documents and Settings\mwatson\Application Data\Malwarebytes
[08/25/2008 06:00 PM | ---D | C] - C:\Documents and Settings\mwatson\Application Data\WinRAR
[08/25/2008 08:00 PM | ---D | C] - C:\Documents and Settings\mwatson\Local Settings\Application Data\Runscanner.net
[08/17/2008 08:36 PM | 00,001,736 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk
[08/19/2008 11:42 PM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/19/2008 11:57 PM | 00,001,709 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[07/06/2008 10:28 PM | 01,699,840 | ---- | C] (NISSAN MOTOR CO., LTD.) - C:\Documents and Settings\mwatson\Desktop\TitleInfoSearch.exe
[08/17/2008 06:45 PM | ---D | C] - C:\Documents and Settings\mwatson\Desktop\Unused Desktop Shortcuts
[08/18/2008 06:20 PM | 01,900,288 | ---- | C] (Runscanner.net) - C:\Documents and Settings\mwatson\Desktop\RunScanner.exe
[08/19/2008 11:37 PM | 00,050,688 | ---- | C] (Atribune.org) - C:\Documents and Settings\mwatson\Desktop\ATF_Cleaner.exe
[08/19/2008 11:57 PM | 26,401,600 | ---- | C] () - C:\Documents and Settings\mwatson\Desktop\setupeng.exe
[08/20/2008 07:40 PM | 00,001,734 | ---- | C] () - C:\Documents and Settings\mwatson\Desktop\HijackThis.lnk
[08/25/2008 06:03 PM | 00,180,620 | ---- | C] () - C:\Documents and Settings\mwatson\Desktop\runscanner.run
[08/25/2008 06:05 PM | 00,182,660 | ---- | C] () - C:\Documents and Settings\mwatson\Desktop\runscanner.zip
[08/25/2008 08:01 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\mwatson\Desktop\OTViewIt.exe
[08/19/2008 11:42 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[07/06/2008 10:29 PM | ---D | C] - C:\Program Files\AIM
[08/19/2008 11:42 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/19/2008 11:57 PM | ---D | C] - C:\Program Files\Alwil Software
[08/20/2008 07:40 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 60 days]
[07/03/2008 12:06 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt03.sqm
[07/03/2008 12:06 AM | 00,000,268 | -H-- | M] () - C:\sqmdata03.sqm
[07/29/2008 09:48 PM | ---D | M] - C:\My Games
[08/15/2008 07:58 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt04.sqm
[08/15/2008 07:58 AM | 00,000,268 | -H-- | M] () - C:\sqmdata04.sqm
[08/17/2008 06:56 PM | 00,250,048 | RHS- | M] () - C:\ntldr
[08/17/2008 08:36 PM | -HSD | M] - C:\Config.Msi
[08/20/2008 07:40 PM | R--D | M] - C:\Program Files
[08/22/2008 09:13 PM | ---D | M] - C:\WINDOWS
[08/25/2008 06:52 PM | -HSD | M] - C:\RECYCLER
[07/19/2008 09:32 AM | 00,026,944 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aavmker4.sys
[07/19/2008 09:32 AM | 00,042,912 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswTdi.sys
[07/19/2008 09:33 AM | 00,023,152 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswRdr.sys
[07/19/2008 09:35 AM | 00,078,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswSP.sys
[07/19/2008 09:37 AM | 00,020,560 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswFsBlk.sys
[07/19/2008 09:37 AM | 00,094,416 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\drivers\aswmon2.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/25/2008 06:59 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\drivers\lvuvc.hs
[2 C:\WINDOWS\System32\*.tmp files]
[07/19/2008 09:30 AM | 00,094,392 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\AvastSS.scr
[07/19/2008 09:43 AM | 01,163,960 | ---- | M] (ALWIL Software) - C:\WINDOWS\System32\aswBoot.exe
[08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\System32\Com
[08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\System32\npp
[08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\System32\oobe
[08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\System32\Restore
[08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\bits
[08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\en
[08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\en-US
[08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\inetsrv
[08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\scripting
[08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\System32\usmt
[08/17/2008 08:31 PM | 00,121,336 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/17/2008 08:31 PM | ---D | M] - C:\WINDOWS\System32\Setup
[08/17/2008 08:31 PM | ---D | M] - C:\WINDOWS\System32\wbem
[08/17/2008 08:33 PM | 00,072,094 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/17/2008 08:33 PM | 00,444,088 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/17/2008 08:33 PM | 00,526,212 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/18/2008 08:18 PM | 00,029,760 | ---- | M] () - C:\WINDOWS\System32\mccvC7qL.exe
[08/19/2008 11:57 PM | 00,002,626 | ---- | M] () - C:\WINDOWS\System32\CONFIG.NT
[08/19/2008 11:57 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/20/2008 07:10 AM | ---D | M] - C:\WINDOWS\System32\config
[08/20/2008 12:03 AM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/22/2008 09:11 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/25/2008 06:10 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/25/2008 07:02 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\nvapps.xml
[08/25/2008 07:02 PM | 00,013,702 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[5 C:\WINDOWS\*.tmp files]
[08/05/2008 01:59 AM | ---D | M] - C:\WINDOWS\Debug
[08/17/2008 06:50 PM | ---D | M] - C:\WINDOWS\ehome
[08/17/2008 06:54 PM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstall$
[08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\msagent
[08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\mui
[08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\srchasst
[08/17/2008 06:57 PM | ---D | M] - C:\WINDOWS\system
[08/17/2008 06:58 PM | ---D | M] - C:\WINDOWS\ServicePackFiles
[08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\ime
[08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\l2schemas
[08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\network diagnostic
[08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\PeerNet
[08/17/2008 07:00 PM | ---D | M] - C:\WINDOWS\WinSxS
[08/17/2008 07:05 PM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/17/2008 07:06 PM | 00,002,675 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/17/2008 08:31 PM | ---D | M] - C:\WINDOWS\AppPatch
[08/17/2008 08:31 PM | R-SD | M] - C:\WINDOWS\Fonts
[08/17/2008 08:36 PM | -HSD | M] - C:\WINDOWS\Installer
[08/20/2008 06:15 PM | ---D | M] - C:\WINDOWS\security
[08/21/2008 10:34 PM | ---D | M] - C:\WINDOWS\Help
[08/21/2008 10:34 PM | -H-D | M] - C:\WINDOWS\inf
[08/22/2008 09:12 PM | -HSD | M] - C:\WINDOWS\CSC
[08/25/2008 06:52 PM | ---D | M] - C:\WINDOWS\system32
[08/25/2008 06:59 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/25/2008 07:02 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/25/2008 07:02 PM | ---D | M] - C:\WINDOWS\Temp
[08/25/2008 08:00 PM | --SD | M] - C:\WINDOWS\Tasks
[08/25/2008 08:01 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/16/2008 10:01 PM | 00,000,450 | ---- | M] () - C:\WINDOWS\tasks\EasyShare Registration Task.job
[08/23/2008 08:29 AM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/25/2008 06:59 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/19/2008 11:42 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[07/02/2008 02:09 PM | ---D | M] - C:\Documents and Settings\mwatson\Application Data\AdobeUM
[07/23/2008 02:12 PM | --SD | M] - C:\Documents and Settings\mwatson\Application Data\Microsoft
[08/19/2008 11:42 PM | ---D | M] - C:\Documents and Settings\mwatson\Application Data\Malwarebytes
[08/25/2008 06:00 PM | ---D | M] - C:\Documents and Settings\mwatson\Application Data\WinRAR
[07/27/2008 11:18 PM | 04,808,680 | -H-- | M] () - C:\Documents and Settings\mwatson\Local Settings\Application Data\IconCache.db
[08/03/2008 06:48 PM | ---D | M] - C:\Documents and Settings\mwatson\Local Settings\Application Data\Microsoft
[08/17/2008 07:47 PM | 00,020,040 | ---- | M] () - C:\Documents and Settings\mwatson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/24/2008 07:16 PM | ---D | M] - C:\Documents and Settings\mwatson\Local Settings\Application Data\Deployment
[08/25/2008 08:00 PM | ---D | M] - C:\Documents and Settings\mwatson\Local Settings\Application Data\Runscanner.net
[08/17/2008 07:33 PM | R--D | M] - C:\Documents and Settings\mwatson\My Documents\My Pictures
[08/20/2008 08:47 PM | ---D | M] - C:\Documents and Settings\mwatson\My Documents\WORK TO BE PUT IN T
[08/20/2008 11:38 AM | 00,000,582 | ---- | M] () - C:\Documents and Settings\mwatson\My Documents\My Sharing Folders.lnk
[08/17/2008 08:36 PM | 00,001,736 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Windows Live Messenger.lnk
[08/19/2008 11:42 PM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[08/19/2008 11:57 PM | 00,001,709 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[08/20/2008 07:20 PM | 00,002,137 | ---- | M] () - C:\Documents and Settings\All Users&

#6
fenzodahl512

Posted 25 August 2008 - 07:17 PM

Malware Removal
9,863 posts

Hi.. Somehow your OTViewIt.txt log has been cut-off.. can you please find and attach that log instead of post it?.. Thanks

#7
eyerock

Posted 25 August 2008 - 07:33 PM

Member

Topic Starter
Member
18 posts

There you go....

Attached Files

OTViewIt.Txt 103.8KB 87 downloads
Extras.Txt 20.89KB 112 downloads

#8
fenzodahl512

Posted 25 August 2008 - 08:01 PM

Malware Removal
9,863 posts

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
[kill explorer]
C:\WINDOWS\System32\mccvC7qL.exe
C:\WINDOWS\System32\drivers\lvuvc.hs
EmptyTemp
purity
[start explorer]
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If above OTMoveIt2 link above is broken, please use this link instead..

NEXT

I noticed you already have Malwarebytes' Anti-Malware.. Please run and update it..

Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please post the following logs in your next reply..

1. OTMoveIt2
2. Malwarebytes'
3. Tell me about your computer behaviour..

#9
eyerock

Posted 25 August 2008 - 08:32 PM

Member

Topic Starter
Member
18 posts

Explorer killed successfully
C:\WINDOWS\System32\mccvC7qL.exe moved successfully.
C:\WINDOWS\System32\drivers\lvuvc.hs moved successfully.
< EmptyTemp >
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\unp6075447.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08252008_211058

Files moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_7b4.dat moved successfully.
File C:\WINDOWS\temp\_avast4_\unp6075447.tmp not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

________________________________________________________________________________
___________

Malwarebytes' Anti-Malware 1.25
Database version: 1073
Windows 5.1.2600 Service Pack 3

9:35:20 PM 8/25/2008
mbam-log-08-25-2008 (21-35-20).txt

Scan type: Quick Scan
Objects scanned: 50349
Time elapsed: 9 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_______________________________________

I have not had any popups all night...so far...it appears to be clean...I think...

#10
fenzodahl512

Posted 25 August 2008 - 08:54 PM

Malware Removal
9,863 posts

Post me a fresh HijackThis log for my review..

#11
eyerock

Posted 25 August 2008 - 09:12 PM

Member

Topic Starter
Member
18 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:41 PM, on 8/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Signature Health Services
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SignatureHealth.net
O17 - HKLM\Software\..\Telephony: DomainName = SignatureHealth.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC82E7B5-76F9-4F1C-B0D4-FF69D49D5F47}: NameServer = 192.168.1.249,24.217.0.5,24.217.201.67
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SignatureHealth.net
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: LWWLicenseService - WoltersKluwerLWW - C:\Program Files\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe

--
End of file - 8029 bytes
________________________________________________________

Am I clean??????

#12
fenzodahl512

Posted 25 August 2008 - 09:24 PM

Malware Removal
9,863 posts

Am I clean??????

Your log tells me that you are good to go

Please open the OTViewIt and then click on the CleanUp! button.. Make sure you are connected to the internet when doing this..

I noticed you already have Avast! as antivirus and Malwarebytes' as antispyware. However, I also haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewall below:

After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.

Lastly, to keep your operating system up to date please visit the link below monthly

Microsoft Windows Update

Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread

Have a safe and happy computing day!

Regards
fenzodahl512

#13
eyerock

Posted 25 August 2008 - 09:38 PM

Member

Topic Starter
Member
18 posts

My computer is finally running smoothly again!! I have been cleaned from my disease!! Thank you so much! I feel like a new person. You have been loads of help and you are my favorite person right now that I don't even know!! Have a fantastic evening!!

#14
fenzodahl512

Posted 25 August 2008 - 09:43 PM

Malware Removal
9,863 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.