Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor-bac!rootkit Help! Hjt Logs Inside!


  • Please log in to reply
2 replies to this topic

#1 xrawxtalentx

xrawxtalentx

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 28 April 2007 - 11:01 PM

Im having this Issue, I run Mcafee and it finds a trojan and deletes it, i restart the pc and it comes back. I tried disableing system restore just in case and it keeps coming back. Any help would be great, id really like to get rid of this! Im running Mcafee VS 11 and Windows XP SP2

It Says the File is:
Memory\LoadLibraryExW

I've tried a number of things already, Ive run Mcafee in Safe mode, Ive downloaded AVG and Avast which both scanned clean. I have Followed all the steps in the five steps before posting a log Adaware picked up only cookies.

Here is the Logs from that DSS.exe File! (HJT)

Deckard's System Scanner v20070423.42
Run by Owner on 2007-04-25 at 15:07:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-04-25 22:07:52 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:08:58 PM, on 4/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Zune\ZuneNss.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\program files\mcafee\mpf\mc\mpfalert.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1175722286765
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Verified; Elaborate Bytes AG; CDRTools; 6, 0, 0, 0; 6, 0, 0, 2>
R1 IKFileFlt (File Filter Driver) - c:\windows\system32\drivers\ikfileflt.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1016; 5.0.2.1016>
R1 IKFileSec (File Security Driver) - c:\windows\system32\drivers\ikfilesec.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1025; 5.0.2.1025>
R1 IkSysFlt (System Filter Driver) - c:\windows\system32\drivers\iksysflt.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1018; 5.0.2.1018>
R1 IKSysSec (System Security Driver) - c:\windows\system32\drivers\iksyssec.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1017; 5.0.2.1017>
R1 MPFP - c:\windows\system32\drivers\mpfp.sys <Verified; McAfee, Inc.; McAfee Personal Firewall Plus; 8.3.111.0; 8.3.111.0>
R2 PfModNT - c:\windows\system32\drivers\pfmodnt.sys <Not Verified; Creative Technology Ltd.; PfModNT; 3.0.0.3; 3.0.0.3>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Verified; SlySoft, Inc.; AnyDVD; 6.1.3.3; 6.1.3.3>
R3 mohfilt - c:\windows\system32\drivers\mohfilt.sys <Verified; Intel Corporation; Intel® 537EP V9x DFV PCI Modem; 2.15.57.0; 7.11.0.0>
R3 P16X (Creative SB Live! Series (WDM)) - c:\windows\system32\drivers\p16x.sys <Verified; Creative Technology Ltd.; Creative SB Live! P16X Series(WDM); 5.12.01.203; 5.12.01.203>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine; 1.37; 1.37>

S3 KLSIENET (Driver for USB Ethernet Adapter) - c:\windows\system32\drivers\usb101et.sys <Verified; KLSI USA, Inc.; Generic USB-Ethernet Adapter; 3.43.0005.0000; 3.43.0005.0000>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 sdAuxService (Spyware Doctor Auxiliary Service) - c:\program files\spyware doctor\svcntaux.exe <Verified; PC Tools; ; 5.0; 5.0.0.19>
R2 sdCoreService (Spyware Doctor Service) - c:\program files\spyware doctor\swdsvc.exe <Verified; PC Tools; ; 5.0; 5.0.0.56>


-- Scheduled Tasks -------------------------------------------------------------

2007-04-04 17:38:08 350 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-04-04 17:38:06 352 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-03-25 and 2007-04-25 -----------------------------

2007-04-25 15:01:42 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library; 6.00.8804; 6.00.8804>
2007-04-25 15:01:41 0 d-------- C:\Program Files\SpywareBlaster
2007-04-25 14:11:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-04-25 14:08:34 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2007-04-25 14:08:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-04-25 14:07:02 0 d-------- C:\Program Files\Lavasoft
2007-04-25 14:02:48 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-04-24 23:19:08 0 d-------- C:\WINDOWS\pss
2007-04-24 21:53:09 1060864 --a------ C:\WINDOWS\system32\MFC71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.10.3077.0; 7.10.3077.0>
2007-04-24 21:53:06 0 d-------- C:\Program Files\Alwil Software
2007-04-24 20:21:30 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-04-24 20:21:30 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-04-24 20:21:30 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-04-24 20:21:30 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-04-24 20:21:30 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-04-24 20:21:30 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-04-24 20:21:30 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-04-24 20:21:30 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-04-24 20:21:30 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-04-24 20:21:30 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-04-24 20:21:30 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-04-24 20:21:30 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-04-24 20:21:30 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-04-24 20:21:29 491520 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-22 19:50:11 0 d-------- C:\Program Files\TagScanner
2007-04-21 19:38:28 0 d-------- C:\WINDOWS\Sun
2007-04-21 19:38:28 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2007-04-14 20:17:38 0 d-------- C:\Documents and Settings\Owner\Incomplete
2007-04-14 20:16:16 0 d-------- C:\Program Files\Java
2007-04-14 20:16:02 0 d-------- C:\Program Files\Common Files\Java
2007-04-14 20:15:57 0 d-------- C:\Program Files\LimeWire
2007-04-14 20:15:17 0 d-------- C:\Documents and Settings\Owner\.limewire
2007-04-14 16:38:44 0 d---s---- C:\Documents and Settings\Cindy\UserData
2007-04-14 16:34:34 0 d-------- C:\Documents and Settings\Cindy\Application Data\Macromedia
2007-04-14 16:33:29 0 d-------- C:\Documents and Settings\Cindy\Application Data\Identities
2007-04-14 16:32:58 0 d--h----- C:\Documents and Settings\Cindy\Templates
2007-04-14 16:32:58 0 dr------- C:\Documents and Settings\Cindy\Start Menu
2007-04-14 16:32:58 0 dr-h----- C:\Documents and Settings\Cindy\SendTo
2007-04-14 16:32:58 0 dr-h----- C:\Documents and Settings\Cindy\Recent
2007-04-14 16:32:58 0 d--h----- C:\Documents and Settings\Cindy\PrintHood
2007-04-14 16:32:58 614400 --a------ C:\Documents and Settings\Cindy\NTUSER.DAT
2007-04-14 16:32:58 0 d--h----- C:\Documents and Settings\Cindy\NetHood
2007-04-14 16:32:58 0 dr------- C:\Documents and Settings\Cindy\My Documents
2007-04-14 16:32:58 0 d--h----- C:\Documents and Settings\Cindy\Local Settings
2007-04-14 16:32:58 0 dr------- C:\Documents and Settings\Cindy\Favorites
2007-04-14 16:32:58 0 d-------- C:\Documents and Settings\Cindy\Desktop
2007-04-14 16:32:58 0 d---s---- C:\Documents and Settings\Cindy\Cookies
2007-04-14 16:32:58 0 dr-h----- C:\Documents and Settings\Cindy\Application Data
2007-04-14 16:32:58 0 d---s---- C:\Documents and Settings\Cindy\Application Data\Microsoft
2007-04-14 16:28:49 0 d-------- C:\Documents and Settings\NetworkService\My Documents
2007-04-14 16:04:10 0 d-------- C:\Program Files\DIFX
2007-04-14 16:04:09 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-04-14 16:04:07 0 d-------- C:\Program Files\Common Files\ComponentOne
2007-04-14 16:04:03 0 d-------- C:\Program Files\Zune
2007-04-13 20:41:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-04-13 20:40:02 0 d-------- C:\Program Files\Yahoo!
2007-04-08 18:57:25 0 d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-04-08 18:54:56 0 d-------- C:\Program Files\SlySoft
2007-04-06 21:43:19 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-04-06 21:30:36 0 d-------- C:\Program Files\Active Data Recovery Software
2007-04-05 18:24:55 0 d-------- C:\Documents and Settings\Owner\Application Data\Ventrilo
2007-04-05 00:18:22 0 d-------- C:\Documents and Settings\Owner\Application Data\CopyToDvd
2007-04-05 00:00:59 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2007-04-04 23:57:21 0 d-------- C:\audiograbber
2007-04-04 23:42:53 0 d-------- C:\Program Files\vso
2007-04-04 23:42:05 0 d-------- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
2007-04-04 23:41:55 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine; 1.37; 1.37>
2007-04-04 23:41:55 47360 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine; 1.37; 1.37>
2007-04-04 23:41:55 87608 --a------ C:\Documents and Settings\Owner\Application Data\ezpinst.exe
2007-04-04 23:41:54 0 d-------- C:\Documents and Settings\Owner\Application Data\Vso
2007-04-04 23:41:32 0 d-------- C:\Program Files\LG Software Innovations
2007-04-04 21:21:20 0 d-------- C:\Documents and Settings\Owner\Application Data\ATI
2007-04-04 21:14:36 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-04 21:14:25 0 d-------- C:\Program Files\ATI Technologies
2007-04-04 19:07:49 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-04-04 19:07:48 0 d-------- C:\Program Files\World of Warcraft
2007-04-04 18:52:40 0 d-------- C:\Program Files\Ventrilo
2007-04-04 18:52:24 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-04 18:47:58 26064 --a------ C:\WINDOWS\system32\drivers\kcom.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1006; 5.0.2.1006>
2007-04-04 18:47:58 83536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1017; 5.0.2.1017>
2007-04-04 18:47:58 59984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1018; 5.0.2.1018>
2007-04-04 18:47:58 52304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1025; 5.0.2.1025>
2007-04-04 18:47:58 39248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys <Verified; PCTools Research Pty Ltd.; Spyware Doctor; 5.0.2.1016; 5.0.2.1016>
2007-04-04 18:47:52 0 d-------- C:\Program Files\Spyware Doctor
2007-04-04 18:47:52 0 d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2007-04-04 18:47:45 626688 --a------ C:\WINDOWS\system32\msvcr80.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio® 2005; 8.00.50727.42; 8.00.50727.42>
2007-04-04 18:31:09 0 d-------- C:\Program Files\7-Zip
2007-04-04 17:39:14 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-04-04 17:38:33 37480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys <Verified; McAfee, Inc.; SYSCORE.13.3.0.120.x86; ; SYSCORE.13.3.0.120.x86>
2007-04-04 17:38:33 32008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys <Verified; McAfee, Inc.; SYSCORE.13.3.0.120.x86; ; SYSCORE.13.3.0.120.x86>
2007-04-04 17:38:33 34184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys <Verified; McAfee, Inc.; SYSCORE.13.3.0.120.x86; ; SYSCORE.13.3.0.120.x86>
2007-04-04 17:38:31 170408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys <Verified; McAfee, Inc.; SYSCORE.13.3.0.120.x86; ; SYSCORE.13.3.0.120.x86>
2007-04-04 17:38:30 71496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys <Verified; McAfee, Inc.; SYSCORE.13.3.0.108.x86; ; SYSCORE.13.3.0.108.x86>
2007-04-04 17:38:24 109608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys <Verified; McAfee, Inc.; McAfee Personal Firewall Plus; 8.3.111.0; 8.3.111.0>
2007-04-04 17:37:52 0 d-------- C:\Program Files\McAfee.com
2007-04-04 17:37:48 0 d-------- C:\Program Files\Common Files\McAfee
2007-04-04 17:37:42 0 d-------- C:\Program Files\McAfee
2007-04-04 17:25:34 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-04-04 17:10:08 0 d-------- C:\Program Files\Microsoft IntelliPoint
2007-04-04 17:09:21 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2007-04-04 15:21:54 0 d-------- C:\Program Files\Windows Media Connect 2
2007-04-04 15:20:56 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-04 15:16:28 348160 --a------ C:\WINDOWS\system32\msvcr71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.10.3052.4; 7.10.3052.4>
2007-04-04 15:16:28 499712 --a------ C:\WINDOWS\system32\msvcp71.dll <Not Verified; Microsoft Corporation; Microsoft® Visual Studio .NET; 7.10.3077.0; 7.10.3077.0>
2007-04-04 14:55:41 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-04-04 14:35:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-04-04 14:33:25 0 d-------- C:\WINDOWS\system32\PreInstall
2007-04-04 14:33:23 0 d--h----- C:\WINDOWS\$hf_mig$
2007-04-04 14:31:42 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-04 14:31:24 0 d---s---- C:\Documents and Settings\Owner\UserData
2007-04-04 14:30:22 49152 --a------ C:\WINDOWS\system32\mhwt.dll <Verified; Intel Corporation; Intel® 537EP V9x DFV PCI Modem; 2.15.57.0; 1.0.0.0>
2007-04-04 14:30:22 172032 --a------ C:\WINDOWS\system32\intelmoh.dll <Verified; Intel Corporation; Intel® 537EP V9x DFV PCI Modem; 2.15.57.0; 1.0.0.0>
2007-04-04 14:30:22 33792 --a------ C:\WINDOWS\system32\IntelCci.dll <Verified; Intel Corporation; Intel® 537EP V9x DFV PCI Modem; 2.15.57.0; 5.0.0.0 built by: WinDDK>
2007-04-04 14:30:22 36880 --a------ C:\WINDOWS\system32\drivers\mohfilt.sys <Verified; Intel Corporation; Intel® 537EP V9x DFV PCI Modem; 2.15.57.0; 7.11.0.0>
2007-04-04 14:30:22 47360 --a------ C:\WINDOWS\system32\drivers\IntelC53.sys <Verified; Intel Corporation; Intel® 537EP V9x DFV PCI Modem; 2.15.57.0; 2.15.57.0 built by: WinDDK>
2007-04-04 14:30:22 618880 --a------ C:\WINDOWS\system32\drivers\IntelC52.sys <Verified; Intel Corporation; Intel® 537EP V9x DFV PCI Modem; 2.15.57.4; 4.58.1 built by: WinDDK>
2007-04-04 14:30:22 1339776 --a------ C:\WINDOWS\system32\drivers\IntelC51.sys <Verified; Intel Corporation; Intel® 537EP V9x DFV PCI Modem; 2.15.57.0; 2.15.57.0 built by: WinDDK>
2007-04-04 14:20:50 0 d-------- C:\Program Files\Modem On Hold
2007-04-04 14:17:00 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart; 5.13.0025; 5.13.0025>
2007-04-04 14:16:41 0 d-------- C:\ATI
2007-04-04 14:03:22 0 d-------- C:\WINDOWS\system32\LogFiles
2007-04-04 14:02:36 126976 --a------ C:\WINDOWS\system32\Prounstl.exe <Verified; Intel Corporation; Intel ® PRO Network Connections; 8.0.7.0; 8.0.7.0>
2007-04-04 14:02:36 24064 --a------ C:\WINDOWS\system32\IntelNic.dll <Verified; Intel Corporation; Intel® CoInstaller; 5.00; 2.04>
2007-04-04 14:02:36 36864 --a------ C:\WINDOWS\system32\e100bmsg.dll <Verified; Intel Corporation; e100bmsg.dll; 8.0.20.0; 8.0.20.0>
2007-04-04 14:02:36 162816 --a------ C:\WINDOWS\system32\drivers\e100b325.sys <Verified; Intel Corporation; Intel® PRO/100 Adapter; 8.0.21.0; 8.0.21.0 built by: WinDDK>
2007-04-04 14:02:36 0 d-------- C:\drvrtmp
2007-04-04 13:57:41 0 d-------- C:\Program Files\Broadcom
2007-04-04 13:37:30 90112 -----n--- C:\WINDOWS\Updreg.EXE <Not Verified; Creative Technology Ltd.; Creative Updreg; 1.0.2; 1.0.2>
2007-04-04 13:37:30 24576 --a------ C:\WINDOWS\system32\CTDevCRes.dll <Not Verified; Creative Technology Ltd; Audio Device Control; 1.0.0; 1.0.0>
2007-04-04 13:37:10 172032 --a------ C:\WINDOWS\system32\sfms32.dll <Verified; Creative Technology Ltd; Creative Audio Product; 5.12.01.0172-0.75.1810 (beta-release); 5.12.01.0172-0.75.1810 (beta-release)>
2007-04-04 13:37:10 36864 --a------ C:\WINDOWS\system32\sfman32.dll <Verified; Creative Technology Ltd; Creative Audio Product; 5.12.01.0130-1.00.0000; 5.12.01.0130-1.00.0000>
2007-04-04 13:37:10 34304 --a------ C:\WINDOWS\system32\P16Xres.dll <Verified; Creative Technology Ltd.; P16X Driver Resources; 5.12.0104; 5.12.0104>
2007-04-04 13:37:10 47616 --a------ C:\WINDOWS\system32\P16X.dll <Verified; ; P16X AudioControlX Module; 1.0.0.15; 1.0.0.15>
2007-04-04 13:37:10 1330048 --a------ C:\WINDOWS\system32\drivers\P16X.sys <Verified; Creative Technology Ltd.; Creative SB Live! P16X Series(WDM); 5.12.01.203; 5.12.01.203>
2007-04-04 13:37:10 130192 --a------ C:\WINDOWS\system32\drivers\ctsfm2k.sys <Verified; Creative Technology Ltd; Creative Audio Product; 5.12.01.0172-0.75.1810 (beta-release); 5.12.01.0172-0.75.1810 (beta-release)>
2007-04-04 13:37:10 178672 --a------ C:\WINDOWS\system32\drivers\ctoss2k.sys <Verified; Creative Technology Ltd.; Creative Audio Product; 5.12.01.0172-0.75.1810 (beta-release); 5.12.01.0172-0.75.1810 (beta-release)>
2007-04-04 13:37:10 0 d-------- C:\WINDOWS\system32\Data
2007-04-04 13:37:10 20480 --a------ C:\WINDOWS\INRES.DLL <Not Verified; Creative Technology Ltd; Creative Audio Product; 1, 0, 2, 0; 1, 0, 2, 0>
2007-04-04 13:37:09 65536 --a------ C:\WINDOWS\system32\A3d.dll <Verified; ; a3dx5; 80.0.0.3; 80.0.0.3>
2007-04-04 13:37:09 24576 --a------ C:\WINDOWS\MIXERDEF.EXE <Not Verified; Creative Technology Ltd; Creative Audio Product; 1, 0, 0, 7; 1, 0, 0, 7>
2007-04-04 13:37:09 61440 --a------ C:\WINDOWS\MIDIDEF.EXE <Not Verified; Creative Technology Ltd; Creative Audio Product; 2, 8, 3, 0; 2, 8, 3, 0>
2007-04-04 13:36:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-04 13:36:26 6752 -----n--- C:\WINDOWS\system32\PFMODNT.SYS <Not Verified; Creative Technology Ltd.; PfModNT; 2.0.0.0; 2.0.0.0>
2007-04-04 13:36:23 15840 -----n--- C:\WINDOWS\system32\drivers\PFMODNT.SYS <Not Verified; Creative Technology Ltd.; PfModNT; 3.0.0.3; 3.0.0.3>
2007-04-04 13:36:23 0 d-------- C:\Program Files\Creative
2007-04-04 13:36:21 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-04 13:30:19 32384 --a------ C:\WINDOWS\system32\drivers\usb101et.sys <Verified; KLSI USA, Inc.; Generic USB-Ethernet Adapter; 3.43.0005.0000; 3.43.0005.0000>
2007-04-04 13:22:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2007-04-04 13:22:41 0 d--h----- C:\Documents and Settings\Owner\Templates
2007-04-04 13:22:41 0 dr------- C:\Documents and Settings\Owner\Start Menu
2007-04-04 13:22:41 0 dr-h----- C:\Documents and Settings\Owner\SendTo
2007-04-04 13:22:41 0 dr-h----- C:\Documents and Settings\Owner\Recent
2007-04-04 13:22:41 0 d--h----- C:\Documents and Settings\Owner\PrintHood
2007-04-04 13:22:41 2097152 --ah----- C:\Documents and Settings\Owner\NTUSER.DAT
2007-04-04 13:22:41 0 d--h----- C:\Documents and Settings\Owner\NetHood
2007-04-04 13:22:41 0 dr------- C:\Documents and Settings\Owner\My Documents
2007-04-04 13:22:41 0 d--h----- C:\Documents and Settings\Owner\Local Settings
2007-04-04 13:22:41 0 dr------- C:\Documents and Settings\Owner\Favorites
2007-04-04 13:22:41 0 d-------- C:\Documents and Settings\Owner\Desktop
2007-04-04 13:22:41 0 d---s---- C:\Documents and Settings\Owner\Cookies
2007-04-04 13:22:41 0 dr-h----- C:\Documents and Settings\Owner\Application Data
2007-04-04 13:22:34 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-04-04 13:22:31 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-04-04 13:22:31 0 d-------- C:\WINDOWS\Prefetch
2007-04-04 13:22:30 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-04-04 13:22:30 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-04-04 13:22:30 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-04-04 13:22:30 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-04-04 13:22:30 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-04-04 13:22:26 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-04 13:22:26 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-04-04 13:22:26 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-04-04 13:22:26 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-04-04 13:22:26 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-04-04 13:19:59 0 d-------- C:\WINDOWS\system32\xircom
2007-04-04 13:19:59 0 d-------- C:\Program Files\microsoft frontpage
2007-04-04 13:19:57 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-04-04 13:19:57 0 d-------- C:\DELL
2007-04-04 13:19:47 0 -rahs---- C:\MSDOS.SYS
2007-04-04 13:19:47 0 -rahs---- C:\IO.SYS
2007-04-04 13:19:47 0 --a------ C:\CONFIG.SYS
2007-04-04 13:19:47 0 --a------ C:\AUTOEXEC.BAT
2007-04-04 13:18:53 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-04-04 13:18:44 0 dr------- C:\WINDOWS\Offline Web Pages
2007-04-04 13:18:44 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-04 13:18:34 0 d--h----- C:\Program Files\WindowsUpdate
2007-04-04 13:18:08 0 d-------- C:\WINDOWS\system32\DirectX
2007-04-04 13:17:20 0 d---s---- C:\WINDOWS\Tasks
2007-04-04 13:17:18 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-04 13:17:12 0 d-------- C:\WINDOWS\srchasst
2007-04-04 13:17:11 0 d-------- C:\WINDOWS\system32\Macromed
2007-04-04 13:16:59 0 d-------- C:\Program Files\Movie Maker
2007-04-04 13:16:48 0 d-------- C:\WINDOWS\system32\Restore
2007-04-04 13:16:47 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll <Verified; Intel Corporation; ISRDBG32.DLL; 0.0; 0.0>
2007-04-04 13:16:24 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-04 13:16:07 0 d-------- C:\WINDOWS\Registration
2007-04-04 13:15:40 0 d-------- C:\Program Files\Online Services
2007-04-04 13:15:34 0 d-------- C:\Program Files\Messenger
2007-04-04 13:15:29 0 d-------- C:\Program Files\MSN Gaming Zone
2007-04-04 13:15:18 44544 --a------ C:\WINDOWS\system32\hticons.dll <Verified; Hilgraeve, Inc.; Microsoft® Windows® Operating System; 5.1.2600.0; 5.1.2600.0>
2007-04-04 13:15:06 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-04 13:14:32 347136 --a------ C:\WINDOWS\system32\hypertrm.dll <Verified; Hilgraeve, Inc.; Microsoft® Windows® Operating System; 5.1.2600.2563; 5.1.2600.2563>
2007-04-04 13:14:32 0 d-------- C:\Program Files\Windows NT
2007-04-04 13:14:27 0 d-------- C:\WINDOWS\system32\MsDtc
2007-04-04 13:14:24 0 d-------- C:\WINDOWS\system32\Com
2007-04-04 06:10:57 0 d--hs---- C:\WINDOWS\Installer
2007-04-04 06:10:57 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-04 06:10:52 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-04 06:10:51 0 dr------- C:\Program Files
2007-04-04 06:10:14 24661 --a------ C:\WINDOWS\system32\spxcoins.dll <Verified; Perle Systems Ltd.; Specialix Multi-port Serial Device Class CoInstaller; 1.0.0.0007; 1.0.0.0007>
2007-04-04 06:10:14 103424 --a------ C:\WINDOWS\system32\EqnClass.Dll <Verified; Equinox Systems Inc.; Equinox Multiport Serial Coinstaller; 5.0u(58); 5.0u(58)>
2007-04-04 06:10:14 85020 --a------ C:\WINDOWS\system32\dgsetup.dll <Verified; Digi International; DGSETUP Dynamic Link Library; v3.7.3.0; v3.7.3.0>
2007-04-04 06:10:14 176157 --a------ C:\WINDOWS\system32\dgrpsetu.dll <Verified; Digi International, Inc.; Digi RealPort® Driver; 2.3.7; 2.3.7>
2007-04-04 06:10:01 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-04-04 06:10:01 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-04-04 06:10:01 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-04-04 06:10:01 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-04-04 06:10:01 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-04-04 06:10:01 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-04-04 06:10:01 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-04-04 06:10:01 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-04-04 06:10:01 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-04-04 06:10:01 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-04-04 06:10:01 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-04-04 06:10:01 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-04-04 06:10:01 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-04-04 06:10:01 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-04-04 06:10:01 0 dr------- C:\Documents and Settings\All Users\Documents
2007-04-04 06:10:01 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-04-04 06:09:45 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-04-04 06:09:45 0 d-------- C:\WINDOWS\system32\CatRoot
2007-04-04 06:09:40 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-04-04 06:09:40 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-04-04 06:09:39 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-04-04 06:09:39 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-04-04 06:09:14 0 d-------- C:\Documents and Settings
2007-04-04 06:09:13 0 d--hs---- C:\System Volume Information
2007-04-04 06:04:46 0 d-------- C:\WINDOWS
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\WinSxS
2007-04-04 06:04:46 0 dr------- C:\WINDOWS\Web
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\twain_32
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\wins
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\wbem
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\usmt
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\spool
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\ShellExt
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\Setup
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\ras
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\oobe
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\npp
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\mui
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\inetsrv
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\IME
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\icsxml
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\ias
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\export
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\drivers
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-04 06:04:46 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\dhcp
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\config
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\3076
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\2052
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\1054
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\1042
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\1041
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\1037
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\1033
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\1031
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\1028
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system32\1025
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\system
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\security
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\Resources
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\repair
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\Provisioning
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\PeerNet
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\pchealth
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\mui
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\msapps
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\msagent
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\Media
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\java
2007-04-04 06:04:46 0 d--h----- C:\WINDOWS\inf
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\ime
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\Help
2007-04-04 06:04:46 0 dr--s---- C:\WINDOWS\Fonts
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\Driver Cache
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\dell
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\Debug
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\Cursors
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\Connection Wizard
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\Config
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\AppPatch
2007-04-04 06:04:46 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-04-04 23:42:01 34 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.log
2007-04-04 23:41:55 1144 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.inf
2007-04-04 23:41:55 7824 --a------ C:\Documents and Settings\Owner\Application Data\pcouffin.cat
2007-04-04 06:10:01 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2007-03-02 13:57:04 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll <Verified; ATI Technologies Inc.; ATI Display Driver Utilities; 6.14.10.4004; 6.14.10.4004>
2007-03-02 13:54:35 307200 --a------ C:\WINDOWS\system32\ATIDEMGX.dll <Verified; ATI Technologies Inc.; Catalyst® Control Centre; 2.0.2617.28637; 2.0.2617.28637>
2007-03-02 13:53:36 265728 --a------ C:\WINDOWS\system32\ati2dvag.dll <Verified; ATI Technologies Inc.; ATI Radeon WindowsNT Display Driver; 6.14.10.6677; 6.14.10.6677>
2007-03-02 13:47:51 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll <Verified; ATI Technologies, Inc.; ATI Desktop Component; 6, 14, 10, 2516; 6, 14, 10, 2516>
2007-03-02 13:47:42 110592 --a------ C:\WINDOWS\system32\Oemdspif.dll <Verified; ATI Technologies, Inc.; ATI Driver Interface Component; 6.14.0020; 6.14.0020>
2007-03-02 13:47:35 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Verified; ATI Technologies, Inc.; ATI Default Resolution Update; 6, 14, 10, 2495; 6, 14, 10, 2495>
2007-03-02 13:47:30 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll <Verified; ATI Technologies, Inc.; ATI External Device Utility; 6, 14, 10, 2511; 6, 14, 10, 2511>
2007-03-02 13:47:19 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll <Verified; ATI Technologies Inc.; ATI External Event Utility for Windows; 6.14.10.4162; 6.14.10.4162>
2007-03-02 13:46:12 446464 --a------ C:\WINDOWS\system32\ati2evxx.exe <Verified; ATI Technologies Inc.; ATI External Event Utility for Windows; 6.14.10.4162; 6.14.10.4162>
2007-03-02 13:45:32 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL <Verified; ATI Technologies Inc.; ATI Radeon Family; 6.14.10.8; 6.14.10.8>
2007-03-02 13:38:53 2824512 --a------ C:\WINDOWS\system32\ati3duag.dll <Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon DirectX Universal Driver; 6.14.10.0487; 6.14.10.0487>
2007-03-02 13:29:23 1288960 --a------ C:\WINDOWS\system32\ativvaxx.dll <Verified; ATI Technologies Inc.; ATI Technologies Inc. Radeon Video Acceleration Universal Driver; 6.14.10.0144; 6.14.10.0144>
2007-03-02 13:29:08 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2007-03-02 13:21:15 5398528 --a------ C:\WINDOWS\system32\atioglxx.dll <Verified; ATI Technologies Inc.; ATI OpenGL driver; 6.14.10.6388; 6.14.10.6388>
2007-03-02 13:17:37 258048 --a------ C:\WINDOWS\system32\atikvmag.dll <Verified; ATI Technologies Inc.; Virtual Command And Memory Manager; 5.2.3790.1830; 6.14.10.0052>
2007-03-02 13:16:23 17408 --a------ C:\WINDOWS\system32\atitvo32.dll <Verified; ATI Technologies Inc.; ATI RageTheater/ImpacTV COM interface; 6.14.10.4200; 6.14.10.4200>
2007-03-02 13:11:44 348160 --a------ C:\WINDOWS\system32\ati2cqag.dll <Verified; ATI Technologies Inc.; ATI Radeon Family; 5.2.3790.1830; 6.14.10.0334>
2007-02-28 16:05:26 86016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll <Not Verified; Elaborate Bytes AG; Elaborate Bytes CDRTools; 6, 0, 0, 0; 6, 0, 5, 6>
2007-02-26 08:44:06 147685 --a------ C:\WINDOWS\system32\atiicdxx.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} c:\program files\mcafee\virusscan\scriptcl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
"RegistryMechanic"=""
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
"Zune Launcher"="\"C:\\Program Files\\Zune\\ZuneLauncher.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
@=""
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"=dword:00000001

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0



-- End of Deckard's System Scanner: finished at 2007-04-25 at 15:10:13 ---------

BC AdBot (Login to Remove)

 


#2 xrawxtalentx

xrawxtalentx
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 29 April 2007 - 05:23 PM

Cancel This, It was Mcafee Picking up a False Positive in Spyware Doctor!

#3 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,616 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 PM

Posted 30 April 2007 - 12:50 AM

OK, thanks for letting us know. :thumbsup:

The thing about people

is they change

when they walk away.--Mipso





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users