Thread: Possible virus -- changed windows background (not desktop background)
View Single Post
Old 08-08-2007, 10:23 PM   #1 (permalink)
freefal1215
Registered User
 
Join Date: Aug 2007
Posts: 8
OS: Win XP


Possible virus -- changed windows background (not desktop background)
Hi, any help will be appreciated..
When I open my C:\WINDOWS window on My Computer, I get this weird picture of a manga-ish samurai (which I'm positive I've never intentionally downloaded) as the window background. Other folders window background are unaffected. I've tried changing Window schemes, etc but no change. My PC still works fine, everything functions (except for iTunes & quicktime, but I think its unrelated) so it's merely annoyance really, but I'm worried if it is a virus, it might spread. I've tried scanning with Ad-Aware and Avast but no virus were found. Wanted to try the online Panda scanner but took too long (I'm connecting from Indonesia)
Here's my DSS main.txt:
Deckard's System Scanner v20070807.62
Run by Admin on 2007-08-09 at 10:54:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
27: 2007-08-09 03:54:35 UTC - RP28 - Deckard's System Scanner Restore Point
26: 2007-08-09 02:58:43 UTC - RP27 - Installed Nokia Multimedia Factory
25: 2007-08-09 02:54:41 UTC - RP26 - Installed Nokia PC Suite
24: 2007-08-09 02:43:19 UTC - RP25 - Installed iTunes
23: 2007-08-09 02:42:05 UTC - RP24 - Removed Apple Mobile Device Support


-- First Restore Point --
1: 2007-07-23 06:05:47 UTC - RP2 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-09 10:56:42
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\windxp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\SeUpdateDb.exe
C:\Documents and Settings\Admin\My Documents\Downloads\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F0 - system.ini: Shell=Explorer.exe "c:\windows\Explore.exe"
F2 - REG:system.ini: Shell=Explorer.exe "c:\windows\Explore.exe"
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [def] C:\WINDOWS\Temp\Vel.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SysRestore] c:\windows\system32\Restoration.msd
O4 - HKEY_LOCAL_MACHINE\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKEY_LOCAL_MACHINE\..\RunOnce: [DAP Cleanup] C:\DOCUME~1\Admin\LOCALS~1\Temp\DAPREMOVE.EXE /CLEANUP /DIR="C:\PROGRA~1\DAP"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\RunOnce: [Delete temporary setup file] cmd /Q /D /C del "C:\DOCUME~1\Admin\LOCALS~1\Temp\{79630253-F7C3-49C3-B1C7-A34665890553}\{6536688C-24C5-4023-B404-BEE850ED4312}\setup.exe"
O4 - Startup: AdobeGama.pif
O4 - Global Startup: AdobeGama.pif
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra 'Tools' menuitem: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: (no name) - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: Apple Mobile Device - Apple, Inc. - "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe


-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 ALCXSENS (Service for WDM 3D Audio Driver) - c:\windows\system32\drivers\alcxsens.sys <Not Verified; Sensaura Ltd; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-09 10:00:32 350 --a------ C:\WINDOWS\Tasks\At35.job
2007-08-09 10:00:32 350 --a------ C:\WINDOWS\Tasks\At11.job
2007-08-09 02:00:32 350 --a------ C:\WINDOWS\Tasks\At3.job
2007-08-09 02:00:32 350 --a------ C:\WINDOWS\Tasks\At27.job
2007-08-09 01:00:32 350 --a------ C:\WINDOWS\Tasks\At26.job
2007-08-09 01:00:32 350 --a------ C:\WINDOWS\Tasks\At2.job
2007-08-09 00:00:32 350 --a------ C:\WINDOWS\Tasks\At25.job
2007-08-09 00:00:32 350 --a------ C:\WINDOWS\Tasks\At1.job
2007-08-08 23:00:40 350 --a------ C:\WINDOWS\Tasks\At48.job
2007-08-08 23:00:40 350 --a------ C:\WINDOWS\Tasks\At24.job
2007-08-08 22:00:32 350 --a------ C:\WINDOWS\Tasks\At47.job
2007-08-08 22:00:32 350 --a------ C:\WINDOWS\Tasks\At23.job
2007-08-08 21:00:32 350 --a------ C:\WINDOWS\Tasks\At46.job
2007-08-08 21:00:32 350 --a------ C:\WINDOWS\Tasks\At22.job
2007-08-08 20:00:32 350 --a------ C:\WINDOWS\Tasks\At45.job
2007-08-08 20:00:32 350 --a------ C:\WINDOWS\Tasks\At21.job
2007-08-08 19:00:32 350 --a------ C:\WINDOWS\Tasks\At44.job
2007-08-08 19:00:32 350 --a------ C:\WINDOWS\Tasks\At20.job
2007-08-08 18:00:32 350 --a------ C:\WINDOWS\Tasks\At43.job
2007-08-08 18:00:32 350 --a------ C:\WINDOWS\Tasks\At19.job
2007-08-08 17:00:32 350 --a------ C:\WINDOWS\Tasks\At42.job
2007-08-08 17:00:32 350 --a------ C:\WINDOWS\Tasks\At18.job
2007-08-08 16:00:32 350 --a------ C:\WINDOWS\Tasks\At41.job
2007-08-08 16:00:32 350 --a------ C:\WINDOWS\Tasks\At17.job
2007-08-08 15:00:32 350 --a------ C:\WINDOWS\Tasks\At40.job
2007-08-08 15:00:32 350 --a------ C:\WINDOWS\Tasks\At16.job
2007-08-08 14:00:32 350 --a------ C:\WINDOWS\Tasks\At39.job
2007-08-08 14:00:32 350 --a------ C:\WINDOWS\Tasks\At15.job
2007-08-08 13:00:32 350 --a------ C:\WINDOWS\Tasks\At38.job
2007-08-08 13:00:32 350 --a------ C:\WINDOWS\Tasks\At14.job
2007-08-08 12:00:32 350 --a------ C:\WINDOWS\Tasks\At37.job
2007-08-08 12:00:32 350 --a------ C:\WINDOWS\Tasks\At13.job
2007-08-07 11:01:40 350 --a------ C:\WINDOWS\Tasks\At12.job
2007-08-07 11:00:32 350 --a------ C:\WINDOWS\Tasks\At36.job
2007-08-02 09:00:32 350 --a------ C:\WINDOWS\Tasks\At34.job
2007-08-02 09:00:02 350 --a------ C:\WINDOWS\Tasks\At10.job
2007-07-31 18:48:32 350 --a------ C:\WINDOWS\Tasks\At33.job
2007-07-31 18:48:32 350 --a------ C:\WINDOWS\Tasks\At32.job
2007-07-31 18:48:32 350 --a------ C:\WINDOWS\Tasks\At31.job
2007-07-31 18:48:32 350 --a------ C:\WINDOWS\Tasks\At30.job
2007-07-31 18:48:32 350 --a------ C:\WINDOWS\Tasks\At29.job
2007-07-31 18:48:32 350 --a------ C:\WINDOWS\Tasks\At28.job
2007-07-31 07:00:02 350 --a------ C:\WINDOWS\Tasks\At8.job
2007-07-28 04:00:32 350 --a------ C:\WINDOWS\Tasks\At5.job
2007-07-28 03:00:32 350 --a------ C:\WINDOWS\Tasks\At4.job
2007-07-27 16:57:36 350 --a------ C:\WINDOWS\Tasks\At9.job
2007-07-27 16:57:36 350 --a------ C:\WINDOWS\Tasks\At7.job
2007-07-27 16:57:36 350 --a------ C:\WINDOWS\Tasks\At6.job


-- Files created between 2007-07-09 and 2007-08-09 -----------------------------

2007-08-09 10:17:08 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-09 09:59:00 0 d-------- C:\Documents and Settings\Admin\Application Data\Datalayer
2007-08-09 09:58:57 0 d-------- C:\Documents and Settings\Admin\Phone Browser
2007-08-09 09:56:51 0 d-------- C:\Documents and Settings\Admin\Application Data\Nokia
2007-08-09 09:55:29 0 d-------- C:\WINDOWS\LastGood
2007-08-09 09:55:18 0 d-------- C:\Documents and Settings\Admin\Application Data\PC Suite
2007-08-09 09:54:46 0 d-------- C:\Program Files\Common Files\Nokia
2007-08-09 09:54:45 0 d-------- C:\Program Files\Nokia
2007-08-09 09:54:45 0 d-------- C:\Program Files\Common Files\PCSuite
2007-08-09 09:43:44 0 d-------- C:\Program Files\iPod
2007-08-09 09:43:42 0 d-------- C:\Program Files\iTunes
2007-08-09 09:42:44 0 d-------- C:\Program Files\QuickTime
2007-08-09 09:42:31 0 d-------- C:\Program Files\Apple Software Update
2007-08-08 13:31:17 0 d-------- C:\Program Files\LimeWire
2007-08-08 12:32:50 0 d-------- C:\Documents and Settings\Admin\Incomplete
2007-08-08 12:31:22 0 d-------- C:\Documents and Settings\Admin\.limewire
2007-08-07 13:57:48 0 d-------- C:\Program Files\Lavasoft
2007-08-07 13:57:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-07 13:55:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-07 11:33:57 0 d-------- C:\WINDOWS\Sun
2007-08-07 11:33:56 0 d-------- C:\Documents and Settings\Admin\Application Data\Sun
2007-08-07 10:56:02 25664 --a------ C:\WINDOWS\system32\bTbVnD0J.exe
2007-08-03 12:45:15 0 d-------- C:\Program Files\Alwil Software
2007-08-02 16:24:46 0 d-------- C:\Documents and Settings\Admin\Application Data\PC Tools
2007-08-02 15:00:46 0 d-------- C:\Program Files\ToniArts
2007-08-02 15:00:40 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-08-02 15:00:36 0 d-------- C:\Documents and Settings\Admin\WINDOWS
2007-08-02 14:42:53 0 d-------- C:\Program Files\ElcomSoft
2007-08-02 08:45:02 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
2007-08-01 19:29:28 0 d-------- C:\Documents and Settings\Admin\Saved Games
2007-08-01 16:36:48 0 d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM
2007-08-01 14:01:56 0 d-------- C:\Documents and Settings\All Users\Application Data\iWin
2007-08-01 14:01:56 0 d-------- C:\Documents and Settings\Admin\Application Data\iWin
2007-08-01 13:15:08 0 d-------- C:\Program Files\PMStitch20
2007-08-01 13:07:44 0 d-------- C:\Program Files\Veo Digital Studio
2007-08-01 13:07:30 40960 --a------ C:\WINDOWS\system32\PicEng.dll <Not Verified; Xirlink, Inc; PicEng>
2007-08-01 13:07:30 61440 --a------ C:\WINDOWS\system32\camiodll.dll <Not Verified; Xirlink; Xirlink camiodll>
2007-08-01 13:07:30 49152 --a------ C:\WINDOWS\system32\CamCapEx.dll <Not Verified; Xirlink, Inc; Xirlink USB Camera API>
2007-08-01 13:07:27 86016 --a------ C:\WINDOWS\system32\xl_x263dec.dll <Not Verified; Xirlink, Inc.; Visionlink>
2007-08-01 13:07:18 0 d-------- C:\Program Files\Veo Connect
2007-08-01 11:27:07 0 d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-08-01 11:26:56 0 d-------- C:\Documents and Settings\Admin\Application Data\GameHouse
2007-08-01 11:26:54 0 d-------- C:\Program Files\GameHouse
2007-08-01 11:11:28 0 d-------- C:\Program Files\Windows Installer Clean Up
2007-08-01 11:10:44 0 d-------- C:\Program Files\MSECACHE
2007-07-31 20:11:18 0 d-------- C:\Documents and Settings\Admin\Application Data\Help
2007-07-31 18:48:29 23617 --a------ C:\WINDOWS\system32\Y12d0Vn5.exe
2007-07-31 06:51:55 84992 --a------ C:\WINDOWS\WebAssist.dll <Not Verified; ; WebAssist>
2007-07-30 10:55:37 0 d-------- C:\Documents and Settings\Admin\Application Data\Genie-Soft
2007-07-30 10:54:37 0 d-------- C:\Program Files\Genie-Soft
2007-07-30 09:36:19 0 d-------- C:\Documents and Settings\Admin\Application Data\IsolatedStorage
2007-07-28 17:36:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Escape From Paradise
2007-07-28 17:35:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-07-28 17:08:56 126976 --a------ C:\WINDOWS\xhelper.dll
2007-07-28 16:15:28 0 d-------- C:\WINDOWS\system32\appmgmt
2007-07-27 23:07:40 0 d-------- C:\Program Files\VirtualVillagers_at
2007-07-27 22:45:05 0 d-------- C:\Program Files\Java
2007-07-27 22:45:04 0 d-------- C:\Program Files\Common Files\Java
2007-07-27 22:40:55 0 d-------- C:\Program Files\DAP
2007-07-27 18:52:47 0 d-------- C:\Program Files\PizzaFrenzy_at
2007-07-27 13:35:42 4096 --a------ C:\WINDOWS\d3dx.dat
2007-07-27 12:17:51 0 d-------- C:\Documents and Settings\Admin\Application Data\Gaijin Ent
2007-07-27 10:07:40 0 d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-07-27 10:07:40 0 d-------- C:\Documents and Settings\Admin\Application Data\PlayFirst
2007-07-27 10:01:54 0 d---s---- C:\Documents and Settings\Admin\UserData
2007-07-26 19:17:23 0 d-------- C:\Documents and Settings\Admin\Application Data\Sandlot Games
2007-07-26 19:17:21 0 d--hs---- C:\WINDOWS\ftpcache
2007-07-26 15:29:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Oberon Games
2007-07-26 14:42:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2007-07-26 13:49:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-07-26 13:49:12 0 d-------- C:\Documents and Settings\Admin\Application Data\Yahoo!
2007-07-26 13:49:10 0 d-------- C:\Documents and Settings\Admin\Application Data\Google
2007-07-26 13:47:44 0 d-------- C:\Program Files\MostFun
2007-07-26 13:45:50 0 d-------- C:\Documents and Settings\Admin\Application Data\Apple Computer
2007-07-26 13:44:28 0 d-------- C:\WINDOWS\system32\DRVSTORE
2007-07-26 13:43:43 0 d-------- C:\Program Files\Common Files\Apple
2007-07-26 13:43:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-07-26 13:42:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-07-26 13:42:19 0 d-------- C:\Documents and Settings\Admin\Application Data\Skype
2007-07-26 13:42:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-07-26 13:42:10 0 d-------- C:\Program Files\Google
2007-07-26 13:42:03 0 d-------- C:\Program Files\Skype
2007-07-26 13:42:03 0 d-------- C:\Program Files\Common Files\Skype
2007-07-26 13:41:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-07-26 13:39:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-07-26 13:28:08 0 d-------- C:\Program Files\Yahoo!
2007-07-26 13:26:51 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2007-07-26 13:25:10 0 d-------- C:\Documents and Settings\Admin\Application Data\Macromedia
2007-07-26 13:25:08 0 d-------- C:\Program Files\MSN Games
2007-07-26 13:14:51 0 d-------- C:\WINDOWS\Aztech DSL600 USB Driver
2007-07-26 13:07:33 24 --a------ C:\WINDOWS\popcinfo.dat
2007-07-26 00:57:25 92546 --a------ C:\WINDOWS\system32\Windows 3D.scr <Not Verified; *; *>
2007-07-26 00:57:25 92546 --a------ C:\WINDOWS\system32\odbcad32.dll <Not Verified; *; *>
2007-07-26 00:57:25 92546 -r-hs---- C:\WINDOWS\explore.exe <Not Verified; *; *>
2007-07-23 12:24:49 0 d-------- C:\Small Business Tools
2007-07-20 16:40:01 700416 --a------ C:\STUBIN~1.EXE <Not Verified; LimeWire; LimeWire swarmed installer>
2007-07-20 16:40:01 0 --a------ C:\MSDOS.SYS
2007-07-20 16:40:01 27299 --a------ C:\MOVE.EXE
2007-07-20 16:40:01 0 --a------ C:\IO.SYS
2007-07-20 16:40:01 0 --a------ C:\CONFIG.SYS
2007-07-20 16:40:01 135168 --a------ C:\brownies.exe <Not Verified; www.Junkist.cc; AntiBrontok>
2007-07-20 16:40:01 0 --a------ C:\AUTOEXEC.BAT
2007-07-18 15:42:17 0 d-------- C:\WINDOWS\system32\NtmsData
2007-07-18 15:37:11 0 d-------- C:\Documents and Settings\Admin\Application Data\ACD Systems
2007-07-18 14:57:30 0 d-------- C:\OLD
2007-07-18 14:45:15 0 d-------- C:\Program Files\backburner 2
2007-07-18 14:45:12 0 d-------- C:\Program Files\JSR
2007-07-18 14:45:10 0 d-------- C:\Program Files\webdepot
2007-07-18 14:45:05 0 d-------- C:\Program Files\UI
2007-07-18 14:44:58 0 d-------- C:\Program Files\stdplugs
2007-07-18 14:44:58 0 d-------- C:\Program Files\renderpresets
2007-07-18 14:44:56 0 d-------- C:\Program Files\plugins
2007-07-18 14:44:55 0 d-------- C:\Program Files\plugcfg
2007-07-18 14:44:55 0 d-------- C:\Program Files\matlibs
2007-07-18 14:44:55 0 d-------- C:\Program Files\maps
2007-07-18 14:44:54 0 d-------- C:\Program Files\HardwareShaders
2007-07-18 14:44:54 0 d-------- C:\Program Files\drivers
2007-07-18 14:44:54 0 d-------- C:\Program Files\dlcomponents
2007-07-18 14:44:53 0 d-------- C:\Program Files\Defaults
2007-07-18 14:44:41 0 d-------- C:\Program Files\web
2007-07-18 14:44:41 0 d-------- C:\Program Files\vpost
2007-07-18 14:44:41 0 d-------- C:\Program Files\scripts
2007-07-18 14:44:40 0 d-------- C:\Program Files\sounds
2007-07-18 14:44:40 0 d-------- C:\Program Files\scenes
2007-07-18 14:44:40 0 d-------- C:\Program Files\previews
2007-07-18 14:44:40 0 d-------- C:\Program Files\network
2007-07-18 14:44:40 0 d-------- C:\Program Files\meshes
2007-07-18 14:44:40 0 d-------- C:\Program Files\mentalray
2007-07-18 14:44:40 0 d-------- C:\Program Files\images
2007-07-18 14:44:40 0 d-------- C:\Program Files\html
2007-07-18 14:44:40 0 d-------- C:\Program Files\help
2007-07-18 14:44:40 0 d-------- C:\Program Files\fonts
2007-07-18 14:44:40 0 d-------- C:\Program Files\express
2007-07-18 14:44:40 0 d-------- C:\Program Files\downloads
2007-07-18 14:44:40 0 d-------- C:\Program Files\autoback
2007-07-18 14:44:40 0 d-------- C:\Program Files\animations
2007-07-18 13:41:43 0 d-------- C:\Program Files\AnswerWorks 4.0
2007-07-18 13:38:10 0 d-------- C:\Program Files\AutoCAD 2006
2007-07-18 13:38:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-07-18 13:38:10 0 d-------- C:\Documents and Settings\Admin\Application Data\Autodesk
2007-07-18 13:37:04 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-07-18 13:37:01 0 d-------- C:\Program Files\Autodesk
2007-07-18 13:34:36 0 d-------- C:\WINDOWS\system32\URTTemp
2007-07-18 13:27:48 89184 -ra------ C:\WINDOWS\system32\drivers\imagedrv.sys <Not Verified; Ahead Software AG and its licensors; NERO IMAGEDRIVE>
2007-07-18 13:26:57 38912 -ra------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-07-18 13:26:53 544768 -ra------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2007-07-18 13:26:53 569344 -ra------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2007-07-18 13:26:48 155648 -ra------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-07-18 13:26:48 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-18 13:26:43 0 d-------- C:\Program Files\Ahead
2007-07-18 13:12:52 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2007-07-18 1352 0 d-------- C:\WINDOWS\RegisteredPackages
2007-07-18 1342 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-07-18 12:40:35 720896 -ra------ C:\WINDOWS\system32\Audio3D.dll <Not Verified; Sensaura Ltd; Sensaura>
2007-07-18 12:40:35 720896 -ra------ C:\WINDOWS\system32\a3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2007-07-18 12:40:20 765952 -ra------ C:\WINDOWS\system\crlds3d.dll <Not Verified; Sensaura Ltd; Sensaura 3DPA>
2007-07-18 12:39:49 57344 -ra------ C:\WINDOWS\SOUNDMAN.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek Sound Manager>
2007-07-18 12:39:41 460864 -ra------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS <Not Verified; Realtek Semiconductor Corp.; Windows (R) WDM driver for Realtek AC'97 Audio>
2007-07-18 12:39:41 404608 -ra------ C:\WINDOWS\system32\drivers\ALCXSENS.SYS <Not Verified; Sensaura Ltd; >
2007-07-18 12:34:55 0 d-------- C:\WINDOWS\pss
2007-07-18 12:33:08 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-07-18 12:32:49 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-07-18 12:32:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-18 12:32:47 0 d-------- C:\Program Files\CyberLink
2007-07-18 12:32:37 0 d-------- C:\Program Files\Common Files\InstallShield
2007-07-18 12:31:28 0 d-------- C:\Program Files\Winamp
2007-07-18 12:29:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-07-18 12:26:54 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-18 12:26:27 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-07-18 12:25:53 0 d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2007-07-18 12:25:52 9856 --a------ C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
2007-07-18 12:25:52 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-07-18 12:25:52 0 d-------- C:\Program Files\ACD Systems
2007-07-18 12:25:17 0 d-------- C:\WINDOWS\Downloaded Installations
2007-07-18 12:00:56 0 d-------- C:\Program Files\Common Files\L&H
2007-07-18 12:00:28 0 d-------- C:\Program Files\Microsoft.NET
2007-07-18 11:59:57 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-07-18 11:58:30 0 d-------- C:\Program Files\Microsoft Works
2007-07-18 11:57:13 0 d-------- C:\WINDOWS\SHELLNEW
2007-07-18 11:54:39 0 d-------- C:\Documents and Settings\Admin\Application Data\Identities
2007-07-18 11:54:27 0 d--h----- C:\Documents and Settings\Admin\Templates
2007-07-18 11:54:27 0 dr------- C:\Documents and Settings\Admin\Start Menu
2007-07-18 11:54:27 0 dr-h----- C:\Documents and Settings\Admin\SendTo
2007-07-18 11:54:27 0 dr-h----- C:\Documents and Settings\Admin\Recent
2007-07-18 11:54:27 0 d--h----- C:\Documents and Settings\Admin\PrintHood
2007-07-18 11:54:27 0 d--h----- C:\Documents and Settings\Admin\NetHood
2007-07-18 11:54:27 0 dr------- C:\Documents and Settings\Admin\My Documents
2007-07-18 11:54:27 0 dr------- C:\Documents and Settings\Admin\Favorites
2007-07-18 11:54:27 0 d-------- C:\Documents and Settings\Admin\Desktop
2007-07-18 11:54:27 0 d---s---- C:\Documents and Settings\Admin\Cookies
2007-07-18 11:54:27 0 dr-h----- C:\Documents and Settings\Admin\Application Data
2007-07-18 11:54:26 2883584 --ah----- C:\Documents and Settings\Admin\NTUSER.DAT
2007-07-18 11:54:26 0 d--h----- C:\Documents and Settings\Admin\Local Settings
2007-07-18 11:53:43 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-07-18 11:53:41 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-07-18 11:53:41 0 d-------- C:\WINDOWS\Prefetch
2007-07-18 11:53:40 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-07-18 11:53:40 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-07-18 11:53:40 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-07-18 11:53:40 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-07-18 11:53:40 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-07-18 11:42:54 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-07-18 11:42:54 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-07-18 11:42:54 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-07-18 11:42:54 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-07-18 11:42:54 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-07-18 11:38:02 0 d-------- C:\WINDOWS\system32\xircom
2007-07-18 11:38:02 0 d-------- C:\Program Files\microsoft frontpage
2007-07-18 11:37:50 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-07-18 11:36:00 0 d-------- C:\WINDOWS\system32\PreInstall
2007-07-18 11:35:59 0 d--h----- C:\WINDOWS\$hf_mig$
2007-07-18 11:34:51 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-07-18 11:34:42 0 dr------- C:\WINDOWS\Offline Web Pages
2007-07-18 11:34:42 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-07-18 11:34:32 0 d--h----- C:\Program Files\WindowsUpdate
2007-07-18 11:34:17 0 d-------- C:\WINDOWS\system32\DirectX
2007-07-18 11:33:52 0 d---s---- C:\WINDOWS\Tasks
2007-07-18 11:33:52 0 d-------- C:\Program Files\Common Files\MSSoap
2007-07-18 11:33:49 0 d-------- C:\WINDOWS\srchasst
2007-07-18 11:33:48 0 d-------- C:\WINDOWS\system32\Macromed
2007-07-18 11:33:42 0 d-------- C:\Program Files\Movie Maker
2007-07-18 11:33:36 0 d-------- C:\WINDOWS\system32\Restore
2007-07-18 11:32:53 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-18 11:32:24 0 d-------- C:\WINDOWS\Registration
2007-07-18 11:32:18 0 d-------- C:\Program Files\Online Services
2007-07-18 11:32:11 0 d-------- C:\Program Files\Messenger
2007-07-18 11:32:09 0 d-------- C:\Program Files\MSN Gaming Zone
2007-07-18 11:31:40 0 d-------- C:\Program Files\Windows NT
2007-07-18 11:31:38 0 d-------- C:\WINDOWS\system32\MsDtc
2007-07-18 11:31:37 0 d-------- C:\WINDOWS\system32\Com
2007-07-18 11:22:00 0 d--hs---- C:\WINDOWS\Installer
2007-07-18 11:21:59 0 d-------- C:\Program Files\Common Files\ODBC
2007-07-18 11:21:56 0 dr------- C:\Program Files
2007-07-18 11:21:56 0 d-------- C:\Program Files\Common Files
2007-07-18 11:21:56 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-07-18 11:21:37 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-07-18 11:21:37 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-07-18 11:21:37 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-07-18 11:21:37 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-07-18 11:21:37 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-07-18 11:21:37 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-07-18 11:21:37 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-07-18 11:21:37 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-07-18 11:21:37 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-07-18 11:21:37 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-07-18 11:21:37 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-07-18 11:21:37 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-07-18 11:21:37 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-07-18 11:21:37 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-07-18 11:21:37 0 dr------- C:\Documents and Settings\All Users\Documents <DOCUME~1>
2007-07-18 11:21:37 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-07-18 11:21:21 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-07-18 11:21:21 0 d-------- C:\WINDOWS\system32\CatRoot
2007-07-18 11:21:15 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-07-18 11:21:15 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-07-18 11:21:15 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-07-18 11:21:15 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-07-18 11:20:55 0 d-------- C:\Documents and Settings
2007-07-18 11:14:04 0 dr--s---- C:\WINDOWS
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\WinSxS
2007-07-18 11:14:04 0 dr------- C:\WINDOWS\Web
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\twain_32
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\wins
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\wbem
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\usmt
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\spool
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\ShellExt
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\Setup
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\ras
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\oobe
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\npp
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\mui
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\inetsrv
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\IME
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\icsxml
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\ias
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\export
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\drivers
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-07-18 11:14:04 0 dr-hs---- C:\WINDOWS\system32\dllcache
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\dhcp
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\config
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\3076
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\2052
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\1054
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\1042
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\1041
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\1037
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\1033
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\1031
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\1028
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system32\1025
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\system
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\security
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\Resources
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\repair
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\Provisioning
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\PeerNet
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\pchealth
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\mui
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\msapps
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\msagent
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\Media
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\java
2007-07-18 11:14:04 0 d--h----- C:\WINDOWS\inf
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\ime
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\Help
2007-07-18 11:14:04 0 dr--s---- C:\WINDOWS\Fonts
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\ehome
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\Driver Cache
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\Debug
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\Cursors
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\Connection Wizard
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\Config
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\AppPatch
2007-07-18 11:14:04 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2007-07-31 10:41:34 2644 --a------ C:\Program Files\3dsmax.ini
2007-07-31 10:41:32 64 --a------ C:\Program Files\maxscrpt.dsk
2007-07-31 10:41:30 0 --a------ C:\Program Files\RtDxStdMtl2.log
2007-07-18 14:45:20 114 --a------ C:\Program Files\plugin.ini
2007-07-18 11:21:38 62 --ahs---- C:\Documents and Settings\Admin\Application Data\desktop.ini
2007-06-21 23:51:24 74240 --a------ C:\a.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
07/31/2007 06:51 AM 84992 --a------ C:\WINDOWS\WebAssist.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [08/05/2003 12:59 PM C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [03/04/2005 03:36 AM]
"def"="C:\WINDOWS\Temp\Vel.exe" []
"SysRestore"="c:\windows\system32\Restoration.msd" [07/26/2007 12:57 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07/28/2007 05:03 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 06:44 PM]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [12/13/2005 08:49 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [01/07/2005 12:00 AM]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/30/2005 04:56 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Delete temporary setup file"=cmd /Q /D /C del "C:\DOCUME~1\Admin\LOCALS~1\Temp\{79630253-F7C3-49C3-B1C7-A34665890553}\{6536688C-24C5-4023-B404-BEE850ED4312}\setup.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"DAP Cleanup"=C:\DOCUME~1\Admin\LOCALS~1\Temp\DAPREMOVE.EXE /CLEANUP /DIR="C:\PROGRA~1\DAP"

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
AdobeGama.pif [7/26/2007 12:57:26 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AdobeGama.pif [7/26/2007 12:57:26 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe \"c:\windows\Explore.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=C:\WINDOWS\pss\AutoCAD Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dd5b172-3ef7-11dc-8490-f679e301c7a4}]
AutoRun\command- F:\Copy*of*Desktop.ini
explore\Command- F:\Copy*of*Desktop.ini
open\Command- F:\Copy*of*Desktop.ini

*Newly Created Service* - IPOD_SERVICE



-- End of Deckard's System Scanner: finished at 2007-08-09 at 10:57:46 -------

Thanks,
Gita
Attached Files
File Type: txt extra.txt (11.9 KB, 1 views)
freefal1215 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here