((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 ))))))))))))))))))))))))))))))) 2007-08-08 20:35 d-------- C:\DOCUME~1\AMBER\APPLIC~1\Viewpoint 2007-08-07 18:22 d-------- C:\DOCUME~1\ALEXJO~1\APPLIC~1\funkitron 2007-08-07 17:30 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-06 19:10 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer 2007-08-05 23:32 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP 2007-08-05 23:31 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL 2007-08-05 15:52 d-------- C:\Program Files\Trend Micro 2007-08-03 18:13 d-------- C:\Program Files\Lavasoft 2007-08-03 18:13 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-08-03 18:12 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-08-03 13:02 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr 2007-08-03 13:02 94,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys 2007-08-03 13:02 92,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys 2007-08-03 13:02 783,224 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe 2007-08-03 13:02 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys 2007-08-03 13:02 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys 2007-08-03 13:02 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys 2007-08-03 13:02 d-------- C:\Program Files\Alwil Software 2007-08-02 20:48 d-------- C:\WINDOWS\SYSTEM32\LogFiles 2007-08-02 14:13 1,784,867 ---hs---- C:\WINDOWS\SYSTEM32\rstwa.bak2 2007-08-02 02:13 6,466 ---hs---- C:\WINDOWS\SYSTEM32\rstwa.bak1 2007-08-02 02:06 d-------- C:\Temp 2007-08-01 10:25 d-------- C:\DOCUME~1\HILDO\APPLIC~1\COMCASTTOOLBAR 2007-07-22 20:11 d-------- C:\DOCUME~1\AMBER\APPLIC~1\COMCASTTOOLBAR 2007-07-22 15:33 d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-07-22 15:10 d----c--- C:\WINDOWS\SYSTEM32\DRVSTORE 2007-07-22 15:03 d-------- C:\Program Files\Common Files\Scanner 2007-07-22 15:03 d-------- C:\Program Files\ComcastToolbar 2007-07-22 15:03 d-------- C:\DOCUME~1\ALEXJO~1\APPLIC~1\ComcastToolbar 2007-07-22 13:59 d-------- C:\DOCUME~1\ALEXJO~1\APPLIC~1\AlwaysNeat 2007-07-15 13:25 188,416 --a------ C:\mahjongquestiievaluation_RADRMEx.dll 2007-07-15 13:25 188,416 --a------ C:\escapefromparadiseevaluation_RADRMEx.dll 2007-07-11 18:11 d-------- C:\DOCUME~1\ALEXJO~1\APPLIC~1\AdobeUM (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-07 21:53 ——— d——– C:\Program Files\RealArcade 2007-08-03 17:20 ——— d——– C:\Program Files\McAfee.com 2007-08-02 14:07 ——— d——– C:\Program Files\Messenger 2007-07-05 17:44 ——— d——– C:\Program Files\Intel 2007-07-04 19:02 ——— d——– C:\DOCUME~1\ALEXJO~1\APPLIC~1\Viewpoint 2007-06-30 09:01 ——— d——– C:\DOCUME~1\ALEXJO~1\APPLIC~1\iWin 2007-06-28 22:52 ——— d——– C:\Program Files\Comcast Play Games 2007-06-25 23:17 ——— d——– C:\Program Files\Yahoo! 2007-06-21 00:44 ——— d——– C:\Program Files\Lexmark X1100 Series 2007-06-08 21:45 90682 –a—— C:\WINDOWS\hpiins01.dat 2007-06-08 21:43 ——— d——– C:\Program Files\Common Files\Sonic Shared 2007-06-08 21:42 ——— d——– C:\Program Files\Common Files\HP 2007-06-08 21:41 ——— d——– C:\Program Files\Hewlett-Packard 2007-06-08 21:39 ——— d——– C:\Program Files\HP 2007-05-16 11:12 86528 ——— C:\WINDOWS\system32\dllcache\directdb.dll 2007-05-16 11:12 85504 ——— C:\WINDOWS\system32\dllcache\wabimp.dll 2007-05-16 11:12 683520 –a—— C:\WINDOWS\system32\inetcomm.dll 2007-05-16 11:12 683520 ——— C:\WINDOWS\system32\dllcache\inetcomm.dll 2007-05-16 11:12 510976 ——— C:\WINDOWS\system32\dllcache\wab32.dll 2007-05-16 11:12 1314816 ——— C:\WINDOWS\system32\dllcache\msoe.dll 2005-11-14 11:36 774144 –a—— C:\Program Files\RngInterstitial.dll 2005-09-24 00:49 12288 –a—— C:\WINDOWS\Fonts.\RandFont.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 10:41] C:\Documents and Settings\Alex Johnson\Start Menu\Programs\Startup\ DESKTOP.INI [2004-08-10 14:04:12] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ DESKTOP.INI [2004-08-10 14:04:12] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe R3 IntelC51;IntelC51;C:\WINDOWS\system32\DRIVERS\IntelC51.sys R3 IntelC52;IntelC52;C:\WINDOWS\system32\DRIVERS\IntelC52.sys R3 IntelC53;IntelC53;C:\WINDOWS\system32\DRIVERS\IntelC53.sys R3 mohfilt;mohfilt;C:\WINDOWS\system32\DRIVERS\mohfilt.sys R3 senfilt;senfilt;C:\WINDOWS\system32\drivers\senfilt.sys S3 BCM42RLY;BCM42RLY;\??\C:\WINDOWS\System32\BCM42RLY.SYS Contents of the 'Scheduled Tasks' folder 2007-08-03 22:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (PLAYROOM-Alex Johnson).job - c:\program files\mcafee.com\vso\mcmnhdlr.exe 2007-07-27 07:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job - C:\Program Files\SpywareBot\SpywareBot.exe ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-08 22:04:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden registry entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-08-08 22:05:18 C:\ComboFix-quarantined-files.txt … 2007-08-08 22:04 C:\ComboFix2.txt … 2007-08-07 17:38