Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dr Watson Postmortem Debugger, and others [RESOLVED]


  • This topic is locked This topic is locked

#1
SKousik

SKousik

    Member

  • Member
  • PipPip
  • 26 posts
I got the 'Dr Watson' thing today for the first time, and looked up what to do about it... I saw that another fellow had posted about it on this forum, so I figured I'd do the same. My computer did lock up after displaying that error. It has also been giving me 'Windows Explorer must close' errors every few hours, and then it freezes up for a few seconds, and sometimes the bottom toolbar disappears and then reappears. Also, it has been freezing up every 3 or 4 minutes for a few seconds each time, especially when I'm browsing the Internet. Today, it is refusing to show the site formatting for comcast.net and geekstogo.com, and shows only words and posted images. Other sites are working, but these two seem to be reduced to their text only. I used ADT, which kept freezing up on my computer, and SuperAntiSpyware, but finally downloaded Hijack This... Here's the HJT file. Thank you so much, for just having a site like this in existence!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:00 PM, on 8/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

--
End of file - 9653 bytes
  • 0

Advertisements


#2
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello SKousik, and welcome to Geeks to go. Sorry about the delay, everyone here has been very busy.

Please post a fresh HijackThis log in your next reply.
  • 0

#3
SKousik

SKousik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
It's no problem! I'm very busy as well, and am very grateful for this website.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:37 PM, on 8/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -

c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital

Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8

-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32

\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil

/RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32

\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32

\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32

\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -

atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07

\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital

Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1

\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0

\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe

/Fixups (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online

9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program

Files\Quicken\bagent.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32

\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1

\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}

- C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -

C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common

Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program

Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation -

c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation

- c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32

\Tablet.exe

--
End of file - 9783 bytes
  • 0

#4
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello SKousik,
Before we get started please turn the word wrap off in your notepad. To do this please open up a notepad window and click Format>Word Wrap and it should be off now.

STEP 1
I do not see a Firewall on your computer. A firewall can help protect you from Hackers and some types of Malware. I recommend you download a firewall. Here are a few to chose from(all are free).
Comodo
Zone Alarm
OutPost
Out of these I would recommend Comodo, please only install one firewall at a time. If you need any help installing/using one of these firewalls please let me know.

STEP 2
Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

STEP 3
Download OTViewIt to your desktop.
  • Close all windows and open it
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras. Post both those logs here.
  • You may need to use two posts to get it all on the forum
~~~~~~~~~~~
In your next reply please have these logs. You will need to use more then 1 reply for the logs to fit.
The SmitFraudFix log
The OTViewIt logs
And a fresh HijackThis log

  • 0

#5
SKousik

SKousik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Thank you!

However, SmitFraud simply isn't working. If I click it, it brings up command prompt, but I can't type anything into it. If I try to move it, it states that it is being used by another program.

Here are the OTViewIt logs:

OTViewIt logfile created on: 8/27/2008 5:15:00 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.14 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 65.70% Memory free
1.95 Gb Paging File | 1.60 Gb Available in Paging File | 82.12% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.53 Gb Total Space | 116.45 Gb Free Space | 81.13% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.94 Gb Free Space | 17.11% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHREYAS
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[12/22/2004 05:45 PM | 00,235,120 | ---- | M] (Symantec Corporation) - c:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
[12/22/2004 05:45 PM | 00,255,600 | ---- | M] (Symantec Corporation) - c:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
[10/29/2007 02:27 PM | 00,587,096 | ---- | M] (Lavasoft AB) - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[08/27/2008 04:32 PM | 00,519,936 | ---- | M] () - C:\Program Files\COMODO\Firewall\cmdagent.exe
[08/18/2003 02:34 AM | 00,158,376 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\navapsvc.exe
[06/17/2005 04:00 PM | 00,749,568 | ---- | M] (Wacom Technology, Corp.) - C:\WINDOWS\system32\Tablet.exe
[05/07/1998 07:04 PM | 00,052,736 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system\hpsysdrv.exe
[10/07/2002 10:23 AM | 00,090,112 | ---- | M] () - C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
[05/23/2003 05:55 AM | 00,483,328 | ---- | M] (Hewlett-Packard) - C:\WINDOWS\system32\hphmon05.exe
[02/11/2003 11:02 PM | 00,061,440 | ---- | M] (Hewlett-Packard Company) - C:\hp\KBD\kbd.exe
[10/22/2004 11:53 AM | 00,053,248 | ---- | M] (S3 Graphics, Inc.) - C:\WINDOWS\system32\VTTimer.exe
[12/22/2004 05:45 PM | 00,071,280 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
[07/14/2003 08:52 PM | 00,040,960 | ---- | M] (Agere Systems) - C:\WINDOWS\ltmsg.exe
[08/14/2003 09:12 PM | 00,139,264 | ---- | M] (Alcor Micro, Corp.) - C:\Program Files\Multimedia Card Reader\shwicon2k.exe
[03/08/2005 12:42 AM | 00,176,128 | ---- | M] (HP) - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
[08/10/2003 03:26 AM | 00,193,816 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\SAVScan.exe
[09/07/2007 04:55 PM | 00,267,064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[09/07/2004 01:47 PM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\ALCXMNTR.EXE
[08/27/2008 04:32 PM | 01,655,552 | ---- | M] () - C:\Program Files\COMODO\Firewall\cfp.exe
[05/07/2008 08:08 PM | 00,289,088 | ---- | M] (BitTorrent, Inc.) - C:\Program Files\DNA\btdna.exe
[07/07/2003 11:20 AM | 00,233,472 | ---- | M] (Hewlett-Packard Co.) - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[06/11/2007 06:16 PM | 00,103,928 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[06/17/2005 04:35 PM | 00,114,688 | ---- | M] (Wacom Technology, Corp.) - C:\WINDOWS\system32\WTablet\TabUserW.exe
[07/07/2003 07:50 PM | 00,557,056 | ---- | M] (interMute, Inc.) - C:\Program Files\interMute\SpamSubtract\SpamSub.exe
[09/07/2007 04:55 PM | 00,503,608 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[07/19/2008 01:07 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[08/27/2008 05:14 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aawservice) Ad-Aware 2007 Service [Auto | Running]
[10/29/2007 02:27 PM | 00,587,096 | ---- | M] (Lavasoft AB) - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

(Adobe LM Service) Adobe LM Service [On_Demand | Stopped]
[12/13/2005 09:53 PM | 00,072,704 | ---- | M] (Adobe Systems) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

(ccEvtMgr) Symantec Event Manager [Auto | Running]
[12/22/2004 05:45 PM | 00,255,600 | ---- | M] (Symantec Corporation) - c:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE

(ccPwdSvc) Symantec Password Validation [On_Demand | Stopped]
[12/22/2004 05:45 PM | 00,087,664 | ---- | M] (Symantec Corporation) - c:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE

(ccSetMgr) Symantec Settings Manager [Auto | Running]
[12/22/2004 05:45 PM | 00,235,120 | ---- | M] (Symantec Corporation) - c:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE

(cmdAgent) COMODO Firewall Pro Helper Service [Auto | Running]
[08/27/2008 04:32 PM | 00,519,936 | ---- | M] () - C:\Program Files\COMODO\Firewall\cmdagent.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/14/2008 05:42 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[04/04/2005 01:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(iPod Service) iPod Service [On_Demand | Running]
[09/07/2007 04:55 PM | 00,503,608 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(Macromedia Licensing Service) Macromedia Licensing Service [On_Demand | Stopped]
[06/25/2005 07:26 PM | 00,069,632 | ---- | M] (Macromedia) - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

(navapsvc) Norton AntiVirus Auto Protect Service [Auto | Running]
[08/18/2003 02:34 AM | 00,158,376 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\navapsvc.exe

(NVSvc) NVIDIA Driver Helper Service [Auto | Stopped]
[08/19/2003 05:56 AM | 00,077,824 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Stopped]
[09/29/2004 01:14 PM | 00,069,632 | ---- | M] (HP) - C:\WINDOWS\system32\HPZipm12.exe

(SAVScan) SAVScan [On_Demand | Running]
[08/10/2003 03:26 AM | 00,193,816 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\SAVScan.exe

(TabletService) TabletService [Auto | Running]
[06/17/2005 04:00 PM | 00,749,568 | ---- | M] (Wacom Technology, Corp.) - C:\WINDOWS\system32\Tablet.exe

===== Driver Services - Non-Microsoft Only =====

(AFS2K) AFS2K [System | Running]
[10/07/2004 09:16 PM | 00,035,840 | ---- | M] (Oak Technology Inc.) - C:\WINDOWS\System32\drivers\AFS2K.SYS

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[10/01/2004 10:24 AM | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

(BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [On_Demand | Stopped]
[09/16/2005 12:46 PM | 00,044,224 | R--- | M] (BVRP Software) - C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

(cmdGuard) COMODO Firewall Pro Sandbox Driver [System | Running]
[08/27/2008 04:32 PM | 00,087,056 | ---- | M] (COMODO) - C:\WINDOWS\system32\drivers\cmdguard.sys

(cmdHlp) COMODO Firewall Pro Helper Driver [System | Running]
[08/27/2008 04:32 PM | 00,024,208 | ---- | M] (COMODO) - C:\WINDOWS\system32\drivers\cmdhlp.sys

(dmboot) dmboot [Disabled | Stopped]
[04/14/2008 12:14 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) dmio [Disabled | Stopped]
[04/14/2008 12:14 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[08/29/2002 08:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(fasttx2k) fasttx2k [Boot | Running]
[06/19/2003 04:59 AM | 00,140,800 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\Fasttx2k.sys

(FETND5BV) VIA Rhine-Family Fast Ethernet Adapter Driver Service [On_Demand | Running]
[12/16/2004 01:36 PM | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) - C:\WINDOWS\system32\drivers\fetnd5bv.sys

(FETNDISB) VIA Rhine Family Fast Ethernet Adapter Driver Service [On_Demand | Stopped]
[01/16/2003 02:05 AM | 00,041,984 | ---- | M] (VIA Technologies, Inc. ) - C:\WINDOWS\system32\drivers\fetnd5b.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[09/19/2006 04:44 PM | 00,015,664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HPZid412) IEEE-1284.4 Driver HPZid412 [On_Demand | Stopped]
[03/08/2005 12:43 AM | 00,051,120 | R--- | M] (HP) - C:\WINDOWS\system32\drivers\HPZid412.sys

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [On_Demand | Stopped]
[03/08/2005 12:43 AM | 00,016,496 | R--- | M] (HP) - C:\WINDOWS\system32\drivers\HPZipr12.sys

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [On_Demand | Stopped]
[03/08/2005 12:43 AM | 00,021,744 | R--- | M] (HP) - C:\WINDOWS\system32\drivers\HPZius12.sys

(ialm) ialm [On_Demand | Stopped]
[04/15/2003 08:39 PM | 00,090,907 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys

(Inspect) COMODO Firewall Pro Firewall Driver [Boot | Running]
[08/27/2008 04:32 PM | 00,079,760 | ---- | M] (COMODO) - C:\WINDOWS\system32\drivers\inspect.sys

(ltmodem5) Agere Modem Driver [On_Demand | Running]
[07/02/2003 02:33 AM | 00,652,497 | ---- | M] (Agere Systems) - C:\WINDOWS\system32\drivers\ltmdmnt.sys

(LVUSBSta) Logitech USB Monitor Filter [On_Demand | Stopped]
[12/05/2005 11:26 PM | 00,039,424 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVUSBSta.sys

(NAVENG) NAVENG [On_Demand | Running]
[09/24/2003 11:00 AM | 00,067,800 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20030924.008\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[09/24/2003 11:00 AM | 00,539,576 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20030924.008\NAVEX15.SYS

(nv) nv [On_Demand | Stopped]
[04/13/2008 10:04 PM | 01,897,408 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(nvcap) nVidia WDM Video Capture (universal) [Auto | Stopped]
[07/30/2003 05:15 AM | 00,126,348 | ---- | M] () - C:\WINDOWS\system32\drivers\nvcap.sys

(NVXBAR) nVidia WDM A/V Crossbar [Auto | Stopped]
[07/30/2003 05:15 AM | 00,013,006 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nvxbar.sys

(nv_agp) NVIDIA nForce AGP Bus Filter [Boot | Running]
[09/03/2003 02:51 AM | 00,021,120 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv_agp.SYS

(Passthru) Service [On_Demand | Running]
[08/27/2008 04:28 PM | 00,104,864 | ---- | M] () - C:\WINDOWS\system32\drivers\ndisio.sys

(PenClass) Pen Class [Boot | Running]
[04/09/2001 04:45 PM | 00,008,138 | ---- | M] (Wacom Technology Corporation) - C:\WINDOWS\system32\drivers\PenClass.sys

(pfc) Padus ASPI Shell [On_Demand | Running]
[09/03/2003 10:01 AM | 00,010,368 | ---- | M] (Padus, Inc.) - C:\WINDOWS\system32\drivers\pfc.sys

(PID_0928) Logitech QuickCam Express(PID_0928) [On_Demand | Stopped]
[12/05/2005 11:27 PM | 00,287,360 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LV561AV.SYS

(Ps2) Ps2 [On_Demand | Running]
[06/04/2001 05:00 PM | 00,014,112 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\drivers\PS2.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/29/2002 08:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[07/18/2006 07:13 PM | 00,020,640 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [On_Demand | Stopped]
[10/04/2002 08:04 PM | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\R8139n51.sys

(S3Psddr) S3Psddr [On_Demand | Stopped]
[04/13/2008 10:04 PM | 00,166,912 | ---- | M] (S3 Graphics, Inc.) - C:\WINDOWS\system32\drivers\s3gnbm.sys

(SASDIFSV) SASDIFSV [System | Running]
[05/28/2008 10:33 AM | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

(SASENUM) SASENUM [On_Demand | Stopped]
[05/28/2008 10:33 AM | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[05/28/2008 10:33 AM | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(SAVRT) SAVRT [On_Demand | Running]
[08/07/2003 02:02 AM | 00,300,736 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\savrt.sys

(SAVRTPEL) SAVRTPEL [System | Running]
[08/07/2003 02:02 AM | 00,035,008 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\Savrtpel.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[04/13/2008 10:09 PM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(SiS315) SiS315 [On_Demand | Stopped]
[05/06/2003 06:34 PM | 00,394,752 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\sisgrp.sys

(SISAGP) SiS AGP Filter [Boot | Running]
[02/20/2003 07:18 PM | 00,036,608 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\SISAGPX.SYS

(SiSkp) SiSkp [System | Running]
[04/11/2003 11:51 AM | 00,010,624 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\srvkp.sys

(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [On_Demand | Stopped]
[08/17/2001 02:56 PM | 00,007,552 | ---- | M] (Sony Corporation) - C:\WINDOWS\system32\drivers\SONYPVU1.SYS

(SunkFilt) Alcor Micro Corp - 9360 [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\Drivers\sunkfilt.sys

(Sunkfiltp) HP && Alcor Micro Corp for Phison [On_Demand | Running]
[09/04/2003 03:07 PM | 00,033,804 | ---- | M] (Alcor Micro Corp.) - C:\WINDOWS\system32\drivers\sunkfiltp.sys

(SymEvent) SymEvent [On_Demand | Running]
[08/16/2003 03:22 AM | 00,082,136 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\SYMEVENT.SYS

(SYMREDRV) SYMREDRV [On_Demand | Running]
[08/16/2003 04:07 AM | 00,015,176 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symredrv.sys

(SYMTDI) SYMTDI [Auto | Running]
[08/16/2003 04:05 AM | 00,176,963 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symtdi.sys

(viaagp1) VIA AGP Filter [Boot | Running]
[07/02/2003 02:42 PM | 00,027,904 | ---- | M] (VIA Technologies, Inc.) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS

(viagfx) viagfx [On_Demand | Running]
[12/07/2004 08:08 PM | 00,172,672 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) - C:\WINDOWS\system32\drivers\vtmini.sys

({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [On_Demand | Stopped]
[04/15/2003 08:40 PM | 00,113,504 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmsbw.sys

({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [On_Demand | Stopped]
[04/15/2003 08:40 PM | 00,078,752 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmkchw.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor" = ALCXMNTR.EXE [09/07/2004 01:47 PM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.)
"AutoTKit" = C:\hp\bin\AUTOTKIT.EXE [06/18/2003 10:19 PM | 00,053,248 | ---- | M] ()
"CamMonitor" = c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe [10/07/2002 10:23 AM | 00,090,112 | ---- | M] ()
"ccApp" = "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/22/2004 05:45 PM | 00,071,280 | ---- | M] (Symantec Corporation)
"COMODO Firewall Pro" = "C:\Program Files\COMODO\Firewall\cfp.exe" -h [08/27/2008 04:32 PM | 01,655,552 | ---- | M] ()
"HotKeysCmds" = C:\WINDOWS\System32\hkcmd.exe [04/07/2003 10:07 AM | 00,114,688 | ---- | M] (Intel Corporation)
"HPDJ Taskbar Utility" = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe [03/08/2005 12:42 AM | 00,176,128 | ---- | M] (HP)
"HPHmon05" = C:\WINDOWS\System32\hphmon05.exe [05/23/2003 05:55 AM | 00,483,328 | ---- | M] (Hewlett-Packard)
"HPHUPD05" = c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe File not found
"hpsysdrv" = c:\windows\system\hpsysdrv.exe [05/07/1998 07:04 PM | 00,052,736 | ---- | M] (Hewlett-Packard Company)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM | 00,267,064 | ---- | M] (Apple Inc.)
"KBD" = C:\HP\KBD\KBD.EXE [02/11/2003 11:02 PM | 00,061,440 | ---- | M] (Hewlett-Packard Company)
"LTMSG" = LTMSG.exe 7 [07/14/2003 08:52 PM | 00,040,960 | ---- | M] (Agere Systems)
"MSPY2002" = C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC [08/29/2002 03:00 PM | 00,059,392 | ---- | M] ()
"PS2" = C:\WINDOWS\system32\ps2.exe [10/16/2002 07:57 PM | 00,081,920 | ---- | M] (Hewlett-Packard Company)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [06/29/2007 06:24 AM | 00,286,720 | ---- | M] (Apple Inc.)
"Recguard" = C:\WINDOWS\SMINST\RECGUARD.EXE [09/14/2002 12:42 AM | 00,212,992 | ---- | M] ()
"SetDefPrt" = C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe [11/11/2004 05:14 PM | 00,049,152 | ---- | M] (Brother Industories, Ltd.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"Sunkist2k" = C:\Program Files\Multimedia Card Reader\shwicon2k.exe [08/14/2003 09:12 PM | 00,139,264 | ---- | M] (Alcor Micro, Corp.)
"UpdateManager" = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r [08/19/2003 11:01 AM | 00,110,592 | ---- | M] (Sonic Solutions)
"VTTimer" = VTTimer.exe [10/22/2004 11:53 AM | 00,053,248 | ---- | M] (S3 Graphics, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = File not found
"BackupNotify" = c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe [06/23/2003 12:25 AM | 00,024,576 | ---- | M] ( )
"BitTorrent DNA" = "C:\Program Files\DNA\btdna.exe" [05/07/2008 08:08 PM | 00,289,088 | ---- | M] (BitTorrent, Inc.)
"MsnMsgr" = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found
"NVIEW" = rundll32.exe nview.dll,nViewLoadHook [08/19/2003 05:56 AM | 00,852,038 | ---- | M] (NVIDIA Corporation)
"RecordNow!" = File not found
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [03/30/2006 05:45 PM | 00,313,472 | R--- | M] (Adobe Systems Incorporated)
"Yahoo! Pager" = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [06/11/2007 06:16 PM | 04,670,968 | ---- | M] (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[09/23/2005 11:05 PM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[09/10/2003 04:53 PM | 00,036,953 | -H-- | M] (America Online, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
[07/07/2003 11:20 AM | 00,233,472 | ---- | M] (Hewlett-Packard Co.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[02/16/2005 08:54 PM | 00,450,560 | ---- | M] (Logitech) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
[07/30/2003 07:49 AM | 00,057,344 | ---- | M] (Intuit Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
[06/17/2005 04:35 PM | 00,114,688 | ---- | M] (Wacom Technology, Corp.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

[Owner Startup Folder - C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
[03/16/2005 08:16 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.) - C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[04/08/2004 08:04 PM | 00,225,280 | ---- | M] (Leader Technologies) - C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
[07/07/2003 07:50 PM | 00,557,056 | ---- | M] (interMute, Inc.) - C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
HKLM CLSID: (&Yahoo! Toolbar Helper) - [03/20/2007 05:39 PM | 00,803,864 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 05:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
""
HKLM CLSID: () - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Norton AntiVirus) - File not found c:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP View) - [09/03/2003 09:42 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [03/20/2007 05:39 PM | 00,803,864 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP View) - [09/03/2003 09:42 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Norton AntiVirus) - File not found c:\Program Files\Norton AntiVirus\NavShExt.dll

"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP View) - [09/03/2003 09:42 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [03/20/2007 05:39 PM | 00,803,864 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 91 00 00 00 [binary data]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

===== Desktop Components =====

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
" C:\WINDOWS\system32\guard32.dll" - [08/27/2008 04:32 PM | 00,143,104 | ---- | M] () C:\WINDOWS\system32\guard32.dll

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/14/2008 12:23 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/14/2008 05:42 AM | 00,141,312 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe [11/27/2007 06:45 PM | 00,588,080 | ---- | M] ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/14/2008 12:23 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/14/2008 05:42 AM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe [05/07/2008 08:08 PM | 00,289,088 | ---- | M] (BitTorrent, Inc.)
"C:\WINDOWS\system32\fuh.exe" = C:\WINDOWS\system32\fuh.exe File not found
"C:\WINDOWS\system32\ukxg.exe" = C:\WINDOWS\system32\ukxg.exe File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [09/07/2007 04:55 PM | 15,995,704 | ---- | M] (Apple Inc.)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe [12/11/2007 01:00 AM | 01,873,280 | ---- | M] (Cerulean Studios)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\explorer.exe [04/14/2008 05:42 AM | 01,033,728 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/14/2008 05:42 AM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
"C:\Documents and Settings\Owner\dlyexnl.exe \s" - [08/27/2008 04:29 PM | 00,033,792 | ---- | M] () C:\Documents and Settings\Owner\dlyexnl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/14/2008 05:42 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/14/2008 05:42 AM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [04/19/2007 01:41 PM | 00,294,912 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxsrvc.dll [04/07/2003 10:06 AM | 00,315,392 | ---- | M] (Intel Corporation)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{0689CEC2-8D77-4684-9520-B9193268E020}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D1B79580-F7BF-4154-B1C8-C37567E831D5}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{FA2FEC05-30B4-4CE9-8247-8DC06D68104A}]
Servers: | Description: VIA Rhine II Fast Ethernet Adapter

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[10/10/2003 10:32 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

AUTOEXEC.BAT []
[07/28/2001 06:07 AM | 00,000,000 | -HS- | M] () D:\AUTOEXEC.BAT [ FAT32 ]

Autorun.inf [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ]
[09/11/2002 03:02 AM | 00,000,045 | -HS- | M] () D:\Autorun.inf [ FAT32 ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c4d0d76-8ee3-11db-9e54-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c4d0d76-8ee3-11db-9e54-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c4d0d76-8ee3-11db-9e54-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b971416-540e-11db-9e06-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b971416-540e-11db-9e06-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b971416-540e-11db-9e06-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c1cb312-4e70-11db-9e00-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c1cb312-4e70-11db-9e00-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c1cb312-4e70-11db-9e00-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62a50201-9965-11dc-9fae-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62a50201-9965-11dc-9fae-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62a50201-9965-11dc-9fae-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8906e00a-7c6b-11da-9cb9-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8906e00a-7c6b-11da-9cb9-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8906e00a-7c6b-11da-9cb9-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a623bf2-4e68-11dc-9f46-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a623bf2-4e68-11dc-9f46-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a623bf2-4e68-11dc-9f46-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f38cc91-1b03-11db-9daf-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f38cc91-1b03-11db-9daf-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f38cc91-1b03-11db-9daf-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b69094d0-db2e-11db-9ebd-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b69094d0-db2e-11db-9ebd-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b69094d0-db2e-11db-9ebd-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[08/03/2008 04:33 PM | -H-D | C] - C:\$AVG8.VAULT$
[08/27/2008 04:49 PM | ---D | C] - C:\SmitfraudFix
[08/03/2008 04:17 PM | 00,000,403 | ---- | C] () - C:\WINDOWS\System32\dllcache\npdrmv2.zip
[08/03/2008 04:17 PM | 00,000,420 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmploc.js
[08/03/2008 04:17 PM | 00,000,717 | ---- | C] () - C:\WINDOWS\System32\dllcache\cloapp.gif
[08/03/2008 04:17 PM | 00,000,733 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst15.wpl
[08/03/2008 04:17 PM | 00,000,760 | ---- | C] () - C:\WINDOWS\System32\dllcache\cloapph.gif
[08/03/2008 04:17 PM | 00,000,772 | ---- | C] () - C:\WINDOWS\System32\dllcache\cntd.gif
[08/03/2008 04:17 PM | 00,000,773 | ---- | C] () - C:\WINDOWS\System32\dllcache\cnt.gif
[08/03/2008 04:17 PM | 00,000,773 | ---- | C] () - C:\WINDOWS\System32\dllcache\cnth.gif
[08/03/2008 04:17 PM | 00,000,775 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst14.wpl
[08/03/2008 04:17 PM | 00,000,783 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst13.wpl
[08/03/2008 04:17 PM | 00,000,784 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst9.wpl
[08/03/2008 04:17 PM | 00,000,787 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst10.wpl
[08/03/2008 04:17 PM | 00,000,789 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst11.wpl
[08/03/2008 04:17 PM | 00,000,855 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpocm.inf
[08/03/2008 04:17 PM | 00,000,908 | ---- | C] () - C:\WINDOWS\System32\dllcache\skins.inf
[08/03/2008 04:17 PM | 00,000,999 | ---- | C] () - C:\WINDOWS\System32\dllcache\bktrh.gif
[08/03/2008 04:17 PM | 00,001,036 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst8.wpl
[08/03/2008 04:17 PM | 00,001,046 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst7.wpl
[08/03/2008 04:17 PM | 00,001,049 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst2.wpl
[08/03/2008 04:17 PM | 00,001,148 | ---- | C] () - C:\WINDOWS\System32\dllcache\snd.htm
[08/03/2008 04:17 PM | 00,001,250 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst1.wpl
[08/03/2008 04:17 PM | 00,001,367 | ---- | C] () - C:\WINDOWS\System32\dllcache\taoffh.gif
[08/03/2008 04:17 PM | 00,001,380 | ---- | C] () - C:\WINDOWS\System32\dllcache\taoff.gif
[08/03/2008 04:17 PM | 00,001,380 | ---- | C] () - C:\WINDOWS\System32\dllcache\taonh.gif
[08/03/2008 04:17 PM | 00,001,398 | ---- | C] () - C:\WINDOWS\System32\dllcache\taon.gif
[08/03/2008 04:17 PM | 00,001,448 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst4.wpl
[08/03/2008 04:17 PM | 00,001,451 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst12.wpl
[08/03/2008 04:17 PM | 00,001,474 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst3.wpl
[08/03/2008 04:17 PM | 00,001,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst5.wpl
[08/03/2008 04:17 PM | 00,001,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst6.wpl
[08/03/2008 04:17 PM | 00,001,771 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmptour.css
[08/03/2008 04:17 PM | 00,001,885 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.cnt
[08/03/2008 04:17 PM | 00,002,371 | ---- | C] () - C:\WINDOWS\System32\dllcache\tpauseh.gif
[08/03/2008 04:17 PM | 00,002,375 | ---- | C] () - C:\WINDOWS\System32\dllcache\tplayh.gif
[08/03/2008 04:17 PM | 00,002,450 | ---- | C] () - C:\WINDOWS\System32\dllcache\tpause.gif
[08/03/2008 04:17 PM | 00,002,469 | ---- | C] () - C:\WINDOWS\System32\dllcache\tplay.gif
[08/03/2008 04:17 PM | 00,002,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm5.gif
[08/03/2008 04:17 PM | 00,002,545 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplogo.gif
[08/03/2008 04:17 PM | 00,002,778 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplogoh.gif
[08/03/2008 04:17 PM | 00,003,187 | ---- | C] () - C:\WINDOWS\System32\dllcache\tour.js
[08/03/2008 04:17 PM | 00,004,193 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm8.gif
[08/03/2008 04:17 PM | 00,005,290 | ---- | C] () - C:\WINDOWS\System32\dllcache\vidsamp.gif
[08/03/2008 04:17 PM | 00,005,789 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm1.gif
[08/03/2008 04:17 PM | 00,005,971 | ---- | C] () - C:\WINDOWS\System32\dllcache\events.js
[08/03/2008 04:17 PM | 00,006,060 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm6.gif
[08/03/2008 04:17 PM | 00,006,241 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm3.gif
[08/03/2008 04:17 PM | 00,006,769 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmfsdk.inf
[08/03/2008 04:17 PM | 00,006,878 | ---- | C] () - C:\WINDOWS\System32\dllcache\controls.js
[08/03/2008 04:17 PM | 00,007,369 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm4.gif
[08/03/2008 04:17 PM | 00,007,636 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm2.gif
[08/03/2008 04:17 PM | 00,007,892 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm9.gif
[08/03/2008 04:17 PM | 00,008,298 | ---- | C] () - C:\WINDOWS\System32\dllcache\contents.htm
[08/03/2008 04:17 PM | 00,008,677 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm7.gif
[08/03/2008 04:17 PM | 00,009,585 | ---- | C] () - C:\WINDOWS\System32\dllcache\controls.css
[08/03/2008 04:17 PM | 00,010,457 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmptour.hta
[08/03/2008 04:17 PM | 00,017,272 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmdm.inf
[08/03/2008 04:17 PM | 00,017,489 | ---- | C] () - C:\WINDOWS\System32\dllcache\videobg.gif
[08/03/2008 04:17 PM | 00,018,286 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.inf
[08/03/2008 04:17 PM | 00,022,060 | ---- | C] () - C:\WINDOWS\System32\dllcache\npds.zip
[08/03/2008 04:17 PM | 00,023,195 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplay.chm
[08/03/2008 04:17 PM | 00,023,829 | ---- | C] () - C:\WINDOWS\System32\dllcache\tourbg.gif
[08/03/2008 04:17 PM | 00,029,070 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmp.inf
[08/03/2008 04:17 PM | 00,066,725 | ---- | C] () - C:\WINDOWS\System32\dllcache\revert.wmz
[08/03/2008 04:17 PM | 00,067,374 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplayer.adm
[08/03/2008 04:17 PM | 00,077,307 | ---- | C] () - C:\WINDOWS\System32\dllcache\plyr_err.chm
[08/03/2008 04:17 PM | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) - C:\WINDOWS\System32\dllcache\sl_anet.acm
[08/03/2008 04:17 PM | 00,086,180 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud2.wav
[08/03/2008 04:17 PM | 00,086,180 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud4.wav
[08/03/2008 04:17 PM | 00,086,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud5.wav
[08/03/2008 04:17 PM | 00,097,117 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.hlp
[08/03/2008 04:17 PM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud3.wav
[08/03/2008 04:17 PM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud8.wav
[08/03/2008 04:17 PM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud9.wav
[08/03/2008 04:17 PM | 00,184,959 | ---- | C] () - C:\WINDOWS\System32\dllcache\compact.wmz
[08/03/2008 04:17 PM | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) - C:\WINDOWS\System32\dllcache\l3codeca.acm
[08/03/2008 04:17 PM | 00,300,969 | ---- | C] () - C:\WINDOWS\System32\dllcache\viz.wmv
[08/03/2008 04:17 PM | 00,343,204 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud6.wav
[08/03/2008 04:17 PM | 00,343,204 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud7.wav
[08/03/2008 04:17 PM | 00,354,468 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud1.wav
[08/03/2008 04:17 PM | 00,375,519 | ---- | C] () - C:\WINDOWS\System32\dllcache\nuskin.wmv
[08/03/2008 04:17 PM | 00,381,425 | ---- | C] () - C:\WINDOWS\System32\dllcache\copycd.wmv
[08/03/2008 04:17 PM | 00,457,607 | ---- | C] () - C:\WINDOWS\System32\dllcache\mdlib.wmv
[08/03/2008 04:17 PM | 00,572,557 | ---- | C] () - C:\WINDOWS\System32\dllcache\rtuner.wmv
[08/03/2008 04:17 PM | 00,613,334 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplayer.chm
[08/03/2008 04:10 PM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[08/03/2008 04:10 PM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[08/03/2008 04:10 PM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[08/03/2008 04:10 PM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[08/03/2008 04:10 PM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[08/03/2008 04:10 PM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll
[08/03/2008 04:10 PM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[08/03/2008 04:10 PM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[08/03/2008 04:10 PM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys
[08/03/2008 04:10 PM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll
[08/03/2008 04:10 PM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[08/03/2008 04:10 PM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[08/03/2008 04:10 PM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys
[08/03/2008 04:10 PM | 00,011,868 | ---- | C] (Conexant) - C:\WINDOWS\System32\drivers\mdmxsdk.sys
[08/03/2008 04:10 PM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys
[08/03/2008 04:10 PM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys
[08/03/2008 04:10 PM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[08/03/2008 04:10 PM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys
[08/03/2008 04:10 PM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys
[08/03/2008 04:10 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys
[08/03/2008 04:10 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys
[08/03/2008 04:10 PM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[08/03/2008 04:10 PM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys
[08/03/2008 04:10 PM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[08/03/2008 04:10 PM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[08/03/2008 04:10 PM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[08/03/2008 04:10 PM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[08/03/2008 04:10 PM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys
[08/03/2008 04:10 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[08/03/2008 04:10 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys
[08/03/2008 04:10 PM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys
[08/03/2008 04:10 PM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys
[08/03/2008 04:10 PM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[08/03/2008 04:10 PM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys
[08/03/2008 04:10 PM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys
[08/03/2008 04:10 PM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[08/03/2008 04:10 PM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[08/03/2008 04:10 PM | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) - C:\WINDOWS\System32\drivers\sisagp.sys
[08/03/2008 04:10 PM | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) - C:\WINDOWS\System32\drivers\amdagp.sys
[08/03/2008 04:10 PM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys
[08/03/2008 04:10 PM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys
[08/03/2008 04:10 PM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys
[08/03/2008 04:10 PM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys
[08/03/2008 04:10 PM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[08/03/2008 04:10 PM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/03/2008 04:10 PM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[08/03/2008 04:10 PM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys
[08/03/2008 04:10 PM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys
[08/03/2008 04:10 PM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys
[08/03/2008 04:10 PM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[08/03/2008 04:10 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[08/03/2008 04:10 PM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys
[08/03/2008 04:10 PM | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\System32\drivers\hdaudbus.sys
[08/03/2008 04:10 PM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[08/03/2008 04:10 PM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[08/03/2008 04:10 PM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[08/03/2008 04:10 PM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys
[08/03/2008 04:10 PM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys
[08/03/2008 04:10 PM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts2.sys
[08/03/2008 04:10 PM | 00,701,440 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtag.sys
[08/03/2008 04:10 PM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[08/03/2008 04:10 PM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys
[08/27/2008 04:32 PM | 00,024,208 | ---- | C] (COMODO) - C:\WINDOWS\System32\drivers\cmdhlp.sys
[08/27/2008 04:32 PM | 00,079,760 | ---- | C] (COMODO) - C:\WINDOWS\System32\drivers\inspect.sys
[08/27/2008 04:32 PM | 00,087,056 | ---- | C] (COMODO) - C:\WINDOWS\System32\drivers\cmdguard.sys
[1 C:\WINDOWS\System32\*.tmp files]
[08/03/2008 04:17 PM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax
[08/03/2008 04:17 PM | 00,023,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativmvxx.ax
[08/03/2008 04:17 PM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll
[08/03/2008 04:17 PM | 00,032,768 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativtmxx.dll
[08/03/2008 04:17 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe
[08/03/2008 04:17 PM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe
[08/03/2008 04:17 PM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll
[08/03/2008 04:17 PM | 00,086,016 | ---- | C] (Conexant) - C:\WINDOWS\System32\mdmxsdk.dll
[08/03/2008 04:17 PM | 00,188,508 | ---- | C] (Smart Link) - C

Edited by SKousik, 27 August 2008 - 03:16 PM.

  • 0

#6
SKousik

SKousik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
The second OTViewIt log:

OTViewIt Extras logfile created on: 8/27/2008 5:15:00 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.14 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 65.70% Memory free
1.95 Gb Paging File | 1.60 Gb Available in Paging File | 82.12% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.53 Gb Total Space | 116.45 Gb Free Space | 81.13% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.94 Gb Free Space | 17.11% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.html [@ = FirefoxHTML] - [07/19/2008 01:07 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2F1FD032-67D1-4569-923F-47EAF132BF0F}" = DocProc
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AB5110E-26A5-45D7-B941-49FC389872CB}" = Brother MFL-Pro Suite
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{4FB6F304-A91D-4919-98E5-D96E074EA9E5}" = SkinsHP1
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{5ADF6293-D60F-4425-AFA7-CEB820DB872B}" = QuickProjects
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D7F0A0E-369E-46C0-9F99-FAB21A064781}" = HP Photo and Imaging 2.0 - Photosmart Cameras
"{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}" = ArcSoft ShowBiz 2
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BBD57D6-09B1-4CC3-9664-A0D53EE25247}" = PSShortcutsP
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{829698DE-9EAC-475E-9A05-B7BA807CA1EF}" = Director
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A363B66C-1547-47bf-90F0-3834E70A841A}" = CreativeProjects
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B8A204BC-7177-470E-BBDD-47256D05B325}" = iTunes
"{B946D46E-1302-48B4-84EE-B74C3191D975}" = Corel Painter Essentials 2
"{BC467935-A9A5-4D0F-BD89-94F36CDF0524}" = Adobe Stock Photos 1.0
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C38BC5B7-62D3-4880-82DD-A4803FD81921}" = PhotoGallery
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2004
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}" = Terragen
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE4F8FFB-4063-4247-9F14-ECE61AFEFA25}" = TrayApp
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1D8C9C4-89BE-4f37-9EC4-B80E3C239C41}" = Copy
"{D545BB81-DEB0-49f7-BE26-197BC31AAF57}" = SkinsHP2
"{D6414CC7-F215-467F-88B1-546ED863F35B}" = CC_ccStart
"{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{DF3A077E-290A-4089-A446-5720F34D6946}" = Dolet Light for PrintMusic 2006
"{E1423608-F529-40A1-93CA-C7F396F30DF0}" = Google SketchUp
"{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}" = SymNet
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F247869D-3643-4A9F-821B-3534145928E3}" = HPIZ311
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_6.0" = AIM 6.0
"AOL Instant Messenger" = AOL Instant Messenger
"Apophysis 2.0" = Apophysis 2.0
"Armagetron Advanced" = Armagetron Advanced 0.2.8.2.1.gcc
"Audacity_is1" = Audacity 1.2.6
"ComcastToolbar" = Comcast Toolbar
"COMODO Firewall Pro" = COMODO Firewall Pro
"Finale PrintMusic 2006" = Finale PrintMusic 2006
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.3
"HijackThis" = HijackThis 2.0.2
"HP Instant Support" = HP Instant Support
"HP Photo & Imaging" = HP Photo & Imaging 3.1
"HP PSC 1500 series_Driver" = HP PSC 1500 series
"HPTOOLKIT" = toolkit
"InstallShield_{145CACAF-9B34-41FC-BE49-7D510A253E78}" = Multimedia Card Reader
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A}" = iPod for Windows 2005-10-12
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB942763" = Update for Windows XP (KB942763)
"KB946648" = Security Update for Windows XP (KB946648)
"KB950759" = Security Update for Windows XP (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838" = Security Update for Windows XP (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"KBD" = KBD
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.90 (Symantec Corporation)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Office Japanese Support" = Microsoft Office Japanese Support
"mIRC" = mIRC
"Mozilla (1.7.13)" = Mozilla (1.7.13)
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"NVIDIA" =
"NVIDIA GART Driver" = NVIDIA GART Driver
"Pandion" = Pandion
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"Real Lives 2007" = Real Lives 2007
"RealPlayer 6.0" = RealPlayer
"S3" = VIA/S3G Display Driver
"SpamSubtract" = SpamSubtract
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2004 (Symantec Corporation)
"Tablet Driver" = Tablet
"ToneGen" = NCH Tone Generator
"Trillian" = Trillian
"ViewpointMediaPlayer" = Viewpoint Media Player
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"WAV to MP3 Encoder" = WAV to MP3 Encoder
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)
"Xilisoft MOV Converter" = Xilisoft MOV Converter
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar

===== Uninstall List =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

===== Winsock2 Catalogs =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
Protocol_Catalog9\Catalog_Entries\000000000020 - File not found
Protocol_Catalog9\Catalog_Entries\000000000021 - File not found

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM - IEProtocolHandler Class]
[05/30/2008 03:54 PM | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll

===== Protocol Filters =====

< End of report >
  • 0

#7
SKousik

SKousik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
And a fresh HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:16, on 8/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\Firewall\cmdagent.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Owner\dlyexnl.exe \s
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

--
End of file - 10054 bytes
  • 0

#8
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello SKousik,
Your OTViewIt log got cutoff, please open up the OTViewIt.txt file on your Desktop and look thru the file until you see this line [Files/Folders - Created Within 30 days], please copy that line and everything below that and paste it in your next reply
  • 0

#9
SKousik

SKousik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I apologize for not copying and pasting very well... I've added a new reply with the end of the report included.

Edited by SKousik, 29 August 2008 - 04:10 PM.

  • 0

#10
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello SKousik,
Your OTViewIt log got cutoff again, please try to repost it again. When you do it this time please preview your post and make sure this is at the end of your post, < End of report >. If you do not see that you will need to use more then one reply for the log to fit.
  • 0

Advertisements


#11
SKousik

SKousik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
[Files/Folders - Created Within 30 days]
[08/03/2008 04:33 PM | -H-D | C] - C:\$AVG8.VAULT$
[08/27/2008 04:49 PM | ---D | C] - C:\SmitfraudFix
[08/03/2008 04:17 PM | 00,000,403 | ---- | C] () - C:\WINDOWS\System32\dllcache\npdrmv2.zip
[08/03/2008 04:17 PM | 00,000,420 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmploc.js
[08/03/2008 04:17 PM | 00,000,717 | ---- | C] () - C:\WINDOWS\System32\dllcache\cloapp.gif
[08/03/2008 04:17 PM | 00,000,733 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst15.wpl
[08/03/2008 04:17 PM | 00,000,760 | ---- | C] () - C:\WINDOWS\System32\dllcache\cloapph.gif
[08/03/2008 04:17 PM | 00,000,772 | ---- | C] () - C:\WINDOWS\System32\dllcache\cntd.gif
[08/03/2008 04:17 PM | 00,000,773 | ---- | C] () - C:\WINDOWS\System32\dllcache\cnt.gif
[08/03/2008 04:17 PM | 00,000,773 | ---- | C] () - C:\WINDOWS\System32\dllcache\cnth.gif
[08/03/2008 04:17 PM | 00,000,775 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst14.wpl
[08/03/2008 04:17 PM | 00,000,783 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst13.wpl
[08/03/2008 04:17 PM | 00,000,784 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst9.wpl
[08/03/2008 04:17 PM | 00,000,787 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst10.wpl
[08/03/2008 04:17 PM | 00,000,789 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst11.wpl
[08/03/2008 04:17 PM | 00,000,855 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpocm.inf
[08/03/2008 04:17 PM | 00,000,908 | ---- | C] () - C:\WINDOWS\System32\dllcache\skins.inf
[08/03/2008 04:17 PM | 00,000,999 | ---- | C] () - C:\WINDOWS\System32\dllcache\bktrh.gif
[08/03/2008 04:17 PM | 00,001,036 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst8.wpl
[08/03/2008 04:17 PM | 00,001,046 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst7.wpl
[08/03/2008 04:17 PM | 00,001,049 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst2.wpl
[08/03/2008 04:17 PM | 00,001,148 | ---- | C] () - C:\WINDOWS\System32\dllcache\snd.htm
[08/03/2008 04:17 PM | 00,001,250 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst1.wpl
[08/03/2008 04:17 PM | 00,001,367 | ---- | C] () - C:\WINDOWS\System32\dllcache\taoffh.gif
[08/03/2008 04:17 PM | 00,001,380 | ---- | C] () - C:\WINDOWS\System32\dllcache\taoff.gif
[08/03/2008 04:17 PM | 00,001,380 | ---- | C] () - C:\WINDOWS\System32\dllcache\taonh.gif
[08/03/2008 04:17 PM | 00,001,398 | ---- | C] () - C:\WINDOWS\System32\dllcache\taon.gif
[08/03/2008 04:17 PM | 00,001,448 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst4.wpl
[08/03/2008 04:17 PM | 00,001,451 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst12.wpl
[08/03/2008 04:17 PM | 00,001,474 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst3.wpl
[08/03/2008 04:17 PM | 00,001,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst5.wpl
[08/03/2008 04:17 PM | 00,001,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst6.wpl
[08/03/2008 04:17 PM | 00,001,771 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmptour.css
[08/03/2008 04:17 PM | 00,001,885 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.cnt
[08/03/2008 04:17 PM | 00,002,371 | ---- | C] () - C:\WINDOWS\System32\dllcache\tpauseh.gif
[08/03/2008 04:17 PM | 00,002,375 | ---- | C] () - C:\WINDOWS\System32\dllcache\tplayh.gif
[08/03/2008 04:17 PM | 00,002,450 | ---- | C] () - C:\WINDOWS\System32\dllcache\tpause.gif
[08/03/2008 04:17 PM | 00,002,469 | ---- | C] () - C:\WINDOWS\System32\dllcache\tplay.gif
[08/03/2008 04:17 PM | 00,002,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm5.gif
[08/03/2008 04:17 PM | 00,002,545 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplogo.gif
[08/03/2008 04:17 PM | 00,002,778 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplogoh.gif
[08/03/2008 04:17 PM | 00,003,187 | ---- | C] () - C:\WINDOWS\System32\dllcache\tour.js
[08/03/2008 04:17 PM | 00,004,193 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm8.gif
[08/03/2008 04:17 PM | 00,005,290 | ---- | C] () - C:\WINDOWS\System32\dllcache\vidsamp.gif
[08/03/2008 04:17 PM | 00,005,789 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm1.gif
[08/03/2008 04:17 PM | 00,005,971 | ---- | C] () - C:\WINDOWS\System32\dllcache\events.js
[08/03/2008 04:17 PM | 00,006,060 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm6.gif
[08/03/2008 04:17 PM | 00,006,241 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm3.gif
[08/03/2008 04:17 PM | 00,006,769 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmfsdk.inf
[08/03/2008 04:17 PM | 00,006,878 | ---- | C] () - C:\WINDOWS\System32\dllcache\controls.js
[08/03/2008 04:17 PM | 00,007,369 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm4.gif
[08/03/2008 04:17 PM | 00,007,636 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm2.gif
[08/03/2008 04:17 PM | 00,007,892 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm9.gif
[08/03/2008 04:17 PM | 00,008,298 | ---- | C] () - C:\WINDOWS\System32\dllcache\contents.htm
[08/03/2008 04:17 PM | 00,008,677 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm7.gif
[08/03/2008 04:17 PM | 00,009,585 | ---- | C] () - C:\WINDOWS\System32\dllcache\controls.css
[08/03/2008 04:17 PM | 00,010,457 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmptour.hta
[08/03/2008 04:17 PM | 00,017,272 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmdm.inf
[08/03/2008 04:17 PM | 00,017,489 | ---- | C] () - C:\WINDOWS\System32\dllcache\videobg.gif
[08/03/2008 04:17 PM | 00,018,286 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.inf
[08/03/2008 04:17 PM | 00,022,060 | ---- | C] () - C:\WINDOWS\System32\dllcache\npds.zip
[08/03/2008 04:17 PM | 00,023,195 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplay.chm
[08/03/2008 04:17 PM | 00,023,829 | ---- | C] () - C:\WINDOWS\System32\dllcache\tourbg.gif
[08/03/2008 04:17 PM | 00,029,070 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmp.inf
[08/03/2008 04:17 PM | 00,066,725 | ---- | C] () - C:\WINDOWS\System32\dllcache\revert.wmz
[08/03/2008 04:17 PM | 00,067,374 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplayer.adm
[08/03/2008 04:17 PM | 00,077,307 | ---- | C] () - C:\WINDOWS\System32\dllcache\plyr_err.chm
[08/03/2008 04:17 PM | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) - C:\WINDOWS\System32\dllcache\sl_anet.acm
[08/03/2008 04:17 PM | 00,086,180 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud2.wav
[08/03/2008 04:17 PM | 00,086,180 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud4.wav
[08/03/2008 04:17 PM | 00,086,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud5.wav
[08/03/2008 04:17 PM | 00,097,117 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.hlp
[08/03/2008 04:17 PM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud3.wav
[08/03/2008 04:17 PM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud8.wav
[08/03/2008 04:17 PM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud9.wav
[08/03/2008 04:17 PM | 00,184,959 | ---- | C] () - C:\WINDOWS\System32\dllcache\compact.wmz
[08/03/2008 04:17 PM | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) - C:\WINDOWS\System32\dllcache\l3codeca.acm
[08/03/2008 04:17 PM | 00,300,969 | ---- | C] () - C:\WINDOWS\System32\dllcache\viz.wmv
[08/03/2008 04:17 PM | 00,343,204 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud6.wav
[08/03/2008 04:17 PM | 00,343,204 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud7.wav
[08/03/2008 04:17 PM | 00,354,468 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud1.wav
[08/03/2008 04:17 PM | 00,375,519 | ---- | C] () - C:\WINDOWS\System32\dllcache\nuskin.wmv
[08/03/2008 04:17 PM | 00,381,425 | ---- | C] () - C:\WINDOWS\System32\dllcache\copycd.wmv
[08/03/2008 04:17 PM | 00,457,607 | ---- | C] () - C:\WINDOWS\System32\dllcache\mdlib.wmv
[08/03/2008 04:17 PM | 00,572,557 | ---- | C] () - C:\WINDOWS\System32\dllcache\rtuner.wmv
[08/03/2008 04:17 PM | 00,613,334 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplayer.chm
[08/03/2008 04:10 PM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[08/03/2008 04:10 PM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[08/03/2008 04:10 PM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[08/03/2008 04:10 PM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[08/03/2008 04:10 PM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[08/03/2008 04:10 PM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll
[08/03/2008 04:10 PM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[08/03/2008 04:10 PM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[08/03/2008 04:10 PM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys
[08/03/2008 04:10 PM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll
[08/03/2008 04:10 PM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[08/03/2008 04:10 PM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[08/03/2008 04:10 PM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys
[08/03/2008 04:10 PM | 00,011,868 | ---- | C] (Conexant) - C:\WINDOWS\System32\drivers\mdmxsdk.sys
[08/03/2008 04:10 PM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys
[08/03/2008 04:10 PM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys
[08/03/2008 04:10 PM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[08/03/2008 04:10 PM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys
[08/03/2008 04:10 PM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys
[08/03/2008 04:10 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys
[08/03/2008 04:10 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys
[08/03/2008 04:10 PM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[08/03/2008 04:10 PM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys
[08/03/2008 04:10 PM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[08/03/2008 04:10 PM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[08/03/2008 04:10 PM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[08/03/2008 04:10 PM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[08/03/2008 04:10 PM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys
[08/03/2008 04:10 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[08/03/2008 04:10 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys
[08/03/2008 04:10 PM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys
[08/03/2008 04:10 PM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys
[08/03/2008 04:10 PM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[08/03/2008 04:10 PM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys
[08/03/2008 04:10 PM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys
[08/03/2008 04:10 PM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[08/03/2008 04:10 PM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[08/03/2008 04:10 PM | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) - C:\WINDOWS\System32\drivers\sisagp.sys
[08/03/2008 04:10 PM | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) - C:\WINDOWS\System32\drivers\amdagp.sys
[08/03/2008 04:10 PM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys
[08/03/2008 04:10 PM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys
[08/03/2008 04:10 PM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys
[08/03/2008 04:10 PM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys
[08/03/2008 04:10 PM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[08/03/2008 04:10 PM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/03/2008 04:10 PM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[08/03/2008 04:10 PM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys
[08/03/2008 04:10 PM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys
[08/03/2008 04:10 PM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys
[08/03/2008 04:10 PM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[08/03/2008 04:10 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[08/03/2008 04:10 PM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys
[08/03/2008 04:10 PM | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\System32\drivers\hdaudbus.sys
[08/03/2008 04:10 PM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[08/03/2008 04:10 PM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[08/03/2008 04:10 PM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[08/03/2008 04:10 PM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys
[08/03/2008 04:10 PM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys
[08/03/2008 04:10 PM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts2.sys
[08/03/2008 04:10 PM | 00,701,440 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtag.sys
[08/03/2008 04:10 PM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[08/03/2008 04:10 PM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys
[08/27/2008 04:32 PM | 00,024,208 | ---- | C] (COMODO) - C:\WINDOWS\System32\drivers\cmdhlp.sys
[08/27/2008 04:32 PM | 00,079,760 | ---- | C] (COMODO) - C:\WINDOWS\System32\drivers\inspect.sys
[08/27/2008 04:32 PM | 00,087,056 | ---- | C] (COMODO) - C:\WINDOWS\System32\drivers\cmdguard.sys
[1 C:\WINDOWS\System32\*.tmp files]
[08/03/2008 04:17 PM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax
[08/03/2008 04:17 PM | 00,023,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativmvxx.ax
[08/03/2008 04:17 PM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll
[08/03/2008 04:17 PM | 00,032,768 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativtmxx.dll
[08/03/2008 04:17 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe
[08/03/2008 04:17 PM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe
[08/03/2008 04:17 PM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll
[08/03/2008 04:17 PM | 00,086,016 | ---- | C] (Conexant) - C:\WINDOWS\System32\mdmxsdk.dll
[08/03/2008 04:17 PM | 00,188,508 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slgen.dll
[08/03/2008 04:17 PM | 00,201,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvag.dll
[08/03/2008 04:17 PM | 00,229,376 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2cqag.dll
[08/03/2008 04:17 PM | 00,286,792 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slextspk.dll
[08/03/2008 04:17 PM | 00,377,984 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvaa.dll
[08/03/2008 04:17 PM | 00,516,768 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ativvaxx.dll
[08/03/2008 04:17 PM | 00,870,784 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3d1ag.dll
[08/03/2008 04:17 PM | 01,737,856 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\mtxparhd.dll
[08/03/2008 04:17 PM | 01,888,992 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3duag.dll
[08/03/2008 04:17 PM | ---D | C] - C:\WINDOWS\System32\en
[08/03/2008 04:17 PM | ---D | C] - C:\WINDOWS\System32\en-us
[08/03/2008 04:17 PM | ---D | C] - C:\WINDOWS\System32\scripting
[08/03/2008 06:55 PM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[08/03/2008 06:55 PM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[08/03/2008 06:55 PM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08/03/2008 11:16 AM | ---D | C] - C:\WINDOWS\System32\bits
[08/03/2008 11:17 AM | ---D | C] - C:\WINDOWS\System32\PreInstall
[08/03/2008 11:39 PM | 00,000,118 | ---- | C] () - C:\WINDOWS\System32\MRT.INI
[08/27/2008 04:32 PM | 00,143,104 | ---- | C] () - C:\WINDOWS\System32\guard32.dll
[3 C:\WINDOWS\*.tmp files]
[08/02/2008 05:40 PM | 00,001,409 | ---- | C] () - C:\WINDOWS\QTFont.for
[08/02/2008 05:40 PM | 00,054,156 | -H-- | C] () - C:\WINDOWS\QTFont.qfn
[08/03/2008 04:10 PM | ---D | C] - C:\WINDOWS\network diagnostic
[08/03/2008 04:17 PM | ---D | C] - C:\WINDOWS\l2schemas
[08/03/2008 04:23 PM | ---D | C] - C:\WINDOWS\Prefetch
[08/03/2008 04:30 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\avg8
[08/04/2008 11:45 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[08/27/2008 04:32 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\comodo
[08/04/2008 11:45 AM | ---D | C] - C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[08/27/2008 04:32 PM | ---D | C] - C:\Documents and Settings\Owner\Application Data\Comodo
[08/04/2008 11:21 AM | 03,780,306 | -H-- | C] () - C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[08/27/2008 04:53 PM | 00,000,729 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\COMODO Firewall Pro.lnk
[08/14/2008 04:12 PM | 00,051,277 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\Weird.BAK
[08/14/2008 04:12 PM | 00,051,567 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\Weird.MUS
[08/16/2008 01:40 PM | 00,052,888 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\Thingy.BAK
[08/16/2008 01:40 PM | 00,053,366 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\Thingy.MUS
[08/16/2008 11:08 PM | 00,234,107 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\Frederik.PNG
[08/17/2008 04:25 PM | 00,007,086 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\have_you_ever_seen_the_rain.ptb
[08/17/2008 08:00 PM | 00,004,738 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\pokemon_poke_center.ptb
[08/22/2008 05:58 PM | 00,001,745 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[08/27/2008 05:14 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[08/03/2008 04:30 PM | ---D | C] - C:\Program Files\AVG
[08/04/2008 10:48 PM | ---D | C] - C:\Program Files\MSXML 4.0
[08/04/2008 11:45 AM | ---D | C] - C:\Program Files\SUPERAntiSpyware
[08/11/2008 08:56 PM | ---D | C] - C:\Program Files\Microsoft Silverlight
[08/22/2008 05:58 PM | ---D | C] - C:\Program Files\Trend Micro
[08/27/2008 04:32 PM | ---D | C] - C:\Program Files\COMODO

[Files/Folders - Modified Within 30 days]
[08/03/2008 03:48 PM | ---D | M] - C:\Documents and Settings
[08/03/2008 04:10 PM | 00,047,564 | RHS- | M] () - C:\NTDETECT.COM
[08/03/2008 04:10 PM | 00,250,048 | RHS- | M] () - C:\ntldr
[08/03/2008 04:19 PM | 00,000,283 | RHS- | M] () - C:\boot.ini
[08/04/2008 11:29 AM | -H-D | M] - C:\$AVG8.VAULT$
[08/11/2008 08:56 PM | -HSD | M] - C:\Config.Msi
[08/27/2008 04:32 PM | R--D | M] - C:\Program Files
[08/27/2008 04:49 PM | ---D | M] - C:\SmitfraudFix
[08/27/2008 04:55 PM | ---D | M] - C:\WINDOWS
[08/27/2008 04:28 PM | 00,104,864 | ---- | M] () - C:\WINDOWS\System32\drivers\ndisio.sys
[08/27/2008 04:32 PM | 00,024,208 | ---- | M] (COMODO) - C:\WINDOWS\System32\drivers\cmdhlp.sys
[08/27/2008 04:32 PM | 00,079,760 | ---- | M] (COMODO) - C:\WINDOWS\System32\drivers\inspect.sys
[08/27/2008 04:32 PM | 00,087,056 | ---- | M] (COMODO) - C:\WINDOWS\System32\drivers\cmdguard.sys
[1 C:\WINDOWS\System32\*.tmp files]
[08/03/2008 04:13 PM | ---D | M] - C:\WINDOWS\System32\Com
[08/03/2008 04:13 PM | ---D | M] - C:\WINDOWS\System32\npp
[08/03/2008 04:13 PM | ---D | M] - C:\WINDOWS\System32\Restore
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\System32\bits
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\System32\en
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\System32\en-us
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\System32\mui
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\System32\oobe
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\System32\scripting
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\System32\usmt
[08/03/2008 04:20 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/03/2008 04:22 PM | 00,229,592 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/03/2008 04:22 PM | ---D | M] - C:\WINDOWS\System32\Setup
[08/03/2008 04:23 PM | ---D | M] - C:\WINDOWS\System32\wbem
[08/03/2008 05:00 PM | ---D | M] - C:\WINDOWS\System32\ReinstallBackups
[08/03/2008 11:17 AM | ---D | M] - C:\WINDOWS\System32\PreInstall
[08/03/2008 11:39 PM | 00,000,118 | ---- | M] () - C:\WINDOWS\System32\MRT.INI
[08/04/2008 10:50 PM | 00,053,436 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/04/2008 10:50 PM | 00,381,692 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/04/2008 10:50 PM | 00,429,838 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/21/2008 06:49 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/25/2008 06:19 PM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/27/2008 04:29 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/27/2008 04:32 PM | 00,143,104 | ---- | M] () - C:\WINDOWS\System32\guard32.dll
[08/27/2008 04:32 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/27/2008 04:55 PM | 00,000,335 | ---- | M] () - C:\WINDOWS\System32\tablet.dat
[08/27/2008 04:55 PM | 00,000,248 | ---- | M] () - C:\WINDOWS\System\hpsysdrv.dat
[3 C:\WINDOWS\*.tmp files]
[08/02/2008 05:40 PM | 00,001,409 | ---- | M] () - C:\WINDOWS\QTFont.for
[08/03/2008 04:02 PM | ---D | M] - C:\WINDOWS\EHome
[08/03/2008 04:09 PM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstall$
[08/03/2008 04:10 PM | R--D | M] - C:\WINDOWS\Web
[08/03/2008 04:12 PM | ---D | M] - C:\WINDOWS\system
[08/03/2008 04:13 PM | ---D | M] - C:\WINDOWS\msagent
[08/03/2008 04:13 PM | ---D | M] - C:\WINDOWS\srchasst
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\ime
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\l2schemas
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\network diagnostic
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\peernet
[08/03/2008 04:20 PM | ---D | M] - C:\WINDOWS\security
[08/03/2008 04:22 PM | ---D | M] - C:\WINDOWS\AppPatch
[08/03/2008 04:22 PM | R-SD | M] - C:\WINDOWS\Fonts
[08/03/2008 04:25 PM | 00,316,640 | ---- | M] () - C:\WINDOWS\WMSysPr9.prx
[08/03/2008 06:14 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/03/2008 11:15 AM | ---D | M] - C:\WINDOWS\SoftwareDistribution
[08/03/2008 11:16 AM | -H-D | M] - C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[08/03/2008 11:36 PM | ---D | M] - C:\WINDOWS\Debug
[08/04/2008 10:48 PM | ---D | M] - C:\WINDOWS\WinSxS
[08/04/2008 10:50 PM | ---D | M] - C:\WINDOWS\Registration
[08/11/2008 08:56 PM | -HSD | M] - C:\WINDOWS\Installer
[08/14/2008 01:31 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/14/2008 01:31 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/20/2008 04:44 PM | ---D | M] - C:\WINDOWS\Help
[08/20/2008 04:44 PM | -H-D | M] - C:\WINDOWS\inf
[08/27/2008 04:55 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/27/2008 04:55 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/27/2008 04:58 PM | ---D | M] - C:\WINDOWS\system32
[08/27/2008 04:58 PM | ---D | M] - C:\WINDOWS\Temp
[08/27/2008 05:15 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/08/2008 11:19 PM | 00,000,270 | ---- | M] () - C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[08/21/2008 07:51 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/22/2008 08:00 PM | 00,000,530 | ---- | M] () - C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job
[08/22/2008 08:00 PM | 00,000,530 | ---- | M] () - C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[08/27/2008 04:55 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/27/2008 05:17 PM | 00,000,412 | ---- | M] () - C:\WINDOWS\tasks\Symantec NetDetect.job
[08/04/2008 11:30 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\avg8
[08/04/2008 11:45 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[08/27/2008 04:55 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\comodo
[07/30/2008 01:32 AM | ---D | M] - C:\Documents and Settings\Owner\Application Data\Uniblue
[07/30/2008 11:01 AM | ---D | M] - C:\Documents and Settings\Owner\Application Data\skypePM
[07/30/2008 12:03 PM | ---D | M] - C:\Documents and Settings\Owner\Application Data\Skype
[08/04/2008 11:30 AM | --SD | M] - C:\Documents and Settings\Owner\Application Data\Microsoft
[08/04/2008 11:45 AM | ---D | M] - C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[08/27/2008 04:32 PM | ---D | M] - C:\Documents and Settings\Owner\Application Data\Comodo
[08/27/2008 05:15 PM | ---D | M] - C:\Documents and Settings\Owner\Application Data\DNA
[08/03/2008 04:27 PM | 00,073,048 | ---- | M] () - C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/04/2008 11:22 AM | 03,780,306 | -H-- | M] () - C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[08/16/2008 11:43 PM | 00,047,104 | ---- | M] () - C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/27/2008 04:55 PM | ---D | M] - C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
[7 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[08/03/2008 04:25 PM | 00,000,076 | -HS- | M] () - C:\Documents and Settings\Owner\My Documents\desktop.ini
[08/03/2008 04:25 PM | R--D | M] - C:\Documents and Settings\Owner\My Documents\My Music
[08/15/2008 10:40 PM | ---D | M] - C:\Documents and Settings\Owner\My Documents\Updater
[08/16/2008 11:08 PM | R--D | M] - C:\Documents and Settings\Owner\My Documents\My Pictures
[08/27/2008 04:53 PM | 00,000,729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\COMODO Firewall Pro.lnk
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files]
[07/28/2008 05:55 PM | 00,351,744 | -HS- | M] () - C:\Documents and Settings\Owner\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
[08/03/2008 06:19 PM | R--D | M] - C:\Documents and Settings\Owner\Desktop\Shrey's stuff
[08/04/2008 05:21 PM | ---D | M] - C:\Documents and Settings\Owner\Desktop\MUSC Exp
[08/11/2008 05:43 PM | ---D | M] - C:\Documents and Settings\Owner\Desktop\Pictures
[08/14/2008 04:12 PM | 00,051,277 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\Weird.BAK
[08/14/2008 04:18 PM | 00,051,567 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\Weird.MUS
[08/16/2008 01:44 PM | 00,052,888 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\Thingy.BAK
[08/16/2008 01:50 PM | 00,053,366 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\Thingy.MUS
[08/16/2008 11:08 PM | 00,234,107 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\Frederik.PNG
[08/17/2008 04:25 PM | 00,007,086 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\have_you_ever_seen_the_rain.ptb
[08/17/2008 08:00 PM | 00,004,738 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\pokemon_poke_center.ptb
[08/18/2008 09:50 PM | 00,076,288 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\11th_grade_Summer_2008_Reading_AP_US_History.doc
[08/22/2008 05:58 PM | 00,001,745 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[08/25/2008 07:38 PM | ---D | M] - C:\Documents and Settings\Owner\Desktop\Music Files
[08/26/2008 10:02 PM | ---D | M] - C:\Documents and Settings\Owner\Desktop\AP Lit Notes
[08/27/2008 05:14 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[08/03/2008 04:13 PM | ---D | M] - C:\Program Files\Common Files\System
[08/03/2008 04:30 PM | ---D | M] - C:\Program Files\Common Files\Microsoft Shared
[08/03/2008 07:25 PM | ---D | M] - C:\Program Files\Common Files\WinSoftware
[08/04/2008 11:45 AM | ---D | M] - C:\Program Files\Common Files\Wise Installation Wizard

< End of report >
  • 0

#12
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello SKousik,

STEP 1
The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit"="C:\WINDOWS\system32\userinit.exe"
Then double click on the fix.reg file, when it prompts to merge click "Yes".

STEP 2
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\Owner\dlyexnl.exe
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 3
Please delete your version of SmitfraudFix.exe and do the following.



Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
STEP 4
Please run another scan with OTViewIt and post the logs back in your next reply.
~~~~~~~~~~
In your next reply please have these logs. You will need to use more then one reply for all the logs to fit.
The OTMoveIt2 log
The SmitfraudFix log (if it will run this time)
And the OTViewIt logs

  • 0

#13
SKousik

SKousik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Smitfraud would not run again. Also, OTMoveIt2 would not close, and did not give me a reboot prompt, so I ended it from Task Manager (which I suspect might have been a bad thing to do, but the exe at least seemed to have finished whatever it needed to do). Here's the OTMoveIt2 Log:

Explorer killed successfully
C:\Documents and Settings\Owner\dlyexnl.exe moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_Bi20gq4MdmdjcQta8Mt3 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08312008_235817

Files moved on Reboot...
File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_Bi20gq4MdmdjcQta8Mt3 not found!



I'll put the OTViewIt logs in two other replies.

Edited by SKousik, 01 September 2008 - 08:52 AM.

  • 0

#14
SKousik

SKousik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
OTViewIt logfile created on: 9/1/2008 12:03:17 AM - Run 2
OTViewIt by OldTimer - Version 1.0.0.14 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 60.89% Memory free
1.95 Gb Paging File | 1.59 Gb Available in Paging File | 81.33% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.53 Gb Total Space | 117.60 Gb Free Space | 81.94% Space Free | Partition Type: NTFS
Drive D: | 5.50 Gb Total Space | 0.94 Gb Free Space | 17.11% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHREYAS
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[12/22/2004 05:45 PM | 00,235,120 | ---- | M] (Symantec Corporation) - c:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
[12/22/2004 05:45 PM | 00,255,600 | ---- | M] (Symantec Corporation) - c:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
[10/29/2007 02:27 PM | 00,587,096 | ---- | M] (Lavasoft AB) - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[08/27/2008 04:32 PM | 00,519,936 | ---- | M] () - C:\Program Files\COMODO\Firewall\cmdagent.exe
[08/18/2003 02:34 AM | 00,158,376 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\navapsvc.exe
[06/17/2005 04:00 PM | 00,749,568 | ---- | M] (Wacom Technology, Corp.) - C:\WINDOWS\system32\Tablet.exe
[05/07/1998 07:04 PM | 00,052,736 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system\hpsysdrv.exe
[10/07/2002 10:23 AM | 00,090,112 | ---- | M] () - C:\Program Files\HP\Digital Imaging\Unload\HpqCmon.exe
[05/23/2003 05:55 AM | 00,483,328 | ---- | M] (Hewlett-Packard) - C:\WINDOWS\system32\hphmon05.exe
[02/11/2003 11:02 PM | 00,061,440 | ---- | M] (Hewlett-Packard Company) - C:\hp\KBD\kbd.exe
[10/22/2004 11:53 AM | 00,053,248 | ---- | M] (S3 Graphics, Inc.) - C:\WINDOWS\system32\VTTimer.exe
[12/22/2004 05:45 PM | 00,071,280 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
[07/14/2003 08:52 PM | 00,040,960 | ---- | M] (Agere Systems) - C:\WINDOWS\ltmsg.exe
[08/14/2003 09:12 PM | 00,139,264 | ---- | M] (Alcor Micro, Corp.) - C:\Program Files\Multimedia Card Reader\shwicon2k.exe
[03/08/2005 12:42 AM | 00,176,128 | ---- | M] (HP) - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
[08/10/2003 03:26 AM | 00,193,816 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\SAVScan.exe
[09/07/2007 04:55 PM | 00,267,064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[09/07/2004 01:47 PM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\ALCXMNTR.EXE
[08/27/2008 04:32 PM | 01,655,552 | ---- | M] () - C:\Program Files\COMODO\Firewall\cfp.exe
[05/07/2008 08:08 PM | 00,289,088 | ---- | M] (BitTorrent, Inc.) - C:\Program Files\DNA\btdna.exe
[07/07/2003 11:20 AM | 00,233,472 | ---- | M] (Hewlett-Packard Co.) - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[06/17/2005 04:35 PM | 00,114,688 | ---- | M] (Wacom Technology, Corp.) - C:\WINDOWS\system32\WTablet\TabUserW.exe
[06/11/2007 06:16 PM | 00,103,928 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[07/07/2003 07:50 PM | 00,557,056 | ---- | M] (interMute, Inc.) - C:\Program Files\interMute\SpamSubtract\SpamSub.exe
[09/07/2007 04:55 PM | 00,503,608 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[07/19/2008 01:07 PM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[08/27/2008 05:14 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Owner\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aawservice) Ad-Aware 2007 Service [Auto | Running]
[10/29/2007 02:27 PM | 00,587,096 | ---- | M] (Lavasoft AB) - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

(Adobe LM Service) Adobe LM Service [On_Demand | Stopped]
[12/13/2005 09:53 PM | 00,072,704 | ---- | M] (Adobe Systems) - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

(ccEvtMgr) Symantec Event Manager [Auto | Running]
[12/22/2004 05:45 PM | 00,255,600 | ---- | M] (Symantec Corporation) - c:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE

(ccPwdSvc) Symantec Password Validation [On_Demand | Stopped]
[12/22/2004 05:45 PM | 00,087,664 | ---- | M] (Symantec Corporation) - c:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE

(ccSetMgr) Symantec Settings Manager [Auto | Running]
[12/22/2004 05:45 PM | 00,235,120 | ---- | M] (Symantec Corporation) - c:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE

(cmdAgent) COMODO Firewall Pro Helper Service [Auto | Running]
[08/27/2008 04:32 PM | 00,519,936 | ---- | M] () - C:\Program Files\COMODO\Firewall\cmdagent.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/14/2008 05:42 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(IDriverT) InstallDriver Table Manager [On_Demand | Stopped]
[04/04/2005 01:41 AM | 00,069,632 | ---- | M] (Macrovision Corporation) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

(iPod Service) iPod Service [On_Demand | Running]
[09/07/2007 04:55 PM | 00,503,608 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(Macromedia Licensing Service) Macromedia Licensing Service [On_Demand | Stopped]
[06/25/2005 07:26 PM | 00,069,632 | ---- | M] (Macromedia) - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

(navapsvc) Norton AntiVirus Auto Protect Service [Auto | Running]
[08/18/2003 02:34 AM | 00,158,376 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\navapsvc.exe

(NVSvc) NVIDIA Driver Helper Service [Auto | Stopped]
[08/19/2003 05:56 AM | 00,077,824 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Stopped]
[09/29/2004 01:14 PM | 00,069,632 | ---- | M] (HP) - C:\WINDOWS\system32\HPZipm12.exe

(SAVScan) SAVScan [On_Demand | Running]
[08/10/2003 03:26 AM | 00,193,816 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\SAVScan.exe

(TabletService) TabletService [Auto | Running]
[06/17/2005 04:00 PM | 00,749,568 | ---- | M] (Wacom Technology, Corp.) - C:\WINDOWS\system32\Tablet.exe

===== Driver Services - Non-Microsoft Only =====

(AFS2K) AFS2K [System | Running]
[10/07/2004 09:16 PM | 00,035,840 | ---- | M] (Oak Technology Inc.) - C:\WINDOWS\System32\drivers\AFS2K.SYS

(ALCXWDM) Service for Realtek AC97 Audio (WDM) [On_Demand | Running]
[10/01/2004 10:24 AM | 02,279,424 | ---- | M] (Realtek Semiconductor Corp.) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS

(BVRPMPR5) BVRPMPR5 NDIS Protocol Driver [On_Demand | Stopped]
[09/16/2005 12:46 PM | 00,044,224 | R--- | M] (BVRP Software) - C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

(cmdGuard) COMODO Firewall Pro Sandbox Driver [System | Running]
[08/27/2008 04:32 PM | 00,087,056 | ---- | M] (COMODO) - C:\WINDOWS\system32\drivers\cmdguard.sys

(cmdHlp) COMODO Firewall Pro Helper Driver [System | Running]
[08/27/2008 04:32 PM | 00,024,208 | ---- | M] (COMODO) - C:\WINDOWS\system32\drivers\cmdhlp.sys

(dmboot) dmboot [Disabled | Stopped]
[04/14/2008 12:14 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) dmio [Disabled | Stopped]
[04/14/2008 12:14 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[08/29/2002 08:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(fasttx2k) fasttx2k [Boot | Running]
[06/19/2003 04:59 AM | 00,140,800 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\Fasttx2k.sys

(FETND5BV) VIA Rhine-Family Fast Ethernet Adapter Driver Service [On_Demand | Running]
[12/16/2004 01:36 PM | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) - C:\WINDOWS\system32\drivers\fetnd5bv.sys

(FETNDISB) VIA Rhine Family Fast Ethernet Adapter Driver Service [On_Demand | Stopped]
[01/16/2003 02:05 AM | 00,041,984 | ---- | M] (VIA Technologies, Inc. ) - C:\WINDOWS\system32\drivers\fetnd5b.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[09/19/2006 04:44 PM | 00,015,664 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HPZid412) IEEE-1284.4 Driver HPZid412 [On_Demand | Stopped]
[03/08/2005 12:43 AM | 00,051,120 | R--- | M] (HP) - C:\WINDOWS\system32\drivers\HPZid412.sys

(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [On_Demand | Stopped]
[03/08/2005 12:43 AM | 00,016,496 | R--- | M] (HP) - C:\WINDOWS\system32\drivers\HPZipr12.sys

(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [On_Demand | Stopped]
[03/08/2005 12:43 AM | 00,021,744 | R--- | M] (HP) - C:\WINDOWS\system32\drivers\HPZius12.sys

(ialm) ialm [On_Demand | Stopped]
[04/15/2003 08:39 PM | 00,090,907 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmnt5.sys

(Inspect) COMODO Firewall Pro Firewall Driver [Boot | Running]
[08/27/2008 04:32 PM | 00,079,760 | ---- | M] (COMODO) - C:\WINDOWS\system32\drivers\inspect.sys

(ltmodem5) Agere Modem Driver [On_Demand | Running]
[07/02/2003 02:33 AM | 00,652,497 | ---- | M] (Agere Systems) - C:\WINDOWS\system32\drivers\ltmdmnt.sys

(LVUSBSta) Logitech USB Monitor Filter [On_Demand | Stopped]
[12/05/2005 11:26 PM | 00,039,424 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LVUSBSta.sys

(NAVENG) NAVENG [On_Demand | Running]
[09/24/2003 11:00 AM | 00,067,800 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20030924.008\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[09/24/2003 11:00 AM | 00,539,576 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20030924.008\NAVEX15.SYS

(nv) nv [On_Demand | Stopped]
[04/13/2008 10:04 PM | 01,897,408 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(nvcap) nVidia WDM Video Capture (universal) [Auto | Stopped]
[07/30/2003 05:15 AM | 00,126,348 | ---- | M] () - C:\WINDOWS\system32\drivers\nvcap.sys

(NVXBAR) nVidia WDM A/V Crossbar [Auto | Stopped]
[07/30/2003 05:15 AM | 00,013,006 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nvxbar.sys

(nv_agp) NVIDIA nForce AGP Bus Filter [Boot | Running]
[09/03/2003 02:51 AM | 00,021,120 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv_agp.SYS

(Passthru) Service [On_Demand | Running]
[08/27/2008 04:28 PM | 00,104,864 | ---- | M] () - C:\WINDOWS\system32\drivers\ndisio.sys

(PenClass) Pen Class [Boot | Running]
[04/09/2001 04:45 PM | 00,008,138 | ---- | M] (Wacom Technology Corporation) - C:\WINDOWS\system32\drivers\PenClass.sys

(pfc) Padus ASPI Shell [On_Demand | Running]
[09/03/2003 10:01 AM | 00,010,368 | ---- | M] (Padus, Inc.) - C:\WINDOWS\system32\drivers\pfc.sys

(PID_0928) Logitech QuickCam Express(PID_0928) [On_Demand | Stopped]
[12/05/2005 11:27 PM | 00,287,360 | R--- | M] (Logitech Inc.) - C:\WINDOWS\system32\drivers\LV561AV.SYS

(Ps2) Ps2 [On_Demand | Running]
[06/04/2001 05:00 PM | 00,014,112 | ---- | M] (Hewlett-Packard Company) - C:\WINDOWS\system32\drivers\PS2.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/29/2002 08:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[07/18/2006 07:13 PM | 00,020,640 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [On_Demand | Stopped]
[10/04/2002 08:04 PM | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\system32\drivers\R8139n51.sys

(S3Psddr) S3Psddr [On_Demand | Stopped]
[04/13/2008 10:04 PM | 00,166,912 | ---- | M] (S3 Graphics, Inc.) - C:\WINDOWS\system32\drivers\s3gnbm.sys

(SASDIFSV) SASDIFSV [System | Running]
[05/28/2008 10:33 AM | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\sasdifsv.sys

(SASENUM) SASENUM [On_Demand | Stopped]
[05/28/2008 10:33 AM | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Running]
[05/28/2008 10:33 AM | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

(SAVRT) SAVRT [On_Demand | Running]
[08/07/2003 02:02 AM | 00,300,736 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\savrt.sys

(SAVRTPEL) SAVRTPEL [System | Running]
[08/07/2003 02:02 AM | 00,035,008 | ---- | M] (Symantec Corporation) - c:\Program Files\Norton AntiVirus\Savrtpel.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[04/13/2008 10:09 PM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(SiS315) SiS315 [On_Demand | Stopped]
[05/06/2003 06:34 PM | 00,394,752 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\sisgrp.sys

(SISAGP) SiS AGP Filter [Boot | Running]
[02/20/2003 07:18 PM | 00,036,608 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\SISAGPX.SYS

(SiSkp) SiSkp [System | Running]
[04/11/2003 11:51 AM | 00,010,624 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\srvkp.sys

(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [On_Demand | Stopped]
[08/17/2001 02:56 PM | 00,007,552 | ---- | M] (Sony Corporation) - C:\WINDOWS\system32\drivers\SONYPVU1.SYS

(SunkFilt) Alcor Micro Corp - 9360 [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\Drivers\sunkfilt.sys

(Sunkfiltp) HP && Alcor Micro Corp for Phison [On_Demand | Running]
[09/04/2003 03:07 PM | 00,033,804 | ---- | M] (Alcor Micro Corp.) - C:\WINDOWS\system32\drivers\sunkfiltp.sys

(SymEvent) SymEvent [On_Demand | Running]
[08/16/2003 03:22 AM | 00,082,136 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\SYMEVENT.SYS

(SYMREDRV) SYMREDRV [On_Demand | Running]
[08/16/2003 04:07 AM | 00,015,176 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symredrv.sys

(SYMTDI) SYMTDI [Auto | Running]
[08/16/2003 04:05 AM | 00,176,963 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symtdi.sys

(viaagp1) VIA AGP Filter [Boot | Running]
[07/02/2003 02:42 PM | 00,027,904 | ---- | M] (VIA Technologies, Inc.) - C:\WINDOWS\system32\drivers\VIAAGP1.SYS

(viagfx) viagfx [On_Demand | Running]
[12/07/2004 08:08 PM | 00,172,672 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) - C:\WINDOWS\system32\drivers\vtmini.sys

({6080A529-897E-4629-A488-ABA0C29B635E}) Intel® Graphics Platform (SoftBIOS) Driver [On_Demand | Stopped]
[04/15/2003 08:40 PM | 00,113,504 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmsbw.sys

({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel® Graphics Chipset (KCH) Driver [On_Demand | Stopped]
[04/15/2003 08:40 PM | 00,078,752 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\ialmkchw.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor" = ALCXMNTR.EXE [09/07/2004 01:47 PM | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.)
"AutoTKit" = C:\hp\bin\AUTOTKIT.EXE [06/18/2003 10:19 PM | 00,053,248 | ---- | M] ()
"CamMonitor" = c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe [10/07/2002 10:23 AM | 00,090,112 | ---- | M] ()
"ccApp" = "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/22/2004 05:45 PM | 00,071,280 | ---- | M] (Symantec Corporation)
"COMODO Firewall Pro" = "C:\Program Files\COMODO\Firewall\cfp.exe" -h [08/27/2008 04:32 PM | 01,655,552 | ---- | M] ()
"HotKeysCmds" = C:\WINDOWS\System32\hkcmd.exe [04/07/2003 10:07 AM | 00,114,688 | ---- | M] (Intel Corporation)
"HPDJ Taskbar Utility" = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe [03/08/2005 12:42 AM | 00,176,128 | ---- | M] (HP)
"HPHmon05" = C:\WINDOWS\System32\hphmon05.exe [05/23/2003 05:55 AM | 00,483,328 | ---- | M] (Hewlett-Packard)
"HPHUPD05" = c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe File not found
"hpsysdrv" = c:\windows\system\hpsysdrv.exe [05/07/1998 07:04 PM | 00,052,736 | ---- | M] (Hewlett-Packard Company)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM | 00,267,064 | ---- | M] (Apple Inc.)
"KBD" = C:\HP\KBD\KBD.EXE [02/11/2003 11:02 PM | 00,061,440 | ---- | M] (Hewlett-Packard Company)
"LTMSG" = LTMSG.exe 7 [07/14/2003 08:52 PM | 00,040,960 | ---- | M] (Agere Systems)
"MSPY2002" = C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC [08/29/2002 03:00 PM | 00,059,392 | ---- | M] ()
"PS2" = C:\WINDOWS\system32\ps2.exe [10/16/2002 07:57 PM | 00,081,920 | ---- | M] (Hewlett-Packard Company)
"QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [06/29/2007 06:24 AM | 00,286,720 | ---- | M] (Apple Inc.)
"Recguard" = C:\WINDOWS\SMINST\RECGUARD.EXE [09/14/2002 12:42 AM | 00,212,992 | ---- | M] ()
"SetDefPrt" = C:\Program Files\Brother\Brmfl04h\BrStDvPt.exe [11/11/2004 05:14 PM | 00,049,152 | ---- | M] (Brother Industories, Ltd.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"Sunkist2k" = C:\Program Files\Multimedia Card Reader\shwicon2k.exe [08/14/2003 09:12 PM | 00,139,264 | ---- | M] (Alcor Micro, Corp.)
"UpdateManager" = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r [08/19/2003 11:01 AM | 00,110,592 | ---- | M] (Sonic Solutions)
"VTTimer" = VTTimer.exe [10/22/2004 11:53 AM | 00,053,248 | ---- | M] (S3 Graphics, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTScanIt" = C:\Documents and Settings\Owner\Desktop\OTMoveIt2.exe [08/31/2008 11:57 PM | 00,291,840 | ---- | M] (OldTimer Tools)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6" = File not found
"BackupNotify" = c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe [06/23/2003 12:25 AM | 00,024,576 | ---- | M] ( )
"BitTorrent DNA" = "C:\Program Files\DNA\btdna.exe" [05/07/2008 08:08 PM | 00,289,088 | ---- | M] (BitTorrent, Inc.)
"MsnMsgr" = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background File not found
"NVIEW" = rundll32.exe nview.dll,nViewLoadHook [08/19/2003 05:56 AM | 00,852,038 | ---- | M] (NVIDIA Corporation)
"RecordNow!" = File not found
"updateMgr" = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 [03/30/2006 05:45 PM | 00,313,472 | R--- | M] (Adobe Systems Incorporated)
"Yahoo! Pager" = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [06/11/2007 06:16 PM | 04,670,968 | ---- | M] (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[09/23/2005 11:05 PM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[09/10/2003 04:53 PM | 00,036,953 | -H-- | M] (America Online, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
[07/07/2003 11:20 AM | 00,233,472 | ---- | M] (Hewlett-Packard Co.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[02/16/2005 08:54 PM | 00,450,560 | ---- | M] (Logitech) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
[07/30/2003 07:49 AM | 00,057,344 | ---- | M] (Intuit Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
[06/17/2005 04:35 PM | 00,114,688 | ---- | M] (Wacom Technology, Corp.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

[Owner Startup Folder - C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
[03/16/2005 08:16 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.) - C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[04/08/2004 08:04 PM | 00,225,280 | ---- | M] (Leader Technologies) - C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
[07/07/2003 07:50 PM | 00,557,056 | ---- | M] (interMute, Inc.) - C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
HKLM CLSID: (&Yahoo! Toolbar Helper) - [03/20/2007 05:39 PM | 00,803,864 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [12/18/2006 05:16 AM | 00,059,032 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
""
HKLM CLSID: () - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Norton AntiVirus) - File not found c:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP View) - [09/03/2003 09:42 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [03/20/2007 05:39 PM | 00,803,864 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP View) - [09/03/2003 09:42 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Norton AntiVirus) - File not found c:\Program Files\Norton AntiVirus\NavShExt.dll

"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}"
HKLM CLSID: (HP View) - [09/03/2003 09:42 PM | 00,098,304 | ---- | M] (Hewlett-Packard Company) c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [03/20/2007 05:39 PM | 00,803,864 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 91 00 00 00 [binary data]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

===== Desktop Components =====

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
" C:\WINDOWS\system32\guard32.dll" - [08/27/2008 04:32 PM | 00,143,104 | ---- | M] () C:\WINDOWS\system32\guard32.dll

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/14/2008 12:23 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/14/2008 05:42 AM | 00,141,312 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe [11/27/2007 06:45 PM | 00,588,080 | ---- | M] ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/14/2008 12:23 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/14/2008 05:42 AM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe [05/07/2008 08:08 PM | 00,289,088 | ---- | M] (BitTorrent, Inc.)
"C:\WINDOWS\system32\fuh.exe" = C:\WINDOWS\system32\fuh.exe File not found
"C:\WINDOWS\system32\ukxg.exe" = C:\WINDOWS\system32\ukxg.exe File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [09/07/2007 04:55 PM | 15,995,704 | ---- | M] (Apple Inc.)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe [12/11/2007 01:00 AM | 01,873,280 | ---- | M] (Cerulean Studios)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\explorer.exe [04/14/2008 05:42 AM | 01,033,728 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/14/2008 05:42 AM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe
"C:\Documents and Settings\Owner\dlyexnl.exe \s" - File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/14/2008 05:42 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/14/2008 05:42 AM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [04/19/2007 01:41 PM | 00,294,912 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
"DllName" = C:\WINDOWS\system32\igfxsrvc.dll [04/07/2003 10:06 AM | 00,315,392 | ---- | M] (Intel Corporation)

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{0689CEC2-8D77-4684-9520-B9193268E020}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{D1B79580-F7BF-4154-B1C8-C37567E831D5}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{FA2FEC05-30B4-4CE9-8247-8DC06D68104A}]
Servers: | Description: VIA Rhine II Fast Ethernet Adapter

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[10/10/2003 10:32 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

AUTOEXEC.BAT []
[07/28/2001 06:07 AM | 00,000,000 | -HS- | M] () D:\AUTOEXEC.BAT [ FAT32 ]

Autorun.inf [[AUTORUN] | OPEN=Info.exe folder.htt 480 480 | ]
[09/11/2002 03:02 AM | 00,000,045 | -HS- | M] () D:\Autorun.inf [ FAT32 ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c4d0d76-8ee3-11db-9e54-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c4d0d76-8ee3-11db-9e54-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c4d0d76-8ee3-11db-9e54-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b971416-540e-11db-9e06-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b971416-540e-11db-9e06-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b971416-540e-11db-9e06-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c1cb312-4e70-11db-9e00-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c1cb312-4e70-11db-9e00-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c1cb312-4e70-11db-9e00-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62a50201-9965-11dc-9fae-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62a50201-9965-11dc-9fae-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{62a50201-9965-11dc-9fae-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8906e00a-7c6b-11da-9cb9-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8906e00a-7c6b-11da-9cb9-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8906e00a-7c6b-11da-9cb9-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a623bf2-4e68-11dc-9f46-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a623bf2-4e68-11dc-9f46-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a623bf2-4e68-11dc-9f46-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f38cc91-1b03-11db-9daf-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f38cc91-1b03-11db-9daf-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f38cc91-1b03-11db-9daf-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b69094d0-db2e-11db-9ebd-000ea63528fb}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b69094d0-db2e-11db-9ebd-000ea63528fb}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/14/2008 05:42 AM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b69094d0-db2e-11db-9ebd-000ea63528fb}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

Edited by SKousik, 31 August 2008 - 10:08 PM.

  • 0

#15
SKousik

SKousik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
===== Hosts File =====

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost



[Files/Folders - Created Within 30 days]
[08/03/2008 04:33 PM | -H-D | C] - C:\$AVG8.VAULT$
[08/31/2008 11:58 PM | ---D | C] - C:\_OTMoveIt
[08/03/2008 04:17 PM | 00,000,403 | ---- | C] () - C:\WINDOWS\System32\dllcache\npdrmv2.zip
[08/03/2008 04:17 PM | 00,000,420 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmploc.js
[08/03/2008 04:17 PM | 00,000,717 | ---- | C] () - C:\WINDOWS\System32\dllcache\cloapp.gif
[08/03/2008 04:17 PM | 00,000,733 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst15.wpl
[08/03/2008 04:17 PM | 00,000,760 | ---- | C] () - C:\WINDOWS\System32\dllcache\cloapph.gif
[08/03/2008 04:17 PM | 00,000,772 | ---- | C] () - C:\WINDOWS\System32\dllcache\cntd.gif
[08/03/2008 04:17 PM | 00,000,773 | ---- | C] () - C:\WINDOWS\System32\dllcache\cnt.gif
[08/03/2008 04:17 PM | 00,000,773 | ---- | C] () - C:\WINDOWS\System32\dllcache\cnth.gif
[08/03/2008 04:17 PM | 00,000,775 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst14.wpl
[08/03/2008 04:17 PM | 00,000,783 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst13.wpl
[08/03/2008 04:17 PM | 00,000,784 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst9.wpl
[08/03/2008 04:17 PM | 00,000,787 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst10.wpl
[08/03/2008 04:17 PM | 00,000,789 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst11.wpl
[08/03/2008 04:17 PM | 00,000,855 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpocm.inf
[08/03/2008 04:17 PM | 00,000,908 | ---- | C] () - C:\WINDOWS\System32\dllcache\skins.inf
[08/03/2008 04:17 PM | 00,000,999 | ---- | C] () - C:\WINDOWS\System32\dllcache\bktrh.gif
[08/03/2008 04:17 PM | 00,001,036 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst8.wpl
[08/03/2008 04:17 PM | 00,001,046 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst7.wpl
[08/03/2008 04:17 PM | 00,001,049 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst2.wpl
[08/03/2008 04:17 PM | 00,001,148 | ---- | C] () - C:\WINDOWS\System32\dllcache\snd.htm
[08/03/2008 04:17 PM | 00,001,250 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst1.wpl
[08/03/2008 04:17 PM | 00,001,367 | ---- | C] () - C:\WINDOWS\System32\dllcache\taoffh.gif
[08/03/2008 04:17 PM | 00,001,380 | ---- | C] () - C:\WINDOWS\System32\dllcache\taoff.gif
[08/03/2008 04:17 PM | 00,001,380 | ---- | C] () - C:\WINDOWS\System32\dllcache\taonh.gif
[08/03/2008 04:17 PM | 00,001,398 | ---- | C] () - C:\WINDOWS\System32\dllcache\taon.gif
[08/03/2008 04:17 PM | 00,001,448 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst4.wpl
[08/03/2008 04:17 PM | 00,001,451 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst12.wpl
[08/03/2008 04:17 PM | 00,001,474 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst3.wpl
[08/03/2008 04:17 PM | 00,001,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst5.wpl
[08/03/2008 04:17 PM | 00,001,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst6.wpl
[08/03/2008 04:17 PM | 00,001,771 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmptour.css
[08/03/2008 04:17 PM | 00,001,885 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.cnt
[08/03/2008 04:17 PM | 00,002,371 | ---- | C] () - C:\WINDOWS\System32\dllcache\tpauseh.gif
[08/03/2008 04:17 PM | 00,002,375 | ---- | C] () - C:\WINDOWS\System32\dllcache\tplayh.gif
[08/03/2008 04:17 PM | 00,002,450 | ---- | C] () - C:\WINDOWS\System32\dllcache\tpause.gif
[08/03/2008 04:17 PM | 00,002,469 | ---- | C] () - C:\WINDOWS\System32\dllcache\tplay.gif
[08/03/2008 04:17 PM | 00,002,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm5.gif
[08/03/2008 04:17 PM | 00,002,545 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplogo.gif
[08/03/2008 04:17 PM | 00,002,778 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplogoh.gif
[08/03/2008 04:17 PM | 00,003,187 | ---- | C] () - C:\WINDOWS\System32\dllcache\tour.js
[08/03/2008 04:17 PM | 00,004,193 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm8.gif
[08/03/2008 04:17 PM | 00,005,290 | ---- | C] () - C:\WINDOWS\System32\dllcache\vidsamp.gif
[08/03/2008 04:17 PM | 00,005,789 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm1.gif
[08/03/2008 04:17 PM | 00,005,971 | ---- | C] () - C:\WINDOWS\System32\dllcache\events.js
[08/03/2008 04:17 PM | 00,006,060 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm6.gif
[08/03/2008 04:17 PM | 00,006,241 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm3.gif
[08/03/2008 04:17 PM | 00,006,769 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmfsdk.inf
[08/03/2008 04:17 PM | 00,006,878 | ---- | C] () - C:\WINDOWS\System32\dllcache\controls.js
[08/03/2008 04:17 PM | 00,007,369 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm4.gif
[08/03/2008 04:17 PM | 00,007,636 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm2.gif
[08/03/2008 04:17 PM | 00,007,892 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm9.gif
[08/03/2008 04:17 PM | 00,008,298 | ---- | C] () - C:\WINDOWS\System32\dllcache\contents.htm
[08/03/2008 04:17 PM | 00,008,677 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm7.gif
[08/03/2008 04:17 PM | 00,009,585 | ---- | C] () - C:\WINDOWS\System32\dllcache\controls.css
[08/03/2008 04:17 PM | 00,010,457 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmptour.hta
[08/03/2008 04:17 PM | 00,017,272 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmdm.inf
[08/03/2008 04:17 PM | 00,017,489 | ---- | C] () - C:\WINDOWS\System32\dllcache\videobg.gif
[08/03/2008 04:17 PM | 00,018,286 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.inf
[08/03/2008 04:17 PM | 00,022,060 | ---- | C] () - C:\WINDOWS\System32\dllcache\npds.zip
[08/03/2008 04:17 PM | 00,023,195 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplay.chm
[08/03/2008 04:17 PM | 00,023,829 | ---- | C] () - C:\WINDOWS\System32\dllcache\tourbg.gif
[08/03/2008 04:17 PM | 00,029,070 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmp.inf
[08/03/2008 04:17 PM | 00,066,725 | ---- | C] () - C:\WINDOWS\System32\dllcache\revert.wmz
[08/03/2008 04:17 PM | 00,067,374 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplayer.adm
[08/03/2008 04:17 PM | 00,077,307 | ---- | C] () - C:\WINDOWS\System32\dllcache\plyr_err.chm
[08/03/2008 04:17 PM | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) - C:\WINDOWS\System32\dllcache\sl_anet.acm
[08/03/2008 04:17 PM | 00,086,180 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud2.wav
[08/03/2008 04:17 PM | 00,086,180 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud4.wav
[08/03/2008 04:17 PM | 00,086,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud5.wav
[08/03/2008 04:17 PM | 00,097,117 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.hlp
[08/03/2008 04:17 PM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud3.wav
[08/03/2008 04:17 PM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud8.wav
[08/03/2008 04:17 PM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud9.wav
[08/03/2008 04:17 PM | 00,184,959 | ---- | C] () - C:\WINDOWS\System32\dllcache\compact.wmz
[08/03/2008 04:17 PM | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) - C:\WINDOWS\System32\dllcache\l3codeca.acm
[08/03/2008 04:17 PM | 00,300,969 | ---- | C] () - C:\WINDOWS\System32\dllcache\viz.wmv
[08/03/2008 04:17 PM | 00,343,204 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud6.wav
[08/03/2008 04:17 PM | 00,343,204 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud7.wav
[08/03/2008 04:17 PM | 00,354,468 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud1.wav
[08/03/2008 04:17 PM | 00,375,519 | ---- | C] () - C:\WINDOWS\System32\dllcache\nuskin.wmv
[08/03/2008 04:17 PM | 00,381,425 | ---- | C] () - C:\WINDOWS\System32\dllcache\copycd.wmv
[08/03/2008 04:17 PM | 00,457,607 | ---- | C] () - C:\WINDOWS\System32\dllcache\mdlib.wmv
[08/03/2008 04:17 PM | 00,572,557 | ---- | C] () - C:\WINDOWS\System32\dllcache\rtuner.wmv
[08/03/2008 04:17 PM | 00,613,334 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplayer.chm
[08/03/2008 04:10 PM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[08/03/2008 04:10 PM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[08/03/2008 04:10 PM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[08/03/2008 04:10 PM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[08/03/2008 04:10 PM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[08/03/2008 04:10 PM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll
[08/03/2008 04:10 PM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[08/03/2008 04:10 PM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[08/03/2008 04:10 PM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys
[08/03/2008 04:10 PM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll
[08/03/2008 04:10 PM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[08/03/2008 04:10 PM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[08/03/2008 04:10 PM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys
[08/03/2008 04:10 PM | 00,011,868 | ---- | C] (Conexant) - C:\WINDOWS\System32\drivers\mdmxsdk.sys
[08/03/2008 04:10 PM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys
[08/03/2008 04:10 PM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys
[08/03/2008 04:10 PM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[08/03/2008 04:10 PM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys
[08/03/2008 04:10 PM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys
[08/03/2008 04:10 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys
[08/03/2008 04:10 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys
[08/03/2008 04:10 PM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[08/03/2008 04:10 PM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys
[08/03/2008 04:10 PM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[08/03/2008 04:10 PM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[08/03/2008 04:10 PM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[08/03/2008 04:10 PM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[08/03/2008 04:10 PM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys
[08/03/2008 04:10 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[08/03/2008 04:10 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys
[08/03/2008 04:10 PM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys
[08/03/2008 04:10 PM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys
[08/03/2008 04:10 PM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[08/03/2008 04:10 PM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys
[08/03/2008 04:10 PM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys
[08/03/2008 04:10 PM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[08/03/2008 04:10 PM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[08/03/2008 04:10 PM | 00,040,960 | ---- | C] (Silicon Integrated Systems Corporation) - C:\WINDOWS\System32\drivers\sisagp.sys
[08/03/2008 04:10 PM | 00,043,008 | ---- | C] (Advanced Micro Devices, Inc.) - C:\WINDOWS\System32\drivers\amdagp.sys
[08/03/2008 04:10 PM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys
[08/03/2008 04:10 PM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys
[08/03/2008 04:10 PM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys
[08/03/2008 04:10 PM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys
[08/03/2008 04:10 PM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[08/03/2008 04:10 PM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/03/2008 04:10 PM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[08/03/2008 04:10 PM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys
[08/03/2008 04:10 PM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys
[08/03/2008 04:10 PM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys
[08/03/2008 04:10 PM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[08/03/2008 04:10 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[08/03/2008 04:10 PM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys
[08/03/2008 04:10 PM | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\System32\drivers\hdaudbus.sys
[08/03/2008 04:10 PM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[08/03/2008 04:10 PM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[08/03/2008 04:10 PM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[08/03/2008 04:10 PM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys
[08/03/2008 04:10 PM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys
[08/03/2008 04:10 PM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts2.sys
[08/03/2008 04:10 PM | 00,701,440 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtag.sys
[08/03/2008 04:10 PM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[08/03/2008 04:10 PM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys
[08/27/2008 04:32 PM | 00,024,208 | ---- | C] (COMODO) - C:\WINDOWS\System32\drivers\cmdhlp.sys
[08/27/2008 04:32 PM | 00,079,760 | ---- | C] (COMODO) - C:\WINDOWS\System32\drivers\inspect.sys
[08/27/2008 04:32 PM | 00,087,056 | ---- | C] (COMODO) - C:\WINDOWS\System32\drivers\cmdguard.sys
[1 C:\WINDOWS\System32\*.tmp files]
[08/03/2008 04:17 PM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax
[08/03/2008 04:17 PM | 00,023,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativmvxx.ax
[08/03/2008 04:17 PM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll
[08/03/2008 04:17 PM | 00,032,768 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativtmxx.dll
[08/03/2008 04:17 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe
[08/03/2008 04:17 PM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe
[08/03/2008 04:17 PM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll
[08/03/2008 04:17 PM | 00,086,016 | ---- | C] (Conexant) - C:\WINDOWS\System32\mdmxsdk.dll
[08/03/2008 04:17 PM | 00,188,508 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slgen.dll
[08/03/2008 04:17 PM | 00,201,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvag.dll
[08/03/2008 04:17 PM | 00,229,376 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2cqag.dll
[08/03/2008 04:17 PM | 00,286,792 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slextspk.dll
[08/03/2008 04:17 PM | 00,377,984 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvaa.dll
[08/03/2008 04:17 PM | 00,516,768 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ativvaxx.dll
[08/03/2008 04:17 PM | 00,870,784 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3d1ag.dll
[08/03/2008 04:17 PM | 01,737,856 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\mtxparhd.dll
[08/03/2008 04:17 PM | 01,888,992 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3duag.dll
[08/03/2008 04:17 PM | ---D | C] - C:\WINDOWS\System32\en
[08/03/2008 04:17 PM | ---D | C] - C:\WINDOWS\System32\en-us
[08/03/2008 04:17 PM | ---D | C] - C:\WINDOWS\System32\scripting
[08/03/2008 06:55 PM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\java.exe
[08/03/2008 06:55 PM | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaw.exe
[08/03/2008 06:55 PM | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) - C:\WINDOWS\System32\javaws.exe
[08/03/2008 11:16 AM | ---D | C] - C:\WINDOWS\System32\bits
[08/03/2008 11:17 AM | ---D | C] - C:\WINDOWS\System32\PreInstall
[08/03/2008 11:39 PM | 00,000,118 | ---- | C] () - C:\WINDOWS\System32\MRT.INI
[08/27/2008 04:32 PM | 00,143,104 | ---- | C] () - C:\WINDOWS\System32\guard32.dll
[3 C:\WINDOWS\*.tmp files]
[08/02/2008 05:40 PM | 00,001,409 | ---- | C] () - C:\WINDOWS\QTFont.for
[08/02/2008 05:40 PM | 00,054,156 | -H-- | C] () - C:\WINDOWS\QTFont.qfn
[08/03/2008 04:10 PM | ---D | C] - C:\WINDOWS\network diagnostic
[08/03/2008 04:17 PM | ---D | C] - C:\WINDOWS\l2schemas
[08/03/2008 04:23 PM | ---D | C] - C:\WINDOWS\Prefetch
[08/31/2008 11:56 PM | ---D | C] - C:\WINDOWS\ERDNT
[08/03/2008 04:30 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\avg8
[08/04/2008 11:45 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[08/27/2008 04:32 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\comodo
[08/04/2008 11:45 AM | ---D | C] - C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[08/27/2008 04:32 PM | ---D | C] - C:\Documents and Settings\Owner\Application Data\Comodo
[08/27/2008 09:20 PM | ---D | C] - C:\Documents and Settings\Owner\Application Data\.purple
[08/04/2008 11:21 AM | 03,780,306 | -H-- | C] () - C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[08/27/2008 04:53 PM | 00,000,729 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\COMODO Firewall Pro.lnk
[08/14/2008 04:12 PM | 00,051,277 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\Weird.BAK
[08/14/2008 04:12 PM | 00,051,567 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\Weird.MUS
[08/16/2008 01:40 PM | 00,052,888 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\Thingy.BAK
[08/16/2008 01:40 PM | 00,053,366 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\Thingy.MUS
[08/16/2008 11:08 PM | 00,234,107 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\Frederik.PNG
[08/17/2008 04:25 PM | 00,007,086 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\have_you_ever_seen_the_rain.ptb
[08/17/2008 08:00 PM | 00,004,738 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\pokemon_poke_center.ptb
[08/22/2008 05:58 PM | 00,001,745 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[08/27/2008 05:14 PM | 01,299,968 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[08/30/2008 04:12 PM | 00,054,884 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\Microbe.jpg
[08/30/2008 05:21 PM | 00,017,343 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\eyes closed.jpg
[08/31/2008 11:54 PM | 00,791,393 | ---- | C] (Lars Hederer ) - C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[08/31/2008 11:56 PM | 00,000,603 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[08/31/2008 11:56 PM | 00,000,622 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[08/31/2008 11:57 PM | 00,000,133 | ---- | C] () - C:\Documents and Settings\Owner\Desktop\fix.reg
[08/31/2008 11:57 PM | 00,291,840 | ---- | C] (OldTimer Tools) - C:\Documents and Settings\Owner\Desktop\OTMoveIt2.exe
[08/27/2008 09:18 PM | ---D | C] - C:\Program Files\Common Files\GTK
[08/03/2008 04:30 PM | ---D | C] - C:\Program Files\AVG
[08/04/2008 10:48 PM | ---D | C] - C:\Program Files\MSXML 4.0
[08/04/2008 11:45 AM | ---D | C] - C:\Program Files\SUPERAntiSpyware
[08/11/2008 08:56 PM | ---D | C] - C:\Program Files\Microsoft Silverlight
[08/22/2008 05:58 PM | ---D | C] - C:\Program Files\Trend Micro
[08/27/2008 04:32 PM | ---D | C] - C:\Program Files\COMODO
[08/31/2008 11:55 PM | ---D | C] - C:\Program Files\ERUNT

[Files/Folders - Modified Within 30 days]
[08/03/2008 03:48 PM | ---D | M] - C:\Documents and Settings
[08/03/2008 04:10 PM | 00,047,564 | RHS- | M] () - C:\NTDETECT.COM
[08/03/2008 04:10 PM | 00,250,048 | RHS- | M] () - C:\ntldr
[08/03/2008 04:19 PM | 00,000,283 | RHS- | M] () - C:\boot.ini
[08/04/2008 11:29 AM | -H-D | M] - C:\$AVG8.VAULT$
[08/11/2008 08:56 PM | -HSD | M] - C:\Config.Msi
[08/31/2008 11:55 PM | R--D | M] - C:\Program Files
[08/31/2008 11:56 PM | ---D | M] - C:\WINDOWS
[08/31/2008 11:58 PM | ---D | M] - C:\_OTMoveIt
[08/27/2008 04:28 PM | 00,104,864 | ---- | M] () - C:\WINDOWS\System32\drivers\ndisio.sys
[08/27/2008 04:32 PM | 00,024,208 | ---- | M] (COMODO) - C:\WINDOWS\System32\drivers\cmdhlp.sys
[08/27/2008 04:32 PM | 00,079,760 | ---- | M] (COMODO) - C:\WINDOWS\System32\drivers\inspect.sys
[08/27/2008 04:32 PM | 00,087,056 | ---- | M] (COMODO) - C:\WINDOWS\System32\drivers\cmdguard.sys
[1 C:\WINDOWS\System32\*.tmp files]
[08/03/2008 04:13 PM | ---D | M] - C:\WINDOWS\System32\Com
[08/03/2008 04:13 PM | ---D | M] - C:\WINDOWS\System32\npp
[08/03/2008 04:13 PM | ---D | M] - C:\WINDOWS\System32\Restore
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\System32\bits
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\System32\en
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\System32\en-us
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\System32\mui
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\System32\oobe
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\System32\scripting
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\System32\usmt
[08/03/2008 04:20 PM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/03/2008 04:22 PM | 00,229,592 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[08/03/2008 04:22 PM | ---D | M] - C:\WINDOWS\System32\Setup
[08/03/2008 04:23 PM | ---D | M] - C:\WINDOWS\System32\wbem
[08/03/2008 11:17 AM | ---D | M] - C:\WINDOWS\System32\PreInstall
[08/03/2008 11:36 PM | ---D | M] - C:\WINDOWS\System32\ReinstallBackups
[08/03/2008 11:39 PM | 00,000,118 | ---- | M] () - C:\WINDOWS\System32\MRT.INI
[08/04/2008 10:50 PM | 00,053,436 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[08/04/2008 10:50 PM | 00,381,692 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[08/04/2008 10:50 PM | 00,429,838 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/21/2008 06:49 PM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/25/2008 06:19 PM | 00,001,158 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[08/27/2008 04:29 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/27/2008 04:32 PM | 00,143,104 | ---- | M] () - C:\WINDOWS\System32\guard32.dll
[08/27/2008 04:32 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/31/2008 10:22 AM | 00,000,335 | ---- | M] () - C:\WINDOWS\System32\tablet.dat
[08/31/2008 10:22 AM | 00,000,248 | ---- | M] () - C:\WINDOWS\System\hpsysdrv.dat
[3 C:\WINDOWS\*.tmp files]
[08/02/2008 05:40 PM | 00,001,409 | ---- | M] () - C:\WINDOWS\QTFont.for
[08/03/2008 04:02 PM | ---D | M] - C:\WINDOWS\EHome
[08/03/2008 04:09 PM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstall$
[08/03/2008 04:10 PM | R--D | M] - C:\WINDOWS\Web
[08/03/2008 04:12 PM | ---D | M] - C:\WINDOWS\system
[08/03/2008 04:13 PM | ---D | M] - C:\WINDOWS\msagent
[08/03/2008 04:13 PM | ---D | M] - C:\WINDOWS\srchasst
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\ime
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\l2schemas
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\network diagnostic
[08/03/2008 04:17 PM | ---D | M] - C:\WINDOWS\peernet
[08/03/2008 04:20 PM | ---D | M] - C:\WINDOWS\security
[08/03/2008 04:22 PM | ---D | M] - C:\WINDOWS\AppPatch
[08/03/2008 04:22 PM | R-SD | M] - C:\WINDOWS\Fonts
[08/03/2008 04:25 PM | 00,316,640 | ---- | M] () - C:\WINDOWS\WMSysPr9.prx
[08/03/2008 06:14 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/03/2008 11:15 AM | ---D | M] - C:\WINDOWS\SoftwareDistribution
[08/03/2008 11:16 AM | -H-D | M] - C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[08/03/2008 11:36 PM | ---D | M] - C:\WINDOWS\Debug
[08/04/2008 10:48 PM | ---D | M] - C:\WINDOWS\WinSxS
[08/04/2008 10:50 PM | ---D | M] - C:\WINDOWS\Registration
[08/11/2008 08:56 PM | -HSD | M] - C:\WINDOWS\Installer
[08/14/2008 01:31 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/14/2008 01:31 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/20/2008 04:44 PM | ---D | M] - C:\WINDOWS\Help
[08/20/2008 04:44 PM | -H-D | M] - C:\WINDOWS\inf
[08/31/2008 10:22 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/31/2008 10:22 AM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/31/2008 10:22 AM | ---D | M] - C:\WINDOWS\system32
[08/31/2008 11:56 PM | ---D | M] - C:\WINDOWS\ERDNT
[08/31/2008 11:58 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/31/2008 11:59 PM | ---D | M] - C:\WINDOWS\Temp
[08/08/2008 11:19 PM | 00,000,270 | ---- | M] () - C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[08/28/2008 07:51 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/29/2008 08:00 PM | 00,000,530 | ---- | M] () - C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Owner.job
[08/29/2008 11:59 PM | 00,000,530 | ---- | M] () - C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
[08/31/2008 10:22 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[09/01/2008 12:02 AM | 00,000,412 | ---- | M] () - C:\WINDOWS\tasks\Symantec NetDetect.job
[08/04/2008 11:30 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\avg8
[08/04/2008 11:45 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[08/27/2008 04:55 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\comodo
[08/04/2008 11:30 AM | --SD | M] - C:\Documents and Settings\Owner\Application Data\Microsoft
[08/04/2008 11:45 AM | ---D | M] - C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[08/27/2008 04:32 PM | ---D | M] - C:\Documents and Settings\Owner\Application Data\Comodo
[08/27/2008 09:24 PM | ---D | M] - C:\Documents and Settings\Owner\Application Data\.purple
[09/01/2008 12:03 AM | ---D | M] - C:\Documents and Settings\Owner\Application Data\DNA
[08/03/2008 04:27 PM | 00,073,048 | ---- | M] () - C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/04/2008 11:22 AM | 03,780,306 | -H-- | M] () - C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[08/16/2008 11:43 PM | 00,047,104 | ---- | M] () - C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/31/2008 10:22 AM | ---D | M] - C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory
[7 C:\Documents and Settings\Owner\My Documents\*.tmp files]
[08/03/2008 04:25 PM | 00,000,076 | -HS- | M] () - C:\Documents and Settings\Owner\My Documents\desktop.ini
[08/03/2008 04:25 PM | R--D | M] - C:\Documents and Settings\Owner\My Documents\My Music
[08/15/2008 10:40 PM | ---D | M] - C:\Documents and Settings\Owner\My Documents\Updater
[08/16/2008 11:08 PM | R--D | M] - C:\Documents and Settings\Owner\My Documents\My Pictures
[08/27/2008 04:53 PM | 00,000,729 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\COMODO Firewall Pro.lnk
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files]
[08/03/2008 06:19 PM | R--D | M] - C:\Documents and Settings\Owner\Desktop\Shrey's stuff
[08/04/2008 05:21 PM | ---D | M] - C:\Documents and Settings\Owner\Desktop\MUSC Exp
[08/11/2008 05:43 PM | ---D | M] - C:\Documents and Settings\Owner\Desktop\Pictures
[08/14/2008 04:12 PM | 00,051,277 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\Weird.BAK
[08/14/2008 04:18 PM | 00,051,567 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\Weird.MUS
[08/16/2008 01:44 PM | 00,052,888 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\Thingy.BAK
[08/16/2008 01:50 PM | 00,053,366 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\Thingy.MUS
[08/16/2008 11:08 PM | 00,234,107 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\Frederik.PNG
[08/17/2008 04:25 PM | 00,007,086 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\have_you_ever_seen_the_rain.ptb
[08/17/2008 08:00 PM | 00,004,738 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\pokemon_poke_center.ptb
[08/18/2008 09:50 PM | 00,076,288 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\11th_grade_Summer_2008_Reading_AP_US_History.doc
[08/22/2008 05:58 PM | 00,001,745 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[08/25/2008 07:38 PM | ---D | M] - C:\Documents and Settings\Owner\Desktop\Music Files
[08/26/2008 10:02 PM | ---D | M] - C:\Documents and Settings\Owner\Desktop\AP Lit Notes
[08/27/2008 05:14 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Owner\Desktop\OTViewIt.exe
[08/30/2008 04:12 PM | 00,054,884 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\Microbe.jpg
[08/30/2008 05:01 PM | ---D | M] - C:\Documents and Settings\Owner\Desktop\New Math and Units
[08/30/2008 05:21 PM | 00,017,343 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\eyes closed.jpg
[08/31/2008 11:54 PM | 00,791,393 | ---- | M] (Lars Hederer ) - C:\Documents and Settings\Owner\Desktop\erunt-setup.exe
[08/31/2008 11:56 PM | 00,000,603 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[08/31/2008 11:56 PM | 00,000,622 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[08/31/2008 11:57 PM | 00,000,133 | ---- | M] () - C:\Documents and Settings\Owner\Desktop\fix.reg
[08/31/2008 11:57 PM | 00,291,840 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Owner\Desktop\OTMoveIt2.exe
[08/03/2008 04:13 PM | ---D | M] - C:\Program Files\Common Files\System
[08/03/2008 04:30 PM | ---D | M] - C:\Program Files\Common Files\Microsoft Shared
[08/03/2008 07:25 PM | ---D | M] - C:\Program Files\Common Files\WinSoftware
[08/04/2008 11:45 AM | ---D | M] - C:\Program Files\Common Files\Wise Installation Wizard
[08/27/2008 09:18 PM | ---D | M] - C:\Program Files\Common Files\GTK

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP