Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Hijack this Logfile Internet Security Deluxe Please help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Hijack this Logfile Internet Security Deluxe Please help

Unread postby jashrema » August 21st, 2008, 11:11 pm

Got infected with the above. Computer running slow. Pop up of above advising that I have 23 infections and to click on this to get rid of it. Malware . Cannot get rid of it. Please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:51:17, on 8/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SystemService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\popuper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Notifications] C:\WINDOWS\system32\popuper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: System Service (SystemService) - InternetSecurityDeluxe - C:\WINDOWS\system32\SystemService.exe

--
End of file - 4862 bytes
jashrema
Active Member
 
Posts: 11
Joined: August 21st, 2008, 11:03 pm
Top
Advertisement
Register to Remove

Re: Hijack this Logfile Internet Security Deluxe Please help

Unread postby Shaba » August 26th, 2008, 4:44 am

Hi jashrema

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Hijack this Logfile Internet Security Deluxe Please help

Unread postby jashrema » August 26th, 2008, 11:32 am

[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 199806976 bytes | Created Date = 8/21/2008 4:51:49 PM | Attr = HS]
adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr = ]
adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr = ]
adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr = ]
adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr = ]
adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr = ]
adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr = ]
adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr = ]
amdagp.sys -> %SystemRoot%\System32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Created Date = 8/19/2008 2:41:28 AM | Attr = ]
ati1btxx.sys -> %SystemRoot%\System32\drivers\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 8/19/2008 2:41:33 AM | Attr = ]
ati1mdxx.sys -> %SystemRoot%\System32\drivers\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 8/19/2008 2:41:33 AM | Attr = ]
ati1pdxx.sys -> %SystemRoot%\System32\drivers\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr = ]
ati1raxx.sys -> %SystemRoot%\System32\drivers\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr = ]
ati1rvxx.sys -> %SystemRoot%\System32\drivers\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr = ]
ati1snxx.sys -> %SystemRoot%\System32\drivers\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr = ]
ati1ttxx.sys -> %SystemRoot%\System32\drivers\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr = ]
ati1tuxx.sys -> %SystemRoot%\System32\drivers\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr = ]
ati1xbxx.sys -> %SystemRoot%\System32\drivers\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr = ]
ati1xsxx.sys -> %SystemRoot%\System32\drivers\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 8/19/2008 2:41:35 AM | Attr = ]
ati2mtaa.sys -> %SystemRoot%\System32\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 8/19/2008 2:41:35 AM | Attr = ]
atinbtxx.sys -> %SystemRoot%\System32\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr = ]
atinmdxx.sys -> %SystemRoot%\System32\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr = ]
atinpdxx.sys -> %SystemRoot%\System32\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr = ]
atinraxx.sys -> %SystemRoot%\System32\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr = ]
atinrvxx.sys -> %SystemRoot%\System32\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr = ]
atinsnxx.sys -> %SystemRoot%\System32\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr = ]
atinttxx.sys -> %SystemRoot%\System32\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr = ]
atintuxx.sys -> %SystemRoot%\System32\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr = ]
atinxbxx.sys -> %SystemRoot%\System32\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr = ]
atinxsxx.sys -> %SystemRoot%\System32\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr = ]
ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod -> [Ver = | Size = 64352 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr = ]
atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 21183 bytes | Created Date = 8/19/2008 2:41:39 AM | Attr = ]
atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11359 bytes | Created Date = 8/19/2008 2:41:39 AM | Attr = ]
atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 8/19/2008 2:41:39 AM | Attr = ]
atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 14143 bytes | Created Date = 8/19/2008 2:41:39 AM | Attr = ]
atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 17279 bytes | Created Date = 8/19/2008 2:41:39 AM | Attr = ]
ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 15423 bytes | Created Date = 8/19/2008 2:41:48 AM | Attr = ]
cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty -> [Ver = | Size = 129045 bytes | Created Date = 8/19/2008 2:41:57 AM | Attr = ]
hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Created Date = 8/19/2008 2:42:35 AM | Attr = ]
hsfbs2s2.sys -> %SystemRoot%\System32\drivers\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 8/19/2008 2:42:39 AM | Attr = ]
hsfcxts2.sys -> %SystemRoot%\System32\drivers\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 8/19/2008 2:42:39 AM | Attr = ]
hsfdpsp2.sys -> %SystemRoot%\System32\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 8/19/2008 2:42:39 AM | Attr = ]
mdmxsdk.sys -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Created Date = 8/19/2008 2:43:35 AM | Attr = ]
mtlmnt5.sys -> %SystemRoot%\System32\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 8/19/2008 2:44:26 AM | Attr = ]
mtlstrm.sys -> %SystemRoot%\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 8/19/2008 2:44:27 AM | Attr = ]
mtxparhm.sys -> %SystemRoot%\System32\drivers\mtxparhm.sys -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 8/19/2008 2:44:31 AM | Attr = ]
netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> [Ver = | Size = 67866 bytes | Created Date = 8/19/2008 2:44:43 AM | Attr = ]
ntmtlfax.sys -> %SystemRoot%\System32\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 8/19/2008 2:44:57 AM | Attr = ]
nv4_mini.sys -> %SystemRoot%\System32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Created Date = 8/19/2008 2:45:07 AM | Attr = ]
pssdk31.drv -> %SystemRoot%\System32\drivers\pssdk31.drv -> microOLAP Technologies LTD [Ver = 3. 1. 1. 1361 | Size = 30272 bytes | Created Date = 8/8/2008 9:53:32 AM | Attr = ]
recagent.sys -> %SystemRoot%\System32\drivers\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 8/19/2008 2:46:31 AM | Attr = ]
s3gnbm.sys -> %SystemRoot%\System32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 8/19/2008 12:04:40 PM | Attr = ]
siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3901 bytes | Created Date = 8/19/2008 12:05:22 PM | Attr = ]
sisagp.sys -> %SystemRoot%\System32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Created Date = 8/19/2008 12:05:22 PM | Attr = ]
slnt7554.sys -> %SystemRoot%\System32\drivers\slnt7554.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 8/19/2008 12:05:23 PM | Attr = ]
slntamr.sys -> %SystemRoot%\System32\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 8/19/2008 12:05:23 PM | Attr = ]
slnthal.sys -> %SystemRoot%\System32\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 8/19/2008 12:05:24 PM | Attr = ]
slwdmsup.sys -> %SystemRoot%\System32\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 8/19/2008 12:05:24 PM | Attr = ]
vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11325 bytes | Created Date = 8/19/2008 12:05:56 PM | Attr = ]
wadv07nt.sys -> %SystemRoot%\System32\drivers\wadv07nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11807 bytes | Created Date = 8/19/2008 12:06:00 PM | Attr = ]
wadv08nt.sys -> %SystemRoot%\System32\drivers\wadv08nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11295 bytes | Created Date = 8/19/2008 12:06:00 PM | Attr = ]
wadv09nt.sys -> %SystemRoot%\System32\drivers\wadv09nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11871 bytes | Created Date = 8/19/2008 12:06:00 PM | Attr = ]
wadv11nt.sys -> %SystemRoot%\System32\drivers\wadv11nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11935 bytes | Created Date = 8/19/2008 12:06:00 PM | Attr = ]
watv06nt.sys -> %SystemRoot%\System32\drivers\watv06nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 22271 bytes | Created Date = 8/19/2008 12:06:01 PM | Attr = ]
watv10nt.sys -> %SystemRoot%\System32\drivers\watv10nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Created Date = 8/19/2008 12:06:02 PM | Attr = ]
ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 8/19/2008 2:41:35 AM | Attr = ]
ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 8/19/2008 2:41:36 AM | Attr = ]
ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr = ]
ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr = ]
ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr = ]
bits -> %SystemRoot%\System32\bits -> [Folder | Created Date = 8/21/2008 5:40:38 PM | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
Controls.dll -> %SystemRoot%\System32\Controls.dll -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 16384 bytes | Created Date = 8/8/2008 9:52:57 AM | Attr = ]
en -> %SystemRoot%\System32\en -> [Folder | Created Date = 8/21/2008 5:40:39 PM | Attr = ]
hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Created Date = 8/19/2008 2:42:39 AM | Attr = ]
InstallUtil.InstallLog -> %SystemRoot%\System32\InstallUtil.InstallLog -> [Ver = | Size = 600 bytes | Created Date = 8/8/2008 9:53:12 AM | Attr = ]
mdmxsdk.dll -> %SystemRoot%\System32\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Created Date = 8/19/2008 2:43:35 AM | Attr = ]
mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Created Date = 8/19/2008 2:44:30 AM | Attr = ]
nv4_disp.dll -> %SystemRoot%\System32\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 4274816 bytes | Created Date = 8/19/2008 2:45:05 AM | Attr = ]
pid.inf -> %SystemRoot%\System32\pid.inf -> [Ver = | Size = 1261 bytes | Created Date = 8/19/2008 2:42:43 AM | Attr = ]
Popuper.exe -> %SystemRoot%\System32\Popuper.exe -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 8704 bytes | Created Date = 8/8/2008 9:52:58 AM | Attr = ]
s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Created Date = 8/19/2008 12:04:39 PM | Attr = ]
ScanEngine.dll -> %SystemRoot%\System32\ScanEngine.dll -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 677888 bytes | Created Date = 8/8/2008 9:53:02 AM | Attr = ]
scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 8/21/2008 5:40:43 PM | Attr = ]
ServiceInterface.dll -> %SystemRoot%\System32\ServiceInterface.dll -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 4608 bytes | Created Date = 8/8/2008 9:53:03 AM | Attr = ]
ServiceObject.dll -> %SystemRoot%\System32\ServiceObject.dll -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 8192 bytes | Created Date = 8/8/2008 9:53:03 AM | Attr = ]
slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Created Date = 8/19/2008 12:05:23 PM | Attr = ]
slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Created Date = 8/19/2008 12:05:23 PM | Attr = ]
slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Created Date = 8/19/2008 12:05:23 PM | Attr = ]
slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 8/19/2008 12:05:24 PM | Attr = ]
slserv.exe -> %SystemRoot%\System32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Created Date = 8/19/2008 12:05:24 PM | Attr = ]
SystemService.application -> %SystemRoot%\System32\SystemService.application -> [Ver = | Size = 1566 bytes | Created Date = 8/8/2008 9:53:03 AM | Attr = ]
SystemService.exe -> %SystemRoot%\System32\SystemService.exe -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 8704 bytes | Created Date = 8/8/2008 9:53:04 AM | Attr = ]
SystemService.exe.manifest -> %SystemRoot%\System32\SystemService.exe.manifest -> [Ver = | Size = 4469 bytes | Created Date = 8/8/2008 9:53:04 AM | Attr = ]
SystemService.InstallLog -> %SystemRoot%\System32\SystemService.InstallLog -> [Ver = | Size = 606 bytes | Created Date = 8/8/2008 9:53:13 AM | Attr = ]
SystemService.InstallState -> %SystemRoot%\System32\SystemService.InstallState -> [Ver = | Size = 5012 bytes | Created Date = 8/8/2008 9:53:21 AM | Attr = ]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 1924 bytes | Created Date = 8/8/2008 4:54:56 PM | Attr = ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 8/21/2008 5:22:28 PM | Attr = H ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
EHome -> %SystemRoot%\EHome -> [Folder | Created Date = 8/21/2008 5:22:12 PM | Attr = ]
l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 8/21/2008 5:40:41 PM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 8/22/2008 4:25:34 PM | Attr = ]
LastGood.Tmp -> %SystemRoot%\LastGood.Tmp -> [Folder | Created Date = 8/21/2008 5:47:14 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 8/21/2008 5:31:34 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 8/21/2008 6:08:18 PM | Attr = ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 8/21/2008 5:35:41 PM | Attr = ]
slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 8/19/2008 12:05:24 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 8/17/2008 3:59:24 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 199806976 bytes | Modified Date = 8/21/2008 6:07:12 PM | Attr = HS]
ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 250048 bytes | Modified Date = 8/21/2008 5:30:35 PM | Attr = RHS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/23/2008 1:37:05 AM | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 8/8/2008 5:02:05 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/23/2008 3:12:44 AM | Attr = ]
pssdk31.drv -> %SystemRoot%\System32\drivers\pssdk31.drv -> microOLAP Technologies LTD [Ver = 3. 1. 1. 1361 | Size = 30272 bytes | Modified Date = 8/8/2008 5:16:18 PM | Attr = ]
bits -> %SystemRoot%\System32\bits -> [Folder | Modified Date = 8/21/2008 5:40:39 PM | Attr = ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 8/21/2008 5:53:10 PM | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/21/2008 6:09:56 PM | Attr = ]
Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 8/21/2008 5:35:22 PM | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/23/2008 3:11:45 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/21/2008 6:06:57 PM | Attr = ]
en -> %SystemRoot%\System32\en -> [Folder | Modified Date = 8/21/2008 5:40:40 PM | Attr = ]
en-us -> %SystemRoot%\System32\en-us -> [Folder | Modified Date = 8/21/2008 5:40:45 PM | Attr = ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 160344 bytes | Modified Date = 8/21/2008 6:07:13 PM | Attr = ]
FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 8/21/2008 4:00:19 PM | Attr = ]
InstallUtil.InstallLog -> %SystemRoot%\System32\InstallUtil.InstallLog -> [Ver = | Size = 600 bytes | Modified Date = 8/8/2008 9:53:23 AM | Attr = ]
npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 8/21/2008 5:35:32 PM | Attr = ]
oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 8/21/2008 5:34:47 PM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 73022 bytes | Modified Date = 8/21/2008 6:13:55 PM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 446108 bytes | Modified Date = 8/21/2008 6:13:55 PM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 528784 bytes | Modified Date = 8/21/2008 6:13:55 PM | Attr = ]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 8/21/2008 5:29:25 PM | Attr = ]
Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 8/21/2008 5:35:32 PM | Attr = ]
scripting -> %SystemRoot%\System32\scripting -> [Folder | Modified Date = 8/21/2008 5:40:43 PM | Attr = ]
Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 8/21/2008 6:07:08 PM | Attr = ]
SystemService.InstallLog -> %SystemRoot%\System32\SystemService.InstallLog -> [Ver = | Size = 606 bytes | Modified Date = 8/8/2008 9:53:22 AM | Attr = ]
SystemService.InstallState -> %SystemRoot%\System32\SystemService.InstallState -> [Ver = | Size = 5012 bytes | Modified Date = 8/8/2008 9:53:22 AM | Attr = ]
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 1924 bytes | Modified Date = 8/21/2008 4:34:07 PM | Attr = ]
usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 8/21/2008 5:40:45 PM | Attr = ]
wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 8/21/2008 6:07:07 PM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 8/24/2008 5:57:30 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/22/2008 4:25:37 PM | Attr = H ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 8/21/2008 5:29:08 PM | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 8/21/2008 6:07:07 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/21/2008 6:07:26 PM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 8/18/2008 8:31:30 PM | Attr = ]
dirsaver.ini -> %SystemRoot%\dirsaver.ini -> [Ver = | Size = 12 bytes | Modified Date = 7/30/2008 11:11:06 PM | Attr = ]
EHome -> %SystemRoot%\EHome -> [Folder | Modified Date = 8/21/2008 5:22:12 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 8/21/2008 6:07:05 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 8/21/2008 5:41:16 PM | Attr = ]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 8/21/2008 5:41:17 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 2675 bytes | Modified Date = 8/21/2008 5:54:35 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/23/2008 3:13:00 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/21/2008 6:10:35 PM | Attr = HS]
l2schemas -> %SystemRoot%\l2schemas -> [Folder | Modified Date = 8/21/2008 5:40:42 PM | Attr = ]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 8/22/2008 4:25:34 PM | Attr = ]
LastGood.Tmp -> %SystemRoot%\LastGood.Tmp -> [Folder | Modified Date = 8/21/2008 5:47:14 PM | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 8/21/2008 5:35:29 PM | Attr = ]
network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 8/21/2008 5:41:17 PM | Attr = ]
PeerNet -> %SystemRoot%\PeerNet -> [Folder | Modified Date = 8/21/2008 5:40:38 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/26/2008 11:27:44 AM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 8/21/2008 5:52:57 PM | Attr = ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 8/21/2008 5:41:23 PM | Attr = ]
srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 8/21/2008 5:35:26 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 8/21/2008 5:34:43 PM | Attr = ]
system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/23/2008 3:11:43 AM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/24/2008 5:57:46 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 8/21/2008 5:41:36 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 8/21/2008 6:10:14 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/21/2008 6:08:18 PM | Attr = H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 5/14/2005 12:19:09 AM | Attr = ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 7482 bytes | Modified Date = 8/22/2008 4:26:25 PM | Attr = ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 7896 bytes | Modified Date = 8/22/2008 4:26:25 PM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 8/8/2005 2:09:57 AM | Attr = ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11140 bytes | Modified Date = 8/7/2008 9:24:17 AM | Attr = ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 5/19/2008 5:46:34 PM | Attr = ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/23/2005 12:38:28 PM | Attr = ]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 162451 bytes | Modified Date = 11/23/2005 2:08:31 PM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\ -> [Folder | Modified Date = 7/10/2008 3:56:26 PM | Attr = ]
setup.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\setup.exe -> [Ver = 9.0.21022.8 built by: RTM | Size = 484864 bytes | Modified Date = 7/7/2008 10:09:22 AM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\DotNetFX\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\DotNetFX -> [Folder | Modified Date = 7/10/2008 3:56:18 PM | Attr = ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\DotNetFX\dotnetchk.exe -> Microsoft Corporation [Ver = 9.0.21022.8 built by: RTM | Size = 87552 bytes | Modified Date = 7/10/2008 3:56:18 PM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\VisualFoxProOLEDB\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\VisualFoxProOLEDB -> [Folder | Modified Date = 7/10/2008 3:56:26 PM | Attr = ]
vfpoledb.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\VisualFoxProOLEDB\vfpoledb.exe -> Microsoft Corporation [Ver = 9.0.0.3504 | Size = 2623960 bytes | Modified Date = 10/26/2007 4:34:26 PM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\ -> [Folder | Modified Date = 7/10/2008 12:41:07 PM | Attr = ]
setup.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\setup.exe -> [Ver = 9.0.21022.8 built by: RTM | Size = 484864 bytes | Modified Date = 7/7/2008 10:09:22 AM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\DotNetFX\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\DotNetFX -> [Folder | Modified Date = 7/10/2008 12:41:02 PM | Attr = ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\DotNetFX\dotnetchk.exe -> Microsoft Corporation [Ver = 9.0.21022.8 built by: RTM | Size = 87552 bytes | Modified Date = 7/10/2008 12:41:02 PM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\VisualFoxProOLEDB\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\VisualFoxProOLEDB -> [Folder | Modified Date = 7/10/2008 12:41:07 PM | Attr = ]
vfpoledb.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\VisualFoxProOLEDB\vfpoledb.exe -> Microsoft Corporation [Ver = 9.0.0.3504 | Size = 2623960 bytes | Modified Date = 10/26/2007 4:34:26 PM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\ -> [Folder | Modified Date = 7/22/2008 10:09:39 AM | Attr = ]
setup[1].exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\setup[1].exe -> [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 465408 bytes | Modified Date = 7/22/2008 10:09:30 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Local Settings\Temp\VSD7F.tmp\setup[1].exe:Zone.Identifier
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\dotnetfx\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\dotnetfx -> [Folder | Modified Date = 7/22/2008 10:09:31 AM | Attr = ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\dotnetfx\dotnetchk.exe -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 61632 bytes | Modified Date = 7/22/2008 10:09:31 AM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\VisualFoxProOLEDB\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\VisualFoxProOLEDB -> [Folder | Modified Date = 7/22/2008 10:09:41 AM | Attr = ]
vfpoledb.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\VisualFoxProOLEDB\vfpoledb.exe -> Microsoft Corporation [Ver = 9.0.0.3504 | Size = 2623960 bytes | Modified Date = 7/22/2008 10:09:51 AM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\ -> [Folder | Modified Date = 4/14/2008 12:39:33 PM | Attr = ]
setup[1].exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\setup[1].exe -> [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 434096 bytes | Modified Date = 4/14/2008 12:36:49 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Local Settings\Temp\VSDB9.tmp\setup[1].exe:Zone.Identifier
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\dotnetfx\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\dotnetfx -> [Folder | Modified Date = 4/14/2008 12:37:03 PM | Attr = ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\dotnetfx\dotnetchk.exe -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 61632 bytes | Modified Date = 4/14/2008 12:36:51 PM | Attr = ]
dotnetfx.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\dotnetfx\dotnetfx.exe -> Microsoft Corporation [Ver = 2.0.50727.42 | Size = 23510720 bytes | Modified Date = 4/14/2008 12:39:13 PM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\VisualFoxProOLEDB\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\VisualFoxProOLEDB -> [Folder | Modified Date = 4/14/2008 12:39:33 PM | Attr = ]
vfpoledb.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\VisualFoxProOLEDB\vfpoledb.exe -> Microsoft Corporation [Ver = 9.0.0.3504 | Size = 2623960 bytes | Modified Date = 4/14/2008 12:39:49 PM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDD3.tmp\DotNetFX\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDD3.tmp\DotNetFX -> [Folder | Modified Date = 7/10/2008 1:09:04 PM | Attr = ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDD3.tmp\DotNetFX\dotnetchk.exe -> Microsoft Corporation [Ver = 9.0.21022.8 built by: RTM | Size = 87552 bytes | Modified Date = 7/10/2008 1:09:04 PM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\ -> [Folder | Modified Date = 7/10/2008 12:38:20 PM | Attr = ]
setup.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\setup.exe -> [Ver = 9.0.21022.8 built by: RTM | Size = 484864 bytes | Modified Date = 7/7/2008 10:09:22 AM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\DotNetFX\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\DotNetFX -> [Folder | Modified Date = 7/10/2008 12:38:12 PM | Attr = ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\DotNetFX\dotnetchk.exe -> Microsoft Corporation [Ver = 9.0.21022.8 built by: RTM | Size = 87552 bytes | Modified Date = 7/10/2008 12:38:12 PM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\VisualFoxProOLEDB\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\VisualFoxProOLEDB -> [Folder | Modified Date = 7/10/2008 12:38:20 PM | Attr = ]
vfpoledb.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\VisualFoxProOLEDB\vfpoledb.exe -> Microsoft Corporation [Ver = 9.0.0.3504 | Size = 2623960 bytes | Modified Date = 10/26/2007 4:34:26 PM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\ -> [Folder | Modified Date = 5/2/2008 11:26:53 PM | Attr = ]
setuphook.dll -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\setuphook.dll -> [Ver = | Size = 24576 bytes | Modified Date = 5/2/2008 11:24:19 PM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile -> [Folder | Modified Date = 5/2/2008 11:26:27 PM | Attr = ]
compreg.dat -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile\compreg.dat -> [Ver = | Size = 147247 bytes | Modified Date = 5/2/2008 11:26:12 PM | Attr = ]
xpti.dat -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile\xpti.dat -> [Ver = | Size = 93108 bytes | Modified Date = 5/2/2008 11:25:56 PM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\default\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\default -> [Folder | Modified Date = 8/8/2005 3:08:30 AM | Attr = ]
install.ini -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\default\install.ini -> [Ver = | Size = 433 bytes | Modified Date = 8/8/2005 3:08:30 AM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\touchstonec\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\touchstonec -> [Folder | Modified Date = 8/8/2005 2:16:28 AM | Attr = ]
install.ini -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\touchstonec\install.ini -> [Ver = | Size = 782 bytes | Modified Date = 8/8/2005 2:16:28 AM | Attr = ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile -> [Folder | Modified Date = 5/2/2008 11:26:27 PM | Attr = ]
compatibility.ini -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile\compatibility.ini -> [Ver = | Size = 138 bytes | Modified Date = 5/2/2008 11:25:56 PM | Attr = ]

< End of report >
[/code]
jashrema
Active Member
 
Posts: 11
Joined: August 21st, 2008, 11:03 pm
Top

Re: Hijack this Logfile Internet Security Deluxe Please help

Unread postby Shaba » August 26th, 2008, 12:49 pm

Report cuts off; beginning is missing.

Please re-send it :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Hijack this Logfile Internet Security Deluxe Please help

Unread postby jashrema » August 26th, 2008, 1:10 pm

So sorry! I hope this is all of it!



Code: Select all
OTScanIt logfile created on: 8/26/2008 11:29:41 AM
OTScanIt by OldTimer - Version 1.0.16.2     Folder = C:\Documents and Settings\Lynda Kuehn\Desktop\OTScanIt\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
190.48 Mb Total Physical Memory | 33.26 Mb Available Physical Memory | 17.46% Memory free
606.36 Mb Paging File | 189.20 Mb Available in Paging File | 31.20% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 25.86 Gb Free Space | 69.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KUEHN
Current User Name: Lynda Kuehn
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
acs.exe -> %SystemRoot%\system32\acs.exe ->  [Ver =  | Size = 36864 bytes | Modified Date = 12/22/2004 7:50:04 PM | Attr =    ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 4/15/2008 9:19:33 PM | Attr =    ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 3/19/2008 10:40:31 PM | Attr =    ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/19/2008 10:40:41 PM | Attr =    ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 7:38:38 PM | Attr =    ]
dvdramsv.exe -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/27/2004 6:33:32 PM | Attr =    ]
swupdtmr.exe -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe ->  [Ver =  | Size = 53248 bytes | Modified Date = 5/13/2004 4:46:02 PM | Attr =    ]
systemservice.exe -> %SystemRoot%\system32\SystemService.exe -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 8704 bytes | Modified Date = 7/2/2008 3:22:36 PM | Attr =    ]
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 10:29:08 PM | Attr =    ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/16/2008 9:19:14 AM | Attr =    ]
popuper.exe -> %SystemRoot%\system32\Popuper.exe -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 8704 bytes | Modified Date = 7/2/2008 3:22:38 PM | Attr =    ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/12/2006 7:31:16 PM | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 4/15/2008 9:19:33 PM | Attr =    ]
(ACS) Atheros Configuration Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\acs.exe ->  [Ver =  | Size = 36864 bytes | Modified Date = 12/22/2004 7:50:04 PM | Attr =    ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 4/29/2005 1:31:40 AM | Attr =    ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 3/19/2008 10:40:31 PM | Attr =    ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/19/2008 10:40:41 PM | Attr =    ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 7:38:38 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 8:12:17 PM | Attr =    ]
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/27/2004 6:33:32 PM | Attr =    ]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> McAfee, Inc [Ver = 6, 0, 0, 4 | Size = 245760 bytes | Modified Date = 7/1/2005 11:22:50 PM | Attr =    ]
(Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe ->  [Ver =  | Size = 53248 bytes | Modified Date = 5/13/2004 4:46:02 PM | Attr =    ]
(SystemService) System Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\SystemService.exe -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 8704 bytes | Modified Date = 7/2/2008 3:22:36 PM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP] -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/16/2008 9:19:14 AM | Attr =    ]
MCAgentExe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [c:\PROGRA~1\mcafee.com\agent\mcagent.exe] -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 10:29:08 PM | Attr =    ]
MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe [C:\PROGRA~1\mcafee.com\agent\McUpdate.exe] -> McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Modified Date = 1/11/2006 4:05:42 PM | Attr =    ]
Notebook Maximizer -> %ProgramFiles%\Notebook Maximizer\maximizer_startup.exe [C:\Program Files\Notebook Maximizer\maximizer_startup.exe] ->  [Ver = 1.00 | Size = 28672 bytes | Modified Date = 5/25/2004 5:35:59 PM | Attr =    ]
Notifications -> %SystemRoot%\system32\Popuper.exe [C:\WINDOWS\system32\popuper.exe] -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 8704 bytes | Modified Date = 7/2/2008 3:22:38 PM | Attr =    ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/12/2006 7:31:16 PM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Lynda Kuehn Startup Folder > -> C:\Documents and Settings\Lynda Kuehn\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 8:12:19 PM | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr =    ]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 8:12:24 PM | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 8:12:41 PM | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 46080 bytes | Modified Date = 4/29/2005 1:32:48 AM | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\_NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 2:40:46 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CDW/DVD_TS-L462A_______________TF38____\3536473431343033333220202020202020202020 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] ->  [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 3:02:04 PM | Attr =    ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =    ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 1/14/2005 4:05:00 AM | Attr =    ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{BA52B914-B692-46c4-B683-905236F6F655} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_02\bin\NPJPI150_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.20.9 | Size = 69746 bytes | Modified Date = 3/4/2005 6:54:17 AM | Attr =    ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =    ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_02\bin\NPJPI150_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.20.9 | Size = 69746 bytes | Modified Date = 3/4/2005 6:54:17 AM | Attr =    ]
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 4:56:24 PM | Attr =    ]
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{52F1AA2F-18EA-4F74-9BC9-DE09F7F5F395} ->    (Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
{B5824BED-4A1B-4966-B8B1-7CD04C2F15E3} ->    (Atheros AR5005G Wireless Network Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://go.divx.com/plugin/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] -> 
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> -> 



[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 199806976 bytes | Created Date = 8/21/2008 4:51:49 PM | Attr =  HS]
adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 4255 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr =    ]
adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3967 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr =    ]
adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3615 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr =    ]
adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3647 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr =    ]
adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3135 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr =    ]
adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3711 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr =    ]
adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3775 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr =    ]
amdagp.sys -> %SystemRoot%\System32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Created Date = 8/19/2008 2:41:28 AM | Attr =    ]
ati1btxx.sys -> %SystemRoot%\System32\drivers\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 8/19/2008 2:41:33 AM | Attr =    ]
ati1mdxx.sys -> %SystemRoot%\System32\drivers\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 8/19/2008 2:41:33 AM | Attr =    ]
ati1pdxx.sys -> %SystemRoot%\System32\drivers\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr =    ]
ati1raxx.sys -> %SystemRoot%\System32\drivers\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr =    ]
ati1rvxx.sys -> %SystemRoot%\System32\drivers\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr =    ]
ati1snxx.sys -> %SystemRoot%\System32\drivers\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr =    ]
ati1ttxx.sys -> %SystemRoot%\System32\drivers\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr =    ]
ati1tuxx.sys -> %SystemRoot%\System32\drivers\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr =    ]
ati1xbxx.sys -> %SystemRoot%\System32\drivers\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr =    ]
ati1xsxx.sys -> %SystemRoot%\System32\drivers\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 8/19/2008 2:41:35 AM | Attr =    ]
ati2mtaa.sys -> %SystemRoot%\System32\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 8/19/2008 2:41:35 AM | Attr =    ]
atinbtxx.sys -> %SystemRoot%\System32\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr =    ]
atinmdxx.sys -> %SystemRoot%\System32\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr =    ]
atinpdxx.sys -> %SystemRoot%\System32\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr =    ]
atinraxx.sys -> %SystemRoot%\System32\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr =    ]
atinrvxx.sys -> %SystemRoot%\System32\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr =    ]
atinsnxx.sys -> %SystemRoot%\System32\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr =    ]
atinttxx.sys -> %SystemRoot%\System32\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr =    ]
atintuxx.sys -> %SystemRoot%\System32\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr =    ]
atinxbxx.sys -> %SystemRoot%\System32\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr =    ]
atinxsxx.sys -> %SystemRoot%\System32\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr =    ]
ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod ->  [Ver =  | Size = 64352 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr =    ]
atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 21183 bytes | Created Date = 8/19/2008 2:41:39 AM | Attr =    ]
atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11359 bytes | Created Date = 8/19/2008 2:41:39 AM | Attr =    ]
atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 25471 bytes | Created Date = 8/19/2008 2:41:39 AM | Attr =    ]
atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 14143 bytes | Created Date = 8/19/2008 2:41:39 AM | Attr =    ]
atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 17279 bytes | Created Date = 8/19/2008 2:41:39 AM | Attr =    ]
ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 15423 bytes | Created Date = 8/19/2008 2:41:48 AM | Attr =    ]
cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty ->  [Ver =  | Size = 129045 bytes | Created Date = 8/19/2008 2:41:57 AM | Attr =    ]
hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Created Date = 8/19/2008 2:42:35 AM | Attr =    ]
hsfbs2s2.sys -> %SystemRoot%\System32\drivers\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 8/19/2008 2:42:39 AM | Attr =    ]
hsfcxts2.sys -> %SystemRoot%\System32\drivers\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 8/19/2008 2:42:39 AM | Attr =    ]
hsfdpsp2.sys -> %SystemRoot%\System32\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 8/19/2008 2:42:39 AM | Attr =    ]
mdmxsdk.sys -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Created Date = 8/19/2008 2:43:35 AM | Attr =    ]
mtlmnt5.sys -> %SystemRoot%\System32\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 8/19/2008 2:44:26 AM | Attr =    ]
mtlstrm.sys -> %SystemRoot%\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 8/19/2008 2:44:27 AM | Attr =    ]
mtxparhm.sys -> %SystemRoot%\System32\drivers\mtxparhm.sys -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 8/19/2008 2:44:31 AM | Attr =    ]
netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img ->  [Ver =  | Size = 67866 bytes | Created Date = 8/19/2008 2:44:43 AM | Attr =    ]
ntmtlfax.sys -> %SystemRoot%\System32\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 8/19/2008 2:44:57 AM | Attr =    ]
nv4_mini.sys -> %SystemRoot%\System32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Created Date = 8/19/2008 2:45:07 AM | Attr =    ]
pssdk31.drv -> %SystemRoot%\System32\drivers\pssdk31.drv -> microOLAP Technologies LTD [Ver = 3. 1. 1. 1361 | Size = 30272 bytes | Created Date = 8/8/2008 9:53:32 AM | Attr =    ]
recagent.sys -> %SystemRoot%\System32\drivers\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 8/19/2008 2:46:31 AM | Attr =    ]
s3gnbm.sys -> %SystemRoot%\System32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 8/19/2008 12:04:40 PM | Attr =    ]
siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3901 bytes | Created Date = 8/19/2008 12:05:22 PM | Attr =    ]
sisagp.sys -> %SystemRoot%\System32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Created Date = 8/19/2008 12:05:22 PM | Attr =    ]
slnt7554.sys -> %SystemRoot%\System32\drivers\slnt7554.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 8/19/2008 12:05:23 PM | Attr =    ]
slntamr.sys -> %SystemRoot%\System32\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 8/19/2008 12:05:23 PM | Attr =    ]
slnthal.sys -> %SystemRoot%\System32\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 8/19/2008 12:05:24 PM | Attr =    ]
slwdmsup.sys -> %SystemRoot%\System32\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 8/19/2008 12:05:24 PM | Attr =    ]
vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11325 bytes | Created Date = 8/19/2008 12:05:56 PM | Attr =    ]
wadv07nt.sys -> %SystemRoot%\System32\drivers\wadv07nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11807 bytes | Created Date = 8/19/2008 12:06:00 PM | Attr =    ]
wadv08nt.sys -> %SystemRoot%\System32\drivers\wadv08nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11295 bytes | Created Date = 8/19/2008 12:06:00 PM | Attr =    ]
wadv09nt.sys -> %SystemRoot%\System32\drivers\wadv09nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11871 bytes | Created Date = 8/19/2008 12:06:00 PM | Attr =    ]
wadv11nt.sys -> %SystemRoot%\System32\drivers\wadv11nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11935 bytes | Created Date = 8/19/2008 12:06:00 PM | Attr =    ]
watv06nt.sys -> %SystemRoot%\System32\drivers\watv06nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 22271 bytes | Created Date = 8/19/2008 12:06:01 PM | Attr =    ]
watv10nt.sys -> %SystemRoot%\System32\drivers\watv10nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 25471 bytes | Created Date = 8/19/2008 12:06:02 PM | Attr =    ]
ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 8/19/2008 2:41:35 AM | Attr =    ]
ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc.  [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 8/19/2008 2:41:36 AM | Attr =    ]
ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr =    ]
ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr =    ]
ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr =    ]
bits -> %SystemRoot%\System32\bits ->  [Folder | Created Date = 8/21/2008 5:40:38 PM | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
Controls.dll -> %SystemRoot%\System32\Controls.dll -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 16384 bytes | Created Date = 8/8/2008 9:52:57 AM | Attr =    ]
en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 8/21/2008 5:40:39 PM | Attr =    ]
hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Created Date = 8/19/2008 2:42:39 AM | Attr =    ]
InstallUtil.InstallLog -> %SystemRoot%\System32\InstallUtil.InstallLog ->  [Ver =  | Size = 600 bytes | Created Date = 8/8/2008 9:53:12 AM | Attr =    ]
mdmxsdk.dll -> %SystemRoot%\System32\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Created Date = 8/19/2008 2:43:35 AM | Attr =    ]
mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Created Date = 8/19/2008 2:44:30 AM | Attr =    ]
nv4_disp.dll -> %SystemRoot%\System32\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 4274816 bytes | Created Date = 8/19/2008 2:45:05 AM | Attr =    ]
pid.inf -> %SystemRoot%\System32\pid.inf ->  [Ver =  | Size = 1261 bytes | Created Date = 8/19/2008 2:42:43 AM | Attr =    ]
Popuper.exe -> %SystemRoot%\System32\Popuper.exe -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 8704 bytes | Created Date = 8/8/2008 9:52:58 AM | Attr =    ]
s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Created Date = 8/19/2008 12:04:39 PM | Attr =    ]
ScanEngine.dll -> %SystemRoot%\System32\ScanEngine.dll -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 677888 bytes | Created Date = 8/8/2008 9:53:02 AM | Attr =    ]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 8/21/2008 5:40:43 PM | Attr =    ]
ServiceInterface.dll -> %SystemRoot%\System32\ServiceInterface.dll -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 4608 bytes | Created Date = 8/8/2008 9:53:03 AM | Attr =    ]
ServiceObject.dll -> %SystemRoot%\System32\ServiceObject.dll -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 8192 bytes | Created Date = 8/8/2008 9:53:03 AM | Attr =    ]
slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Created Date = 8/19/2008 12:05:23 PM | Attr =    ]
slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Created Date = 8/19/2008 12:05:23 PM | Attr =    ]
slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Created Date = 8/19/2008 12:05:23 PM | Attr =    ]
slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 8/19/2008 12:05:24 PM | Attr =    ]
slserv.exe -> %SystemRoot%\System32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Created Date = 8/19/2008 12:05:24 PM | Attr =    ]
SystemService.application -> %SystemRoot%\System32\SystemService.application ->  [Ver =  | Size = 1566 bytes | Created Date = 8/8/2008 9:53:03 AM | Attr =    ]
SystemService.exe -> %SystemRoot%\System32\SystemService.exe -> InternetSecurityDeluxe [Ver = 1.0.0.0 | Size = 8704 bytes | Created Date = 8/8/2008 9:53:04 AM | Attr =    ]
SystemService.exe.manifest -> %SystemRoot%\System32\SystemService.exe.manifest ->  [Ver =  | Size = 4469 bytes | Created Date = 8/8/2008 9:53:04 AM | Attr =    ]
SystemService.InstallLog -> %SystemRoot%\System32\SystemService.InstallLog ->  [Ver =  | Size = 606 bytes | Created Date = 8/8/2008 9:53:13 AM | Attr =    ]
SystemService.InstallState -> %SystemRoot%\System32\SystemService.InstallState ->  [Ver =  | Size = 5012 bytes | Created Date = 8/8/2008 9:53:21 AM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 1924 bytes | Created Date = 8/8/2008 4:54:56 PM | Attr =    ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Created Date = 8/21/2008 5:22:28 PM | Attr =  H ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
EHome -> %SystemRoot%\EHome ->  [Folder | Created Date = 8/21/2008 5:22:12 PM | Attr =    ]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 8/21/2008 5:40:41 PM | Attr =    ]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 8/22/2008 4:25:34 PM | Attr =    ]
LastGood.Tmp -> %SystemRoot%\LastGood.Tmp ->  [Folder | Created Date = 8/21/2008 5:47:14 PM | Attr =    ]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Created Date = 8/21/2008 5:31:34 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 8/21/2008 6:08:18 PM | Attr =    ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Created Date = 8/21/2008 5:35:41 PM | Attr =    ]
slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 8/19/2008 12:05:24 PM | Attr =    ]

[Files/Folders - Modified Within 30 days]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 8/17/2008 3:59:24 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 199806976 bytes | Modified Date = 8/21/2008 6:07:12 PM | Attr =  HS]
ntldr -> %SystemDrive%\ntldr ->  [Ver =  | Size = 250048 bytes | Modified Date = 8/21/2008 5:30:35 PM | Attr = RHS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/23/2008 1:37:05 AM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 8/8/2008 5:02:05 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 8/23/2008 3:12:44 AM | Attr =    ]
pssdk31.drv -> %SystemRoot%\System32\drivers\pssdk31.drv -> microOLAP Technologies LTD [Ver = 3. 1. 1. 1361 | Size = 30272 bytes | Modified Date = 8/8/2008 5:16:18 PM | Attr =    ]
bits -> %SystemRoot%\System32\bits ->  [Folder | Modified Date = 8/21/2008 5:40:39 PM | Attr =    ]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 8/21/2008 5:53:10 PM | Attr =    ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 8/21/2008 6:09:56 PM | Attr =    ]
Com -> %SystemRoot%\System32\Com ->  [Folder | Modified Date = 8/21/2008 5:35:22 PM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 8/23/2008 3:11:45 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 8/21/2008 6:06:57 PM | Attr =    ]
en -> %SystemRoot%\System32\en ->  [Folder | Modified Date = 8/21/2008 5:40:40 PM | Attr =    ]
en-us -> %SystemRoot%\System32\en-us ->  [Folder | Modified Date = 8/21/2008 5:40:45 PM | Attr =    ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 160344 bytes | Modified Date = 8/21/2008 6:07:13 PM | Attr =    ]
FxsTmp -> %SystemRoot%\System32\FxsTmp ->  [Folder | Modified Date = 8/21/2008 4:00:19 PM | Attr =    ]
InstallUtil.InstallLog -> %SystemRoot%\System32\InstallUtil.InstallLog ->  [Ver =  | Size = 600 bytes | Modified Date = 8/8/2008 9:53:23 AM | Attr =    ]
npp -> %SystemRoot%\System32\npp ->  [Folder | Modified Date = 8/21/2008 5:35:32 PM | Attr =    ]
oobe -> %SystemRoot%\System32\oobe ->  [Folder | Modified Date = 8/21/2008 5:34:47 PM | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 73022 bytes | Modified Date = 8/21/2008 6:13:55 PM | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 446108 bytes | Modified Date = 8/21/2008 6:13:55 PM | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 528784 bytes | Modified Date = 8/21/2008 6:13:55 PM | Attr =    ]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups ->  [Folder | Modified Date = 8/21/2008 5:29:25 PM | Attr =    ]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 8/21/2008 5:35:32 PM | Attr =    ]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Modified Date = 8/21/2008 5:40:43 PM | Attr =    ]
Setup -> %SystemRoot%\System32\Setup ->  [Folder | Modified Date = 8/21/2008 6:07:08 PM | Attr =    ]
SystemService.InstallLog -> %SystemRoot%\System32\SystemService.InstallLog ->  [Ver =  | Size = 606 bytes | Modified Date = 8/8/2008 9:53:22 AM | Attr =    ]
SystemService.InstallState -> %SystemRoot%\System32\SystemService.InstallState ->  [Ver =  | Size = 5012 bytes | Modified Date = 8/8/2008 9:53:22 AM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 1924 bytes | Modified Date = 8/21/2008 4:34:07 PM | Attr =    ]
usmt -> %SystemRoot%\System32\usmt ->  [Folder | Modified Date = 8/21/2008 5:40:45 PM | Attr =    ]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 8/21/2008 6:07:07 PM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 8/24/2008 5:57:30 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 8/22/2008 4:25:37 PM | Attr =  H ]
2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Modified Date = 8/21/2008 5:29:08 PM | Attr =  H ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 8/21/2008 6:07:07 PM | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 8/21/2008 6:07:26 PM | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 8/18/2008 8:31:30 PM | Attr =    ]
dirsaver.ini -> %SystemRoot%\dirsaver.ini ->  [Ver =  | Size = 12 bytes | Modified Date = 7/30/2008 11:11:06 PM | Attr =    ]
EHome -> %SystemRoot%\EHome ->  [Folder | Modified Date = 8/21/2008 5:22:12 PM | Attr =    ]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 8/21/2008 6:07:05 PM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 8/21/2008 5:41:16 PM | Attr =    ]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 8/21/2008 5:41:17 PM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 2675 bytes | Modified Date = 8/21/2008 5:54:35 PM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 8/23/2008 3:13:00 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 8/21/2008 6:10:35 PM | Attr =  HS]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Modified Date = 8/21/2008 5:40:42 PM | Attr =    ]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 8/22/2008 4:25:34 PM | Attr =    ]
LastGood.Tmp -> %SystemRoot%\LastGood.Tmp ->  [Folder | Modified Date = 8/21/2008 5:47:14 PM | Attr =    ]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 8/21/2008 5:35:29 PM | Attr =    ]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 8/21/2008 5:41:17 PM | Attr =    ]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Modified Date = 8/21/2008 5:40:38 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/26/2008 11:27:44 AM | Attr =    ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 8/21/2008 5:52:57 PM | Attr =    ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Modified Date = 8/21/2008 5:41:23 PM | Attr =    ]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 8/21/2008 5:35:26 PM | Attr =    ]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 8/21/2008 5:34:43 PM | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 8/23/2008 3:11:43 AM | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 8/24/2008 5:57:46 PM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 8/21/2008 5:41:36 PM | Attr =    ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 8/21/2008 6:10:14 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/21/2008 6:08:18 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 5/14/2005 12:19:09 AM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 7482 bytes | Modified Date = 8/22/2008 4:26:25 PM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 7896 bytes | Modified Date = 8/22/2008 4:26:25 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 8/8/2005 2:09:57 AM | Attr =    ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11140 bytes | Modified Date = 8/7/2008 9:24:17 AM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 5/19/2008 5:46:34 PM | Attr =    ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/23/2005 12:38:28 PM | Attr =    ]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 162451 bytes | Modified Date = 11/23/2005 2:08:31 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\ ->  [Folder | Modified Date = 7/10/2008 3:56:26 PM | Attr =    ]
setup.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\setup.exe ->  [Ver = 9.0.21022.8 built by: RTM | Size = 484864 bytes | Modified Date = 7/7/2008 10:09:22 AM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\DotNetFX\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\DotNetFX ->  [Folder | Modified Date = 7/10/2008 3:56:18 PM | Attr =    ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\DotNetFX\dotnetchk.exe -> Microsoft Corporation [Ver = 9.0.21022.8 built by: RTM | Size = 87552 bytes | Modified Date = 7/10/2008 3:56:18 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\VisualFoxProOLEDB\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\VisualFoxProOLEDB ->  [Folder | Modified Date = 7/10/2008 3:56:26 PM | Attr =    ]
vfpoledb.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\VisualFoxProOLEDB\vfpoledb.exe -> Microsoft Corporation                                        [Ver = 9.0.0.3504                                                    | Size = 2623960 bytes | Modified Date = 10/26/2007 4:34:26 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\ ->  [Folder | Modified Date = 7/10/2008 12:41:07 PM | Attr =    ]
setup.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\setup.exe ->  [Ver = 9.0.21022.8 built by: RTM | Size = 484864 bytes | Modified Date = 7/7/2008 10:09:22 AM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\DotNetFX\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\DotNetFX ->  [Folder | Modified Date = 7/10/2008 12:41:02 PM | Attr =    ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\DotNetFX\dotnetchk.exe -> Microsoft Corporation [Ver = 9.0.21022.8 built by: RTM | Size = 87552 bytes | Modified Date = 7/10/2008 12:41:02 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\VisualFoxProOLEDB\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\VisualFoxProOLEDB ->  [Folder | Modified Date = 7/10/2008 12:41:07 PM | Attr =    ]
vfpoledb.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\VisualFoxProOLEDB\vfpoledb.exe -> Microsoft Corporation                                        [Ver = 9.0.0.3504                                                    | Size = 2623960 bytes | Modified Date = 10/26/2007 4:34:26 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\ ->  [Folder | Modified Date = 7/22/2008 10:09:39 AM | Attr =    ]
setup[1].exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\setup[1].exe ->  [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 465408 bytes | Modified Date = 7/22/2008 10:09:30 AM | Attr =    ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Local Settings\Temp\VSD7F.tmp\setup[1].exe:Zone.Identifier
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\dotnetfx\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\dotnetfx ->  [Folder | Modified Date = 7/22/2008 10:09:31 AM | Attr =    ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\dotnetfx\dotnetchk.exe -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 61632 bytes | Modified Date = 7/22/2008 10:09:31 AM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\VisualFoxProOLEDB\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\VisualFoxProOLEDB ->  [Folder | Modified Date = 7/22/2008 10:09:41 AM | Attr =    ]
vfpoledb.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\VisualFoxProOLEDB\vfpoledb.exe -> Microsoft Corporation                                        [Ver = 9.0.0.3504                                                    | Size = 2623960 bytes | Modified Date = 7/22/2008 10:09:51 AM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\ ->  [Folder | Modified Date = 4/14/2008 12:39:33 PM | Attr =    ]
setup[1].exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\setup[1].exe ->  [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 434096 bytes | Modified Date = 4/14/2008 12:36:49 PM | Attr =    ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Local Settings\Temp\VSDB9.tmp\setup[1].exe:Zone.Identifier
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\dotnetfx\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\dotnetfx ->  [Folder | Modified Date = 4/14/2008 12:37:03 PM | Attr =    ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\dotnetfx\dotnetchk.exe -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 61632 bytes | Modified Date = 4/14/2008 12:36:51 PM | Attr =    ]
dotnetfx.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\dotnetfx\dotnetfx.exe -> Microsoft Corporation [Ver = 2.0.50727.42 | Size = 23510720 bytes | Modified Date = 4/14/2008 12:39:13 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\VisualFoxProOLEDB\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\VisualFoxProOLEDB ->  [Folder | Modified Date = 4/14/2008 12:39:33 PM | Attr =    ]
vfpoledb.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\VisualFoxProOLEDB\vfpoledb.exe -> Microsoft Corporation                                        [Ver = 9.0.0.3504                                                    | Size = 2623960 bytes | Modified Date = 4/14/2008 12:39:49 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDD3.tmp\DotNetFX\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDD3.tmp\DotNetFX ->  [Folder | Modified Date = 7/10/2008 1:09:04 PM | Attr =    ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDD3.tmp\DotNetFX\dotnetchk.exe -> Microsoft Corporation [Ver = 9.0.21022.8 built by: RTM | Size = 87552 bytes | Modified Date = 7/10/2008 1:09:04 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\ ->  [Folder | Modified Date = 7/10/2008 12:38:20 PM | Attr =    ]
setup.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\setup.exe ->  [Ver = 9.0.21022.8 built by: RTM | Size = 484864 bytes | Modified Date = 7/7/2008 10:09:22 AM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\DotNetFX\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\DotNetFX ->  [Folder | Modified Date = 7/10/2008 12:38:12 PM | Attr =    ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\DotNetFX\dotnetchk.exe -> Microsoft Corporation [Ver = 9.0.21022.8 built by: RTM | Size = 87552 bytes | Modified Date = 7/10/2008 12:38:12 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\VisualFoxProOLEDB\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\VisualFoxProOLEDB ->  [Folder | Modified Date = 7/10/2008 12:38:20 PM | Attr =    ]
vfpoledb.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\VisualFoxProOLEDB\vfpoledb.exe -> Microsoft Corporation                                        [Ver = 9.0.0.3504                                                    | Size = 2623960 bytes | Modified Date = 10/26/2007 4:34:26 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\ ->  [Folder | Modified Date = 5/2/2008 11:26:53 PM | Attr =    ]
setuphook.dll -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\setuphook.dll ->  [Ver =  | Size = 24576 bytes | Modified Date = 5/2/2008 11:24:19 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile ->  [Folder | Modified Date = 5/2/2008 11:26:27 PM | Attr =    ]
compreg.dat -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile\compreg.dat ->  [Ver =  | Size = 147247 bytes | Modified Date = 5/2/2008 11:26:12 PM | Attr =    ]
xpti.dat -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile\xpti.dat ->  [Ver =  | Size = 93108 bytes | Modified Date = 5/2/2008 11:25:56 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\default\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\default ->  [Folder | Modified Date = 8/8/2005 3:08:30 AM | Attr =    ]
install.ini -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\default\install.ini ->  [Ver =  | Size = 433 bytes | Modified Date = 8/8/2005 3:08:30 AM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\touchstonec\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\touchstonec ->  [Folder | Modified Date = 8/8/2005 2:16:28 AM | Attr =    ]
install.ini -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\touchstonec\install.ini ->  [Ver =  | Size = 782 bytes | Modified Date = 8/8/2005 2:16:28 AM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile ->  [Folder | Modified Date = 5/2/2008 11:26:27 PM | Attr =    ]
compatibility.ini -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile\compatibility.ini ->  [Ver =  | Size = 138 bytes | Modified Date = 5/2/2008 11:25:56 PM | Attr =    ]

< End of report >
jashrema
Active Member
 
Posts: 11
Joined: August 21st, 2008, 11:03 pm
Top

Re: Hijack this Logfile Internet Security Deluxe Please help

Unread postby Shaba » August 26th, 2008, 1:18 pm

Yes, now it's correct :)

Open OTScanIt.

Paste text below to Paste Fix here (upper right corner)

Code: Select all
[Processes - Non-Microsoft Only]
YY -> popuper.exe -> %SystemRoot%\system32\Popuper.exe
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> Notifications -> %SystemRoot%\system32\Popuper.exe [C:\WINDOWS\system32\popuper.exe]
[Files/Folders - Created Within 30 days]
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> Controls.dll -> %SystemRoot%\System32\Controls.dll
NY -> Popuper.exe -> %SystemRoot%\System32\Popuper.exe
NY -> ScanEngine.dll -> %SystemRoot%\System32\ScanEngine.dll
NY -> ServiceInterface.dll -> %SystemRoot%\System32\ServiceInterface.dll
NY -> ServiceObject.dll -> %SystemRoot%\System32\ServiceObject.dll
NY -> SystemService.application -> %SystemRoot%\System32\SystemService.application
NY -> SystemService.exe -> %SystemRoot%\System32\SystemService.exe
NY -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp


Click Run Fix

If it doesn't run scan automatically, click Run Scan

Post back a fresh OTScanIt log, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Hijack this Logfile Internet Security Deluxe Please help

Unread postby jashrema » August 26th, 2008, 2:10 pm

This is what notepad popped up with after I ran run fix.

[Processes - Non-Microsoft Only]
Process popuper.exe killed successfully.
C:\WINDOWS\system32\Popuper.exe moved successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Notifications deleted successfully.
File C:\WINDOWS\system32\Popuper.exe not found.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\System32\Controls.dll moved successfully.
File C:\WINDOWS\System32\Popuper.exe not found!
C:\WINDOWS\System32\ScanEngine.dll moved successfully.
C:\WINDOWS\System32\ServiceInterface.dll moved successfully.
C:\WINDOWS\System32\ServiceObject.dll moved successfully.
C:\WINDOWS\System32\SystemService.application moved successfully.
C:\WINDOWS\System32\SystemService.exe moved successfully.
C:\WINDOWS\LastGood.Tmp\INF folder deleted successfully.
C:\WINDOWS\LastGood.Tmp folder deleted successfully.
[Files/Folders - Modified Within 30 days]
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08262008_140654


This is log after I ran "run scan"

Code: Select all
OTScanIt logfile created on: 8/26/2008 2:08:50 PM
OTScanIt by OldTimer - Version 1.0.16.2     Folder = C:\Documents and Settings\Lynda Kuehn\Desktop\OTScanIt\OTScanIt
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
190.48 Mb Total Physical Memory | 41.44 Mb Available Physical Memory | 21.75% Memory free
606.36 Mb Paging File | 192.10 Mb Available in Paging File | 31.68% Paging File free
Paging file location(s): C:\pagefile.sys 336 672;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 25.84 Gb Free Space | 69.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KUEHN
Current User Name: Lynda Kuehn
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
acs.exe -> %SystemRoot%\system32\acs.exe ->  [Ver =  | Size = 36864 bytes | Modified Date = 12/22/2004 7:50:04 PM | Attr =    ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 4/15/2008 9:19:33 PM | Attr =    ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 3/19/2008 10:40:31 PM | Attr =    ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/19/2008 10:40:41 PM | Attr =    ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 7:38:38 PM | Attr =    ]
dvdramsv.exe -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/27/2004 6:33:32 PM | Attr =    ]
swupdtmr.exe -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe ->  [Ver =  | Size = 53248 bytes | Modified Date = 5/13/2004 4:46:02 PM | Attr =    ]
systemservice.exe -> %SystemRoot%\system32\SystemService.exe -> File not found
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 10:29:08 PM | Attr =    ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/16/2008 9:19:14 AM | Attr =    ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/12/2006 7:31:16 PM | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 4/15/2008 9:19:33 PM | Attr =    ]
(ACS) Atheros Configuration Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\acs.exe ->  [Ver =  | Size = 36864 bytes | Modified Date = 12/22/2004 7:50:04 PM | Attr =    ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 4/29/2005 1:31:40 AM | Attr =    ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 3/19/2008 10:40:31 PM | Attr =    ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 3/19/2008 10:40:41 PM | Attr =    ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 1/17/2005 7:38:38 PM | Attr =    ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 8:12:17 PM | Attr =    ]
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/27/2004 6:33:32 PM | Attr =    ]
(mcupdmgr.exe) McAfee SecurityCenter Update Manager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee.com\Agent\mcupdmgr.exe -> McAfee, Inc [Ver = 6, 0, 0, 4 | Size = 245760 bytes | Modified Date = 7/1/2005 11:22:50 PM | Attr =    ]
(Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe ->  [Ver =  | Size = 53248 bytes | Modified Date = 5/13/2004 4:46:02 PM | Attr =    ]
(SystemService) System Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\SystemService.exe -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP] -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/16/2008 9:19:14 AM | Attr =    ]
MCAgentExe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [c:\PROGRA~1\mcafee.com\agent\mcagent.exe] -> McAfee, Inc [Ver = 6, 0, 0, 16 | Size = 303104 bytes | Modified Date = 9/22/2005 10:29:08 PM | Attr =    ]
MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe [C:\PROGRA~1\mcafee.com\agent\McUpdate.exe] -> McAfee, Inc [Ver = 6, 0, 0, 21 | Size = 212992 bytes | Modified Date = 1/11/2006 4:05:42 PM | Attr =    ]
Notebook Maximizer -> %ProgramFiles%\Notebook Maximizer\maximizer_startup.exe [C:\Program Files\Notebook Maximizer\maximizer_startup.exe] ->  [Ver = 1.00 | Size = 28672 bytes | Modified Date = 5/25/2004 5:35:59 PM | Attr =    ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 8/12/2006 7:31:16 PM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Lynda Kuehn Startup Folder > -> C:\Documents and Settings\Lynda Kuehn\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 8:12:19 PM | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr =    ]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 8:12:24 PM | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 8:12:41 PM | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 46080 bytes | Modified Date = 4/29/2005 1:32:48 AM | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\_NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 2:40:46 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CDW/DVD_TS-L462A_______________TF38____\3536473431343033333220202020202020202020 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] ->  [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 3:02:04 PM | Attr =    ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =    ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 1/14/2005 4:05:00 AM | Attr =    ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{BA52B914-B692-46c4-B683-905236F6F655} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_02\bin\NPJPI150_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.20.9 | Size = 69746 bytes | Modified Date = 3/4/2005 6:54:17 AM | Attr =    ]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =    ]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_02\bin\NPJPI150_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.20.9 | Size = 69746 bytes | Modified Date = 3/4/2005 6:54:17 AM | Attr =    ]
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 4:56:24 PM | Attr =    ]
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{52F1AA2F-18EA-4F74-9BC9-DE09F7F5F395} ->    (Realtek RTL8139/810x Family Fast Ethernet NIC) -> 
{B5824BED-4A1B-4966-B8B1-7CD04C2F15E3} ->    (Atheros AR5005G Wireless Network Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://go.divx.com/plugin/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] -> 
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab[Java Plug-in 1.5.0_02] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> -> 



[Files/Folders - Created Within 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 199806976 bytes | Created Date = 8/21/2008 4:51:49 PM | Attr =  HS]
adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 4255 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr =    ]
adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3967 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr =    ]
adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3615 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr =    ]
adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3647 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr =    ]
adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3135 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr =    ]
adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3711 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr =    ]
adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3775 bytes | Created Date = 8/19/2008 2:41:21 AM | Attr =    ]
amdagp.sys -> %SystemRoot%\System32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Created Date = 8/19/2008 2:41:28 AM | Attr =    ]
ati1btxx.sys -> %SystemRoot%\System32\drivers\ati1btxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 56623 bytes | Created Date = 8/19/2008 2:41:33 AM | Attr =    ]
ati1mdxx.sys -> %SystemRoot%\System32\drivers\ati1mdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 11615 bytes | Created Date = 8/19/2008 2:41:33 AM | Attr =    ]
ati1pdxx.sys -> %SystemRoot%\System32\drivers\ati1pdxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 12047 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr =    ]
ati1raxx.sys -> %SystemRoot%\System32\drivers\ati1raxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 30671 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr =    ]
ati1rvxx.sys -> %SystemRoot%\System32\drivers\ati1rvxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 63663 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr =    ]
ati1snxx.sys -> %SystemRoot%\System32\drivers\ati1snxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 26367 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr =    ]
ati1ttxx.sys -> %SystemRoot%\System32\drivers\ati1ttxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 21343 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr =    ]
ati1tuxx.sys -> %SystemRoot%\System32\drivers\ati1tuxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 36463 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr =    ]
ati1xbxx.sys -> %SystemRoot%\System32\drivers\ati1xbxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 29455 bytes | Created Date = 8/19/2008 2:41:34 AM | Attr =    ]
ati1xsxx.sys -> %SystemRoot%\System32\drivers\ati1xsxx.sys -> ATI Technologies Inc. [Ver = 6.13.10.6131 | Size = 34735 bytes | Created Date = 8/19/2008 2:41:35 AM | Attr =    ]
ati2mtaa.sys -> %SystemRoot%\System32\drivers\ati2mtaa.sys -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 327040 bytes | Created Date = 8/19/2008 2:41:35 AM | Attr =    ]
atinbtxx.sys -> %SystemRoot%\System32\drivers\atinbtxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 57856 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr =    ]
atinmdxx.sys -> %SystemRoot%\System32\drivers\atinmdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr =    ]
atinpdxx.sys -> %SystemRoot%\System32\drivers\atinpdxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 14336 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr =    ]
atinraxx.sys -> %SystemRoot%\System32\drivers\atinraxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 52224 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr =    ]
atinrvxx.sys -> %SystemRoot%\System32\drivers\atinrvxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 104960 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr =    ]
atinsnxx.sys -> %SystemRoot%\System32\drivers\atinsnxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 28672 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr =    ]
atinttxx.sys -> %SystemRoot%\System32\drivers\atinttxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 13824 bytes | Created Date = 8/19/2008 2:41:37 AM | Attr =    ]
atintuxx.sys -> %SystemRoot%\System32\drivers\atintuxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 73216 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr =    ]
atinxbxx.sys -> %SystemRoot%\System32\drivers\atinxbxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 31744 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr =    ]
atinxsxx.sys -> %SystemRoot%\System32\drivers\atinxsxx.sys -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 63488 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr =    ]
ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod ->  [Ver =  | Size = 64352 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr =    ]
atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 21183 bytes | Created Date = 8/19/2008 2:41:39 AM | Attr =    ]
atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11359 bytes | Created Date = 8/19/2008 2:41:39 AM | Attr =    ]
atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 25471 bytes | Created Date = 8/19/2008 2:41:39 AM | Attr =    ]
atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 14143 bytes | Created Date = 8/19/2008 2:41:39 AM | Attr =    ]
atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 17279 bytes | Created Date = 8/19/2008 2:41:39 AM | Attr =    ]
ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 15423 bytes | Created Date = 8/19/2008 2:41:48 AM | Attr =    ]
cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty ->  [Ver =  | Size = 129045 bytes | Created Date = 8/19/2008 2:41:57 AM | Attr =    ]
hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Created Date = 8/19/2008 2:42:35 AM | Attr =    ]
hsfbs2s2.sys -> %SystemRoot%\System32\drivers\hsfbs2s2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 220032 bytes | Created Date = 8/19/2008 2:42:39 AM | Attr =    ]
hsfcxts2.sys -> %SystemRoot%\System32\drivers\hsfcxts2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 built by: WinDDK | Size = 685056 bytes | Created Date = 8/19/2008 2:42:39 AM | Attr =    ]
hsfdpsp2.sys -> %SystemRoot%\System32\drivers\hsfdpsp2.sys -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 1041536 bytes | Created Date = 8/19/2008 2:42:39 AM | Attr =    ]
mdmxsdk.sys -> %SystemRoot%\System32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Created Date = 8/19/2008 2:43:35 AM | Attr =    ]
mtlmnt5.sys -> %SystemRoot%\System32\drivers\mtlmnt5.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 126686 bytes | Created Date = 8/19/2008 2:44:26 AM | Attr =    ]
mtlstrm.sys -> %SystemRoot%\System32\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Created Date = 8/19/2008 2:44:27 AM | Attr =    ]
mtxparhm.sys -> %SystemRoot%\System32\drivers\mtxparhm.sys -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 452736 bytes | Created Date = 8/19/2008 2:44:31 AM | Attr =    ]
netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img ->  [Ver =  | Size = 67866 bytes | Created Date = 8/19/2008 2:44:43 AM | Attr =    ]
ntmtlfax.sys -> %SystemRoot%\System32\drivers\ntmtlfax.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 180360 bytes | Created Date = 8/19/2008 2:44:57 AM | Attr =    ]
nv4_mini.sys -> %SystemRoot%\System32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Created Date = 8/19/2008 2:45:07 AM | Attr =    ]
pssdk31.drv -> %SystemRoot%\System32\drivers\pssdk31.drv -> microOLAP Technologies LTD [Ver = 3. 1. 1. 1361 | Size = 30272 bytes | Created Date = 8/8/2008 9:53:32 AM | Attr =    ]
recagent.sys -> %SystemRoot%\System32\drivers\recagent.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13776 bytes | Created Date = 8/19/2008 2:46:31 AM | Attr =    ]
s3gnbm.sys -> %SystemRoot%\System32\drivers\s3gnbm.sys -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 166912 bytes | Created Date = 8/19/2008 12:04:40 PM | Attr =    ]
siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 3901 bytes | Created Date = 8/19/2008 12:05:22 PM | Attr =    ]
sisagp.sys -> %SystemRoot%\System32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Created Date = 8/19/2008 12:05:22 PM | Attr =    ]
slnt7554.sys -> %SystemRoot%\System32\drivers\slnt7554.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 129535 bytes | Created Date = 8/19/2008 12:05:23 PM | Attr =    ]
slntamr.sys -> %SystemRoot%\System32\drivers\slntamr.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 404990 bytes | Created Date = 8/19/2008 12:05:23 PM | Attr =    ]
slnthal.sys -> %SystemRoot%\System32\drivers\slnthal.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 95424 bytes | Created Date = 8/19/2008 12:05:24 PM | Attr =    ]
slwdmsup.sys -> %SystemRoot%\System32\drivers\slwdmsup.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 13240 bytes | Created Date = 8/19/2008 12:05:24 PM | Attr =    ]
vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11325 bytes | Created Date = 8/19/2008 12:05:56 PM | Attr =    ]
wadv07nt.sys -> %SystemRoot%\System32\drivers\wadv07nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11807 bytes | Created Date = 8/19/2008 12:06:00 PM | Attr =    ]
wadv08nt.sys -> %SystemRoot%\System32\drivers\wadv08nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11295 bytes | Created Date = 8/19/2008 12:06:00 PM | Attr =    ]
wadv09nt.sys -> %SystemRoot%\System32\drivers\wadv09nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11871 bytes | Created Date = 8/19/2008 12:06:00 PM | Attr =    ]
wadv11nt.sys -> %SystemRoot%\System32\drivers\wadv11nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 11935 bytes | Created Date = 8/19/2008 12:06:00 PM | Attr =    ]
watv06nt.sys -> %SystemRoot%\System32\drivers\watv06nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 22271 bytes | Created Date = 8/19/2008 12:06:01 PM | Attr =    ]
watv10nt.sys -> %SystemRoot%\System32\drivers\watv10nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198  | Size = 25471 bytes | Created Date = 8/19/2008 12:06:02 PM | Attr =    ]
ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Created Date = 8/19/2008 2:41:35 AM | Attr =    ]
ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc.  [Ver = 6.14.10.4071 | Size = 870784 bytes | Created Date = 8/19/2008 2:41:36 AM | Attr =    ]
ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr =    ]
ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr =    ]
ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Created Date = 8/19/2008 2:41:38 AM | Attr =    ]
bits -> %SystemRoot%\System32\bits ->  [Folder | Created Date = 8/21/2008 5:40:38 PM | Attr =    ]
en -> %SystemRoot%\System32\en ->  [Folder | Created Date = 8/21/2008 5:40:39 PM | Attr =    ]
hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Created Date = 8/19/2008 2:42:39 AM | Attr =    ]
InstallUtil.InstallLog -> %SystemRoot%\System32\InstallUtil.InstallLog ->  [Ver =  | Size = 600 bytes | Created Date = 8/8/2008 9:53:12 AM | Attr =    ]
mdmxsdk.dll -> %SystemRoot%\System32\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Created Date = 8/19/2008 2:43:35 AM | Attr =    ]
mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Created Date = 8/19/2008 2:44:30 AM | Attr =    ]
nv4_disp.dll -> %SystemRoot%\System32\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 4274816 bytes | Created Date = 8/19/2008 2:45:05 AM | Attr =    ]
pid.inf -> %SystemRoot%\System32\pid.inf ->  [Ver =  | Size = 1261 bytes | Created Date = 8/19/2008 2:42:43 AM | Attr =    ]
s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Created Date = 8/19/2008 12:04:39 PM | Attr =    ]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Created Date = 8/21/2008 5:40:43 PM | Attr =    ]
slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Created Date = 8/19/2008 12:05:23 PM | Attr =    ]
slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Created Date = 8/19/2008 12:05:23 PM | Attr =    ]
slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Created Date = 8/19/2008 12:05:23 PM | Attr =    ]
slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 8/19/2008 12:05:24 PM | Attr =    ]
slserv.exe -> %SystemRoot%\System32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Created Date = 8/19/2008 12:05:24 PM | Attr =    ]
SystemService.exe.manifest -> %SystemRoot%\System32\SystemService.exe.manifest ->  [Ver =  | Size = 4469 bytes | Created Date = 8/8/2008 9:53:04 AM | Attr =    ]
SystemService.InstallLog -> %SystemRoot%\System32\SystemService.InstallLog ->  [Ver =  | Size = 606 bytes | Created Date = 8/8/2008 9:53:13 AM | Attr =    ]
SystemService.InstallState -> %SystemRoot%\System32\SystemService.InstallState ->  [Ver =  | Size = 5012 bytes | Created Date = 8/8/2008 9:53:21 AM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 1924 bytes | Created Date = 8/8/2008 4:54:56 PM | Attr =    ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Created Date = 8/21/2008 5:22:28 PM | Attr =  H ]
EHome -> %SystemRoot%\EHome ->  [Folder | Created Date = 8/21/2008 5:22:12 PM | Attr =    ]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Created Date = 8/21/2008 5:40:41 PM | Attr =    ]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Created Date = 8/22/2008 4:25:34 PM | Attr =    ]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Created Date = 8/21/2008 5:31:34 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 8/21/2008 6:08:18 PM | Attr =    ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Created Date = 8/21/2008 5:35:41 PM | Attr =    ]
slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Created Date = 8/19/2008 12:05:24 PM | Attr =    ]

[Files/Folders - Modified Within 30 days]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 8/17/2008 3:59:24 PM | Attr =    ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 199806976 bytes | Modified Date = 8/21/2008 6:07:12 PM | Attr =  HS]
ntldr -> %SystemDrive%\ntldr ->  [Ver =  | Size = 250048 bytes | Modified Date = 8/21/2008 5:30:35 PM | Attr = RHS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/23/2008 1:37:05 AM | Attr = R  ]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 8/8/2008 5:02:05 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 8/26/2008 2:07:00 PM | Attr =    ]
pssdk31.drv -> %SystemRoot%\System32\drivers\pssdk31.drv -> microOLAP Technologies LTD [Ver = 3. 1. 1. 1361 | Size = 30272 bytes | Modified Date = 8/8/2008 5:16:18 PM | Attr =    ]
bits -> %SystemRoot%\System32\bits ->  [Folder | Modified Date = 8/21/2008 5:40:39 PM | Attr =    ]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 8/21/2008 5:53:10 PM | Attr =    ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 8/21/2008 6:09:56 PM | Attr =    ]
Com -> %SystemRoot%\System32\Com ->  [Folder | Modified Date = 8/21/2008 5:35:22 PM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 8/23/2008 3:11:45 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 8/21/2008 6:06:57 PM | Attr =    ]
en -> %SystemRoot%\System32\en ->  [Folder | Modified Date = 8/21/2008 5:40:40 PM | Attr =    ]
en-us -> %SystemRoot%\System32\en-us ->  [Folder | Modified Date = 8/21/2008 5:40:45 PM | Attr =    ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 160344 bytes | Modified Date = 8/21/2008 6:07:13 PM | Attr =    ]
FxsTmp -> %SystemRoot%\System32\FxsTmp ->  [Folder | Modified Date = 8/21/2008 4:00:19 PM | Attr =    ]
InstallUtil.InstallLog -> %SystemRoot%\System32\InstallUtil.InstallLog ->  [Ver =  | Size = 600 bytes | Modified Date = 8/8/2008 9:53:23 AM | Attr =    ]
npp -> %SystemRoot%\System32\npp ->  [Folder | Modified Date = 8/21/2008 5:35:32 PM | Attr =    ]
oobe -> %SystemRoot%\System32\oobe ->  [Folder | Modified Date = 8/21/2008 5:34:47 PM | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 73022 bytes | Modified Date = 8/21/2008 6:13:55 PM | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 446108 bytes | Modified Date = 8/21/2008 6:13:55 PM | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 528784 bytes | Modified Date = 8/21/2008 6:13:55 PM | Attr =    ]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups ->  [Folder | Modified Date = 8/21/2008 5:29:25 PM | Attr =    ]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 8/21/2008 5:35:32 PM | Attr =    ]
scripting -> %SystemRoot%\System32\scripting ->  [Folder | Modified Date = 8/21/2008 5:40:43 PM | Attr =    ]
Setup -> %SystemRoot%\System32\Setup ->  [Folder | Modified Date = 8/21/2008 6:07:08 PM | Attr =    ]
SystemService.InstallLog -> %SystemRoot%\System32\SystemService.InstallLog ->  [Ver =  | Size = 606 bytes | Modified Date = 8/8/2008 9:53:22 AM | Attr =    ]
SystemService.InstallState -> %SystemRoot%\System32\SystemService.InstallState ->  [Ver =  | Size = 5012 bytes | Modified Date = 8/8/2008 9:53:22 AM | Attr =    ]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 1924 bytes | Modified Date = 8/21/2008 4:34:07 PM | Attr =    ]
usmt -> %SystemRoot%\System32\usmt ->  [Folder | Modified Date = 8/21/2008 5:40:45 PM | Attr =    ]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 8/21/2008 6:07:07 PM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 1158 bytes | Modified Date = 8/24/2008 5:57:30 PM | Attr =    ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 8/22/2008 4:25:37 PM | Attr =  H ]
$NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ ->  [Folder | Modified Date = 8/21/2008 5:29:08 PM | Attr =  H ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 8/21/2008 6:07:07 PM | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 8/21/2008 6:07:26 PM | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 8/18/2008 8:31:30 PM | Attr =    ]
dirsaver.ini -> %SystemRoot%\dirsaver.ini ->  [Ver =  | Size = 12 bytes | Modified Date = 7/30/2008 11:11:06 PM | Attr =    ]
EHome -> %SystemRoot%\EHome ->  [Folder | Modified Date = 8/21/2008 5:22:12 PM | Attr =    ]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 8/21/2008 6:07:05 PM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 8/21/2008 5:41:16 PM | Attr =    ]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 8/21/2008 5:41:17 PM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 2675 bytes | Modified Date = 8/21/2008 5:54:35 PM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 8/23/2008 3:13:00 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 8/21/2008 6:10:35 PM | Attr =  HS]
l2schemas -> %SystemRoot%\l2schemas ->  [Folder | Modified Date = 8/21/2008 5:40:42 PM | Attr =    ]
LastGood -> %SystemRoot%\LastGood ->  [Folder | Modified Date = 8/22/2008 4:25:34 PM | Attr =    ]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 8/21/2008 5:35:29 PM | Attr =    ]
network diagnostic -> %SystemRoot%\network diagnostic ->  [Folder | Modified Date = 8/21/2008 5:41:17 PM | Attr =    ]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Modified Date = 8/21/2008 5:40:38 PM | Attr =    ]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/26/2008 11:34:43 AM | Attr =    ]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 8/21/2008 5:52:57 PM | Attr =    ]
ServicePackFiles -> %SystemRoot%\ServicePackFiles ->  [Folder | Modified Date = 8/21/2008 5:41:23 PM | Attr =    ]
srchasst -> %SystemRoot%\srchasst ->  [Folder | Modified Date = 8/21/2008 5:35:26 PM | Attr =    ]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 8/21/2008 5:34:43 PM | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 8/26/2008 2:06:56 PM | Attr =    ]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 8/24/2008 5:57:46 PM | Attr =    ]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 8/21/2008 5:41:36 PM | Attr =    ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 8/21/2008 6:10:14 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/21/2008 6:08:18 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 5/14/2005 12:19:09 AM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 7482 bytes | Modified Date = 8/22/2008 4:26:25 PM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 7896 bytes | Modified Date = 8/22/2008 4:26:25 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 8/8/2005 2:09:57 AM | Attr =    ]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11140 bytes | Modified Date = 8/7/2008 9:24:17 AM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works ->  [Folder | Modified Date = 5/19/2008 5:46:34 PM | Attr =    ]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 11/23/2005 12:38:28 PM | Attr =    ]
wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat ->  [Ver =  | Size = 162451 bytes | Modified Date = 11/23/2005 2:08:31 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\ ->  [Folder | Modified Date = 7/10/2008 3:56:26 PM | Attr =    ]
setup.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\setup.exe ->  [Ver = 9.0.21022.8 built by: RTM | Size = 484864 bytes | Modified Date = 7/7/2008 10:09:22 AM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\DotNetFX\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\DotNetFX ->  [Folder | Modified Date = 7/10/2008 3:56:18 PM | Attr =    ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\DotNetFX\dotnetchk.exe -> Microsoft Corporation [Ver = 9.0.21022.8 built by: RTM | Size = 87552 bytes | Modified Date = 7/10/2008 3:56:18 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\VisualFoxProOLEDB\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\VisualFoxProOLEDB ->  [Folder | Modified Date = 7/10/2008 3:56:26 PM | Attr =    ]
vfpoledb.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD13B.tmp\VisualFoxProOLEDB\vfpoledb.exe -> Microsoft Corporation                                        [Ver = 9.0.0.3504                                                    | Size = 2623960 bytes | Modified Date = 10/26/2007 4:34:26 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\ ->  [Folder | Modified Date = 7/10/2008 12:41:07 PM | Attr =    ]
setup.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\setup.exe ->  [Ver = 9.0.21022.8 built by: RTM | Size = 484864 bytes | Modified Date = 7/7/2008 10:09:22 AM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\DotNetFX\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\DotNetFX ->  [Folder | Modified Date = 7/10/2008 12:41:02 PM | Attr =    ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\DotNetFX\dotnetchk.exe -> Microsoft Corporation [Ver = 9.0.21022.8 built by: RTM | Size = 87552 bytes | Modified Date = 7/10/2008 12:41:02 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\VisualFoxProOLEDB\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\VisualFoxProOLEDB ->  [Folder | Modified Date = 7/10/2008 12:41:07 PM | Attr =    ]
vfpoledb.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD17.tmp\VisualFoxProOLEDB\vfpoledb.exe -> Microsoft Corporation                                        [Ver = 9.0.0.3504                                                    | Size = 2623960 bytes | Modified Date = 10/26/2007 4:34:26 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\ ->  [Folder | Modified Date = 7/22/2008 10:09:39 AM | Attr =    ]
setup[1].exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\setup[1].exe ->  [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 465408 bytes | Modified Date = 7/22/2008 10:09:30 AM | Attr =    ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Local Settings\Temp\VSD7F.tmp\setup[1].exe:Zone.Identifier
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\dotnetfx\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\dotnetfx ->  [Folder | Modified Date = 7/22/2008 10:09:31 AM | Attr =    ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\dotnetfx\dotnetchk.exe -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 61632 bytes | Modified Date = 7/22/2008 10:09:31 AM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\VisualFoxProOLEDB\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\VisualFoxProOLEDB ->  [Folder | Modified Date = 7/22/2008 10:09:41 AM | Attr =    ]
vfpoledb.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSD7F.tmp\VisualFoxProOLEDB\vfpoledb.exe -> Microsoft Corporation                                        [Ver = 9.0.0.3504                                                    | Size = 2623960 bytes | Modified Date = 7/22/2008 10:09:51 AM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\ ->  [Folder | Modified Date = 4/14/2008 12:39:33 PM | Attr =    ]
setup[1].exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\setup[1].exe ->  [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 434096 bytes | Modified Date = 4/14/2008 12:36:49 PM | Attr =    ]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Local Settings\Temp\VSDB9.tmp\setup[1].exe:Zone.Identifier
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\dotnetfx\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\dotnetfx ->  [Folder | Modified Date = 4/14/2008 12:37:03 PM | Attr =    ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\dotnetfx\dotnetchk.exe -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 61632 bytes | Modified Date = 4/14/2008 12:36:51 PM | Attr =    ]
dotnetfx.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\dotnetfx\dotnetfx.exe -> Microsoft Corporation [Ver = 2.0.50727.42 | Size = 23510720 bytes | Modified Date = 4/14/2008 12:39:13 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\VisualFoxProOLEDB\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\VisualFoxProOLEDB ->  [Folder | Modified Date = 4/14/2008 12:39:33 PM | Attr =    ]
vfpoledb.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDB9.tmp\VisualFoxProOLEDB\vfpoledb.exe -> Microsoft Corporation                                        [Ver = 9.0.0.3504                                                    | Size = 2623960 bytes | Modified Date = 4/14/2008 12:39:49 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDD3.tmp\DotNetFX\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDD3.tmp\DotNetFX ->  [Folder | Modified Date = 7/10/2008 1:09:04 PM | Attr =    ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDD3.tmp\DotNetFX\dotnetchk.exe -> Microsoft Corporation [Ver = 9.0.21022.8 built by: RTM | Size = 87552 bytes | Modified Date = 7/10/2008 1:09:04 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\ ->  [Folder | Modified Date = 7/10/2008 12:38:20 PM | Attr =    ]
setup.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\setup.exe ->  [Ver = 9.0.21022.8 built by: RTM | Size = 484864 bytes | Modified Date = 7/7/2008 10:09:22 AM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\DotNetFX\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\DotNetFX ->  [Folder | Modified Date = 7/10/2008 12:38:12 PM | Attr =    ]
dotnetchk.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\DotNetFX\dotnetchk.exe -> Microsoft Corporation [Ver = 9.0.21022.8 built by: RTM | Size = 87552 bytes | Modified Date = 7/10/2008 12:38:12 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\VisualFoxProOLEDB\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\VisualFoxProOLEDB ->  [Folder | Modified Date = 7/10/2008 12:38:20 PM | Attr =    ]
vfpoledb.exe -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\VSDE.tmp\VisualFoxProOLEDB\vfpoledb.exe -> Microsoft Corporation                                        [Ver = 9.0.0.3504                                                    | Size = 2623960 bytes | Modified Date = 10/26/2007 4:34:26 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\ ->  [Folder | Modified Date = 5/2/2008 11:26:53 PM | Attr =    ]
setuphook.dll -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\setuphook.dll ->  [Ver =  | Size = 24576 bytes | Modified Date = 5/2/2008 11:24:19 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile ->  [Folder | Modified Date = 5/2/2008 11:26:27 PM | Attr =    ]
compreg.dat -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile\compreg.dat ->  [Ver =  | Size = 147247 bytes | Modified Date = 5/2/2008 11:26:12 PM | Attr =    ]
xpti.dat -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile\xpti.dat ->  [Ver =  | Size = 93108 bytes | Modified Date = 5/2/2008 11:25:56 PM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\default\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\default ->  [Folder | Modified Date = 8/8/2005 3:08:30 AM | Attr =    ]
install.ini -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\default\install.ini ->  [Ver =  | Size = 433 bytes | Modified Date = 8/8/2005 3:08:30 AM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\touchstonec\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\touchstonec ->  [Folder | Modified Date = 8/8/2005 2:16:28 AM | Attr =    ]
install.ini -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\CabGeneric\DirOne\touchstonec\install.ini ->  [Ver =  | Size = 782 bytes | Modified Date = 8/8/2005 2:16:28 AM | Attr =    ]
C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile\ -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile ->  [Folder | Modified Date = 5/2/2008 11:26:27 PM | Attr =    ]
compatibility.ini -> C:\Documents and Settings\Lynda Kuehn\Local Settings\Temp\GGS24B.tmp\Fake Profile\compatibility.ini ->  [Ver =  | Size = 138 bytes | Modified Date = 5/2/2008 11:25:56 PM | Attr =    ]

< End of report >
jashrema
Active Member
 
Posts: 11
Joined: August 21st, 2008, 11:03 pm
Top

Re: Hijack this Logfile Internet Security Deluxe Please help

Unread postby Shaba » August 26th, 2008, 2:27 pm

Looks better :)

Please make sure that all programs are closed when installing Java.

  1. Click here to visit Java's website.
  2. Scroll down to Java Runtime Environment (JRE) 6 Update 7. Click on Download.
  3. Select Windows from the drop-down list for Platform.
  4. Select Multi-language from the drop-down list for Language.
  5. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  6. Click on jre-6u7-windows-i586-p.exe link to download it and save this to a convenient location.
  7. Double click on jre-6u7-windows-i586-p.exe to install Java.
  8. After the Java installation has finished, please go to Kaspersky website and perform an online antivirus scan.
  9. Read through the requirements and privacy statement and click on Accept button.
  10. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  11. When the downloads have finished, click on Settings.
  12. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  13. Click on My Computer under Scan.
  14. Once the scan is complete, it will display the results. Click on View Scan Report.
  15. You will see a list of infected items there. Click on Save Report As....
  16. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  17. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Hijack this Logfile Internet Security Deluxe Please help

Unread postby jashrema » August 26th, 2008, 6:17 pm

Ok..here we go! That one scan took over 2 1/2 hours!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15:32, on 8/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\SystemService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: System Service (SystemService) - Unknown owner - C:\WINDOWS\system32\SystemService.exe (file missing)

--
End of file - 5538 bytes




KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 26, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, August 26, 2008 19:01:24
Records in database: 1148706


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases no

Scan area My Computer
C:\
D:\

Scan statistics
Files scanned 66903
Threat name 1
Infected objects 4
Suspicious objects 0
Duration of the scan 02:39:31

File name Threat name Threats count
C:\Documents and Settings\Lynda Kuehn\Desktop\Lynda\Desktop\Jeff Kuehn\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Lynda Kuehn\Desktop\Lynda\Desktop\Jeff Kuehn\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Lynda Kuehn\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Lynda Kuehn\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
jashrema
Active Member
 
Posts: 11
Joined: August 21st, 2008, 11:03 pm
Top

Re: Hijack this Logfile Internet Security Deluxe Please help

Unread postby Shaba » August 27th, 2008, 1:29 am

Kaspersky log looks good but some things to fix in HijackThis log.

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Open HijackThis, click do a system scan only and checkmark these:

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O23 - Service: System Service (SystemService) - Unknown owner - C:\WINDOWS\system32\SystemService.exe (file missing)

Close all windows including browser and press fix checked.

Reboot.

Post back a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Hijack this Logfile Internet Security Deluxe Please help

Unread postby jashrema » August 27th, 2008, 12:22 pm

Here you go!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:15, on 8/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: System Service (SystemService) - Unknown owner - C:\WINDOWS\system32\SystemService.exe (file missing)

--
End of file - 5294 bytes
jashrema
Active Member
 
Posts: 11
Joined: August 21st, 2008, 11:03 pm
Top

Re: Hijack this Logfile Internet Security Deluxe Please help

Unread postby Shaba » August 27th, 2008, 12:38 pm

Go to start - run

Type sc stop SystemService and click OK
Then sc delete SystemService and click OK

Reboot and post back a fresh HijackThis log, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Hijack this Logfile Internet Security Deluxe Please help

Unread postby jashrema » August 27th, 2008, 1:58 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:45, on 8/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 5137 bytes
jashrema
Active Member
 
Posts: 11
Joined: August 21st, 2008, 11:03 pm
Top

Re: Hijack this Logfile Internet Security Deluxe Please help

Unread postby Shaba » August 27th, 2008, 2:00 pm

Are both McAfee and AVG7 up-to-date and having antivirus?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Hijack this Logfile Internet Security Deluxe Please help

Unread postby jashrema » August 27th, 2008, 3:12 pm

McAfee hasn't been renewed for many years...I just never removed it.
AVG is up to date as of 3 days ago.

I have AVG, SpyBot, Adaware that I run all the time
jashrema
Active Member
 
Posts: 11
Joined: August 21st, 2008, 11:03 pm
Top
Advertisement
Register to Remove
Next
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 202 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index