Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus XP 2008 license agreement - Malware? [RESOLVED]


  • This topic is locked This topic is locked

#1
ilts

ilts

    Member

  • Member
  • PipPip
  • 22 posts
I'm not sure if I have one problem or more than one. I keep getting pop-ups like "Antivirus XP 2008 license agreement" and "Windows Security Alert" and have had a message that says "Trojan-Spy.Win32.GreenScreen" telling me that I need to scan my computer for problems. I have tried the required steps (Malwarebytes, etc.) to remove the pop-ups, but they are still here. I'm enclosing the required log files. Thank you for your assistance.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:34 AM, on 8/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\hjavaw.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\fkvatkhu\tojkvktw.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphcj90j0ee75.exe
C:\Documents and Settings\cmeinen\Local Settings\Temp\.ttB.tmp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\Program Files\Sybase\SQL Anywhere 10\win32\dbisqlg.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\WINDOWS\system32\pkpezgru.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\cmeinen\Local Settings\Temp\.tt1C.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Starbase\StarTeam 5.3\StarTeam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070908
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070908
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: 172.17.0.44 demmis
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\system32\TwcToolbarBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Acrobat Speed Launch] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphcj90j0ee75] C:\WINDOWS\system32\lphcj90j0ee75.exe
O4 - HKLM\..\Run: [inrhcn90j0ee75] C:\Documents and Settings\cmeinen\Local Settings\Temp\.tt1C.tmp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [DBISQL9] "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
O4 - HKCU\..\Run: [SybaseCentral43] "C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
O4 - HKCU\..\Run: [PackersScreenServer] "C:\Program Files\PackersScreenServer\PackersScreenServer.exe" -tb
O4 - HKCU\..\Run: [DBISQL10] "C:\Program Files\Sybase\SQL Anywhere 10\win32\dbisqlg.exe" -preload
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [MntSys] C:\WINDOWS\system32\pkpezgru.exe
O4 - HKCU\..\Run: [winhlpmnt] C:\WINDOWS\system32\jwdepalg.exe
O4 - HKLM\..\Policies\Explorer\Run: [n8rnlv24ed] C:\Documents and Settings\All Users\Application Data\fkvatkhu\tojkvktw.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office Outlook 2007.lnk = ?
O4 - Startup: The Weather Channel Desktop.lnk = C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.ilts.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.ilts.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.ilts.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.ilts.com
O21 - SSODL: ComSmartSet - {61D94C22-ABF2-4A48-6AAF-0274E12B8CB8} - C:\Program Files\ezhghse\ComSmartSet.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: USB2.0 VIDBOX NW02 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)

--
End of file - 14661 bytes


Unistall_list.txt
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 8.1.2 Standard
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
AMD Processor Driver
Apple Mobile Device Support
Apple Software Update
ASE ISQL
Audacity 1.2.6
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Calculator Powertoy for Windows XP
Code Visual to Flowchart 5.0 Build 0515
CuteFTP 8 Professional
Dell ETS Factory Installation
ERUNT 1.1j
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
Green Bay Packers ScreenServer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
honestech VHS to DVD 3.0 Deluxe
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hummingbird Exceed V7.0
iTunes
J2SE Runtime Environment 5.0 Update 6
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 SDK - ENU
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Internet Explorer WebControls
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic 2007
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Meeting 2005
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (3.0.1)
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
NASA World Wind 1.4
NVIDIA Drivers
Panda NanoScan
Panda TotalScan
PowerBuilder Client Runtime
PowerDVD
QuickTime
RealPlayer
Rhapsody Player Engine
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio Update Manager
Safari
Security Update for 2007 Microsoft Office System (KB951596)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB951546)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Sonic Activation Module
SQL Anywhere 10, Documentation
SQL Anywhere 10, Software
SQL Anywhere Studio 9, Documentation
SQL Anywhere Studio 9, Software
StarTeam 5.3
StarTeam Microsoft SCC Integration
StarTeam SDK Runtime 5.3
Sybase Adaptive Server Anywhere 6.0
Sybase Adaptive Server Enterprise PC Client
Sybase InfoMaker 10.0
Sybase InfoMaker 11.1
Sybase InfoMaker 7.0
Sybase PowerBuilder 10.0
Sybase PowerBuilder 11.1
Sybase PowerBuilder 7.0
Sybase PowerDesigner 9.5.2
Sybase PowerTransfer
The Weather Channel Desktop 6
The Weather Channel Toolbar
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb955433)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
USB2.0 VIDBOX NW02
Virtual Earth 3D (Beta)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Toolbar
  • 0

Advertisements


#2
ilts

ilts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I forgot to include the MalwareBytes log in the original post...

Malwarebytes' Anti-Malware 1.25
Database version: 1087
Windows 5.1.2600 Service Pack 3

9:46:37 AM 8/25/2008
mbam-log-08-25-2008 (09-46-37).txt

Scan type: Quick Scan
Objects scanned: 87938
Time elapsed: 26 minute(s), 43 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 52
Registry Values Infected: 7
Registry Data Items Infected: 4
Folders Infected: 14
Files Infected: 85

Memory Processes Infected:
C:\WINDOWS\system32\lphcj90j0ee75.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\blphcj90j0ee75.scr (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcj90j0ee75 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.0.26 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\cmeinen\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\cmeinen\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\cmeinen\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\cmeinen\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\cmeinen\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\cmeinen\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\blphcj90j0ee75.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\cmeinen\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\cmeinen\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\cmeinen\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\cmeinen\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\cmeinen\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\cmeinen\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\cmeinen\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\clrsecs.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\copyseg.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\copystc.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\copystm.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\copyswz.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\copyzee.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\a (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\[email protected]@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcj90j0ee75.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcj90j0ee75.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\cmeinen\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\cmeinen\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
  • 0

#3
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, and welcome to GTG.. I believe Malwarebytes' has got rid most of the nasties.. So, how is your computer now? Lets do this..


Please download OTViewIt to your desktop.
  • Close all windows and double click OTViewIt
  • Place a tick in the Scan all Users box
  • In the File Age drop down box select 60 days
  • Click Run Scan and let the program run uninterrupted
  • On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

  • 0

#4
ilts

ilts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you for your assistance!

Okay. Here is the OTViewIT.txt file contents:


OTViewIt logfile created on: 8/25/2008 4:05:02 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\My Music\Stuff
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.36 Mb Total Physical Memory | 541.51 Mb Available Physical Memory | 56.50% Memory free
2.26 Gb Paging File | 1.76 Gb Available in Paging File | 77.82% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 22.58 Gb Free Space | 30.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 331.33 Gb Total Space | 97.75 Gb Free Space | 29.50% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive L: | 28.01 Gb Total Space | 9.82 Gb Free Space | 35.05% Space Free | Partition Type: NTFS
Drive S: | 331.33 Gb Total Space | 97.75 Gb Free Space | 29.50% Space Free | Partition Type: NTFS
Drive U: | 331.33 Gb Total Space | 97.75 Gb Free Space | 29.50% Space Free | Partition Type: NTFS

Computer Name: CYPRUS
Current User Name: cmeinen
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[03/17/2006 03:25 PM | 00,065,536 | ---- | M] (Broadcom Corporation) - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[06/23/2008 10:01 AM | 00,137,200 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[08/01/2000 05:37 PM | 00,032,768 | ---- | M] (Hummingbird Ltd.) - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
[07/07/2000 02:20 PM | 00,028,672 | ---- | M] (Hummingbird Ltd.) - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
[10/25/2007 04:06 PM | 00,103,744 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
[07/26/2000 01:59 PM | 00,040,960 | ---- | M] (Hummingbird Ltd.) - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\hjavaw.exe
[01/24/2008 09:50 PM | 00,144,704 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
[01/24/2008 09:50 PM | 00,054,608 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
[10/03/2006 12:28 PM | 00,155,715 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[11/10/2005 09:27 AM | 00,049,250 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe
[10/25/2007 04:06 PM | 00,136,512 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
[05/24/2006 12:49 AM | 00,024,576 | ---- | M] (Syntek America Inc.) - C:\WINDOWS\system32\StkASv2K.exe
[08/09/2008 02:42 PM | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
[08/25/2008 07:35 AM | 00,065,536 | ---- | M] () - C:\Documents and Settings\All Users\Application Data\fkvatkhu\tojkvktw.exe
[08/29/2006 11:32 PM | 00,282,624 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\stsystra.exe
[07/27/2004 02:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation) - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[01/11/2008 08:54 PM | 00,623,992 | ---- | M] (Adobe Systems Inc.) - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[09/08/2007 06:15 AM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[01/24/2008 09:50 PM | 00,111,952 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
[10/25/2007 04:06 PM | 00,136,512 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\Common Framework\UdaterUI.exe
[06/08/2007 07:59 AM | 00,224,248 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[10/25/2007 04:06 PM | 00,086,016 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\Common Framework\Mctray.exe
[02/23/2008 01:58 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.) - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[08/25/2008 09:51 AM | 00,194,560 | ---- | M] () - C:\WINDOWS\system32\lphcj90j0ee75.exe
[08/25/2008 10:49 AM | 01,612,958 | ---- | M] () - C:\Documents and Settings\cmeinen\Local Settings\Temp\.tt1C.tmp.exe
[07/30/2008 10:47 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[06/05/2004 01:20 AM | 00,131,072 | ---- | M] (iAnywhere Solutions, Inc.) - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
[10/30/2006 11:01 AM | 00,294,912 | ---- | M] (iAnywhere Solutions, Inc.) - C:\Program Files\Sybase\SQL Anywhere 10\win32\dbisqlg.exe
[06/10/2008 04:18 PM | 00,785,520 | ---- | M] (The Weather Channel Interactive, Inc.) - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
[08/25/2008 07:35 AM | 00,106,496 | ---- | M] () - C:\WINDOWS\system32\pkpezgru.exe
[08/25/2008 04:03 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\My Music\Stuff\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(ASFIPmon) Broadcom ASF IP Monitor [Auto | Running]
[03/17/2006 03:25 PM | 00,065,536 | ---- | M] (Broadcom Corporation) - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/13/2008 05:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Running]
[09/08/2007 06:15 AM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(gusvc) Google Updater Service [Auto | Running]
[06/23/2008 10:01 AM | 00,137,200 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(HCLInetd) Hummingbird Inetd [Auto | Running]
[08/01/2000 05:37 PM | 00,032,768 | ---- | M] (Hummingbird Ltd.) - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe

(iPod Service) iPod Service [On_Demand | Running]
[07/30/2008 10:47 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(Jconfigd) Hummingbird Jconfig Daemon [Auto | Running]
[07/07/2000 02:20 PM | 00,028,672 | ---- | M] (Hummingbird Ltd.) - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe

(McAfeeFramework) McAfee Framework Service [Unknown | Running]
[10/25/2007 04:06 PM | 00,103,744 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

(McShield) McAfee McShield [Unknown | Running]
[01/24/2008 09:50 PM | 00,144,704 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

(McTaskManager) McAfee Task Manager [Unknown | Running]
[01/24/2008 09:50 PM | 00,054,608 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[10/03/2006 12:28 PM | 00,155,715 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(StkASSrv) USB2.0 VIDBOX NW02 Service [Auto | Running]
[05/24/2006 12:49 AM | 00,024,576 | ---- | M] (Syntek America Inc.) - C:\WINDOWS\system32\StkASv2K.exe

(stllssvr) stllssvr [On_Demand | Stopped]
[09/14/2006 12:54 PM | 00,073,728 | ---- | M] (MicroVision Development, Inc.) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

(ThreatFire) ThreatFire [Auto | Stopped]
File not found - C:\Program Files\ThreatFire\TFService.exe

(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Auto | Running]
[08/09/2008 02:42 PM | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

===== Driver Services - Non-Microsoft Only =====

(AliIde) AliIde [Disabled | Stopped]
[08/17/2001 11:51 AM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys

(amdagp) AMD AGP Bus Filter Driver [Disabled | Stopped]
[04/13/2008 11:36 AM | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) - C:\WINDOWS\system32\drivers\amdagp.sys

(AmdK8) AMD Processor Driver [System | Running]
[07/01/2006 08:39 PM | 00,036,864 | ---- | M] (Advanced Micro Devices) - C:\WINDOWS\system32\drivers\AmdK8.sys

(asc) asc [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,026,496 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc.sys

(asc3550) asc3550 [Disabled | Stopped]
[08/17/2001 11:51 AM | 00,014,848 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc3550.sys

(b57w2k) Broadcom NetXtreme Gigabit Ethernet [On_Demand | Running]
[08/14/2006 12:30 AM | 00,156,160 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\b57xp32.sys

(BASFND) BASFND [Auto | Running]
[04/24/2003 02:21 PM | 00,006,025 | ---- | M] (Broadcom Corporation) - C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

(CmdIde) CmdIde [Disabled | Stopped]
[08/17/2001 11:51 AM | 00,006,656 | ---- | M] (CMD Technology, Inc.) - C:\WINDOWS\system32\drivers\cmdide.sys

(dac2w2k) dac2w2k [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,179,584 | ---- | M] (Mylex Corporation) - C:\WINDOWS\system32\drivers\dac2w2k.sys

(DLABMFSM) DLABMFSM [Auto | Running]
[08/18/2006 11:17 AM | 00,035,096 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLABMFSM.SYS

(DLABOIOM) DLABOIOM [Auto | Running]
[08/18/2006 11:17 AM | 00,032,472 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLABOIOM.SYS

(DLACDBHM) DLACDBHM [System | Running]
[08/11/2006 08:35 AM | 00,012,920 | ---- | M] (Roxio) - C:\WINDOWS\system32\drivers\DLACDBHM.SYS

(DLADResM) DLADResM [Auto | Running]
[08/18/2006 11:18 AM | 00,009,400 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLADResM.SYS

(DLAIFS_M) DLAIFS_M [Auto | Running]
[08/18/2006 11:17 AM | 00,104,472 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

(DLAOPIOM) DLAOPIOM [Auto | Running]
[08/18/2006 11:17 AM | 00,026,008 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

(DLAPoolM) DLAPoolM [Auto | Running]
[08/18/2006 11:17 AM | 00,014,520 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLAPoolM.SYS

(DLARTL_M) DLARTL_M [System | Running]
[08/11/2006 08:35 AM | 00,028,184 | ---- | M] (Roxio) - C:\WINDOWS\system32\drivers\DLARTL_M.SYS

(DLAUDFAM) DLAUDFAM [Auto | Running]
[08/18/2006 11:17 AM | 00,094,648 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

(DLAUDF_M) DLAUDF_M [Auto | Running]
[08/18/2006 11:17 AM | 00,097,848 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

(dmboot) dmboot [Disabled | Stopped]
[04/13/2008 11:44 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[04/13/2008 11:44 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/04/2004 03:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(DRVMCDB) DRVMCDB [Boot | Running]
[07/21/2006 09:21 AM | 00,099,176 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVMCDB.SYS

(DRVNDDM) DRVNDDM [Auto | Running]
[08/11/2006 09:05 AM | 00,051,768 | ---- | M] (Roxio) - C:\WINDOWS\system32\drivers\DRVNDDM.SYS

(DSproct) DSproct [On_Demand | Stopped]
File not found - C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

(E100B) Intel® PRO Adapter Driver [On_Demand | Stopped]
[08/17/2001 10:12 AM | 00,117,760 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [On_Demand | Running]
[04/13/2008 09:36 AM | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\system32\drivers\hdaudbus.sys

(mfeapfk) McAfee Inc. [On_Demand | Running]
[01/24/2008 09:50 PM | 00,064,232 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfeapfk.sys

(mfeavfk) McAfee Inc. [On_Demand | Running]
[01/24/2008 09:50 PM | 00,072,936 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfeavfk.sys

(mfebopk) McAfee Inc. [On_Demand | Running]
[01/24/2008 09:50 PM | 00,033,960 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfebopk.sys

(mfehidk) McAfee Inc. [On_Demand | Running]
[01/24/2008 09:50 PM | 00,171,400 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfehidk.sys

(mferkdk) VSCore mferkdk [System | Running]
[01/24/2008 09:50 PM | 00,031,816 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys

(mfetdik) McAfee Inc. [System | Running]
[01/24/2008 09:50 PM | 00,052,104 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfetdik.sys

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(nv) nv [On_Demand | Running]
[10/03/2006 12:28 PM | 03,962,720 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(nvata) nvata [Boot | Running]
[02/25/2007 07:25 PM | 00,105,472 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nvata.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 03:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[07/24/2006 01:00 AM | 00,036,528 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(ql1080) ql1080 [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,040,320 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1080.sys

(ql12160) ql12160 [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,045,312 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql12160.sys

(ql1280) ql1280 [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,049,024 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1280.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 03:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sisagp) SIS AGP Bus Filter [Disabled | Stopped]
[04/13/2008 11:36 AM | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\sisagp.sys

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 12:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(ssfs0bbc) ssfs0bbc [Boot | Running]
[08/09/2008 02:42 PM | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\system32\drivers\ssfs0bbc.sys

(sshrmd) sshrmd [Boot | Running]
[08/09/2008 02:42 PM | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\system32\drivers\sshrmd.sys

(ssidrv) ssidrv [Boot | Running]
[08/09/2008 02:42 PM | 00,166,512 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\system32\drivers\ssidrv.sys

(STHDA) SigmaTel High Definition Audio CODEC [On_Demand | Running]
[08/29/2006 11:32 PM | 01,171,464 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\system32\drivers\sthda.sys

(StkAMini) USB2.0 VIDBOX NW02 [On_Demand | Stopped]
[11/15/2006 06:32 PM | 00,242,139 | ---- | M] (Syntek America Inc.) - C:\WINDOWS\system32\drivers\StkAMini.sys

(StkScan) USB2.0 VIDBOX NW02 Still Image [On_Demand | Stopped]
[06/27/2006 07:27 PM | 00,004,772 | ---- | M] (Syntek America Inc.) - C:\WINDOWS\system32\drivers\StkScan.sys

(symc810) symc810 [Disabled | Stopped]
[08/17/2001 12:07 PM | 00,016,256 | ---- | M] (Symbios Logic Inc.) - C:\WINDOWS\system32\drivers\symc810.sys

(symc8xx) symc8xx [Disabled | Stopped]
[08/17/2001 12:07 PM | 00,032,640 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\symc8xx.sys

(sym_hi) sym_hi [Disabled | Stopped]
[08/17/2001 12:07 PM | 00,028,384 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_hi.sys

(sym_u3) sym_u3 [Disabled | Stopped]
[08/17/2001 12:07 PM | 00,030,688 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_u3.sys

(TfFsMon) TfFsMon [Boot | Stopped]
File not found - C:\WINDOWS\system32\drivers\TfFsMon.sys

(TfNetMon) TfNetMon [On_Demand | Stopped]
File not found - C:\WINDOWS\system32\drivers\TfNetMon.sys

(TfSysMon) TfSysMon [Boot | Stopped]
File not found - C:\WINDOWS\system32\drivers\TfSysMon.sys

(ultra) ultra [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,036,736 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\ultra.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"" = File not found
"Acrobat Assistant 8.0" = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 08:54 PM | 00,623,992 | ---- | M] (Adobe Systems Inc.)
"Acrobat Speed Launch" = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [10/22/2006 11:40 PM | 00,046,200 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM | 00,116,040 | ---- | M] (Apple Inc.)
"inrhcn90j0ee75" = "C:\Documents and Settings\cmeinen\Local Settings\Temp\.tt1C.tmp.exe" [08/25/2008 10:49 AM | 01,612,958 | ---- | M] ()
"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup [07/27/2004 02:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [07/27/2004 02:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.)
"lphcj90j0ee75" = "C:\WINDOWS\system32\lphcj90j0ee75.exe" [08/25/2008 09:51 AM | 00,194,560 | ---- | M] ()
"McAfeeUpdaterUI" = "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey [10/25/2007 04:06 PM | 00,136,512 | ---- | M] (McAfee, Inc.)
"NvCplDaemon" = "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup [10/03/2006 12:28 PM | 07,630,848 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [10/03/2006 12:28 PM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install File not found
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"ShStatEXE" = "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [01/24/2008 09:50 PM | 00,111,952 | ---- | M] (McAfee, Inc.)
"SigmatelSysTrayApp" = "C:\WINDOWS\stsystra.exe" [08/29/2006 11:32 PM | 00,282,624 | ---- | M] (SigmaTel, Inc.)
"SpySweeper" = "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray [08/09/2008 04:04 PM | 05,418,864 | ---- | M] (Webroot Software, Inc.)
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [02/23/2008 01:58 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"YSearchProtection" = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 07:59 AM | 00,224,248 | ---- | M] (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DBISQL10" = "C:\Program Files\Sybase\SQL Anywhere 10\win32\dbisqlg.exe" -preload [10/30/2006 11:01 AM | 00,294,912 | ---- | M] (iAnywhere Solutions, Inc.)
"DBISQL9" = "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload [06/05/2004 01:20 AM | 00,131,072 | ---- | M] (iAnywhere Solutions, Inc.)
"DW6" = "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM | 00,785,520 | ---- | M] (The Weather Channel Interactive, Inc.)
"MntSys" = "C:\WINDOWS\system32\pkpezgru.exe" [08/25/2008 07:35 AM | 00,106,496 | ---- | M] ()
"PackersScreenServer" = "C:\Program Files\PackersScreenServer\PackersScreenServer.exe" -tb [09/19/2007 11:38 AM | 04,884,823 | ---- | M] ()
"SybaseCentral43" = "C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload File not found
"winhlpmnt" = "C:\WINDOWS\system32\jwdepalg.exe" [08/25/2008 09:51 AM | 00,106,496 | ---- | M] ()
"YSearchProtection" = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 07:59 AM | 00,224,248 | ---- | M] (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DBISQL10" = "C:\Program Files\Sybase\SQL Anywhere 10\win32\dbisqlg.exe" -preload [10/30/2006 11:01 AM | 00,294,912 | ---- | M] (iAnywhere Solutions, Inc.)
"DBISQL9" = "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload [06/05/2004 01:20 AM | 00,131,072 | ---- | M] (iAnywhere Solutions, Inc.)
"DW6" = "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM | 00,785,520 | ---- | M] (The Weather Channel Interactive, Inc.)
"MntSys" = "C:\WINDOWS\system32\pkpezgru.exe" [08/25/2008 07:35 AM | 00,106,496 | ---- | M] ()
"PackersScreenServer" = "C:\Program Files\PackersScreenServer\PackersScreenServer.exe" -tb [09/19/2007 11:38 AM | 04,884,823 | ---- | M] ()
"SybaseCentral43" = "C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload File not found
"winhlpmnt" = "C:\WINDOWS\system32\jwdepalg.exe" [08/25/2008 09:51 AM | 00,106,496 | ---- | M] ()
"YSearchProtection" = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 07:59 AM | 00,224,248 | ---- | M] (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[administrator.ILTS1 Startup Folder - C:\Documents and Settings\administrator.ILTS1\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[cmeinen Startup Folder - C:\Documents and Settings\cmeinen\Start Menu\Programs\Startup]
[08/14/2008 03:03 AM | 00,845,584 | R--- | M] () - C:\Documents and Settings\cmeinen\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\outicon.exe
File not found - C:\Documents and Settings\cmeinen\Start Menu\Programs\Startup\The Weather Channel Desktop.lnk = C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

[jradm Startup Folder - C:\Documents and Settings\jradm\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
HKLM CLSID: (&Yahoo! Toolbar Helper) - [10/19/2007 02:56 PM | 00,817,936 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
HKLM CLSID: (Ask Search Assistant BHO) - [08/25/2008 02:18 PM | 00,066,912 | ---- | M] (Ask.com) C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10/22/2006 09:08 PM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
HKLM CLSID: (RealPlayer Download and Record Plugin for Internet Explorer) - [02/23/2008 01:58 PM | 00,370,296 | ---- | M] (RealPlayer) C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
HKLM CLSID: (Yahoo! IE Services Button) - [10/31/2006 01:33 PM | 00,198,136 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [11/10/2005 11:22 AM | 00,184,423 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
HKLM CLSID: (scriptproxy) - [01/24/2008 09:50 PM | 00,066,880 | ---- | M] (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA1F9DDB-E605-4ba6-81D4-E427DEE012AD}]
HKLM CLSID: (TwcToolbarBhoApp Class) - [05/09/2007 09:41 AM | 00,073,728 | ---- | M] () C:\WINDOWS\system32\TwcToolbarBho.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [06/23/2008 10:02 AM | 02,549,368 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
HKLM CLSID: (Adobe PDF Conversion Toolbar Helper) - [05/10/2007 08:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [06/23/2008 10:01 AM | 00,654,320 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
HKLM CLSID: (MSN Toolbar Helper) - [06/03/2008 04:17 PM | 00,086,032 | ---- | M] (Microsoft Corp.) C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
HKLM CLSID: (Ask Toolbar BHO) - [08/25/2008 02:18 PM | 00,267,592 | ---- | M] (Ask.com) C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}"
HKLM CLSID: (MSN Toolbar) - [06/03/2008 04:17 PM | 00,086,032 | ---- | M] (Microsoft Corp.) C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [06/23/2008 10:02 AM | 02,549,368 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2E5E800E-6AC0-411E-940A-369530A35E43}"
HKLM CLSID: (The Weather Channel Toolbar) - [05/09/2007 10:24 AM | 00,262,144 | ---- | M] () C:\WINDOWS\system32\TwcToolbarIe7.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/10/2007 08:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10/19/2007 02:56 PM | 00,817,936 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}"
HKLM CLSID: (Ask Toolbar) - [08/25/2008 02:18 PM | 00,267,592 | ---- | M] (Ask.com) C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [06/23/2008 10:02 AM | 02,549,368 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/10/2007 08:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"
HKLM CLSID: (Ask Toolbar) - [08/25/2008 02:18 PM | 00,267,592 | ---- | M] (Ask.com) C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [06/23/2008 10:02 AM | 02,549,368 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/10/2007 08:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"
HKLM CLSID: (Ask Toolbar) - [08/25/2008 02:18 PM | 00,267,592 | ---- | M] (Ask.com) C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning" = 0
"NoWelcomeScreen" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"n8rnlv24ed" = C:\Documents and Settings\All Users\Application Data\fkvatkhu\tojkvktw.exe [08/25/2008 07:35 AM | 00,065,536 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"ForceStartMenuLogOff" = 1
"Intellimenus" = 1
"NoResolveSearch" = 1
"NoResolveTrack" = 1
"NoDesktopCleanupWizard" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr" = 0
"NoDispScrSavPage" = 1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"ForceStartMenuLogOff" = 1
"Intellimenus" = 1
"NoResolveSearch" = 1
"NoResolveTrack" = 1
"NoDesktopCleanupWizard" = 1

[HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr" = 0
"NoDispScrSavPage" = 1

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [05/21/2008 04:37 AM | 12,844,576 | ---- | M] (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe [10/25/2007 04:06 PM | 00,103,744 | ---- | M] (McAfee, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [08/30/2007 05:43 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe [08/30/2007 05:43 PM | 00,091,376 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" = C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe File not found
"C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" = C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe [06/05/2004 01:20 AM | 00,131,072 | ---- | M] (iAnywhere Solutions, Inc.)
"C:\Program Files\Sybase\Adaptive Server Anywhere 6.0\win32\dbeng6.exe" = C:\Program Files\Sybase\Adaptive Server Anywhere 6.0\win32\dbeng6.exe [04/08/1999 06:53 PM | 00,038,400 | ---- | M] ()
"C:\Program Files\Starbase\SBToolbar\SBToolbar.exe" = C:\Program Files\Starbase\SBToolbar\SBToolbar.exe [09/03/2003 12:10 PM | 00,581,632 | ---- | M] (Borland Software Corporation)
"C:\Program Files\Hummingbird\Connectivity\7.00\Exceed\exceed.exe" = C:\Program Files\Hummingbird\Connectivity\7.00\Exceed\exceed.exe [08/11/2000 05:29 PM | 01,044,480 | ---- | M] (Hummingbird Ltd.)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe [04/13/2008 05:12 PM | 00,042,496 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Sybase\SQL Anywhere 10\win32\dbisqlg.exe" = C:\Program Files\Sybase\SQL Anywhere 10\win32\dbisqlg.exe [10/30/2006 11:01 AM | 00,294,912 | ---- | M] (iAnywhere Solutions, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [05/21/2008 04:37 AM | 12,844,576 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 05:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 05:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 05:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 05:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Unable to open key or key not present!


===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{E2A1C50E-823B-4C6D-8E34-9679BC96E06D}]
Servers: | Description: Broadcom NetXtreme 57xx Gigabit Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F1712E36-F8CB-4DE2-BCFC-9EAFAAD320A3}]
Servers: | Description:

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[08/11/2004 03:15 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35da87fc-7805-11dc-97a5-001aa035bc87}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35da87fc-7805-11dc-97a5-001aa035bc87}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35da87fc-7805-11dc-97a5-001aa035bc87}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42bb820d-f602-11dc-97cc-001aa035bc87}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42bb820d-f602-11dc-97cc-001aa035bc87}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42bb820d-f602-11dc-97cc-001aa035bc87}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (771 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
172.17.0.44 demmis
10.0.0.200 swzmis



[Files/Folders - Created Within 60 days]
[07/22/2008 03:18 PM | ---D | C] - C:\MIW Security, etc
[07/29/2008 10:58 AM | ---D | C] - C:\Research and Development
[08/20/2008 02:15 PM | 00,027,136 | ---- | C] () - C:\20 August 2008.doc
[08/25/2008 02:17 PM | 00,000,164 | ---- | C] () - C:\install.dat
[07/22/2008 07:45 AM | 00,009,696 | ---- | C] () - C:\WINDOWS\System32\dllcache\drvmain.sdb
[07/22/2008 07:45 AM | 00,790,846 | ---- | C] () - C:\WINDOWS\System32\dllcache\apph_sp.sdb
[07/22/2008 07:45 AM | 01,214,526 | ---- | C] () - C:\WINDOWS\System32\dllcache\sysmain.sdb
[07/22/2008 08:14 PM | 00,218,362 | ---- | C] () - C:\WINDOWS\System32\dllcache\apphelp.sdb
[07/22/2008 08:18 PM | 00,080,642 | ---- | C] () - C:\WINDOWS\System32\dllcache\apps.chm
[04/13/2008 05:11 PM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[04/13/2008 05:11 PM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[04/13/2008 05:11 PM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[04/13/2008 05:11 PM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[04/13/2008 05:11 PM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[04/13/2008 05:11 PM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[04/13/2008 05:11 PM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[04/13/2008 05:11 PM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[04/13/2008 05:11 PM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[04/13/2008 05:11 PM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[04/13/2008 05:11 PM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[04/13/2008 05:11 PM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[04/13/2008 05:11 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[04/13/2008 05:12 PM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll
[04/13/2008 05:12 PM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll
[07/17/2004 10:55 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[07/17/2004 11:35 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[07/17/2004 11:36 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/03/2004 10:29 PM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys
[08/03/2004 10:29 PM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[08/03/2004 10:29 PM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys
[08/03/2004 10:29 PM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys
[08/03/2004 10:29 PM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys
[08/03/2004 10:29 PM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys
[08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys
[08/03/2004 10:29 PM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys
[08/03/2004 10:29 PM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[08/03/2004 10:29 PM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys
[08/03/2004 10:29 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys
[08/03/2004 10:29 PM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys
[08/03/2004 10:29 PM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys
[08/03/2004 10:29 PM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[08/03/2004 10:29 PM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys
[08/03/2004 10:29 PM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys
[08/03/2004 10:29 PM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[08/03/2004 10:29 PM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[08/03/2004 10:29 PM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys
[08/03/2004 10:29 PM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys
[08/03/2004 10:29 PM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys
[08/03/2004 10:29 PM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys
[08/03/2004 10:29 PM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[08/03/2004 10:29 PM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys
[08/03/2004 10:29 PM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys
[08/03/2004 10:29 PM | 00,166,912 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\drivers\s3gnbm.sys
[08/03/2004 10:29 PM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[08/03/2004 10:29 PM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys
[08/03/2004 10:29 PM | 00,701,440 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtag.sys
[08/03/2004 10:41 PM | 00,011,868 | ---- | C] (Conexant) - C:\WINDOWS\System32\drivers\mdmxsdk.sys
[08/03/2004 10:41 PM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys
[08/03/2004 10:41 PM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys
[08/03/2004 10:41 PM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys
[08/03/2004 10:41 PM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[08/03/2004 10:41 PM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys
[08/03/2004 10:41 PM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[08/03/2004 10:41 PM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[08/03/2004 10:41 PM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys
[08/03/2004 10:41 PM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts2.sys
[08/03/2004 10:41 PM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[08/03/2004 10:41 PM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys
[08/09/2008 02:42 PM | 00,023,152 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\sshrmd.sys
[08/09/2008 02:42 PM | 00,029,808 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\ssfs0bbc.sys
[08/09/2008 02:42 PM | 00,166,512 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\ssidrv.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[1 C:\WINDOWS\System32\*.tmp files]
[04/13/2008 05:11 PM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll
[04/13/2008 05:11 PM | 00,032,768 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativtmxx.dll
[04/13/2008 05:11 PM | 00,086,016 | ---- | C] (Conexant) - C:\WINDOWS\System32\mdmxsdk.dll
[04/13/2008 05:11 PM | 00,201,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvag.dll
[04/13/2008 05:11 PM | 00,229,376 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2cqag.dll
[04/13/2008 05:11 PM | 00,377,984 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvaa.dll
[04/13/2008 05:11 PM | 00,516,768 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ativvaxx.dll
[04/13/2008 05:11 PM | 00,870,784 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3d1ag.dll
[04/13/2008 05:11 PM | 01,888,992 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3duag.dll
[04/13/2008 05:12 PM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax
[04/13/2008 05:12 PM | 00,023,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativmvxx.ax
[04/13/2008 05:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe
[04/13/2008 05:12 PM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe
[04/13/2008 05:12 PM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll
[04/13/2008 05:12 PM | 00,188,508 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slgen.dll
[04/13/2008 05:12 PM | 00,286,792 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slextspk.dll
[04/13/2008 05:12 PM | 00,397,056 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\s3gnb.dll
[04/13/2008 05:12 PM | 01,737,856 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\mtxparhd.dll
[06/20/2007 10:52 PM | 00,000,974 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[06/28/2008 03:13 AM | ---D | C] - C:\WINDOWS\System32\bits
[06/28/2008 03:13 AM | ---D | C] - C:\WINDOWS\System32\en
[06/28/2008 03:13 AM | ---D | C] - C:\WINDOWS\System32\scripting
[08/09/2008 02:42 PM | 00,015,208 | ---- | C] () - C:\WINDOWS\System32\SsiEfr.exe
[08/09/2008 02:42 PM | 00,031,080 | ---- | C] () - C:\WINDOWS\System32\wrLZMA.dll
[08/25/2008 02:22 PM | 00,625,208 | ---- | C] () - C:\WINDOWS\System32\phcj90j0ee75.bmp
[08/25/2008 07:35 AM | 00,106,496 |
  • 0

#5
ilts

ilts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
It appears that my files were truncated...

Here's the remainder of the OTViewIt.txt file:


[Files/Folders - Created Within 60 days]
[07/22/2008 03:18 PM | ---D | C] - C:\MIW Security, etc
[07/29/2008 10:58 AM | ---D | C] - C:\Research and Development
[08/20/2008 02:15 PM | 00,027,136 | ---- | C] () - C:\20 August 2008.doc
[08/25/2008 02:17 PM | 00,000,164 | ---- | C] () - C:\install.dat
[07/22/2008 07:45 AM | 00,009,696 | ---- | C] () - C:\WINDOWS\System32\dllcache\drvmain.sdb
[07/22/2008 07:45 AM | 00,790,846 | ---- | C] () - C:\WINDOWS\System32\dllcache\apph_sp.sdb
[07/22/2008 07:45 AM | 01,214,526 | ---- | C] () - C:\WINDOWS\System32\dllcache\sysmain.sdb
[07/22/2008 08:14 PM | 00,218,362 | ---- | C] () - C:\WINDOWS\System32\dllcache\apphelp.sdb
[07/22/2008 08:18 PM | 00,080,642 | ---- | C] () - C:\WINDOWS\System32\dllcache\apps.chm
[04/13/2008 05:11 PM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[04/13/2008 05:11 PM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[04/13/2008 05:11 PM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[04/13/2008 05:11 PM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[04/13/2008 05:11 PM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[04/13/2008 05:11 PM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[04/13/2008 05:11 PM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[04/13/2008 05:11 PM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[04/13/2008 05:11 PM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[04/13/2008 05:11 PM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[04/13/2008 05:11 PM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[04/13/2008 05:11 PM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[04/13/2008 05:11 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[04/13/2008 05:12 PM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll
[04/13/2008 05:12 PM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll
[07/17/2004 10:55 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[07/17/2004 11:35 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[07/17/2004 11:36 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/03/2004 10:29 PM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys
[08/03/2004 10:29 PM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[08/03/2004 10:29 PM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys
[08/03/2004 10:29 PM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys
[08/03/2004 10:29 PM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys
[08/03/2004 10:29 PM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys
[08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys
[08/03/2004 10:29 PM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys
[08/03/2004 10:29 PM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[08/03/2004 10:29 PM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys
[08/03/2004 10:29 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys
[08/03/2004 10:29 PM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys
[08/03/2004 10:29 PM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys
[08/03/2004 10:29 PM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[08/03/2004 10:29 PM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys
[08/03/2004 10:29 PM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys
[08/03/2004 10:29 PM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[08/03/2004 10:29 PM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[08/03/2004 10:29 PM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys
[08/03/2004 10:29 PM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys
[08/03/2004 10:29 PM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys
[08/03/2004 10:29 PM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys
[08/03/2004 10:29 PM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[08/03/2004 10:29 PM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys
[08/03/2004 10:29 PM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys
[08/03/2004 10:29 PM | 00,166,912 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\drivers\s3gnbm.sys
[08/03/2004 10:29 PM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[08/03/2004 10:29 PM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys
[08/03/2004 10:29 PM | 00,701,440 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtag.sys
[08/03/2004 10:41 PM | 00,011,868 | ---- | C] (Conexant) - C:\WINDOWS\System32\drivers\mdmxsdk.sys
[08/03/2004 10:41 PM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys
[08/03/2004 10:41 PM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys
[08/03/2004 10:41 PM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys
[08/03/2004 10:41 PM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[08/03/2004 10:41 PM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys
[08/03/2004 10:41 PM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[08/03/2004 10:41 PM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[08/03/2004 10:41 PM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys
[08/03/2004 10:41 PM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts2.sys
[08/03/2004 10:41 PM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[08/03/2004 10:41 PM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys
[08/09/2008 02:42 PM | 00,023,152 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\sshrmd.sys
[08/09/2008 02:42 PM | 00,029,808 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\ssfs0bbc.sys
[08/09/2008 02:42 PM | 00,166,512 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\ssidrv.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[1 C:\WINDOWS\System32\*.tmp files]
[04/13/2008 05:11 PM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll
[04/13/2008 05:11 PM | 00,032,768 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativtmxx.dll
[04/13/2008 05:11 PM | 00,086,016 | ---- | C] (Conexant) - C:\WINDOWS\System32\mdmxsdk.dll
[04/13/2008 05:11 PM | 00,201,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvag.dll
[04/13/2008 05:11 PM | 00,229,376 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2cqag.dll
[04/13/2008 05:11 PM | 00,377,984 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvaa.dll
[04/13/2008 05:11 PM | 00,516,768 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ativvaxx.dll
[04/13/2008 05:11 PM | 00,870,784 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3d1ag.dll
[04/13/2008 05:11 PM | 01,888,992 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3duag.dll
[04/13/2008 05:12 PM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax
[04/13/2008 05:12 PM | 00,023,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativmvxx.ax
[04/13/2008 05:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe
[04/13/2008 05:12 PM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe
[04/13/2008 05:12 PM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll
[04/13/2008 05:12 PM | 00,188,508 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slgen.dll
[04/13/2008 05:12 PM | 00,286,792 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slextspk.dll
[04/13/2008 05:12 PM | 00,397,056 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\s3gnb.dll
[04/13/2008 05:12 PM | 01,737,856 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\mtxparhd.dll
[06/20/2007 10:52 PM | 00,000,974 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[06/28/2008 03:13 AM | ---D | C] - C:\WINDOWS\System32\bits
[06/28/2008 03:13 AM | ---D | C] - C:\WINDOWS\System32\en
[06/28/2008 03:13 AM | ---D | C] - C:\WINDOWS\System32\scripting
[08/09/2008 02:42 PM | 00,015,208 | ---- | C] () - C:\WINDOWS\System32\SsiEfr.exe
[08/09/2008 02:42 PM | 00,031,080 | ---- | C] () - C:\WINDOWS\System32\wrLZMA.dll
[08/25/2008 02:22 PM | 00,625,208 | ---- | C] () - C:\WINDOWS\System32\phcj90j0ee75.bmp
[08/25/2008 07:35 AM | 00,106,496 | ---- | C] () - C:\WINDOWS\System32\pkpezgru.exe
[08/25/2008 09:51 AM | 00,106,496 | ---- | C] () - C:\WINDOWS\System32\jwdepalg.exe
[08/25/2008 09:51 AM | 00,194,560 | ---- | C] () - C:\WINDOWS\System32\lphcj90j0ee75.exe
[2 C:\WINDOWS\*.tmp files]
[04/13/2008 05:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\slrundll.exe
[06/28/2008 03:06 AM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$
[06/28/2008 03:13 AM | ---D | C] - C:\WINDOWS\l2schemas
[06/28/2008 03:14 AM | ---D | C] - C:\WINDOWS\ServicePackFiles
[07/22/2008 04:46 PM | 00,000,111 | ---- | C] () - C:\WINDOWS\ODBC.INI
[08/09/2008 04:04 PM | 01,538,928 | ---- | C] (Webroot Software, Inc.) - C:\WINDOWS\WRSetup.dll
[08/25/2008 03:23 PM | ---D | C] - C:\WINDOWS\Prefetch
[08/25/2008 08:39 AM | ---D | C] - C:\WINDOWS\ERDNT
[08/25/2008 02:19 PM | 00,001,470 | ---- | C] () - C:\WINDOWS\tasks\wrSpySweeperFullSweep.job
[08/25/2008 02:18 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Webroot
[08/25/2008 07:35 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\fkvatkhu
[08/25/2008 08:44 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/25/2008 02:18 PM | ---D | C] - C:\Documents and Settings\cmeinen\Application Data\Webroot
[08/25/2008 08:44 AM | ---D | C] - C:\Documents and Settings\cmeinen\Application Data\Malwarebytes
[07/25/2008 09:50 AM | 00,003,909 | ---- | C] () - C:\Documents and Settings\cmeinen\My Documents\STReport2008-07-25T16-50-05Z00.html
[08/05/2008 08:42 AM | 00,016,643 | ---- | C] () - C:\Documents and Settings\cmeinen\My Documents\STReport2008-08-05T15-42-51Z00.html
[08/05/2008 09:24 AM | 00,003,820 | ---- | C] () - C:\Documents and Settings\cmeinen\My Documents\STReport2008-08-05T16-24-15Z00.html
[08/08/2008 11:04 AM | 00,001,730 | -H-- | C] () - C:\Documents and Settings\cmeinen\My Documents\Default.rdp
[08/25/2008 02:19 PM | 00,001,641 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[08/25/2008 08:44 AM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[07/25/2008 09:08 AM | 00,064,512 | ---- | C] () - C:\Documents and Settings\cmeinen\Desktop\Employee Emergency Contact Information Form HR101 .doc
[08/22/2008 10:28 AM | 00,114,016 | ---- | C] () - C:\Documents and Settings\cmeinen\Desktop\107020.htm
[08/22/2008 10:28 AM | ---D | C] - C:\Documents and Settings\cmeinen\Desktop\107020_files
[08/25/2008 01:48 PM | 00,062,976 | ---- | C] () - C:\Documents and Settings\cmeinen\Desktop\Timecard 20080829.xls
[08/25/2008 08:38 AM | 00,000,592 | ---- | C] () - C:\Documents and Settings\cmeinen\Desktop\ERUNT.lnk
[08/25/2008 08:38 AM | 00,000,611 | ---- | C] () - C:\Documents and Settings\cmeinen\Desktop\NTREGOPT.lnk
[08/25/2008 11:16 AM | 00,001,734 | ---- | C] () - C:\Documents and Settings\cmeinen\Desktop\HijackThis.lnk
[08/25/2008 08:43 AM | ---D | C] - C:\Program Files\Common Files\Download Manager
[07/22/2008 11:19 AM | ---D | C] - C:\Program Files\Bonjour
[08/04/2008 07:38 AM | ---D | C] - C:\Program Files\iPod
[08/04/2008 07:38 AM | ---D | C] - C:\Program Files\iTunes
[08/11/2008 07:45 AM | ---D | C] - C:\Program Files\Apple Software Update
[08/25/2008 02:18 PM | ---D | C] - C:\Program Files\AskSBar
[08/25/2008 02:18 PM | ---D | C] - C:\Program Files\Webroot
[08/25/2008 07:36 AM | ---D | C] - C:\Program Files\ezhghse
[08/25/2008 08:38 AM | ---D | C] - C:\Program Files\ERUNT
[08/25/2008 09:18 AM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/25/2008 10:00 AM | ---D | C] - C:\Program Files\Microsoft CAPICOM 2.1.0.2
[08/25/2008 11:16 AM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 60 days]
[06/28/2008 03:07 AM | 00,250,048 | RHS- | M] () - C:\ntldr
[07/14/2008 08:32 AM | ---D | M] - C:\Documents and Settings
[07/22/2008 03:08 PM | ---D | M] - C:\Cybage
[07/22/2008 03:15 PM | ---D | M] - C:\a
[07/22/2008 03:18 PM | ---D | M] - C:\MIW Security, etc
[07/24/2008 10:26 AM | R--D | M] - C:\DEFAULT
[07/29/2008 10:58 AM | ---D | M] - C:\Research and Development
[07/29/2008 11:19 AM | ---D | M] - C:\PowerBuilder 11 Info
[07/30/2008 02:31 PM | ---D | M] - C:\STM
[07/30/2008 02:45 PM | ---D | M] - C:\Intelimark
[07/30/2008 02:45 PM | ---D | M] - C:\PGMC
[07/30/2008 02:45 PM | ---D | M] - C:\PGMC DataTrak
[08/18/2008 07:39 AM | ---D | M] - C:\MDT
[08/20/2008 02:15 PM | 00,027,136 | ---- | M] () - C:\20 August 2008.doc
[08/20/2008 02:49 PM | ---D | M] - C:\Mongolia
[08/22/2008 11:35 AM | ---D | M] - C:\Time Cards
[08/25/2008 02:17 PM | 00,000,164 | ---- | M] () - C:\install.dat
[08/25/2008 02:18 PM | R--D | M] - C:\Program Files
[08/25/2008 02:22 PM | ---D | M] - C:\WINDOWS
[08/25/2008 02:23 PM | ---D | M] - C:\QUARANTINE
[07/22/2008 07:45 AM | 00,009,696 | ---- | M] () - C:\WINDOWS\System32\dllcache\drvmain.sdb
[07/22/2008 07:45 AM | 00,790,846 | ---- | M] () - C:\WINDOWS\System32\dllcache\apph_sp.sdb
[07/22/2008 07:45 AM | 01,214,526 | ---- | M] () - C:\WINDOWS\System32\dllcache\sysmain.sdb
[07/22/2008 08:14 PM | 00,218,362 | ---- | M] () - C:\WINDOWS\System32\dllcache\apphelp.sdb
[07/22/2008 08:18 PM | 00,080,642 | ---- | M] () - C:\WINDOWS\System32\dllcache\apps.chm
[08/25/2008 02:23 PM | 00,000,771 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\HOSTS
[08/09/2008 02:42 PM | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\sshrmd.sys
[08/09/2008 02:42 PM | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\ssfs0bbc.sys
[08/09/2008 02:42 PM | 00,166,512 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\ssidrv.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/25/2008 02:24 PM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[1 C:\WINDOWS\System32\*.tmp files]
[06/28/2008 03:06 AM | ---D | M] - C:\WINDOWS\System32\ReinstallBackups
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\System32\Com
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\System32\npp
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\System32\oobe
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\System32\Restore
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\System32\bits
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\System32\en
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\System32\en-US
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\System32\scripting
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\System32\usmt
[06/30/2008 06:24 AM | 00,138,848 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[06/30/2008 06:24 AM | ---D | M] - C:\WINDOWS\System32\Setup
[06/30/2008 06:24 AM | ---D | M] - C:\WINDOWS\System32\wbem
[06/30/2008 06:28 AM | 00,106,314 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[06/30/2008 06:28 AM | 00,545,712 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[06/30/2008 06:28 AM | 00,664,172 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[07/22/2008 11:16 AM | ---D | M] - C:\WINDOWS\System32\DRVSTORE
[08/09/2008 02:42 PM | 00,015,208 | ---- | M] () - C:\WINDOWS\System32\SsiEfr.exe
[08/09/2008 02:42 PM | 00,031,080 | ---- | M] () - C:\WINDOWS\System32\wrLZMA.dll
[08/14/2008 03:02 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/25/2008 02:18 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/25/2008 02:18 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/25/2008 02:22 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\NvApps.xml
[08/25/2008 02:22 PM | 00,625,208 | ---- | M] () - C:\WINDOWS\System32\phcj90j0ee75.bmp
[08/25/2008 02:26 PM | ---D | M] - C:\WINDOWS\System32\inetsrv
[08/25/2008 07:35 AM | 00,106,496 | ---- | M] () - C:\WINDOWS\System32\pkpezgru.exe
[08/25/2008 09:51 AM | 00,106,496 | ---- | M] () - C:\WINDOWS\System32\jwdepalg.exe
[08/25/2008 09:51 AM | 00,194,560 | ---- | M] () - C:\WINDOWS\System32\lphcj90j0ee75.exe
[08/25/2008 09:59 AM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/25/2008 11:14 AM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[2 C:\WINDOWS\*.tmp files]
[06/27/2008 08:22 PM | ---D | M] - C:\WINDOWS\Debug
[06/28/2008 03:02 AM | ---D | M] - C:\WINDOWS\ehome
[06/28/2008 03:06 AM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstall$
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\msagent
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\mui
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\srchasst
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\system
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\ime
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\l2schemas
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\network diagnostic
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\PeerNet
[06/28/2008 03:14 AM | ---D | M] - C:\WINDOWS\ServicePackFiles
[06/28/2008 03:14 AM | ---D | M] - C:\WINDOWS\WinSxS
[06/30/2008 06:24 AM | R-SD | M] - C:\WINDOWS\Fonts
[07/21/2008 07:56 AM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[07/22/2008 04:46 PM | 00,000,111 | ---- | M] () - C:\WINDOWS\ODBC.INI
[08/09/2008 04:04 PM | 01,538,928 | ---- | M] (Webroot Software, Inc.) - C:\WINDOWS\WRSetup.dll
[08/12/2008 07:28 AM | ---D | M] - C:\WINDOWS\Registration
[08/13/2008 09:06 AM | ---D | M] - C:\WINDOWS\Help
[08/14/2008 03:01 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/14/2008 03:02 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/14/2008 03:02 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/14/2008 11:16 AM | ---D | M] - C:\WINDOWS\AppPatch
[08/25/2008 02:18 PM | -H-D | M] - C:\WINDOWS\inf
[08/25/2008 02:19 PM | 00,000,715 | ---- | M] () - C:\WINDOWS\win.ini
[08/25/2008 02:19 PM | -HSD | M] - C:\WINDOWS\Installer
[08/25/2008 02:19 PM | --SD | M] - C:\WINDOWS\Tasks
[08/25/2008 02:22 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/25/2008 02:23 PM | ---D | M] - C:\WINDOWS\system32
[08/25/2008 03:23 PM | 00,000,415 | ---- | M] () - C:\WINDOWS\hpbafd.ini
[08/25/2008 03:53 PM | ---D | M] - C:\WINDOWS\Temp
[08/25/2008 04:04 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/25/2008 04:53 AM | ---D | M] - C:\WINDOWS\security
[08/25/2008 08:39 AM | ---D | M] - C:\WINDOWS\ERDNT
[08/25/2008 09:13 AM | -HSD | M] - C:\WINDOWS\CSC
[08/19/2008 10:37 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/25/2008 02:19 PM | 00,001,470 | ---- | M] () - C:\WINDOWS\tasks\wrSpySweeperFullSweep.job
[08/25/2008 02:22 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/14/2008 03:03 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Microsoft Help
[08/25/2008 02:18 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Webroot
[08/25/2008 05:17 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Google Updater
[08/25/2008 07:35 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\fkvatkhu
[08/25/2008 08:44 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[07/03/2008 03:52 PM | ---D | M] - C:\Documents and Settings\cmeinen\Application Data\Google
[08/25/2008 02:18 PM | ---D | M] - C:\Documents and Settings\cmeinen\Application Data\Webroot
[08/25/2008 02:23 PM | ---D | M] - C:\Documents and Settings\cmeinen\Application Data\PackersScreenServer
[08/25/2008 08:44 AM | ---D | M] - C:\Documents and Settings\cmeinen\Application Data\Malwarebytes
[08/25/2008 10:53 AM | ---D | M] - C:\Documents and Settings\cmeinen\Application Data\Starbase
[06/28/2008 01:33 PM | 00,025,232 | ---- | M] () - C:\Documents and Settings\cmeinen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[07/24/2008 10:31 AM | ---D | M] - C:\Documents and Settings\cmeinen\Local Settings\Application Data\Apple Computer
[08/04/2008 02:42 PM | ---D | M] - C:\Documents and Settings\cmeinen\Local Settings\Application Data\Microsoft
[07/25/2008 09:50 AM | 00,003,909 | ---- | M] () - C:\Documents and Settings\cmeinen\My Documents\STReport2008-07-25T16-50-05Z00.html
[08/05/2008 08:42 AM | 00,016,643 | ---- | M] () - C:\Documents and Settings\cmeinen\My Documents\STReport2008-08-05T15-42-51Z00.html
[08/05/2008 09:24 AM | 00,003,820 | ---- | M] () - C:\Documents and Settings\cmeinen\My Documents\STReport2008-08-05T16-24-15Z00.html
[08/08/2008 11:04 AM | 00,001,730 | -H-- | M] () - C:\Documents and Settings\cmeinen\My Documents\Default.rdp
[08/25/2008 02:19 PM | 00,001,641 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[08/25/2008 08:44 AM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[07/25/2008 09:08 AM | 00,064,512 | ---- | M] () - C:\Documents and Settings\cmeinen\Desktop\Employee Emergency Contact Information Form HR101 .doc
[08/22/2008 10:28 AM | 00,114,016 | ---- | M] () - C:\Documents and Settings\cmeinen\Desktop\107020.htm
[08/22/2008 10:28 AM | ---D | M] - C:\Documents and Settings\cmeinen\Desktop\107020_files
[08/25/2008 01:48 PM | 00,062,976 | ---- | M] () - C:\Documents and Settings\cmeinen\Desktop\Timecard 20080829.xls
[08/25/2008 01:48 PM | ---D | M] - C:\Documents and Settings\cmeinen\Desktop\Various
[08/25/2008 08:38 AM | 00,000,592 | ---- | M] () - C:\Documents and Settings\cmeinen\Desktop\ERUNT.lnk
[08/25/2008 08:38 AM | 00,000,611 | ---- | M] () - C:\Documents and Settings\cmeinen\Desktop\NTREGOPT.lnk
[08/25/2008 11:16 AM | 00,001,734 | ---- | M] () - C:\Documents and Settings\cmeinen\Desktop\HijackThis.lnk
[08/25/2008 02:23 PM | 00,002,533 | ---- | M] () - C:\Documents and Settings\cmeinen\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk
[06/28/2008 03:10 AM | ---D | M] - C:\Program Files\Common Files\System
[08/25/2008 08:43 AM | ---D | M] - C:\Program Files\Common Files\Download Manager

< End of report >


I'll post the other file in another reply.
  • 0

#6
ilts

ilts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Here's the Extras.txt file:



OTViewIt Extras logfile created on: 8/25/2008 4:05:02 PM - Run 1
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\My Music\Stuff
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.36 Mb Total Physical Memory | 541.51 Mb Available Physical Memory | 56.50% Memory free
2.26 Gb Paging File | 1.76 Gb Available in Paging File | 77.82% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 22.58 Gb Free Space | 30.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 331.33 Gb Total Space | 97.75 Gb Free Space | 29.50% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive L: | 28.01 Gb Total Space | 9.82 Gb Free Space | 35.05% Space Free | Partition Type: NTFS
Drive S: | 331.33 Gb Total Space | 97.75 Gb Free Space | 29.50% Space Free | Partition Type: NTFS
Drive U: | 331.33 Gb Total Space | 97.75 Gb Free Space | 29.50% Space Free | Partition Type: NTFS

===== File Associations =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - File not found -
.cmd [@ = cmdfile] - File not found -
.com [@ = comfile] - File not found -
.exe [@ = exefile] - File not found -
.pif [@ = piffile] - File not found -
.scr [@ = scrfile] - File not found -

===== Uninstall List =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}" = Security Update for CAPICOM (KB931906)
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{220C7FD5-D9EB-445A-BC17-337B93231774}" = SQL Anywhere 10, Software
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25A0133B-8BAC-4E61-8F43-DC6D9D9FE80B}" = Microsoft Office Live Meeting 2005
"{26BD952D-11DA-49A2-A962-FB77223A5968}" = Sybase InfoMaker 11.1
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech VHS to DVD 3.0 Deluxe
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3884B191-7826-4A78-8BAF-A41ECE27D883}" = SQL Anywhere 10, Documentation
"{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}" = Virtual Earth 3D (Beta)
"{3B438F0E-21BE-4E80-B921-5A9AA4DAA402}" = MSN Toolbar
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{55E01FD6-D768-4687-8221-DB379465EEB9}" = Sybase PowerBuilder 10.0
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{639159C2-B27B-4208-8965-D8A0AEDBDED2}" = Microsoft .NET Framework 2.0 SDK - ENU
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6846389C-BAC0-4374-808E-B120F86AF5D7}" = Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BD9E9A4-B1FB-4837-8B63-C4FAEA54CF94}" = InfoMaker 11.0
"{6D3AF0DA-1846-47E5-8CF5-C3EF223A5B69}" = Sybase InfoMaker 10.0
"{72C6C385-9CE9-4AD6-9817-B03636BB02A9}" = PowerBuilder 11.0
"{73ABA534-4F22-408B-ACCD-9E8B800743F9}" = Microsoft Internet Explorer WebControls
"{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Spy Sweeper
"{7CFB90B6-603B-43D5-B2B4-76DE58C5C3D3}" = USB2.0 VIDBOX NW02
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{1AFF2298-CC00-4A3B-866A-C62B8373794E}" = Security Update for 2007 Microsoft Office System (KB951596)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{4AD3A076-427C-491F-A5B7-7D1DE788A756}" = Update for Microsoft Office Outlook 2007 (KB952142)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6BAD036C-261F-4BEF-96CF-C20678D07A41}" = Security Update for Visio 2007 (KB947590)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{7399DD71-8E24-4E60-B6A8-6CED89C0AC26}" = Security Update for Microsoft Office Excel 2007 (KB951546)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{A420F522-7395-4872-9882-C591B4B92278}" = Update for Office 2007 (KB946691)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{AD72BABE-C733-4FCF-9674-4314466191B9}" = Security Update for Microsoft Office Word 2007 (KB950113)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{D9806966-6AA1-4B55-9528-6748E37CEE86}" = Update for Outlook 2007 Junk Email Filter (kb955433)
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}" = Dell ETS Factory Installation
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard
"{AC76BA86-1033-0000-BA7E-000000000003}_Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{C04E32E0-0416-434D-AFB9-6969D703A9EF}" = MSXML 4.0 SP2 (KB936181)
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE573341-2049-4FBA-9473-C2B5DA82E8E8}" = Hummingbird Exceed V7.0
"{D1210D67-4001-40F1-94AE-232A89C66F2E}" = Sybase PowerBuilder 11.1
"{D2B0FD55-03C2-4B7F-A67F-C042C260371F}" = SQL Anywhere Studio 9, Documentation
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{F44EAEB2-332B-48B9-B1B7-E25EAB628124}" = PowerBuilder Client Runtime
"{F653AB56-DB37-415B-8DDD-EF5BC1982150}" = SQL Anywhere Studio 9, Software
"{FAB6577D-F021-4FD3-AE0F-0D0C794F946D}" = Sybase PowerTransfer
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"96c7f2a82b0c6a2ce4b0ca95e1002af0" = Sybase Adaptive Server Enterprise PC Client
"Adaptive Server Anywhere 6.0" = Sybase Adaptive Server Anywhere 6.0
"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.2 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"ASE ISQL" = ASE ISQL
"AskSBar Uninstall" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"BASICR" = Microsoft Office Basic 2007
"Code Visual to Flowchart_is1" = Code Visual to Flowchart 5.0 Build 0515
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InfoMaker 7.0" = Sybase InfoMaker 7.0
"KB835221WXP" = High Definition Audio Driver Package - KB835221
"KB892130" = Windows Genuine Advantage Validation Tool (KB892130)
"KB893803v2" = Windows Installer 3.1 (KB893803)
"KB911564" = Security Update for Windows Media Player (KB911564)
"KB923689" = Security Update for Windows XP (KB923689)
"KB923723" = Security Update for Step By Step Interactive Training (KB923723)
"KB923789" = Security Update for Windows XP (KB923789)
"KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398)
"KB929399" = Hotfix for Windows Media Format 11 SDK (KB929399)
"KB931906" = Security Update for CAPICOM (KB931906)
"KB936782_WMP11" = Security Update for Windows Media Player 11 (KB936782)
"KB936782_WMP9" = Security Update for Windows Media Player 9 (KB936782)
"KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143)
"KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127)
"KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653)
"KB939683" = Hotfix for Windows Media Player 11 (KB939683)
"KB941569" = Security Update for Windows XP (KB941569)
"KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615)
"KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533)
"KB946648" = Security Update for Windows XP (KB946648)
"KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864)
"KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759)
"KB950760" = Security Update for Windows XP (KB950760)
"KB950762" = Security Update for Windows XP (KB950762)
"KB950974" = Security Update for Windows XP (KB950974)
"KB951066" = Security Update for Windows XP (KB951066)
"KB951072-v2" = Update for Windows XP (KB951072-v2)
"KB951376" = Security Update for Windows XP (KB951376)
"KB951376-v2" = Security Update for Windows XP (KB951376-v2)
"KB951618-v2" = Update for Windows XP (KB951618-v2)
"KB951698" = Security Update for Windows XP (KB951698)
"KB951748" = Security Update for Windows XP (KB951748)
"KB951978" = Update for Windows XP (KB951978)
"KB952287" = Hotfix for Windows XP (KB952287)
"KB952954" = Security Update for Windows XP (KB952954)
"KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838)
"KB953839" = Security Update for Windows XP (KB953839)
"M928366" = Microsoft .NET Framework 1.1 Hotfix (KB928366)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 SDK - ENU" = Microsoft .NET Framework 2.0 SDK - ENU
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NanoScan" = Panda NanoScan
"NASA World Wind 1.4" = NASA World Wind 1.4
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PackersScreenServer" = Green Bay Packers ScreenServer
"PowerBuilder 7.0" = Sybase PowerBuilder 7.0
"PowerDesigner 9" = Sybase PowerDesigner 9.5.2
"RealPlayer 6.0" = RealPlayer
"StarTeam 5.3" = StarTeam 5.3
"StarTeam Microsoft SCC Integration" = StarTeam Microsoft SCC Integration
"StarTeam SDK Runtime 5.3" = StarTeam SDK Runtime 5.3
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"The Weather Channel Toolbar" = The Weather Channel Toolbar
"TotalScan" = Panda TotalScan
"WGA" = Windows Genuine Advantage Validation Tool (KB892130)
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

===== Uninstall List =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

===== Uninstall List =====


===== Uninstall List =====


===== Uninstall List =====


===== Uninstall List =====


===== Uninstall List =====

[HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

===== Winsock2 Catalogs =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - [07/24/2007 03:17 PM | 00,147,456 | ---- | M] (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll

===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Defaults =====


===== Protocol Handlers =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

===== Protocol Filters =====

< End of report >
  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\All Users\Application Data\fkvatkhu
    C:\WINDOWS\system32\lphcj90j0ee75.exe
    C:\WINDOWS\System32\phcj90j0ee75.bmp
    C:\Documents and Settings\cmeinen\Local Settings\Temp\.tt1C.tmp.exe
    C:\WINDOWS\system32\pkpezgru.exe
    C:\WINDOWS\system32\jwdepalg.exe
    C:\Program Files\AskSBar
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphcj90j0ee75
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\inrhcn90j0ee75
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MntSys
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winhlpmnt
    HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MntSys
    HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winhlpmnt
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
    HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}
    HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\n8rnlv24ed
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Reboot your computer then run OTViewIt again.. Then post the OTMoveIt2 and OTViewIt logs here :)
  • 0

#8
ilts

ilts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Unfortunately, I'm getting only the "Internet Explorer cannot display the webpage" message when I try to connect to the site to download OTMoveIt2. Should I wait a while and try again later?
  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

Unfortunately, I'm getting only the "Internet Explorer cannot display the webpage" message when I try to connect to the site to download OTMoveIt2. Should I wait a while and try again later?



Try this link..

http://oldtimer.geek...m/OTMoveIt2.exe
  • 0

#10
ilts

ilts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks! The second link worked fine.

Here are the results after the reboot:


OTMoveIt2 file

Explorer killed successfully
C:\Documents and Settings\All Users\Application Data\fkvatkhu moved successfully.
C:\WINDOWS\system32\lphcj90j0ee75.exe moved successfully.
C:\WINDOWS\System32\phcj90j0ee75.bmp moved successfully.
File move failed. C:\Documents and Settings\cmeinen\Local Settings\Temp\.tt1C.tmp.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\pkpezgru.exe moved successfully.
C:\WINDOWS\system32\jwdepalg.exe moved successfully.
C:\Program Files\AskSBar\SrchAstt\1.bin moved successfully.
C:\Program Files\AskSBar\SrchAstt moved successfully.
C:\Program Files\AskSBar\bar\Settings moved successfully.
C:\Program Files\AskSBar\bar\History moved successfully.
C:\Program Files\AskSBar\bar\Cache moved successfully.
C:\Program Files\AskSBar\bar\1.bin moved successfully.
C:\Program Files\AskSBar\bar moved successfully.
C:\Program Files\AskSBar moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphcj90j0ee75 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphcj90j0ee75 deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\inrhcn90j0ee75 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\inrhcn90j0ee75 deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MntSys >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MntSys deleted successfully.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winhlpmnt >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winhlpmnt deleted successfully.
< HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MntSys >
Registry value HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MntSys not found.
< HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winhlpmnt >
Registry value HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winhlpmnt not found.
< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} >
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} >
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} >
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} >
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}\ not found.
< HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} >
Registry value HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
< HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} >
Registry value HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}\ not found.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\n8rnlv24ed >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\n8rnlv24ed deleted successfully.
< EmptyTemp >
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt102.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt139.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt152.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt167.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt174.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt185.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt19E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt1C.tmp.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt2C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt42.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt54.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt68.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt78.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt8D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt9B.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.ttAC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.ttBB.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\etilqs_496G2j6n9RwHuDOMe98H scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\nsw3.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\~DFE6F7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\hsperfdata_CMeinen\2060 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\hsperfdata_CMeinen\636 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\cmeinen\LOCALS~1\Temp\nsw4.tmp\euladlg.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\hsperfdata_SYSTEM\376 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08252008_170414

Files moved on Reboot...
C:\Documents and Settings\cmeinen\Local Settings\Temp\.tt1C.tmp.exe moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt102.tmp moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt139.tmp moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt152.tmp moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt167.tmp moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt174.tmp moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt185.tmp moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt19E.tmp moved successfully.
File C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt1C.tmp.exe not found!
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt2C.tmp moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt42.tmp moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt54.tmp moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt68.tmp moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt7.tmp moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt78.tmp moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt8D.tmp moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.tt9B.tmp moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.ttAC.tmp moved successfully.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\.ttBB.tmp moved successfully.
File C:\DOCUME~1\cmeinen\LOCALS~1\Temp\etilqs_496G2j6n9RwHuDOMe98H not found!
File C:\DOCUME~1\cmeinen\LOCALS~1\Temp\nsw3.tmp not found!
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\~DFE6F7.tmp moved successfully.
File C:\DOCUME~1\cmeinen\LOCALS~1\Temp\hsperfdata_CMeinen\2060 not found!
File C:\DOCUME~1\cmeinen\LOCALS~1\Temp\hsperfdata_CMeinen\636 not found!
DllUnregisterServer procedure not found in C:\DOCUME~1\cmeinen\LOCALS~1\Temp\nsw4.tmp\euladlg.dll
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\nsw4.tmp\euladlg.dll NOT unregistered.
C:\DOCUME~1\cmeinen\LOCALS~1\Temp\nsw4.tmp\euladlg.dll moved successfully.
File C:\WINDOWS\temp\hsperfdata_SYSTEM\376 not found!



OTViewIT file:

OTViewIt logfile created on: 8/25/2008 5:20:08 PM - Run 2
OTViewIt by OldTimer - Version 1.0.0.12 Folder = C:\My Music\Stuff
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.36 Mb Total Physical Memory | 251.02 Mb Available Physical Memory | 26.19% Memory free
2.26 Gb Paging File | 1.66 Gb Available in Paging File | 73.43% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 25.86 Gb Free Space | 34.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 331.33 Gb Total Space | 97.43 Gb Free Space | 29.40% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive L: | 28.01 Gb Total Space | 9.82 Gb Free Space | 35.05% Space Free | Partition Type: NTFS
Drive S: | 331.33 Gb Total Space | 97.43 Gb Free Space | 29.40% Space Free | Partition Type: NTFS
Drive U: | 331.33 Gb Total Space | 97.43 Gb Free Space | 29.40% Space Free | Partition Type: NTFS

Computer Name: CYPRUS
Current User Name: cmeinen
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

===== Processes - Non-Microsoft Only =====

[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[03/17/2006 03:25 PM | 00,065,536 | ---- | M] (Broadcom Corporation) - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[06/23/2008 10:01 AM | 00,137,200 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[08/01/2000 05:37 PM | 00,032,768 | ---- | M] (Hummingbird Ltd.) - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
[07/07/2000 02:20 PM | 00,028,672 | ---- | M] (Hummingbird Ltd.) - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
[10/25/2007 04:06 PM | 00,103,744 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
[07/26/2000 01:59 PM | 00,040,960 | ---- | M] (Hummingbird Ltd.) - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\hjavaw.exe
[01/24/2008 09:50 PM | 00,144,704 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
[01/24/2008 09:50 PM | 00,054,608 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
[10/03/2006 12:28 PM | 00,155,715 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[11/10/2005 09:27 AM | 00,049,250 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe
[10/25/2007 04:06 PM | 00,136,512 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
[05/24/2006 12:49 AM | 00,024,576 | ---- | M] (Syntek America Inc.) - C:\WINDOWS\system32\StkASv2K.exe
[08/09/2008 02:42 PM | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
[08/29/2006 11:32 PM | 00,282,624 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\stsystra.exe
[07/27/2004 02:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation) - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[01/11/2008 08:54 PM | 00,623,992 | ---- | M] (Adobe Systems Inc.) - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[01/24/2008 09:50 PM | 00,111,952 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
[10/25/2007 04:06 PM | 00,136,512 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\Common Framework\UdaterUI.exe
[06/08/2007 07:59 AM | 00,224,248 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
[02/23/2008 01:58 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.) - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[09/08/2007 06:15 AM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[10/25/2007 04:06 PM | 00,086,016 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\Common Framework\Mctray.exe
[06/05/2004 01:20 AM | 00,131,072 | ---- | M] (iAnywhere Solutions, Inc.) - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
[10/30/2006 11:01 AM | 00,294,912 | ---- | M] (iAnywhere Solutions, Inc.) - C:\Program Files\Sybase\SQL Anywhere 10\win32\dbisqlg.exe
[06/10/2008 04:18 PM | 00,785,520 | ---- | M] (The Weather Channel Interactive, Inc.) - C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
[07/30/2008 10:47 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[07/22/2008 10:20 AM | 00,307,712 | ---- | M] (Mozilla Corporation) - C:\Program Files\Mozilla Firefox\firefox.exe
[08/25/2008 04:03 PM | 01,299,968 | ---- | M] (OldTimer Tools) - C:\My Music\Stuff\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(ASFIPmon) Broadcom ASF IP Monitor [Auto | Running]
[03/17/2006 03:25 PM | 00,065,536 | ---- | M] (Broadcom Corporation) - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[04/13/2008 05:12 PM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Running]
[09/08/2007 06:15 AM | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(gusvc) Google Updater Service [Auto | Running]
[06/23/2008 10:01 AM | 00,137,200 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(HCLInetd) Hummingbird Inetd [Auto | Running]
[08/01/2000 05:37 PM | 00,032,768 | ---- | M] (Hummingbird Ltd.) - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe

(iPod Service) iPod Service [On_Demand | Running]
[07/30/2008 10:47 AM | 00,532,264 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(Jconfigd) Hummingbird Jconfig Daemon [Auto | Running]
[07/07/2000 02:20 PM | 00,028,672 | ---- | M] (Hummingbird Ltd.) - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe

(McAfeeFramework) McAfee Framework Service [Unknown | Running]
[10/25/2007 04:06 PM | 00,103,744 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

(McShield) McAfee McShield [Unknown | Running]
[01/24/2008 09:50 PM | 00,144,704 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

(McTaskManager) McAfee Task Manager [Unknown | Running]
[01/24/2008 09:50 PM | 00,054,608 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running]
[10/03/2006 12:28 PM | 00,155,715 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(StkASSrv) USB2.0 VIDBOX NW02 Service [Auto | Running]
[05/24/2006 12:49 AM | 00,024,576 | ---- | M] (Syntek America Inc.) - C:\WINDOWS\system32\StkASv2K.exe

(stllssvr) stllssvr [On_Demand | Stopped]
[09/14/2006 12:54 PM | 00,073,728 | ---- | M] (MicroVision Development, Inc.) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

(ThreatFire) ThreatFire [Auto | Stopped]
File not found - C:\Program Files\ThreatFire\TFService.exe

(WebrootSpySweeperService) Webroot Spy Sweeper Engine [Auto | Running]
[08/09/2008 02:42 PM | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

===== Driver Services - Non-Microsoft Only =====

(AliIde) AliIde [Disabled | Stopped]
[08/17/2001 11:51 AM | 00,005,248 | ---- | M] (Acer Laboratories Inc.) - C:\WINDOWS\system32\drivers\aliide.sys

(amdagp) AMD AGP Bus Filter Driver [Disabled | Stopped]
[04/13/2008 11:36 AM | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) - C:\WINDOWS\system32\drivers\amdagp.sys

(AmdK8) AMD Processor Driver [System | Running]
[07/01/2006 08:39 PM | 00,036,864 | ---- | M] (Advanced Micro Devices) - C:\WINDOWS\system32\drivers\AmdK8.sys

(asc) asc [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,026,496 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc.sys

(asc3550) asc3550 [Disabled | Stopped]
[08/17/2001 11:51 AM | 00,014,848 | ---- | M] (Advanced System Products, Inc.) - C:\WINDOWS\system32\drivers\asc3550.sys

(b57w2k) Broadcom NetXtreme Gigabit Ethernet [On_Demand | Running]
[08/14/2006 12:30 AM | 00,156,160 | ---- | M] (Broadcom Corporation) - C:\WINDOWS\system32\drivers\b57xp32.sys

(BASFND) BASFND [Auto | Running]
[04/24/2003 02:21 PM | 00,006,025 | ---- | M] (Broadcom Corporation) - C:\Program Files\Broadcom\ASFIPMon\BASFND.sys

(CmdIde) CmdIde [Disabled | Stopped]
[08/17/2001 11:51 AM | 00,006,656 | ---- | M] (CMD Technology, Inc.) - C:\WINDOWS\system32\drivers\cmdide.sys

(dac2w2k) dac2w2k [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,179,584 | ---- | M] (Mylex Corporation) - C:\WINDOWS\system32\drivers\dac2w2k.sys

(DLABMFSM) DLABMFSM [Auto | Running]
[08/18/2006 11:17 AM | 00,035,096 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLABMFSM.SYS

(DLABOIOM) DLABOIOM [Auto | Running]
[08/18/2006 11:17 AM | 00,032,472 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLABOIOM.SYS

(DLACDBHM) DLACDBHM [System | Running]
[08/11/2006 08:35 AM | 00,012,920 | ---- | M] (Roxio) - C:\WINDOWS\system32\drivers\DLACDBHM.SYS

(DLADResM) DLADResM [Auto | Running]
[08/18/2006 11:18 AM | 00,009,400 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLADResM.SYS

(DLAIFS_M) DLAIFS_M [Auto | Running]
[08/18/2006 11:17 AM | 00,104,472 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

(DLAOPIOM) DLAOPIOM [Auto | Running]
[08/18/2006 11:17 AM | 00,026,008 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

(DLAPoolM) DLAPoolM [Auto | Running]
[08/18/2006 11:17 AM | 00,014,520 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLAPoolM.SYS

(DLARTL_M) DLARTL_M [System | Running]
[08/11/2006 08:35 AM | 00,028,184 | ---- | M] (Roxio) - C:\WINDOWS\system32\drivers\DLARTL_M.SYS

(DLAUDFAM) DLAUDFAM [Auto | Running]
[08/18/2006 11:17 AM | 00,094,648 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

(DLAUDF_M) DLAUDF_M [Auto | Running]
[08/18/2006 11:17 AM | 00,097,848 | ---- | M] (Roxio) - C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

(dmboot) dmboot [Disabled | Stopped]
[04/13/2008 11:44 AM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running]
[04/13/2008 11:44 AM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Boot | Running]
[08/04/2004 03:00 AM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(DRVMCDB) DRVMCDB [Boot | Running]
[07/21/2006 09:21 AM | 00,099,176 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\DRVMCDB.SYS

(DRVNDDM) DRVNDDM [Auto | Running]
[08/11/2006 09:05 AM | 00,051,768 | ---- | M] (Roxio) - C:\WINDOWS\system32\drivers\DRVNDDM.SYS

(DSproct) DSproct [On_Demand | Stopped]
File not found - C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

(E100B) Intel® PRO Adapter Driver [On_Demand | Stopped]
[08/17/2001 10:12 AM | 00,117,760 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [On_Demand | Running]
[04/13/2008 09:36 AM | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) - C:\WINDOWS\system32\drivers\hdaudbus.sys

(mfeapfk) McAfee Inc. [On_Demand | Running]
[01/24/2008 09:50 PM | 00,064,232 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfeapfk.sys

(mfeavfk) McAfee Inc. [On_Demand | Running]
[01/24/2008 09:50 PM | 00,072,936 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfeavfk.sys

(mfebopk) McAfee Inc. [On_Demand | Running]
[01/24/2008 09:50 PM | 00,033,960 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfebopk.sys

(mfehidk) McAfee Inc. [On_Demand | Running]
[01/24/2008 09:50 PM | 00,171,400 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfehidk.sys

(mferkdk) VSCore mferkdk [System | Running]
[01/24/2008 09:50 PM | 00,031,816 | ---- | M] (McAfee, Inc.) - C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys

(mfetdik) McAfee Inc. [System | Running]
[01/24/2008 09:50 PM | 00,052,104 | ---- | M] (McAfee, Inc.) - C:\WINDOWS\system32\drivers\mfetdik.sys

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(nv) nv [On_Demand | Running]
[10/03/2006 12:28 PM | 03,962,720 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(nvata) nvata [Boot | Running]
[02/25/2007 07:25 PM | 00,105,472 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nvata.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[08/04/2004 03:00 AM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[07/24/2006 01:00 AM | 00,036,528 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(ql1080) ql1080 [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,040,320 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1080.sys

(ql12160) ql12160 [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,045,312 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql12160.sys

(ql1280) ql1280 [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,049,024 | ---- | M] (QLogic Corporation) - C:\WINDOWS\system32\drivers\ql1280.sys

(Secdrv) Secdrv [On_Demand | Stopped]
[11/13/2007 03:25 AM | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sisagp) SIS AGP Bus Filter [Disabled | Stopped]
[04/13/2008 11:36 AM | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) - C:\WINDOWS\system32\drivers\sisagp.sys

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 12:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(ssfs0bbc) ssfs0bbc [Boot | Running]
[08/09/2008 02:42 PM | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\system32\drivers\ssfs0bbc.sys

(sshrmd) sshrmd [Boot | Running]
[08/09/2008 02:42 PM | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\system32\drivers\sshrmd.sys

(ssidrv) ssidrv [Boot | Running]
[08/09/2008 02:42 PM | 00,166,512 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\system32\drivers\ssidrv.sys

(STHDA) SigmaTel High Definition Audio CODEC [On_Demand | Running]
[08/29/2006 11:32 PM | 01,171,464 | ---- | M] (SigmaTel, Inc.) - C:\WINDOWS\system32\drivers\sthda.sys

(StkAMini) USB2.0 VIDBOX NW02 [On_Demand | Stopped]
[11/15/2006 06:32 PM | 00,242,139 | ---- | M] (Syntek America Inc.) - C:\WINDOWS\system32\drivers\StkAMini.sys

(StkScan) USB2.0 VIDBOX NW02 Still Image [On_Demand | Stopped]
[06/27/2006 07:27 PM | 00,004,772 | ---- | M] (Syntek America Inc.) - C:\WINDOWS\system32\drivers\StkScan.sys

(symc810) symc810 [Disabled | Stopped]
[08/17/2001 12:07 PM | 00,016,256 | ---- | M] (Symbios Logic Inc.) - C:\WINDOWS\system32\drivers\symc810.sys

(symc8xx) symc8xx [Disabled | Stopped]
[08/17/2001 12:07 PM | 00,032,640 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\symc8xx.sys

(sym_hi) sym_hi [Disabled | Stopped]
[08/17/2001 12:07 PM | 00,028,384 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_hi.sys

(sym_u3) sym_u3 [Disabled | Stopped]
[08/17/2001 12:07 PM | 00,030,688 | ---- | M] (LSI Logic) - C:\WINDOWS\system32\drivers\sym_u3.sys

(TfFsMon) TfFsMon [Boot | Stopped]
File not found - C:\WINDOWS\system32\drivers\TfFsMon.sys

(TfNetMon) TfNetMon [On_Demand | Stopped]
File not found - C:\WINDOWS\system32\drivers\TfNetMon.sys

(TfSysMon) TfSysMon [Boot | Stopped]
File not found - C:\WINDOWS\system32\drivers\TfSysMon.sys

(ultra) ultra [Disabled | Stopped]
[08/17/2001 11:52 AM | 00,036,736 | ---- | M] (Promise Technology, Inc.) - C:\WINDOWS\system32\drivers\ultra.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"" = File not found
"Acrobat Assistant 8.0" = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 08:54 PM | 00,623,992 | ---- | M] (Adobe Systems Inc.)
"Acrobat Speed Launch" = "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe" [10/22/2006 11:40 PM | 00,046,200 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM | 00,116,040 | ---- | M] (Apple Inc.)
"ISUSPM Startup" = "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup [07/27/2004 02:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [07/27/2004 02:50 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.)
"McAfeeUpdaterUI" = "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey [10/25/2007 04:06 PM | 00,136,512 | ---- | M] (McAfee, Inc.)
"NvCplDaemon" = "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup [10/03/2006 12:28 PM | 07,630,848 | ---- | M] (NVIDIA Corporation)
"NvMediaCenter" = "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [10/03/2006 12:28 PM | 00,086,016 | ---- | M] (NVIDIA Corporation)
"nwiz" = nwiz.exe /install File not found
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
"ShStatEXE" = "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [01/24/2008 09:50 PM | 00,111,952 | ---- | M] (McAfee, Inc.)
"SigmatelSysTrayApp" = "C:\WINDOWS\stsystra.exe" [08/29/2006 11:32 PM | 00,282,624 | ---- | M] (SigmaTel, Inc.)
"SpySweeper" = "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray [08/09/2008 04:04 PM | 05,418,864 | ---- | M] (Webroot Software, Inc.)
"TkBellExe" = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [02/23/2008 01:58 PM | 00,185,896 | ---- | M] (RealNetworks, Inc.)
"YSearchProtection" = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 07:59 AM | 00,224,248 | ---- | M] (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DBISQL10" = "C:\Program Files\Sybase\SQL Anywhere 10\win32\dbisqlg.exe" -preload [10/30/2006 11:01 AM | 00,294,912 | ---- | M] (iAnywhere Solutions, Inc.)
"DBISQL9" = "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload [06/05/2004 01:20 AM | 00,131,072 | ---- | M] (iAnywhere Solutions, Inc.)
"DW6" = "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM | 00,785,520 | ---- | M] (The Weather Channel Interactive, Inc.)
"PackersScreenServer" = "C:\Program Files\PackersScreenServer\PackersScreenServer.exe" -tb [09/19/2007 11:38 AM | 04,884,823 | ---- | M] ()
"SybaseCentral43" = "C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload File not found
"YSearchProtection" = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 07:59 AM | 00,224,248 | ---- | M] (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DBISQL10" = "C:\Program Files\Sybase\SQL Anywhere 10\win32\dbisqlg.exe" -preload [10/30/2006 11:01 AM | 00,294,912 | ---- | M] (iAnywhere Solutions, Inc.)
"DBISQL9" = "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload [06/05/2004 01:20 AM | 00,131,072 | ---- | M] (iAnywhere Solutions, Inc.)
"DW6" = "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 04:18 PM | 00,785,520 | ---- | M] (The Weather Channel Interactive, Inc.)
"PackersScreenServer" = "C:\Program Files\PackersScreenServer\PackersScreenServer.exe" -tb [09/19/2007 11:38 AM | 04,884,823 | ---- | M] ()
"SybaseCentral43" = "C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload File not found
"YSearchProtection" = "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 07:59 AM | 00,224,248 | ---- | M] (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[administrator.ILTS1 Startup Folder - C:\Documents and Settings\administrator.ILTS1\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

[cmeinen Startup Folder - C:\Documents and Settings\cmeinen\Start Menu\Programs\Startup]
[08/14/2008 03:03 AM | 00,845,584 | R--- | M] () - C:\Documents and Settings\cmeinen\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk = C:\WINDOWS\Installer\{91120000-0013-0000-0000-0000000FF1CE}\outicon.exe
File not found - C:\Documents and Settings\cmeinen\Start Menu\Programs\Startup\The Weather Channel Desktop.lnk = C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

[jradm Startup Folder - C:\Documents and Settings\jradm\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
HKLM CLSID: (&Yahoo! Toolbar Helper) - [10/19/2007 02:56 PM | 00,817,936 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
HKLM CLSID: (Adobe PDF Reader Link Helper) - [10/22/2006 09:08 PM | 00,062,080 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
HKLM CLSID: (RealPlayer Download and Record Plugin for Internet Explorer) - [02/23/2008 01:58 PM | 00,370,296 | ---- | M] (RealPlayer) C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
HKLM CLSID: (Yahoo! IE Services Button) - [10/31/2006 01:33 PM | 00,198,136 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [11/10/2005 11:22 AM | 00,184,423 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
HKLM CLSID: (scriptproxy) - [01/24/2008 09:50 PM | 00,066,880 | ---- | M] (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA1F9DDB-E605-4ba6-81D4-E427DEE012AD}]
HKLM CLSID: (TwcToolbarBhoApp Class) - [05/09/2007 09:41 AM | 00,073,728 | ---- | M] () C:\WINDOWS\system32\TwcToolbarBho.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [06/23/2008 10:02 AM | 02,549,368 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
HKLM CLSID: (Adobe PDF Conversion Toolbar Helper) - [05/10/2007 08:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [06/23/2008 10:01 AM | 00,654,320 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
HKLM CLSID: (MSN Toolbar Helper) - [06/03/2008 04:17 PM | 00,086,032 | ---- | M] (Microsoft Corp.) C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}"
HKLM CLSID: (MSN Toolbar) - [06/03/2008 04:17 PM | 00,086,032 | ---- | M] (Microsoft Corp.) C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [06/23/2008 10:02 AM | 02,549,368 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2E5E800E-6AC0-411E-940A-369530A35E43}"
HKLM CLSID: (The Weather Channel Toolbar) - [05/09/2007 10:24 AM | 00,262,144 | ---- | M] () C:\WINDOWS\system32\TwcToolbarIe7.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/10/2007 08:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [10/19/2007 02:56 PM | 00,817,936 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [06/23/2008 10:02 AM | 02,549,368 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/10/2007 08:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

[HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [06/23/2008 10:02 AM | 02,549,368 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
HKLM CLSID: (Adobe PDF) - [05/10/2007 08:47 PM | 00,321,120 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning" = 0
"NoWelcomeScreen" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"ForceStartMenuLogOff" = 1
"Intellimenus" = 1
"NoResolveSearch" = 1
"NoResolveTrack" = 1
"NoDesktopCleanupWizard" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr" = 0
"NoDispScrSavPage" = 1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145
"ForceStartMenuLogOff" = 1
"Intellimenus" = 1
"NoResolveSearch" = 1
"NoResolveTrack" = 1
"NoDesktopCleanupWizard" = 1

[HKEY_USERS\S-1-5-21-72051607-818835248-71842111-1426\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr" = 0
"NoDispScrSavPage" = 1

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [05/21/2008 04:37 AM | 12,844,576 | ---- | M] (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe [10/25/2007 04:06 PM | 00,103,744 | ---- | M] (McAfee, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [08/30/2007 05:43 PM | 04,670,704 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe [08/30/2007 05:43 PM | 00,091,376 | ---- | M] (Yahoo! Inc.)
"C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" = C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe File not found
"C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" = C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe [06/05/2004 01:20 AM | 00,131,072 | ---- | M] (iAnywhere Solutions, Inc.)
"C:\Program Files\Sybase\Adaptive Server Anywhere 6.0\win32\dbeng6.exe" = C:\Program Files\Sybase\Adaptive Server Anywhere 6.0\win32\dbeng6.exe [04/08/1999 06:53 PM | 00,038,400 | ---- | M] ()
"C:\Program Files\Starbase\SBToolbar\SBToolbar.exe" = C:\Program Files\Starbase\SBToolbar\SBToolbar.exe [09/03/2003 12:10 PM | 00,581,632 | ---- | M] (Borland Software Corporation)
"C:\Program Files\Hummingbird\Connectivity\7.00\Exceed\exceed.exe" = C:\Program Files\Hummingbird\Connectivity\7.00\Exceed\exceed.exe [08/11/2000 05:29 PM | 01,044,480 | ---- | M] (Hummingbird Ltd.)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe [04/13/2008 05:12 PM | 00,042,496 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Sybase\SQL Anywhere 10\win32\dbisqlg.exe" = C:\Program Files\Sybase\SQL Anywhere 10\win32\dbisqlg.exe [10/30/2006 11:01 AM | 00,294,912 | ---- | M] (iAnywhere Solutions, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe [07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe [07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe [04/13/2008 05:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [05/21/2008 04:37 AM | 12,844,576 | ---- | M] (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\network diagnostic\xpnetdiag.exe [04/13/2008 11:53 AM | 00,558,080 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [04/13/2008 05:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [04/13/2008 05:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [04/13/2008 05:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [04/13/2008 05:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====
Unable to open key or key not present!


===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{E2A1C50E-823B-4C6D-8E34-9679BC96E06D}]
Servers: | Description: Broadcom NetXtreme 57xx Gigabit Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F1712E36-F8CB-4DE2-BCFC-9EAFAAD320A3}]
Servers: | Description:

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

===== Autorun Files on Drives =====

AUTOEXEC.BAT []
[08/11/2004 03:15 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35da87fc-7805-11dc-97a5-001aa035bc87}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35da87fc-7805-11dc-97a5-001aa035bc87}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35da87fc-7805-11dc-97a5-001aa035bc87}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42bb820d-f602-11dc-97cc-001aa035bc87}\Shell]
"" = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42bb820d-f602-11dc-97cc-001aa035bc87}\Shell\Autoplay]
"MUIVerb" = C:\WINDOWS\system32\shell32.dll [04/13/2008 05:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42bb820d-f602-11dc-97cc-001aa035bc87}\Shell\Autoplay\DropTarget]
"CLSID" = {f26a669a-bcbb-4e37-abf9-7325da15f931}

===== Hosts File =====

HOSTS File = (771 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
172.17.0.44 demmis
10.0.0.200 swzmis



[Files/Folders - Created Within 60 days]
[07/22/2008 03:18 PM | ---D | C] - C:\MIW Security, etc
[07/29/2008 10:58 AM | ---D | C] - C:\Research and Development
[08/20/2008 02:15 PM | 00,027,136 | ---- | C] () - C:\20 August 2008.doc
[08/25/2008 02:17 PM | 00,000,164 | ---- | C] () - C:\install.dat
[08/25/2008 05:04 PM | ---D | C] - C:\_OTMoveIt
[07/22/2008 07:45 AM | 00,009,696 | ---- | C] () - C:\WINDOWS\System32\dllcache\drvmain.sdb
[07/22/2008 07:45 AM | 00,790,846 | ---- | C] () - C:\WINDOWS\System32\dllcache\apph_sp.sdb
[07/22/2008 07:45 AM | 01,214,526 | ---- | C] () - C:\WINDOWS\System32\dllcache\sysmain.sdb
[07/22/2008 08:14 PM | 00,218,362 | ---- | C] () - C:\WINDOWS\System32\dllcache\apphelp.sdb
[07/22/2008 08:18 PM | 00,080,642 | ---- | C] () - C:\WINDOWS\System32\dllcache\apps.chm
[04/13/2008 05:11 PM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[04/13/2008 05:11 PM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[04/13/2008 05:11 PM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[04/13/2008 05:11 PM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[04/13/2008 05:11 PM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[04/13/2008 05:11 PM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[04/13/2008 05:11 PM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[04/13/2008 05:11 PM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[04/13/2008 05:11 PM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[04/13/2008 05:11 PM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[04/13/2008 05:11 PM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[04/13/2008 05:11 PM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[04/13/2008 05:11 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[04/13/2008 05:12 PM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\
  • 0

Advertisements


#11
ilts

ilts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Truncated again...


Here is the end of the second file.


[Files/Folders - Created Within 60 days]
[07/22/2008 03:18 PM | ---D | C] - C:\MIW Security, etc
[07/29/2008 10:58 AM | ---D | C] - C:\Research and Development
[08/20/2008 02:15 PM | 00,027,136 | ---- | C] () - C:\20 August 2008.doc
[08/25/2008 02:17 PM | 00,000,164 | ---- | C] () - C:\install.dat
[08/25/2008 05:04 PM | ---D | C] - C:\_OTMoveIt
[07/22/2008 07:45 AM | 00,009,696 | ---- | C] () - C:\WINDOWS\System32\dllcache\drvmain.sdb
[07/22/2008 07:45 AM | 00,790,846 | ---- | C] () - C:\WINDOWS\System32\dllcache\apph_sp.sdb
[07/22/2008 07:45 AM | 01,214,526 | ---- | C] () - C:\WINDOWS\System32\dllcache\sysmain.sdb
[07/22/2008 08:14 PM | 00,218,362 | ---- | C] () - C:\WINDOWS\System32\dllcache\apphelp.sdb
[07/22/2008 08:18 PM | 00,080,642 | ---- | C] () - C:\WINDOWS\System32\dllcache\apps.chm
[04/13/2008 05:11 PM | 00,003,135 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv08nt5.dll
[04/13/2008 05:11 PM | 00,003,615 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv05nt5.dll
[04/13/2008 05:11 PM | 00,003,647 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv07nt5.dll
[04/13/2008 05:11 PM | 00,003,711 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv09nt5.dll
[04/13/2008 05:11 PM | 00,003,775 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv11nt5.dll
[04/13/2008 05:11 PM | 00,003,967 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv02nt5.dll
[04/13/2008 05:11 PM | 00,004,255 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\adv01nt5.dll
[04/13/2008 05:11 PM | 00,011,359 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv02nt5.dll
[04/13/2008 05:11 PM | 00,014,143 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv06nt5.dll
[04/13/2008 05:11 PM | 00,015,423 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[04/13/2008 05:11 PM | 00,017,279 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv10nt5.dll
[04/13/2008 05:11 PM | 00,021,183 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv01nt5.dll
[04/13/2008 05:11 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\atv04nt5.dll
[04/13/2008 05:12 PM | 00,003,901 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\siint5.dll
[04/13/2008 05:12 PM | 00,011,325 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\vchnt5.dll
[07/17/2004 10:55 PM | 00,129,045 | ---- | C] () - C:\WINDOWS\System32\drivers\cxthsfs2.cty
[07/17/2004 11:35 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img
[07/17/2004 11:36 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod
[08/03/2004 10:29 PM | 00,011,295 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv08nt.sys
[08/03/2004 10:29 PM | 00,011,615 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1mdxx.sys
[08/03/2004 10:29 PM | 00,011,807 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv07nt.sys
[08/03/2004 10:29 PM | 00,011,871 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv09nt.sys
[08/03/2004 10:29 PM | 00,011,935 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\wadv11nt.sys
[08/03/2004 10:29 PM | 00,012,047 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1pdxx.sys
[08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinmdxx.sys
[08/03/2004 10:29 PM | 00,013,824 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinttxx.sys
[08/03/2004 10:29 PM | 00,014,336 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinpdxx.sys
[08/03/2004 10:29 PM | 00,021,343 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1ttxx.sys
[08/03/2004 10:29 PM | 00,022,271 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv06nt.sys
[08/03/2004 10:29 PM | 00,025,471 | ---- | C] (Intel® Corporation) - C:\WINDOWS\System32\drivers\watv10nt.sys
[08/03/2004 10:29 PM | 00,026,367 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1snxx.sys
[08/03/2004 10:29 PM | 00,028,672 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinsnxx.sys
[08/03/2004 10:29 PM | 00,029,455 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xbxx.sys
[08/03/2004 10:29 PM | 00,030,671 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1raxx.sys
[08/03/2004 10:29 PM | 00,031,744 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxbxx.sys
[08/03/2004 10:29 PM | 00,034,735 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1xsxx.sys
[08/03/2004 10:29 PM | 00,036,463 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1tuxx.sys
[08/03/2004 10:29 PM | 00,052,224 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinraxx.sys
[08/03/2004 10:29 PM | 00,056,623 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1btxx.sys
[08/03/2004 10:29 PM | 00,057,856 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinbtxx.sys
[08/03/2004 10:29 PM | 00,063,488 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinxsxx.sys
[08/03/2004 10:29 PM | 00,063,663 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati1rvxx.sys
[08/03/2004 10:29 PM | 00,073,216 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atintuxx.sys
[08/03/2004 10:29 PM | 00,104,960 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\atinrvxx.sys
[08/03/2004 10:29 PM | 00,166,912 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\drivers\s3gnbm.sys
[08/03/2004 10:29 PM | 00,327,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtaa.sys
[08/03/2004 10:29 PM | 00,452,736 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\drivers\mtxparhm.sys
[08/03/2004 10:29 PM | 00,701,440 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\drivers\ati2mtag.sys
[08/03/2004 10:41 PM | 00,011,868 | ---- | C] (Conexant) - C:\WINDOWS\System32\drivers\mdmxsdk.sys
[08/03/2004 10:41 PM | 00,013,240 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slwdmsup.sys
[08/03/2004 10:41 PM | 00,013,776 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\recagent.sys
[08/03/2004 10:41 PM | 00,095,424 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnthal.sys
[08/03/2004 10:41 PM | 00,126,686 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlmnt5.sys
[08/03/2004 10:41 PM | 00,129,535 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slnt7554.sys
[08/03/2004 10:41 PM | 00,180,360 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\ntmtlfax.sys
[08/03/2004 10:41 PM | 00,220,032 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[08/03/2004 10:41 PM | 00,404,990 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\slntamr.sys
[08/03/2004 10:41 PM | 00,685,056 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfcxts2.sys
[08/03/2004 10:41 PM | 01,041,536 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[08/03/2004 10:41 PM | 01,309,184 | ---- | C] (Smart Link) - C:\WINDOWS\System32\drivers\mtlstrm.sys
[08/09/2008 02:42 PM | 00,023,152 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\sshrmd.sys
[08/09/2008 02:42 PM | 00,029,808 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\ssfs0bbc.sys
[08/09/2008 02:42 PM | 00,166,512 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\ssidrv.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | C] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[1 C:\WINDOWS\System32\*.tmp files]
[04/13/2008 05:11 PM | 00,032,285 | ---- | C] (Conexant Systems, Inc.) - C:\WINDOWS\System32\hsfcisp2.dll
[04/13/2008 05:11 PM | 00,032,768 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativtmxx.dll
[04/13/2008 05:11 PM | 00,086,016 | ---- | C] (Conexant) - C:\WINDOWS\System32\mdmxsdk.dll
[04/13/2008 05:11 PM | 00,201,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvag.dll
[04/13/2008 05:11 PM | 00,229,376 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2cqag.dll
[04/13/2008 05:11 PM | 00,377,984 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ati2dvaa.dll
[04/13/2008 05:11 PM | 00,516,768 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ativvaxx.dll
[04/13/2008 05:11 PM | 00,870,784 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3d1ag.dll
[04/13/2008 05:11 PM | 01,888,992 | ---- | C] (ATI Technologies Inc. ) - C:\WINDOWS\System32\ati3duag.dll
[04/13/2008 05:12 PM | 00,009,728 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativdaxx.ax
[04/13/2008 05:12 PM | 00,023,040 | ---- | C] (ATI Technologies Inc.) - C:\WINDOWS\System32\ativmvxx.ax
[04/13/2008 05:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slrundll.exe
[04/13/2008 05:12 PM | 00,073,796 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slserv.exe
[04/13/2008 05:12 PM | 00,073,832 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slcoinst.dll
[04/13/2008 05:12 PM | 00,188,508 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slgen.dll
[04/13/2008 05:12 PM | 00,286,792 | ---- | C] (Smart Link) - C:\WINDOWS\System32\slextspk.dll
[04/13/2008 05:12 PM | 00,397,056 | ---- | C] (S3 Graphics, Inc.) - C:\WINDOWS\System32\s3gnb.dll
[04/13/2008 05:12 PM | 01,737,856 | ---- | C] (Matrox Graphics Inc.) - C:\WINDOWS\System32\mtxparhd.dll
[06/20/2007 10:52 PM | 00,000,974 | ---- | C] () - C:\WINDOWS\System32\pid.inf
[06/28/2008 03:13 AM | ---D | C] - C:\WINDOWS\System32\bits
[06/28/2008 03:13 AM | ---D | C] - C:\WINDOWS\System32\en
[06/28/2008 03:13 AM | ---D | C] - C:\WINDOWS\System32\scripting
[08/09/2008 02:42 PM | 00,015,208 | ---- | C] () - C:\WINDOWS\System32\SsiEfr.exe
[08/09/2008 02:42 PM | 00,031,080 | ---- | C] () - C:\WINDOWS\System32\wrLZMA.dll
[2 C:\WINDOWS\*.tmp files]
[04/13/2008 05:12 PM | 00,032,866 | ---- | C] (Smart Link) - C:\WINDOWS\slrundll.exe
[06/28/2008 03:06 AM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$
[06/28/2008 03:13 AM | ---D | C] - C:\WINDOWS\l2schemas
[06/28/2008 03:14 AM | ---D | C] - C:\WINDOWS\ServicePackFiles
[07/22/2008 04:46 PM | 00,000,111 | ---- | C] () - C:\WINDOWS\ODBC.INI
[08/09/2008 04:04 PM | 01,538,928 | ---- | C] (Webroot Software, Inc.) - C:\WINDOWS\WRSetup.dll
[08/25/2008 05:16 PM | ---D | C] - C:\WINDOWS\Prefetch
[08/25/2008 08:39 AM | ---D | C] - C:\WINDOWS\ERDNT
[08/25/2008 02:19 PM | 00,001,470 | ---- | C] () - C:\WINDOWS\tasks\wrSpySweeperFullSweep.job
[08/25/2008 02:18 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Webroot
[08/25/2008 08:44 AM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[08/25/2008 02:18 PM | ---D | C] - C:\Documents and Settings\cmeinen\Application Data\Webroot
[08/25/2008 08:44 AM | ---D | C] - C:\Documents and Settings\cmeinen\Application Data\Malwarebytes
[07/25/2008 09:50 AM | 00,003,909 | ---- | C] () - C:\Documents and Settings\cmeinen\My Documents\STReport2008-07-25T16-50-05Z00.html
[08/05/2008 08:42 AM | 00,016,643 | ---- | C] () - C:\Documents and Settings\cmeinen\My Documents\STReport2008-08-05T15-42-51Z00.html
[08/05/2008 09:24 AM | 00,003,820 | ---- | C] () - C:\Documents and Settings\cmeinen\My Documents\STReport2008-08-05T16-24-15Z00.html
[08/08/2008 11:04 AM | 00,001,730 | -H-- | C] () - C:\Documents and Settings\cmeinen\My Documents\Default.rdp
[08/25/2008 02:19 PM | 00,001,641 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[08/25/2008 08:44 AM | 00,000,696 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[07/25/2008 09:08 AM | 00,064,512 | ---- | C] () - C:\Documents and Settings\cmeinen\Desktop\Employee Emergency Contact Information Form HR101 .doc
[08/22/2008 10:28 AM | 00,114,016 | ---- | C] () - C:\Documents and Settings\cmeinen\Desktop\107020.htm
[08/22/2008 10:28 AM | ---D | C] - C:\Documents and Settings\cmeinen\Desktop\107020_files
[08/25/2008 01:48 PM | 00,062,976 | ---- | C] () - C:\Documents and Settings\cmeinen\Desktop\Timecard 20080829.xls
[08/25/2008 08:38 AM | 00,000,592 | ---- | C] () - C:\Documents and Settings\cmeinen\Desktop\ERUNT.lnk
[08/25/2008 08:38 AM | 00,000,611 | ---- | C] () - C:\Documents and Settings\cmeinen\Desktop\NTREGOPT.lnk
[08/25/2008 11:16 AM | 00,001,734 | ---- | C] () - C:\Documents and Settings\cmeinen\Desktop\HijackThis.lnk
[08/25/2008 08:43 AM | ---D | C] - C:\Program Files\Common Files\Download Manager
[07/22/2008 11:19 AM | ---D | C] - C:\Program Files\Bonjour
[08/04/2008 07:38 AM | ---D | C] - C:\Program Files\iPod
[08/04/2008 07:38 AM | ---D | C] - C:\Program Files\iTunes
[08/11/2008 07:45 AM | ---D | C] - C:\Program Files\Apple Software Update
[08/25/2008 02:18 PM | ---D | C] - C:\Program Files\Webroot
[08/25/2008 07:36 AM | ---D | C] - C:\Program Files\ezhghse
[08/25/2008 08:38 AM | ---D | C] - C:\Program Files\ERUNT
[08/25/2008 09:18 AM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[08/25/2008 10:00 AM | ---D | C] - C:\Program Files\Microsoft CAPICOM 2.1.0.2
[08/25/2008 11:16 AM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 60 days]
[06/28/2008 03:07 AM | 00,250,048 | RHS- | M] () - C:\ntldr
[07/14/2008 08:32 AM | ---D | M] - C:\Documents and Settings
[07/22/2008 03:08 PM | ---D | M] - C:\Cybage
[07/22/2008 03:15 PM | ---D | M] - C:\a
[07/22/2008 03:18 PM | ---D | M] - C:\MIW Security, etc
[07/24/2008 10:26 AM | R--D | M] - C:\DEFAULT
[07/29/2008 10:58 AM | ---D | M] - C:\Research and Development
[07/29/2008 11:19 AM | ---D | M] - C:\PowerBuilder 11 Info
[07/30/2008 02:31 PM | ---D | M] - C:\STM
[07/30/2008 02:45 PM | ---D | M] - C:\Intelimark
[07/30/2008 02:45 PM | ---D | M] - C:\PGMC
[07/30/2008 02:45 PM | ---D | M] - C:\PGMC DataTrak
[08/18/2008 07:39 AM | ---D | M] - C:\MDT
[08/20/2008 02:15 PM | 00,027,136 | ---- | M] () - C:\20 August 2008.doc
[08/20/2008 02:49 PM | ---D | M] - C:\Mongolia
[08/22/2008 11:35 AM | ---D | M] - C:\Time Cards
[08/25/2008 02:17 PM | 00,000,164 | ---- | M] () - C:\install.dat
[08/25/2008 02:22 PM | ---D | M] - C:\WINDOWS
[08/25/2008 02:23 PM | ---D | M] - C:\QUARANTINE
[08/25/2008 05:04 PM | ---D | M] - C:\_OTMoveIt
[08/25/2008 05:04 PM | R--D | M] - C:\Program Files
[07/22/2008 07:45 AM | 00,009,696 | ---- | M] () - C:\WINDOWS\System32\dllcache\drvmain.sdb
[07/22/2008 07:45 AM | 00,790,846 | ---- | M] () - C:\WINDOWS\System32\dllcache\apph_sp.sdb
[07/22/2008 07:45 AM | 01,214,526 | ---- | M] () - C:\WINDOWS\System32\dllcache\sysmain.sdb
[07/22/2008 08:14 PM | 00,218,362 | ---- | M] () - C:\WINDOWS\System32\dllcache\apphelp.sdb
[07/22/2008 08:18 PM | 00,080,642 | ---- | M] () - C:\WINDOWS\System32\dllcache\apps.chm
[08/25/2008 02:23 PM | 00,000,771 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\HOSTS
[08/09/2008 02:42 PM | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\sshrmd.sys
[08/09/2008 02:42 PM | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\ssfs0bbc.sys
[08/09/2008 02:42 PM | 00,166,512 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) - C:\WINDOWS\System32\drivers\ssidrv.sys
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/25/2008 02:24 PM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[1 C:\WINDOWS\System32\*.tmp files]
[06/28/2008 03:06 AM | ---D | M] - C:\WINDOWS\System32\ReinstallBackups
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\System32\Com
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\System32\npp
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\System32\oobe
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\System32\Restore
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\System32\bits
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\System32\en
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\System32\en-US
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\System32\scripting
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\System32\usmt
[06/30/2008 06:24 AM | 00,138,848 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT
[06/30/2008 06:24 AM | ---D | M] - C:\WINDOWS\System32\Setup
[06/30/2008 06:24 AM | ---D | M] - C:\WINDOWS\System32\wbem
[06/30/2008 06:28 AM | 00,106,314 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[06/30/2008 06:28 AM | 00,545,712 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[06/30/2008 06:28 AM | 00,664,172 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[07/22/2008 11:16 AM | ---D | M] - C:\WINDOWS\System32\DRVSTORE
[08/09/2008 02:42 PM | 00,015,208 | ---- | M] () - C:\WINDOWS\System32\SsiEfr.exe
[08/09/2008 02:42 PM | 00,031,080 | ---- | M] () - C:\WINDOWS\System32\wrLZMA.dll
[08/14/2008 03:02 AM | RHSD | M] - C:\WINDOWS\System32\dllcache
[08/25/2008 02:18 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[08/25/2008 02:18 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/25/2008 05:16 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\NvApps.xml
[08/25/2008 05:19 PM | ---D | M] - C:\WINDOWS\System32\inetsrv
[08/25/2008 09:59 AM | ---D | M] - C:\WINDOWS\System32\CatRoot
[08/25/2008 11:14 AM | 00,002,206 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[2 C:\WINDOWS\*.tmp files]
[06/27/2008 08:22 PM | ---D | M] - C:\WINDOWS\Debug
[06/28/2008 03:02 AM | ---D | M] - C:\WINDOWS\ehome
[06/28/2008 03:06 AM | -H-D | M] - C:\WINDOWS\$NtServicePackUninstall$
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\msagent
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\mui
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\srchasst
[06/28/2008 03:10 AM | ---D | M] - C:\WINDOWS\system
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\ime
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\l2schemas
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\network diagnostic
[06/28/2008 03:13 AM | ---D | M] - C:\WINDOWS\PeerNet
[06/28/2008 03:14 AM | ---D | M] - C:\WINDOWS\ServicePackFiles
[06/28/2008 03:14 AM | ---D | M] - C:\WINDOWS\WinSxS
[06/30/2008 06:24 AM | R-SD | M] - C:\WINDOWS\Fonts
[07/21/2008 07:56 AM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[07/22/2008 04:46 PM | 00,000,111 | ---- | M] () - C:\WINDOWS\ODBC.INI
[08/09/2008 04:04 PM | 01,538,928 | ---- | M] (Webroot Software, Inc.) - C:\WINDOWS\WRSetup.dll
[08/12/2008 07:28 AM | ---D | M] - C:\WINDOWS\Registration
[08/13/2008 09:06 AM | ---D | M] - C:\WINDOWS\Help
[08/14/2008 03:01 AM | ---D | M] - C:\WINDOWS\ie7updates
[08/14/2008 03:02 AM | 00,001,374 | ---- | M] () - C:\WINDOWS\imsins.BAK
[08/14/2008 03:02 AM | -H-D | M] - C:\WINDOWS\$hf_mig$
[08/14/2008 11:16 AM | ---D | M] - C:\WINDOWS\AppPatch
[08/25/2008 02:18 PM | -H-D | M] - C:\WINDOWS\inf
[08/25/2008 02:19 PM | 00,000,715 | ---- | M] () - C:\WINDOWS\win.ini
[08/25/2008 02:19 PM | -HSD | M] - C:\WINDOWS\Installer
[08/25/2008 02:19 PM | --SD | M] - C:\WINDOWS\Tasks
[08/25/2008 04:53 AM | ---D | M] - C:\WINDOWS\security
[08/25/2008 04:58 PM | 00,000,515 | ---- | M] () - C:\WINDOWS\hpbafd.ini
[08/25/2008 05:04 PM | ---D | M] - C:\WINDOWS\system32
[08/25/2008 05:15 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/25/2008 05:16 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/25/2008 05:17 PM | ---D | M] - C:\WINDOWS\Temp
[08/25/2008 08:39 AM | ---D | M] - C:\WINDOWS\ERDNT
[08/25/2008 09:13 AM | -HSD | M] - C:\WINDOWS\CSC
[08/19/2008 10:37 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/25/2008 02:19 PM | 00,001,470 | ---- | M] () - C:\WINDOWS\tasks\wrSpySweeperFullSweep.job
[08/25/2008 05:15 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/14/2008 03:03 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Microsoft Help
[08/25/2008 02:18 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Webroot
[08/25/2008 05:17 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Google Updater
[08/25/2008 08:44 AM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[07/03/2008 03:52 PM | ---D | M] - C:\Documents and Settings\cmeinen\Application Data\Google
[08/25/2008 02:18 PM | ---D | M] - C:\Documents and Settings\cmeinen\Application Data\Webroot
[08/25/2008 05:16 PM | ---D | M] - C:\Documents and Settings\cmeinen\Application Data\PackersScreenServer
[08/25/2008 08:44 AM | ---D | M] - C:\Documents and Settings\cmeinen\Application Data\Malwarebytes
[08/25/2008 10:53 AM | ---D | M] - C:\Documents and Settings\cmeinen\Application Data\Starbase
[06/28/2008 01:33 PM | 00,025,232 | ---- | M] () - C:\Documents and Settings\cmeinen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[07/24/2008 10:31 AM | ---D | M] - C:\Documents and Settings\cmeinen\Local Settings\Application Data\Apple Computer
[08/04/2008 02:42 PM | ---D | M] - C:\Documents and Settings\cmeinen\Local Settings\Application Data\Microsoft
[07/25/2008 09:50 AM | 00,003,909 | ---- | M] () - C:\Documents and Settings\cmeinen\My Documents\STReport2008-07-25T16-50-05Z00.html
[08/05/2008 08:42 AM | 00,016,643 | ---- | M] () - C:\Documents and Settings\cmeinen\My Documents\STReport2008-08-05T15-42-51Z00.html
[08/05/2008 09:24 AM | 00,003,820 | ---- | M] () - C:\Documents and Settings\cmeinen\My Documents\STReport2008-08-05T16-24-15Z00.html
[08/08/2008 11:04 AM | 00,001,730 | -H-- | M] () - C:\Documents and Settings\cmeinen\My Documents\Default.rdp
[08/25/2008 02:19 PM | 00,001,641 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk
[08/25/2008 08:44 AM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[07/25/2008 09:08 AM | 00,064,512 | ---- | M] () - C:\Documents and Settings\cmeinen\Desktop\Employee Emergency Contact Information Form HR101 .doc
[08/22/2008 10:28 AM | 00,114,016 | ---- | M] () - C:\Documents and Settings\cmeinen\Desktop\107020.htm
[08/22/2008 10:28 AM | ---D | M] - C:\Documents and Settings\cmeinen\Desktop\107020_files
[08/25/2008 01:48 PM | 00,062,976 | ---- | M] () - C:\Documents and Settings\cmeinen\Desktop\Timecard 20080829.xls
[08/25/2008 01:48 PM | ---D | M] - C:\Documents and Settings\cmeinen\Desktop\Various
[08/25/2008 08:38 AM | 00,000,592 | ---- | M] () - C:\Documents and Settings\cmeinen\Desktop\ERUNT.lnk
[08/25/2008 08:38 AM | 00,000,611 | ---- | M] () - C:\Documents and Settings\cmeinen\Desktop\NTREGOPT.lnk
[08/25/2008 11:16 AM | 00,001,734 | ---- | M] () - C:\Documents and Settings\cmeinen\Desktop\HijackThis.lnk
[08/25/2008 05:16 PM | 00,002,533 | ---- | M] () - C:\Documents and Settings\cmeinen\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk
[06/28/2008 03:10 AM | ---D | M] - C:\Program Files\Common Files\System
[08/25/2008 08:43 AM | ---D | M] - C:\Program Files\Common Files\Download Manager

< End of report >
  • 0

#12
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Log looks good to me.. How is your computer now?.. Lets do a final scan to see what's left before I can set you free..

Lets run F-Secure online scan for Viruses, Spyware and RootKits:
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient

  • 0

#13
ilts

ilts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I'll have to try the above mentioned scan tomorrow.

As far as I can tell, there is definate improvement after the last reboot. THANK YOU SO MUCH for your help thus far.

Have a great evening.
  • 0

#14
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. bump to know when you're gonna reply..
  • 0

#15
ilts

ilts

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Okay. Here are the results of the scan and subsequent cleaning:


Scanning Report
Tuesday, August 26, 2008 07:24:40 - 09:25:48
Computer name: CYPRUS
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 3 malware found
TrackingCookie.2o7 (spyware)
System
TrackingCookie.Atdmt (spyware)
System
TrackingCookie.Webtrends (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 72910
System: 4439
Not scanned: 12
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 3
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\HSPERFDATA_SYSTEM\296
C:\WINDOWS\SYSTEM32\SSIEFR.EXE
C:\WINDOWS\SYSTEM32\WRLZMA.DLL
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\CMEINEN\LOCAL SETTINGS\TEMP\ETILQS_YB7THUC6U6PUJZXG7AZV
C:\DOCUMENTS AND SETTINGS\CMEINEN\LOCAL SETTINGS\TEMP\HSPERFDATA_CMEINEN\3904
C:\DOCUMENTS AND SETTINGS\CMEINEN\LOCAL SETTINGS\TEMP\HSPERFDATA_CMEINEN\3984

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-08-26
F-Secure AVP: 7.0.171, 2008-08-26
F-Secure Pegasus: 1.20.0, 2008-04-14
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP