View Full Version : blues10guy2
blues10guy2
2009-07-28, 14:53
Good Morning:
I seem to have multiple win32/cryptor. Avg can't remove it even with the power user setting Malwarebytes won't remove it. spybot s&d can't see it. I tried a drweb cure thingy but it wont open in safe mode It has problems and needs to close. I'm and old guy that is not the brightest bulb on the tree but willing to try. Can you help?
Hello blues10guy2
Welcome to Safer Networking.
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
blues10guy2
2009-07-28, 23:39
Here is the first file I have to post the second in another post as both together were to large and rejected
Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Administrator at 2009-07-28 16:28:54
Microsoft Windows XP Professional Service Pack 3
System drive C: has 71 GB (66%) free of 106 GB
Total RAM: 1982 MB (64% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:12 PM, on 7/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Compaq_Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" /min
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247409898796
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1ca03dfb46d2e88) (gupdate1ca03dfb46d2e88) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 13866 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{E96140CB-CE3D-4732-88C0-C43229DBB447}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-12 312928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-17 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-05-30 1191424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2006-05-30 217088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-13 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-12 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-12 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-13 165616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-05-30 1191424]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-30 67584]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-09 7311360]
"nwiz"=nwiz.exe /install []
"DISCover"=C:\Program Files\DISC\DISCover.exe [2006-03-16 1077248]
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdMgr.exe [2006-03-16 61440]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]
""= []
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-12 148888]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-05-09 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-03 18085888]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-12 1948440]
"MsgCenterExe"=C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe [2009-07-12 69632]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-07-12 198160]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"FlashGet"=C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe [2008-08-19 1795656]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-13 39408]
"FlashGet"=C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe [2008-08-19 1795656]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-12 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
======List of files/folders created in the last 1 months======
2009-07-28 16:28:54 ----D---- C:\rsit
2009-07-28 16:28:54 ----D---- C:\Program Files\trend micro
2009-07-28 06:52:04 ----SHD---- C:\WINDOWS\CSC
2009-07-28 06:51:54 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-27 15:39:50 ----D---- C:\Program Files\Common Files\Adobe
2009-07-27 15:37:33 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-07-25 08:44:40 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-07-19 11:44:28 ----D---- C:\WINDOWS\Sun
2009-07-19 11:17:55 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM
2009-07-18 12:08:56 ----HD---- C:\$AVG8.VAULT$
2009-07-16 17:15:18 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\WinRAR
2009-07-16 17:01:24 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Template
2009-07-15 07:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 07:59:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 07:57:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 17:40:13 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2009-07-14 17:40:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-14 17:40:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-13 16:20:59 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\ArcSoft
2009-07-13 13:32:23 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Google
2009-07-13 13:27:41 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-13 09:59:57 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-07-13 09:59:57 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-07-13 09:46:15 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\vlc
2009-07-13 09:37:59 ----D---- C:\WINDOWS\system32\Adobe
2009-07-13 09:36:50 ----D---- C:\Program Files\NOS
2009-07-13 09:36:50 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-12 20:30:42 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-07-12 20:24:21 ----D---- C:\Program Files\Common Files\ArcSoft
2009-07-12 20:24:20 ----A---- C:\WINDOWS\system32\unicows.dll
2009-07-12 20:24:05 ----A---- C:\WINDOWS\PCDLIB32.DLL
2009-07-12 20:24:04 ----D---- C:\Program Files\ArcSoft
2009-07-12 20:22:06 ----A---- C:\WINDOWS\system32\CoInst.dll
2009-07-12 20:22:04 ----D---- C:\WINDOWS\Pixart
2009-07-12 20:22:04 ----D---- C:\Program Files\VGA USB Camera
2009-07-12 20:22:04 ----A---- C:\WINDOWS\system32\SP7302.INI
2009-07-12 20:21:44 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\InstallShield
2009-07-12 20:04:24 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
2009-07-12 18:58:47 ----A---- C:\WINDOWS\system32\clrviddc.dll
2009-07-12 18:51:48 ----D---- C:\Program Files\Common Files\xing shared
2009-07-12 18:36:01 ----D---- C:\Program Files\WinRAR
2009-07-12 18:35:12 ----D---- C:\Program Files\VideoLAN
2009-07-12 18:29:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-12 18:29:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 18:27:51 ----D---- C:\Program Files\PowerPoint Viewer
2009-07-12 17:18:06 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe
2009-07-12 17:14:54 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\VOWSoft
2009-07-12 17:14:44 ----D---- C:\Program Files\PicaLoader
2009-07-12 17:12:12 ----D---- C:\Program Files\MWSnap
2009-07-12 17:04:51 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Yahoo!
2009-07-12 17:04:51 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-07-12 17:03:43 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-07-12 17:03:38 ----D---- C:\Program Files\Yahoo!
2009-07-12 17:00:13 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\BITS
2009-07-12 16:59:06 ----D---- C:\profiles
2009-07-12 16:58:36 ----D---- C:\Program Files\FlashGet Network
2009-07-12 16:49:20 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-12 16:49:05 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-07-12 16:48:50 ----D---- C:\Program Files\AVG
2009-07-12 16:48:49 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-12 16:44:47 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia
2009-07-12 16:35:32 ----A---- C:\WINDOWS\system32\LuResult.txt
2009-07-12 16:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-07-12 15:59:43 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-12 15:59:36 ----D---- C:\Program Files\MSBuild
2009-07-12 15:59:23 ----D---- C:\Program Files\Reference Assemblies
2009-07-12 15:58:56 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-07-12 15:58:55 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-07-12 15:58:55 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-07-12 15:58:54 ----D---- C:\bb2a629cce6f0cfd69f7e874
2009-07-12 15:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-07-12 15:54:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-07-12 15:53:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-07-12 15:52:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-07-12 15:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-07-12 15:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-07-12 15:52:15 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-07-12 15:48:46 ----SHD---- C:\RECYCLER
2009-07-12 15:48:45 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Windows Search
2009-07-12 15:14:41 ----D---- C:\52122d93794ec1445544ff
2009-07-12 15:11:04 ----D---- C:\Program Files\Microsoft Sync Framework
2009-07-12 15:10:25 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-07-12 15:10:22 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-07-12 15:10:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2009-07-12 15:09:24 ----D---- C:\Program Files\Microsoft
2009-07-12 15:09:07 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-12 15:08:44 ----D---- C:\Program Files\Windows Live
2009-07-12 14:55:13 ----D---- C:\Program Files\Common Files\Windows Live
2009-07-12 14:55:07 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-12 14:54:56 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Windows Desktop Search
2009-07-12 14:54:15 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-07-12 14:54:15 ----D---- C:\Program Files\Windows Desktop Search
2009-07-12 14:54:03 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-07-12 14:53:58 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-07-12 14:53:21 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-12 14:53:19 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-07-12 14:53:05 ----D---- C:\Program Files\Windows Media Connect 2
2009-07-12 14:52:51 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-07-12 14:52:05 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-07-12 14:51:36 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-12 14:51:33 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-07-12 14:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB925766$
2009-07-12 14:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-07-12 14:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-12 14:05:07 ----D---- C:\WINDOWS\Prefetch
2009-07-12 14:03:00 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-07-12 14:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-12 14:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-12 14:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-12 14:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-12 14:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-07-12 14:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-12 14:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-12 14:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-12 14:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-12 14:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-12 14:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-12 14:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-12 14:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-12 14:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-12 14:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-12 14:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-12 13:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-12 13:59:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-12 13:59:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-12 13:59:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-12 13:59:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-12 13:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-12 13:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-12 13:59:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-12 13:59:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-12 13:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-12 13:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-12 13:52:12 ----D---- C:\WINDOWS\system32\scripting
2009-07-12 13:52:11 ----D---- C:\WINDOWS\system32\en
2009-07-12 13:52:11 ----D---- C:\WINDOWS\l2schemas
2009-07-12 13:52:10 ----D---- C:\WINDOWS\system32\bits
2009-07-12 13:49:57 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-12 13:47:41 ----D---- C:\WINDOWS\network diagnostic
2009-07-12 13:43:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-12 13:29:56 ----SHD---- C:\System Volume Information
2009-07-12 13:09:09 ----RSD---- C:\WINDOWS\assembly
2009-07-12 13:09:00 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-12 13:04:30 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-12 12:45:15 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-07-12 12:45:14 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-07-12 12:45:14 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-07-12 12:45:14 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-07-12 12:45:10 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-07-12 12:45:10 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-07-12 12:45:07 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-07-12 12:45:06 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-07-12 12:45:05 ----N---- C:\WINDOWS\system32\slserv.exe
2009-07-12 12:45:05 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-07-12 12:45:05 ----N---- C:\WINDOWS\system32\slgen.dll
2009-07-12 12:45:05 ----N---- C:\WINDOWS\slrundll.exe
2009-07-12 12:45:04 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-07-12 12:45:04 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-07-12 12:45:04 ----N---- C:\WINDOWS\system32\setupn.exe
2009-07-12 12:45:03 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-07-12 12:45:02 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-07-12 12:45:02 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-07-12 12:45:01 ----N---- C:\WINDOWS\system32\qutil.dll
2009-07-12 12:45:01 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-07-12 12:45:01 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-07-12 12:45:01 ----N---- C:\WINDOWS\system32\qagent.dll
2009-07-12 12:45:00 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-07-12 12:44:59 ----N---- C:\WINDOWS\system32\onex.dll
2009-07-12 12:44:55 ----N---- C:\WINDOWS\system32\napstat.exe
2009-07-12 12:44:55 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-07-12 12:44:55 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-07-12 12:44:55 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-07-12 12:44:54 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-07-12 12:44:54 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-07-12 12:44:54 ----N---- C:\WINDOWS\system32\mssha.dll
2009-07-12 12:44:54 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-07-12 12:44:46 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-07-12 12:44:46 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-07-12 12:44:46 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-07-12 12:44:46 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-07-12 12:44:40 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-07-12 12:44:40 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-07-12 12:44:39 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-07-12 12:44:39 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-07-12 12:44:39 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-07-12 12:44:39 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-07-12 12:44:35 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-07-12 12:44:35 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-07-12 12:44:34 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-07-12 12:44:32 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-07-12 12:44:30 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-07-12 12:44:30 ----A---- C:\WINDOWS\003128_.tmp
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-07-12 12:44:28 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-07-12 12:44:28 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-07-12 12:44:28 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-07-12 12:44:28 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-07-12 12:44:28 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-07-12 12:44:27 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-07-12 12:44:27 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-07-12 12:44:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-07-12 12:44:27 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-07-12 12:44:27 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-07-12 12:44:26 ----N---- C:\WINDOWS\system32\credssp.dll
2009-07-12 12:44:23 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-07-12 12:44:23 ----N---- C:\WINDOWS\system32\azroles.dll
2009-07-12 12:44:23 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-07-12 12:44:23 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-07-12 12:44:22 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-07-12 12:44:22 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-07-12 12:44:22 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-07-12 12:44:22 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-07-12 12:44:22 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-07-12 12:44:19 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-07-12 12:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-07-12 12:07:37 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-07-12 12:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-07-12 12:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-07-12 12:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-07-12 12:06:53 ----D---- C:\WINDOWS\ie8updates
2009-07-12 12:06:37 ----D---- C:\WINDOWS\WBEM
2009-07-12 12:05:15 ----HDC---- C:\WINDOWS\ie8
2009-07-12 12:05:15 ----D---- C:\WINDOWS\system32\en-US
2009-07-12 12:04:03 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-12 12:00:32 ----D---- C:\Program Files\MSXML 4.0
2009-07-12 12:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-07-12 12:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-07-12 12:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-07-12 11:59:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-07-12 11:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-07-12 11:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-07-12 11:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-07-12 11:59:19 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-07-12 11:59:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-07-12 11:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-07-12 11:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-07-12 11:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-12 11:58:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-12 11:58:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-07-12 11:58:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-07-12 11:58:34 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-07-12 11:58:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-07-12 11:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-07-12 11:58:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-07-12 11:58:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-07-12 11:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-07-12 11:57:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-07-12 11:57:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-07-12 11:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-07-12 11:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-07-12 11:57:28 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-07-12 11:57:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-07-12 11:57:13 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2009-07-12 11:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-07-12 11:57:04 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-07-12 11:56:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-07-12 11:56:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-07-12 11:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-07-12 11:53:56 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-07-12 11:53:37 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-07-12 11:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-07-12 11:53:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-07-12 11:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2009-07-12 11:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-07-12 11:53:02 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2009-07-12 11:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2009-07-12 11:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-07-12 11:52:26 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2009-07-12 11:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-07-12 11:51:58 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-07-12 11:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-07-12 11:51:51 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-07-12 11:51:45 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-07-12 11:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-07-12 11:51:34 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2009-07-12 11:51:30 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-07-12 11:51:24 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-07-12 11:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-07-12 11:51:14 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-07-12 11:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-07-12 11:51:06 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-07-12 11:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-07-12 11:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-07-12 11:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-07-12 11:50:46 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-07-12 11:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-07-12 11:50:32 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-07-12 11:50:27 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-07-12 11:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-07-12 11:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-07-12 11:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-07-12 11:50:06 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-07-12 11:50:00 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-07-12 11:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-07-12 11:49:49 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-07-12 11:49:41 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-07-12 11:49:36 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-07-12 11:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-07-12 11:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-07-12 11:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-07-12 11:49:16 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-07-12 11:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-07-12 11:49:03 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-07-12 11:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-07-12 11:48:45 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2009-07-12 11:48:25 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-07-12 11:48:20 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-07-12 11:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-07-12 11:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-07-12 11:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-07-12 11:47:57 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-07-12 11:47:51 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-07-12 11:45:30 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-07-12 11:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-07-12 11:45:21 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-07-12 11:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-07-12 11:45:09 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-07-12 11:45:04 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-07-12 11:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-07-12 11:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-07-12 11:21:56 ----N---- C:\WINDOWS\kb913800.exe
2009-07-12 11:11:35 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-07-12 10:59:17 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-07-12 10:59:06 ----D---- C:\WINDOWS\system32\PreInstall
2009-07-12 10:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-07-12 10:43:11 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-12 10:43:11 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-12 10:43:11 ----A---- C:\WINDOWS\system32\java.exe
2009-07-12 10:43:11 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-12 10:41:17 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Sun
2009-07-12 10:40:07 ----RASH---- C:\BOOT.BAK
2009-07-12 10:39:56 ----RSHD---- C:\cmdcons
2009-07-12 10:39:56 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-07-12 10:39:55 ----D---- C:\WINDOWS\setup.pss
2009-07-12 10:39:30 ----D---- C:\WINDOWS\setupupd
2009-07-12 10:35:08 ----ASH---- C:\Documents and Settings\Compaq_Administrator\Application Data\desktop.ini
2009-07-12 10:35:03 ----SD---- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft
2009-07-12 10:35:03 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Real
2009-07-12 10:35:03 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Intuit
2009-07-12 10:35:03 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Identities
2009-07-12 10:32:52 ----D---- C:\WINDOWS\system32\SoftwareDistribution
======List of files/folders modified in the last 1 months======
2009-07-28 16:28:54 ----D---- C:\Program Files
2009-07-28 16:25:37 ----D---- C:\WINDOWS\Temp
2009-07-28 16:25:33 ----AD---- C:\WINDOWS
2009-07-28 16:25:29 ----D---- C:\WINDOWS\Registration
2009-07-28 16:25:13 ----SD---- C:\WINDOWS\Tasks
2009-07-28 16:23:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-28 12:24:04 ----D---- C:\WINDOWS\system32
2009-07-28 12:06:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-27 23:43:50 ----A---- C:\WINDOWS\WININIT.INI
2009-07-27 23:43:48 ----D---- C:\WINDOWS\wt
2009-07-27 23:19:27 ----D---- C:\WINDOWS\system32\drivers
2009-07-27 15:40:27 ----SHD---- C:\WINDOWS\Installer
2009-07-27 15:40:26 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-27 15:39:50 ----D---- C:\Program Files\Adobe
2009-07-27 15:39:42 ----D---- C:\Program Files\Common Files
2009-07-27 15:35:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-19 15:24:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-17 16:03:17 ----HD---- C:\WINDOWS\inf
2009-07-16 17:31:38 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-15 07:59:42 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-15 07:59:40 ----A---- C:\WINDOWS\imsins.BAK
2009-07-13 13:31:29 ----D---- C:\Program Files\Google
2009-07-13 12:56:42 ----D---- C:\Program Files\Internet Explorer
2009-07-13 11:33:01 ----D---- C:\Program Files\HP
2009-07-13 11:30:04 ----D---- C:\Program Files\Hewlett-Packard
2009-07-12 20:30:53 ----A---- C:\WINDOWS\win.ini
2009-07-12 20:30:45 ----D---- C:\WINDOWS\twain_32
2009-07-12 20:24:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-12 18:51:41 ----D---- C:\Program Files\Common Files\Real
2009-07-12 18:51:38 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-07-12 18:51:27 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-07-12 18:51:27 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-07-12 18:51:23 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-07-12 18:51:23 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-07-12 17:08:26 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-12 16:48:41 ----D---- C:\WINDOWS\WinSxS
2009-07-12 16:48:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-12 16:40:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-12 16:40:57 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-07-12 16:13:13 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-12 16:02:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-12 15:59:30 ----RSD---- C:\WINDOWS\Fonts
2009-07-12 15:59:07 ----D---- C:\WINDOWS\system32\spool
2009-07-12 15:53:56 ----D---- C:\WINDOWS\system32\Lang
2009-07-12 15:53:47 ----D---- C:\WINDOWS\system32\RTCOM
2009-07-12 15:53:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-12 15:17:51 ----D---- C:\WINDOWS\Help
2009-07-12 15:17:51 ----D---- C:\WINDOWS\ehome
2009-07-12 15:17:50 ----D---- C:\WINDOWS\nview
2009-07-12 15:17:13 ----D---- C:\WINDOWS\security
2009-07-12 15:10:26 ----D---- C:\WINDOWS\system32\DirectX
2009-07-12 14:54:15 ----D---- C:\WINDOWS\system32\wbem
2009-07-12 14:53:04 ----D---- C:\Program Files\Windows Media Player
2009-07-12 14:06:19 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-12 14:05:09 ----A---- C:\WINDOWS\setuplog.txt
2009-07-12 14:04:34 ----D---- C:\WINDOWS\AppPatch
2009-07-12 14:04:33 ----D---- C:\WINDOWS\system32\Setup
2009-07-12 14:04:33 ----D---- C:\WINDOWS\ime
2009-07-12 14:04:33 ----D---- C:\Program Files\Messenger
2009-07-12 13:52:23 ----D---- C:\WINDOWS\system32\inetsrv
2009-07-12 13:52:12 ----D---- C:\WINDOWS\system32\usmt
2009-07-12 13:52:10 ----D---- C:\WINDOWS\PeerNet
2009-07-12 13:52:10 ----D---- C:\Program Files\Movie Maker
2009-07-12 13:49:46 ----D---- C:\WINDOWS\system32\Restore
2009-07-12 13:49:46 ----D---- C:\WINDOWS\system32\npp
2009-07-12 13:49:46 ----D---- C:\WINDOWS\mui
2009-07-12 13:49:45 ----D---- C:\WINDOWS\msagent
2009-07-12 13:49:43 ----D---- C:\WINDOWS\srchasst
2009-07-12 13:49:43 ----D---- C:\Program Files\NetMeeting
2009-07-12 13:49:41 ----D---- C:\WINDOWS\system32\Com
2009-07-12 13:49:39 ----D---- C:\Program Files\Windows NT
2009-07-12 13:49:38 ----D---- C:\Program Files\Outlook Express
2009-07-12 13:49:35 ----D---- C:\Program Files\Common Files\System
2009-07-12 13:49:19 ----D---- C:\WINDOWS\system32\oobe
2009-07-12 13:49:17 ----D---- C:\WINDOWS\system
2009-07-12 13:31:11 ----A---- C:\WINDOWS\system.ini
2009-07-12 13:28:38 ----D---- C:\WINDOWS\repair
2009-07-12 13:25:11 ----AD---- C:\WINDOWS\SMINST
2009-07-12 12:28:36 ----D---- C:\WINDOWS\Debug
2009-07-12 12:17:30 ----HD---- C:\hp
2009-07-12 12:06:28 ----D---- C:\WINDOWS\Media
2009-07-12 10:44:18 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-12 10:42:55 ----D---- C:\Program Files\Java
2009-07-12 10:40:09 ----RASH---- C:\boot.ini
2009-07-12 10:38:28 ----D---- C:\WINDOWS\I386
2009-07-12 10:37:46 ----AD---- C:\WINDOWS\system32\pcintro
2009-07-12 10:35:02 ----D---- C:\Documents and Settings
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-17 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-12 108552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-23 547744]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-11 5028352]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-09 3535680]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-12 298776]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-12 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-24 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-09 131139]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 gupdate1ca03dfb46d2e88;Google Update Service (gupdate1ca03dfb46d2e88); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-13 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-13 190448]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-07-14 66056]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
blues10guy2
2009-07-28, 23:47
here is the second part
info.txt logfile of random's system information tool 1.06 2009-07-28 16:29:16
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Alien Outbreak 2-->"C:\Program Files\HP Games\Alien Outbreak 2\Uninstall.exe"
Ancient Sudoku-->"C:\Program Files\HP Games\Ancient Sudoku\Uninstall.exe"
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB2A3A6-6789-4260-9966-517498589AB5}\setup.exe" -l0x9
ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{244E21B9-164C-4EC1-AED8-9BD64161E66D}\setup.exe" -l0x9
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bejeweled 2 Deluxe-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
Big Kahuna Reef-->"C:\Program Files\HP Games\Big Kahuna Reef\Uninstall.exe"
Blackhawk Striker 2-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 2 Remix-->"C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
Blasterball 2 Revolution-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
Bookworm Deluxe-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
Bounce Symphony-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Chuzzle Deluxe-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
Compaq Connections (remove only)-->C:\WINDOWS\HPCPCUninstall-5577497\HPBWSetup.exe -appid 5577497 -uninstall
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
Diner Dash-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
DISCover-->"C:\Program Files\DISC\uninstall.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Fairies-->"C:\Program Files\HP Games\Fairies\Uninstall.exe"
Family Feud-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
FATE-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
FlashGet 2.0-->C:\Program Files\FlashGet Network\FlashGet universal\uninst.exe
Flip Words-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Game Console-->"C:\Program Files\WildTangent\Apps\HP Game Console\Uninstall.exe"
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Support Overview-->"C:\WINDOWS\unins000.exe"
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
Insaniquarium Deluxe-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Jewel Quest-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Mah Jong Quest-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft PowerPoint Viewer 97-->C:\Program Files\PowerPoint Viewer\setup\setup.exe
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MWSnap 3-->"C:\Program Files\MWSnap\uninstall.exe"
Mystery Case Files-->"C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PicaLoader 1.7.1-->C:\Program Files\PicaLoader\uninst.exe
Poker Superstars-->"C:\Program Files\HP Games\Poker Superstars\Uninstall.exe"
Polar Bowler-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Remove WeatherBug Installer-->c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c c:\hp\bin\wbug\clean.bat
Ricochet Lost Worlds-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
SCRABBLE-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Slingo Deluxe-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
Snowy The Bears Adventure-->"C:\Program Files\HP Games\Snowy The Bears Adventure\Uninstall.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Granny-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
Tennis Titans-->"C:\Program Files\HP Games\Tennis Titans\Uninstall.exe"
Tornado Jockey-->"C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
Tradewinds-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VGA USB Camera-->C:\Program Files\InstallShield Installation Information\{F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}\setup.exe -runfromtemp -l0x0009 -removeonly
VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: AVG Anti-Virus Free
======System event log======
Computer Name: YOUR-4DACD0EA75
Event Code: 20
Message: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.
Record Number: 313
Source Name: Print
Time Written: 20090712115633.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: YOUR-4DACD0EA75
Event Code: 3
Message: Printer Microsoft Office Document Image Writer was deleted.
Record Number: 312
Source Name: Print
Time Written: 20090712115632.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: YOUR-4DACD0EA75
Event Code: 4
Message: Printer Microsoft Office Document Image Writer is pending deletion.
Record Number: 311
Source Name: Print
Time Written: 20090712115632.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: YOUR-4DACD0EA75
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB928366).
Record Number: 306
Source Name: Windows Update Agent
Time Written: 20090712115410.000000-240
Event Type: error
User:
Computer Name: YOUR-4DACD0EA75
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows XP (KB920213).
Record Number: 270
Source Name: Windows Update Agent
Time Written: 20090712115148.000000-240
Event Type: error
User:
=====Application event log=====
Computer Name: YOUR-4DACD0EA75
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.
Record Number: 84
Source Name: WinMgmt
Time Written: 20090712141009.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: YOUR-4DACD0EA75
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.
Record Number: 83
Source Name: WinMgmt
Time Written: 20090712141009.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: YOUR-4DACD0EA75
Event Code: 1
Message: Service registration successful.
Record Number: 82
Source Name: Media Center Receiver
Time Written: 20090712140914.000000-240
Event Type:
User:
Computer Name: YOUR-4DACD0EA75
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 69
Source Name: WinMgmt
Time Written: 20090712135256.000000-240
Event Type: warning
User: YOUR-4DACD0EA75\Compaq_Administrator
Computer Name: YOUR-4DACD0EA75
Event Code: 1517
Message: Windows saved user YOUR-4DACD0EA75\Compaq_Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 36
Source Name: Userenv
Time Written: 20090712121352.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
-----------------EOF-----------------
Hello,
RSIT is a large file to look over, while I am looking at it lets do this.
Download: DelDomains (http://mvps.org/winhelp2002/DelDomains.inf) and save it to the desktop.
Close all open windows and your browser
Right Click DelDomains.inf and select > Install
Reboot your computer
Internet Explorer is needed to run this program properly.
Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
Please download Malwarebytes' Anti-Malware (http://malwarebytes.gt500.org/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://forums.whatthetech.com/post_a4255_MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report and also a new HJT log please
blues10guy2
2009-07-29, 21:07
I followed your directions to the letter here are the results of the malware scans both shot and long
Malwarebytes' Anti-Malware 1.39
Database version: 2527
Windows 5.1.2600 Service Pack 3
7/29/2009 1:17:38 PM
mbam-log-2009-07-29 (13-17-38).txt
Scan type: Quick Scan
Objects scanned: 98994
Time elapsed: 3 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekrqjbvxyye.dll (Trojan.TDSS) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
\\?\globalroot\systemroot\system32\geyekrqjbvxyye.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
and this is the long scan I did after a reboot
Malwarebytes' Anti-Malware 1.39
Database version: 2527
Windows 5.1.2600 Service Pack 3
7/29/2009 1:56:29 PM
mbam-log-2009-07-29 (13-56-29).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 213825
Time elapsed: 33 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
\\?\globalroot\systemroot\system32\geyekrqjbvxyye.dll (Trojan.TDSS) -> Delete on reboot.
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
\\?\globalroot\systemroot\system32\geyekrqjbvxyye.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
I will do another hjt and post shortly
Larry
blues10guy2
2009-07-29, 21:15
I forgot to mention that ms did an update this am before I ran the request you made I do not know if it changes things
I also should say that less than a month ago I had to do a complete reinstall because of a software conflict I could not resolve. That would explain the large log file.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Administrator at 2009-07-29 14:07:47
Microsoft Windows XP Professional Service Pack 3
System drive C: has 71 GB (67%) free of 106 GB
Total RAM: 1982 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:07:51 PM, on 7/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Compaq_Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" /min
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247409898796
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1ca03dfb46d2e88) (gupdate1ca03dfb46d2e88) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 13580 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{E96140CB-CE3D-4732-88C0-C43229DBB447}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-12 312928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-17 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-05-30 1191424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2006-05-30 217088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-13 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-12 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-12 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-13 165616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-05-30 1191424]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-30 67584]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-09 7311360]
"nwiz"=nwiz.exe /install []
"DISCover"=C:\Program Files\DISC\DISCover.exe [2006-03-16 1077248]
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdMgr.exe [2006-03-16 61440]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]
""= []
"PCDrProfiler"= []
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-12 148888]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-05-09 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-03 18085888]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-12 1948440]
"MsgCenterExe"=C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe [2009-07-12 69632]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-07-12 198160]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"FlashGet"=C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe [2008-08-19 1795656]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-13 39408]
"FlashGet"=C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe [2008-08-19 1795656]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-12 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
======List of files/folders created in the last 1 months======
2009-07-28 16:28:54 ----D---- C:\rsit
2009-07-28 16:28:54 ----D---- C:\Program Files\trend micro
2009-07-28 06:52:04 ----SHD---- C:\WINDOWS\CSC
2009-07-28 06:51:54 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-27 15:39:50 ----D---- C:\Program Files\Common Files\Adobe
2009-07-27 15:37:33 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-07-25 08:44:40 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-07-19 11:44:28 ----D---- C:\WINDOWS\Sun
2009-07-19 11:17:55 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM
2009-07-18 12:08:56 ----HD---- C:\$AVG8.VAULT$
2009-07-16 17:15:18 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\WinRAR
2009-07-16 17:01:24 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Template
2009-07-15 07:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 07:59:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 07:57:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 17:40:13 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2009-07-14 17:40:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-14 17:40:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-13 16:20:59 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\ArcSoft
2009-07-13 13:32:23 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Google
2009-07-13 13:27:41 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-13 09:59:57 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-07-13 09:59:57 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-07-13 09:46:15 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\vlc
2009-07-13 09:37:59 ----D---- C:\WINDOWS\system32\Adobe
2009-07-13 09:36:50 ----D---- C:\Program Files\NOS
2009-07-13 09:36:50 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-12 20:30:42 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-07-12 20:24:21 ----D---- C:\Program Files\Common Files\ArcSoft
2009-07-12 20:24:20 ----A---- C:\WINDOWS\system32\unicows.dll
2009-07-12 20:24:05 ----A---- C:\WINDOWS\PCDLIB32.DLL
2009-07-12 20:24:04 ----D---- C:\Program Files\ArcSoft
2009-07-12 20:22:06 ----A---- C:\WINDOWS\system32\CoInst.dll
2009-07-12 20:22:04 ----D---- C:\WINDOWS\Pixart
2009-07-12 20:22:04 ----D---- C:\Program Files\VGA USB Camera
2009-07-12 20:22:04 ----A---- C:\WINDOWS\system32\SP7302.INI
2009-07-12 20:21:44 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\InstallShield
2009-07-12 20:04:24 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
2009-07-12 18:58:47 ----A---- C:\WINDOWS\system32\clrviddc.dll
2009-07-12 18:51:48 ----D---- C:\Program Files\Common Files\xing shared
2009-07-12 18:36:01 ----D---- C:\Program Files\WinRAR
2009-07-12 18:35:12 ----D---- C:\Program Files\VideoLAN
2009-07-12 18:29:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-12 18:29:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 18:27:51 ----D---- C:\Program Files\PowerPoint Viewer
2009-07-12 17:18:06 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe
2009-07-12 17:14:54 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\VOWSoft
2009-07-12 17:14:44 ----D---- C:\Program Files\PicaLoader
2009-07-12 17:12:12 ----D---- C:\Program Files\MWSnap
2009-07-12 17:04:51 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Yahoo!
2009-07-12 17:04:51 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-07-12 17:03:43 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-07-12 17:03:38 ----D---- C:\Program Files\Yahoo!
2009-07-12 17:00:13 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\BITS
2009-07-12 16:59:06 ----D---- C:\profiles
2009-07-12 16:58:36 ----D---- C:\Program Files\FlashGet Network
2009-07-12 16:49:20 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-12 16:49:05 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-07-12 16:48:50 ----D---- C:\Program Files\AVG
2009-07-12 16:48:49 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-12 16:44:47 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia
2009-07-12 16:35:32 ----A---- C:\WINDOWS\system32\LuResult.txt
2009-07-12 16:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-07-12 15:59:43 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-12 15:59:36 ----D---- C:\Program Files\MSBuild
2009-07-12 15:59:23 ----D---- C:\Program Files\Reference Assemblies
2009-07-12 15:58:56 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-07-12 15:58:55 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-07-12 15:58:55 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-07-12 15:58:54 ----D---- C:\bb2a629cce6f0cfd69f7e874
2009-07-12 15:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-07-12 15:54:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-07-12 15:53:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-07-12 15:52:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-07-12 15:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-07-12 15:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-07-12 15:52:15 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-07-12 15:48:46 ----SHD---- C:\RECYCLER
2009-07-12 15:48:45 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Windows Search
2009-07-12 15:14:41 ----D---- C:\52122d93794ec1445544ff
2009-07-12 15:11:04 ----D---- C:\Program Files\Microsoft Sync Framework
2009-07-12 15:10:25 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-07-12 15:10:22 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-07-12 15:10:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2009-07-12 15:09:24 ----D---- C:\Program Files\Microsoft
2009-07-12 15:09:07 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-12 15:08:44 ----D---- C:\Program Files\Windows Live
2009-07-12 14:55:13 ----D---- C:\Program Files\Common Files\Windows Live
2009-07-12 14:55:07 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-12 14:54:56 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Windows Desktop Search
2009-07-12 14:54:15 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-07-12 14:54:15 ----D---- C:\Program Files\Windows Desktop Search
2009-07-12 14:54:03 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-07-12 14:53:58 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-07-12 14:53:21 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-12 14:53:19 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-07-12 14:53:05 ----D---- C:\Program Files\Windows Media Connect 2
2009-07-12 14:52:51 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-07-12 14:52:05 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-07-12 14:51:36 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-12 14:51:33 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-07-12 14:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB925766$
2009-07-12 14:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-07-12 14:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-12 14:05:07 ----D---- C:\WINDOWS\Prefetch
2009-07-12 14:03:00 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-07-12 14:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-12 14:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-12 14:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-12 14:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-12 14:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-07-12 14:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-12 14:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-12 14:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-12 14:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-12 14:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-12 14:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-12 14:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-12 14:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-12 14:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-12 14:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-12 14:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-12 13:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-12 13:59:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-12 13:59:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-12 13:59:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-12 13:59:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-12 13:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-12 13:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-12 13:59:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-12 13:59:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-12 13:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-12 13:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-12 13:52:12 ----D---- C:\WINDOWS\system32\scripting
2009-07-12 13:52:11 ----D---- C:\WINDOWS\system32\en
2009-07-12 13:52:11 ----D---- C:\WINDOWS\l2schemas
2009-07-12 13:52:10 ----D---- C:\WINDOWS\system32\bits
2009-07-12 13:49:57 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-12 13:47:41 ----D---- C:\WINDOWS\network diagnostic
2009-07-12 13:43:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-12 13:29:56 ----SHD---- C:\System Volume Information
2009-07-12 13:09:09 ----RSD---- C:\WINDOWS\assembly
2009-07-12 13:09:00 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-12 13:04:30 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-12 12:45:15 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-07-12 12:45:14 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-07-12 12:45:14 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-07-12 12:45:14 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-07-12 12:45:10 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-07-12 12:45:10 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-07-12 12:45:07 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-07-12 12:45:06 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-07-12 12:45:05 ----N---- C:\WINDOWS\system32\slserv.exe
2009-07-12 12:45:05 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-07-12 12:45:05 ----N---- C:\WINDOWS\system32\slgen.dll
2009-07-12 12:45:05 ----N---- C:\WINDOWS\slrundll.exe
2009-07-12 12:45:04 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-07-12 12:45:04 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-07-12 12:45:04 ----N---- C:\WINDOWS\system32\setupn.exe
2009-07-12 12:45:03 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-07-12 12:45:02 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-07-12 12:45:02 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-07-12 12:45:01 ----N---- C:\WINDOWS\system32\qutil.dll
2009-07-12 12:45:01 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-07-12 12:45:01 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-07-12 12:45:01 ----N---- C:\WINDOWS\system32\qagent.dll
2009-07-12 12:45:00 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-07-12 12:44:59 ----N---- C:\WINDOWS\system32\onex.dll
2009-07-12 12:44:55 ----N---- C:\WINDOWS\system32\napstat.exe
2009-07-12 12:44:55 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-07-12 12:44:55 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-07-12 12:44:55 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-07-12 12:44:54 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-07-12 12:44:54 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-07-12 12:44:54 ----N---- C:\WINDOWS\system32\mssha.dll
2009-07-12 12:44:54 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-07-12 12:44:46 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-07-12 12:44:46 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-07-12 12:44:46 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-07-12 12:44:46 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-07-12 12:44:40 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-07-12 12:44:40 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-07-12 12:44:39 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-07-12 12:44:39 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-07-12 12:44:39 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-07-12 12:44:39 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-07-12 12:44:35 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-07-12 12:44:35 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-07-12 12:44:34 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-07-12 12:44:32 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-07-12 12:44:30 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-07-12 12:44:28 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-07-12 12:44:28 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-07-12 12:44:28 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-07-12 12:44:28 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-07-12 12:44:28 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-07-12 12:44:27 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-07-12 12:44:27 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-07-12 12:44:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-07-12 12:44:27 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-07-12 12:44:27 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-07-12 12:44:26 ----N---- C:\WINDOWS\system32\credssp.dll
2009-07-12 12:44:23 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-07-12 12:44:23 ----N---- C:\WINDOWS\system32\azroles.dll
2009-07-12 12:44:23 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-07-12 12:44:23 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-07-12 12:44:22 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-07-12 12:44:22 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-07-12 12:44:22 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-07-12 12:44:22 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-07-12 12:44:22 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-07-12 12:44:19 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-07-12 12:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-07-12 12:07:37 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-07-12 12:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-07-12 12:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-07-12 12:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-07-12 12:06:53 ----D---- C:\WINDOWS\ie8updates
2009-07-12 12:06:37 ----D---- C:\WINDOWS\WBEM
2009-07-12 12:05:15 ----HDC---- C:\WINDOWS\ie8
2009-07-12 12:05:15 ----D---- C:\WINDOWS\system32\en-US
2009-07-12 12:04:03 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-12 12:00:32 ----D---- C:\Program Files\MSXML 4.0
2009-07-12 12:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-07-12 12:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-07-12 12:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-07-12 11:59:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-07-12 11:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-07-12 11:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-07-12 11:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-07-12 11:59:19 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-07-12 11:59:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-07-12 11:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-07-12 11:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-07-12 11:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-12 11:58:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-12 11:58:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-07-12 11:58:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-07-12 11:58:34 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-07-12 11:58:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-07-12 11:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-07-12 11:58:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-07-12 11:58:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-07-12 11:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-07-12 11:57:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-07-12 11:57:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-07-12 11:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-07-12 11:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-07-12 11:57:28 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-07-12 11:57:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-07-12 11:57:13 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2009-07-12 11:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-07-12 11:57:04 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-07-12 11:56:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-07-12 11:56:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-07-12 11:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-07-12 11:53:56 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-07-12 11:53:37 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-07-12 11:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-07-12 11:53:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-07-12 11:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2009-07-12 11:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-07-12 11:53:02 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2009-07-12 11:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2009-07-12 11:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-07-12 11:52:26 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2009-07-12 11:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-07-12 11:51:58 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-07-12 11:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-07-12 11:51:51 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-07-12 11:51:45 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-07-12 11:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-07-12 11:51:34 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2009-07-12 11:51:30 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-07-12 11:51:24 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-07-12 11:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-07-12 11:51:14 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-07-12 11:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-07-12 11:51:06 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-07-12 11:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-07-12 11:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-07-12 11:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-07-12 11:50:46 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-07-12 11:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-07-12 11:50:32 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-07-12 11:50:27 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-07-12 11:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-07-12 11:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-07-12 11:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-07-12 11:50:06 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-07-12 11:50:00 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-07-12 11:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-07-12 11:49:49 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-07-12 11:49:41 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-07-12 11:49:36 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-07-12 11:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-07-12 11:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-07-12 11:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-07-12 11:49:16 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-07-12 11:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-07-12 11:49:03 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-07-12 11:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-07-12 11:48:45 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2009-07-12 11:48:25 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-07-12 11:48:20 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-07-12 11:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-07-12 11:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-07-12 11:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-07-12 11:47:57 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-07-12 11:47:51 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-07-12 11:45:30 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-07-12 11:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-07-12 11:45:21 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-07-12 11:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-07-12 11:45:09 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-07-12 11:45:04 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-07-12 11:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-07-12 11:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-07-12 11:21:56 ----N---- C:\WINDOWS\kb913800.exe
2009-07-12 11:11:35 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-07-12 10:59:17 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-07-12 10:59:06 ----D---- C:\WINDOWS\system32\PreInstall
2009-07-12 10:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-07-12 10:43:11 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-12 10:43:11 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-12 10:43:11 ----A---- C:\WINDOWS\system32\java.exe
2009-07-12 10:43:11 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-12 10:41:17 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Sun
2009-07-12 10:40:07 ----RASH---- C:\BOOT.BAK
2009-07-12 10:39:56 ----RSHD---- C:\cmdcons
2009-07-12 10:39:56 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-07-12 10:39:55 ----D---- C:\WINDOWS\setup.pss
2009-07-12 10:39:30 ----D---- C:\WINDOWS\setupupd
2009-07-12 10:35:08 ----ASH---- C:\Documents and Settings\Compaq_Administrator\Application Data\desktop.ini
2009-07-12 10:35:03 ----SD---- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft
2009-07-12 10:35:03 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Real
2009-07-12 10:35:03 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Intuit
2009-07-12 10:35:03 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Identities
2009-07-12 10:32:52 ----D---- C:\WINDOWS\system32\SoftwareDistribution
======List of files/folders modified in the last 1 months======
2009-07-29 14:00:04 ----D---- C:\WINDOWS\Temp
2009-07-29 14:00:02 ----AD---- C:\WINDOWS
2009-07-29 13:59:56 ----D---- C:\WINDOWS\Registration
2009-07-29 13:59:46 ----SD---- C:\WINDOWS\Tasks
2009-07-29 13:59:10 ----D---- C:\WINDOWS\system32\drivers
2009-07-29 13:58:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-29 13:30:01 ----D---- C:\WINDOWS\system32
2009-07-29 12:31:30 ----D---- C:\Program Files\Internet Explorer
2009-07-29 12:30:03 ----HD---- C:\WINDOWS\inf
2009-07-29 12:29:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-29 12:29:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-29 12:29:31 ----SHD---- C:\WINDOWS\Installer
2009-07-29 12:29:30 ----D---- C:\WINDOWS\WinSxS
2009-07-28 16:28:54 ----D---- C:\Program Files
2009-07-27 23:43:50 ----A---- C:\WINDOWS\WININIT.INI
2009-07-27 23:43:48 ----D---- C:\WINDOWS\wt
2009-07-27 15:40:26 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-27 15:39:50 ----D---- C:\Program Files\Adobe
2009-07-27 15:39:42 ----D---- C:\Program Files\Common Files
2009-07-27 15:35:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 15:24:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-19 09:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-16 17:31:38 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-15 07:59:45 ----A---- C:\WINDOWS\imsins.BAK
2009-07-13 13:31:29 ----D---- C:\Program Files\Google
2009-07-13 11:33:01 ----D---- C:\Program Files\HP
2009-07-13 11:30:04 ----D---- C:\Program Files\Hewlett-Packard
2009-07-12 20:30:53 ----A---- C:\WINDOWS\win.ini
2009-07-12 20:30:45 ----D---- C:\WINDOWS\twain_32
2009-07-12 20:24:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-12 18:51:41 ----D---- C:\Program Files\Common Files\Real
2009-07-12 18:51:38 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-07-12 18:51:27 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-07-12 18:51:27 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-07-12 18:51:23 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-07-12 18:51:23 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-07-12 17:08:26 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-12 16:48:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-12 16:40:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-12 16:40:57 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-07-12 16:13:13 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-12 16:02:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-12 15:59:30 ----RSD---- C:\WINDOWS\Fonts
2009-07-12 15:59:07 ----D---- C:\WINDOWS\system32\spool
2009-07-12 15:53:56 ----D---- C:\WINDOWS\system32\Lang
2009-07-12 15:53:47 ----D---- C:\WINDOWS\system32\RTCOM
2009-07-12 15:53:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-12 15:17:51 ----D---- C:\WINDOWS\Help
2009-07-12 15:17:51 ----D---- C:\WINDOWS\ehome
2009-07-12 15:17:50 ----D---- C:\WINDOWS\nview
2009-07-12 15:17:13 ----D---- C:\WINDOWS\security
2009-07-12 15:10:26 ----D---- C:\WINDOWS\system32\DirectX
2009-07-12 14:54:15 ----D---- C:\WINDOWS\system32\wbem
2009-07-12 14:53:04 ----D---- C:\Program Files\Windows Media Player
2009-07-12 14:06:19 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-12 14:05:09 ----A---- C:\WINDOWS\setuplog.txt
2009-07-12 14:04:34 ----D---- C:\WINDOWS\AppPatch
2009-07-12 14:04:33 ----D---- C:\WINDOWS\system32\Setup
2009-07-12 14:04:33 ----D---- C:\WINDOWS\ime
2009-07-12 14:04:33 ----D---- C:\Program Files\Messenger
2009-07-12 13:52:23 ----D---- C:\WINDOWS\system32\inetsrv
2009-07-12 13:52:12 ----D---- C:\WINDOWS\system32\usmt
2009-07-12 13:52:10 ----D---- C:\WINDOWS\PeerNet
2009-07-12 13:52:10 ----D---- C:\Program Files\Movie Maker
2009-07-12 13:49:46 ----D---- C:\WINDOWS\system32\Restore
2009-07-12 13:49:46 ----D---- C:\WINDOWS\system32\npp
2009-07-12 13:49:46 ----D---- C:\WINDOWS\mui
2009-07-12 13:49:45 ----D---- C:\WINDOWS\msagent
2009-07-12 13:49:43 ----D---- C:\WINDOWS\srchasst
2009-07-12 13:49:43 ----D---- C:\Program Files\NetMeeting
2009-07-12 13:49:41 ----D---- C:\WINDOWS\system32\Com
2009-07-12 13:49:39 ----D---- C:\Program Files\Windows NT
2009-07-12 13:49:38 ----D---- C:\Program Files\Outlook Express
2009-07-12 13:49:35 ----D---- C:\Program Files\Common Files\System
2009-07-12 13:49:19 ----D---- C:\WINDOWS\system32\oobe
2009-07-12 13:49:17 ----D---- C:\WINDOWS\system
2009-07-12 13:31:11 ----A---- C:\WINDOWS\system.ini
2009-07-12 13:28:38 ----D---- C:\WINDOWS\repair
2009-07-12 13:25:11 ----AD---- C:\WINDOWS\SMINST
2009-07-12 12:28:36 ----D---- C:\WINDOWS\Debug
2009-07-12 12:17:30 ----HD---- C:\hp
2009-07-12 12:06:28 ----D---- C:\WINDOWS\Media
2009-07-12 10:44:18 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-12 10:42:55 ----D---- C:\Program Files\Java
2009-07-12 10:40:09 ----RASH---- C:\boot.ini
2009-07-12 10:38:28 ----D---- C:\WINDOWS\I386
2009-07-12 10:37:46 ----AD---- C:\WINDOWS\system32\pcintro
2009-07-12 10:35:02 ----D---- C:\Documents and Settings
2009-07-03 13:09:28 ----A---- C:\WINDOWS\system32\wininet.dll
2009-07-03 13:09:27 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-03 13:09:27 ----A---- C:\WINDOWS\system32\occache.dll
2009-07-03 13:09:25 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-03 13:09:25 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-03 13:09:24 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-07-03 13:09:24 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-03 13:09:23 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-07-03 13:09:21 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 07:01:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-17 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-12 108552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-23 547744]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-11 5028352]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-09 3535680]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-12 298776]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-12 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-24 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-09 131139]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 gupdate1ca03dfb46d2e88;Google Update Service (gupdate1ca03dfb46d2e88); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-13 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-13 190448]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-07-14 66056]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Hi,
Sorry for the delay, some storms came in up here in the NE and I was without power for about 5 hours.
Your infected with a Rootkit :red:
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
blues10guy2
2009-07-30, 05:48
here is the log file from combofix I will run another hjt ans post in a few minutes it appears it removed my flashget program because it had become infected but I can get that again no problem
Larry
ComboFix 09-07-29.03 - Compaq_Administrator 07/29/2009 22:20.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1536 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\COMPAQ~1\APPLIC~1\BITS
c:\docume~1\COMPAQ~1\APPLIC~1\BITS\BITS.ini
c:\docume~1\COMPAQ~1\APPLIC~1\BITS\DHTTable.dat
c:\docume~1\COMPAQ~1\APPLIC~1\BITS\ProxyList.ini
c:\docume~1\COMPAQ~1\APPLIC~1\BITS\UPnP.ini
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\btcore.dll
c:\program files\FlashGet Network\FlashGet universal\btwrap.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.dll
c:\program files\FlashGet Network\FlashGet universal\BugReport.exe
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhocfg.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
c:\program files\FlashGet Network\FlashGet universal\ComDlls\ComDlls.ini
c:\program files\FlashGet Network\FlashGet universal\ComDlls\flashget.xpi
c:\program files\FlashGet Network\FlashGet universal\ComDlls\FlashgetXpi.dll
c:\program files\FlashGet Network\FlashGet universal\ComDlls\IFlashgetXpi.xpt
c:\program files\FlashGet Network\FlashGet universal\dbghelp.dll
c:\program files\FlashGet Network\FlashGet universal\DBTrans.dll
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose - 2009.07.13 20.20.22.log
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\DBTransC.exe
c:\program files\FlashGet Network\FlashGet universal\ed2kwrap.dll
c:\program files\FlashGet Network\FlashGet universal\explorerbar.dll
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\FGVer.dll
c:\program files\FlashGet Network\FlashGet universal\flashget.exe
c:\program files\FlashGet Network\FlashGet universal\gt.exe
c:\program files\FlashGet Network\FlashGet universal\hashgen.dll
c:\program files\FlashGet Network\FlashGet universal\Help\license.txt
c:\program files\FlashGet Network\FlashGet universal\Help\Readme.txt
c:\program files\FlashGet Network\FlashGet universal\Help\WHATSNEW.TXT
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBatchLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddBTTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Added.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddEMTask.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddHpFpLink.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksDlgEx.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\AddLinksModern.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BrowserPlugins.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\BTOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CategoryView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ComfirmWhenExitDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\CommonDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ConfirmInvalidLinks.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ContextMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DefaultDownloadsDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DeleteFilesDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\DetailStatus.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\EMServers.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExplorerPane.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ExtensionRuleDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FG2SearchTopPlugin.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FileRemovedDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FindTaskDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashgetAbout.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FlashGetDlg.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\FSUStatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageLoginDialog.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\GarageView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HotResource.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\HpFpOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\LogsOutput.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MACReader.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainMenu.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MainToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\MonitorOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NormalOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\NotifyOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Option.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\P4PPluginMain.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\ProxySetting.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SearchBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Security.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityScan.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\SecurityToolbar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\Shutdown.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\StatusBar.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskDefOption.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskListView.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\TaskNotify.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\UserListCtrl.ini
c:\program files\FlashGet Network\FlashGet universal\Langs\FGXL_ENG\XpEnhance.ini
c:\program files\FlashGet Network\FlashGet universal\libupnp.dll
c:\program files\FlashGet Network\FlashGet universal\LiveUpdateUI.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\ComHelper.dll
c:\program files\FlashGet Network\FlashGet universal\modules\ComHelper\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Downstat.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Downstat\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\P4pclient.dll
c:\program files\FlashGet Network\FlashGet universal\modules\P4pclient\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\iexplorer.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\resource.xml
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\search.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\subscribe.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\Resource\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\modules\SearchTop\SearchTop.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\FunctionalRepair.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Scanning.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SECURITY.dll
c:\program files\FlashGet Network\FlashGet universal\modules\Security\Security.xml
c:\program files\FlashGet Network\FlashGet universal\modules\Security\SystemFix.bmp
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SamplerCli.dll
c:\program files\FlashGet Network\FlashGet universal\modules\SnapShot\SnapShot.dll
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\Info.ini
c:\program files\FlashGet Network\FlashGet universal\modules\tasknotifier\tasknotifier.dll
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCore.dll
c:\program files\FlashGet Network\FlashGet universal\p2pprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2snetio.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.dll
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p2sprot.dll
c:\program files\FlashGet Network\FlashGet universal\p2spwrap.dll
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\Skins\close_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\close_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\max_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_default.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_press.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\min_select.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify.wav
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_board.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\notify_icon.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Back.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\BrowserBarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\FlashgetResource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Backward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\BrowserBarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Forward.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Home.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\BrowserBarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Available.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\CategoryTreeCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloaded.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Downloading.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Favorite.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Flashget.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Release.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Rubbish.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\CategoryTreeCT\Search.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\Expbar.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\garage.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\ExpBar\transfer.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\BT.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\EM.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\GlobalOptionCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\HpFp.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Monitor.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Notify.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\Proxy.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\GlobalOptionCT\TaskDef.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Info.ini
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MainMenuCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveDownTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\MoveUpTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainMenuCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\MainToolbarCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\About.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\DeleteTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Folder.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\MainToolbarDisableCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\NewTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Open.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Option.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\PauseTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\Resource.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\StartTask.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\MainToolbarDisableCT\TaskProperties.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\InfoBkg.Bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\Monitor\MonitorBkg.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Down.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Normal.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\OutpuLogCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\OutpuLogCT\Up.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\All.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Book.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Bt.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Game.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Movie.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Music.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Phone.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Picture.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\SobarIconCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\SobarIconCT\Software.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Error.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\hashing.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\OK.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pause.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Pin.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Schedule.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Start.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\TaskListCT.xml
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Upload.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\ShadowGrayBlue\TaskListCT\Wait.bmp
c:\program files\FlashGet Network\FlashGet universal\Skins\Thumbs.db
c:\program files\FlashGet Network\FlashGet universal\storage.dll
c:\program files\FlashGet Network\FlashGet universal\SysOpt.exe
c:\program files\FlashGet Network\FlashGet universal\transaction - 2009.07.13 20.20.22.log
c:\program files\FlashGet Network\FlashGet universal\transaction.log
c:\program files\FlashGet Network\FlashGet universal\uninst.exe
c:\program files\FlashGet Network\FlashGet universal\zlib.dll
c:\windows\Installer\2a05b6.msp
c:\windows\Installer\2a05b7.msp
c:\windows\Installer\2a05b8.msp
c:\windows\Installer\2a05b9.msp
c:\windows\Installer\2a05ba.msp
c:\windows\Installer\2a05bb.msp
c:\windows\Installer\2a05bc.msp
c:\windows\Installer\2a05bd.msp
c:\windows\Installer\2a05be.msp
c:\windows\kb913800.exe
c:\windows\system32\drivers\geyekraordymll.sys
c:\windows\system32\geyekrbgrqpyxe.dat
c:\windows\system32\geyekroctnitwv.dat
c:\windows\system32\geyekrqjbvxyye.dll
c:\windows\system32\geyekrtfnxdhmn.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_geyekrufoaqpqq
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.
2009-07-29 16:23 . 2009-07-03 17:09 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 16:23 . 2009-07-03 17:09 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-28 20:28 . 2009-07-29 18:07 -------- d-----w- c:\program files\trend micro
2009-07-28 20:28 . 2009-07-28 20:29 -------- d-----w- C:\rsit
2009-07-28 10:54 . 2009-07-28 10:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2009-07-28 10:52 . 2009-07-28 10:52 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-27 19:39 . 2009-07-27 19:39 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-27 19:37 . 2009-07-27 19:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-19 15:44 . 2009-07-19 15:44 -------- d-----w- c:\windows\Sun
2009-07-19 15:17 . 2009-07-19 15:17 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\AdobeUM
2009-07-19 15:17 . 2009-07-27 19:40 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Adobe
2009-07-18 16:08 . 2009-07-28 16:01 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-16 21:01 . 2009-07-16 21:01 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\Template
2009-07-14 21:40 . 2009-07-14 21:40 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\Malwarebytes
2009-07-14 21:40 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-14 21:40 . 2009-07-14 21:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 21:40 . 2009-07-14 21:40 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-14 21:40 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 20:20 . 2009-07-13 20:21 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\ArcSoft
2009-07-13 17:45 . 2009-07-13 17:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-13 17:31 . 2009-07-13 17:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-13 17:27 . 2009-07-13 17:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-07-13 13:59 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-13 13:46 . 2009-07-27 12:01 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\vlc
2009-07-13 13:37 . 2009-07-13 13:38 -------- d-----w- c:\windows\system32\Adobe
2009-07-13 13:36 . 2009-07-27 19:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\NOS
2009-07-13 13:36 . 2009-07-27 19:35 -------- d-----w- c:\program files\NOS
2009-07-13 00:31 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-07-13 00:31 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2009-07-13 00:31 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-07-13 00:31 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2009-07-13 00:31 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2009-07-13 00:31 . 2008-04-13 18:46 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
2009-07-13 00:31 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys
2009-07-13 00:31 . 2008-04-13 18:46 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2009-07-13 00:30 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS
2009-07-13 00:30 . 2008-04-13 18:46 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-07-13 00:30 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys
2009-07-13 00:30 . 2008-04-13 18:46 85248 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2009-07-13 00:30 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys
2009-07-13 00:30 . 2008-04-13 18:46 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys
2009-07-13 00:30 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-07-13 00:30 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-07-13 00:24 . 2009-07-13 00:24 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-07-13 00:24 . 2005-02-23 18:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2009-07-13 00:24 . 2004-12-07 14:11 258352 ----a-w- c:\windows\system32\unicows.dll
2009-07-13 00:24 . 1995-08-01 08:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-07-13 00:24 . 2009-07-13 00:24 -------- d-----w- c:\program files\ArcSoft
2009-07-13 00:22 . 2007-11-01 23:05 6656 ----a-w- c:\windows\system32\CoInst.dll
2009-07-13 00:22 . 2007-06-14 19:29 457856 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2009-07-13 00:22 . 2009-07-13 00:22 -------- d-----w- c:\program files\VGA USB Camera
2009-07-13 00:22 . 2009-07-13 00:22 -------- d-----w- c:\windows\Pixart
2009-07-13 00:21 . 2009-07-13 00:21 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\InstallShield
2009-07-13 00:04 . 2009-07-13 00:04 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\WinBatch
2009-07-13 00:00 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-07-13 00:00 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-07-13 00:00 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-13 00:00 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-07-12 22:58 . 2009-07-12 22:58 203776 ----a-w- c:\windows\system32\clrviddc.dll
2009-07-12 22:51 . 2009-07-12 22:51 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-12 22:44 . 2009-07-12 22:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-12 22:35 . 2009-07-12 22:35 -------- d-----w- c:\program files\VideoLAN
2009-07-12 22:29 . 2009-07-12 22:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-12 22:29 . 2009-07-12 22:33 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-12 22:27 . 2009-07-12 22:27 -------- d-----w- c:\program files\PowerPoint Viewer
2009-07-12 21:14 . 2009-07-12 21:14 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\VOWSoft
2009-07-12 21:14 . 2009-07-12 21:14 -------- d-----w- c:\program files\PicaLoader
2009-07-12 21:12 . 2009-07-12 21:12 -------- d-----w- c:\program files\MWSnap
2009-07-12 21:11 . 2009-07-12 21:11 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Yahoo
2009-07-12 21:04 . 2009-07-12 21:04 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\Yahoo!
2009-07-12 21:04 . 2009-07-12 21:04 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2009-07-12 21:03 . 2009-07-12 21:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo!
2009-07-12 21:03 . 2009-07-12 21:04 -------- d-----w- c:\program files\Yahoo!
2009-07-12 20:59 . 2009-07-12 20:59 -------- d-----w- C:\profiles
2009-07-12 20:49 . 2009-07-12 20:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-12 20:49 . 2009-07-12 20:49 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-12 20:49 . 2009-07-17 12:26 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-12 20:49 . 2009-07-12 20:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-12 20:49 . 2009-07-29 21:59 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-12 20:49 . 2009-07-12 20:51 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-07-12 20:48 . 2009-07-12 20:48 -------- d-----w- c:\program files\AVG
2009-07-12 20:48 . 2009-07-12 20:48 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-07-12 19:59 . 2009-07-12 19:59 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-12 19:59 . 2009-07-12 19:59 -------- d-----w- c:\program files\MSBuild
2009-07-12 19:59 . 2009-07-12 19:59 -------- d-----w- c:\program files\Reference Assemblies
2009-07-12 19:58 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-12 19:58 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-12 19:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-12 19:58 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-12 19:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-12 19:58 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-12 19:58 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-12 19:58 . 2009-07-12 19:59 -------- d-----w- C:\bb2a629cce6f0cfd69f7e874
2009-07-12 19:48 . 2009-07-12 19:48 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\Windows Search
2009-07-12 19:14 . 2009-07-12 19:16 -------- d-----w- C:\52122d93794ec1445544ff
2009-07-12 19:14 . 2009-07-30 02:30 -------- d-----w- c:\documents and settings\Compaq_Administrator\Tracing
2009-07-12 19:11 . 2009-07-12 19:11 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-07-12 19:10 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-07-12 19:10 . 2009-07-12 19:10 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-07-12 19:09 . 2009-07-12 19:09 -------- d-----w- c:\program files\Microsoft
2009-07-12 19:09 . 2009-07-12 19:09 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-12 19:08 . 2009-07-12 19:13 -------- d-----w- c:\program files\Windows Live
2009-07-12 18:55 . 2009-07-12 18:55 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-12 18:55 . 2009-07-22 13:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-12 18:55 . 2009-07-12 18:55 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Identities
2009-07-12 18:54 . 2009-07-12 18:54 -------- d-----w- c:\docume~1\COMPAQ~1\APPLIC~1\Windows Desktop Search
2009-07-12 18:54 . 2009-07-12 20:07 -------- d-----w- c:\program files\Windows Desktop Search
2009-07-12 18:54 . 2009-07-12 18:54 -------- d-----w- c:\windows\system32\GroupPolicy
2009-07-12 18:53 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2009-07-12 18:53 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2009-07-12 18:53 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2009-07-12 18:53 . 2009-07-12 18:53 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-12 18:51 . 2009-07-12 18:52 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-12 18:51 . 2009-07-12 18:51 -------- d-----w- c:\windows\system32\LogFiles
2009-07-12 18:04 . 2009-07-12 18:04 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-12 18:03 . 2009-07-12 18:03 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-07-12 17:52 . 2009-07-12 17:52 -------- d-----w- c:\windows\system32\scripting
2009-07-12 17:52 . 2009-07-12 17:52 -------- d-----w- c:\windows\l2schemas
2009-07-12 17:11 . 2009-07-12 21:14 -------- d-----r- c:\documents and settings\All Users\Documents
2009-07-12 17:04 . 2009-07-29 16:29 -------- d-sh--r- c:\windows\system32\dllcache
2009-07-12 16:44 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-07-12 16:18 . 2009-07-12 16:18 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\IECompatCache
2009-07-12 16:17 . 2009-07-12 16:17 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\PrivacIE
2009-07-12 16:15 . 2009-07-12 16:15 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\IETldCache
2009-07-12 16:07 . 2009-06-02 10:12 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 21:31 . 2009-07-16 21:01 166 ----a-w- c:\docume~1\COMPAQ~1\APPLIC~1\wklnhst.dat
2009-07-13 17:31 . 2006-05-30 05:02 -------- d-----w- c:\program files\Google
2009-07-13 15:33 . 2006-05-30 04:28 -------- d-----w- c:\program files\HP
2009-07-13 15:30 . 2006-05-30 04:42 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-13 00:24 . 2006-05-30 04:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-12 22:51 . 2006-05-30 04:33 -------- d-----w- c:\program files\Common Files\Real
2009-07-12 22:51 . 2003-03-19 10:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-12 20:40 . 2006-05-30 05:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-12 20:40 . 2006-05-30 05:07 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Symantec
2009-07-12 20:08 . 2006-05-30 04:33 48640 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-12 17:57 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-12 15:51 . 2009-07-12 15:51 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-12 14:42 . 2006-05-30 04:07 -------- d-----w- c:\program files\Java
2009-07-12 14:37 . 2009-07-12 14:37 1832 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_RB101AA-ABA SR1923WM NA670_YC_0Pres_QCNH625_E63NAemREA2_48_INAGAMI2L_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M1983_J120_7AMD_8Athlon 64_92.2_#080727_N_Z14F12F20_G10DE0241.MRK
2009-07-03 17:09 . 2004-08-10 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 04:00 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-10 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-25 04:24 . 2008-05-27 02:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-12 19:12 . 2006-05-30 04:02 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2004-08-10 04:00 345600 ------w- c:\windows\system32\localspl.dll
2006-08-01 13:35 . 2009-07-12 17:28 32 --sha-w- c:\windows\SMINST\HPCD.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 14:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-13 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-10 7311360]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-12 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-10 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-12 1948440]
"MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2009-07-12 69632]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-12 198160]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-10 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-03 18085888]
c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-5-30 36903]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-12 20:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/12/2009 4:49 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/12/2009 4:49 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/12/2009 4:48 PM 298776]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [5/23/2007 4:15 AM 547744]
R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [7/12/2009 8:22 PM 457856]
S2 gupdate1ca03dfb46d2e88;Google Update Service (gupdate1ca03dfb46d2e88);c:\program files\Google\Update\GoogleUpdate.exe [7/13/2009 1:31 PM 133104]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/27/2009 3:35 PM 66056]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-FlashGet - c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe
HKLM-Run-FlashGet - c:\program files\FlashGet Network\FlashGet universal\FlashGet.exe
HKLM-Run-PCDrProfiler - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE: &Download All by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 22:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1824)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\searchindexer.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-07-30 22:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 02:36
Pre-Run: 73,973,362,688 bytes free
Post-Run: 73,993,474,048 bytes free
565 --- E O F --- 2009-07-29 16:30
blues10guy2
2009-07-30, 05:51
here is the hjt file I will return tomorrow to see if I am clean :thanks:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Administrator at 2009-07-29 22:49:06
Microsoft Windows XP Professional Service Pack 3
System drive C: has 71 GB (67%) free of 106 GB
Total RAM: 1982 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:17 PM, on 7/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Compaq_Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247409898796
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1ca03dfb46d2e88) (gupdate1ca03dfb46d2e88) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 12676 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{E96140CB-CE3D-4732-88C0-C43229DBB447}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-07-12 312928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-17 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-05-30 1191424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2006-05-30 217088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-13 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-12 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-12 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2009-03-13 165616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-05-30 1191424]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2009-03-13 908528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-30 67584]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-05-09 7311360]
"nwiz"=nwiz.exe /install []
"DISCover"=C:\Program Files\DISC\DISCover.exe [2006-03-16 1077248]
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdMgr.exe [2006-03-16 61440]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-12 148888]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-05-09 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-03 18085888]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-12 1948440]
"MsgCenterExe"=C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe [2009-07-12 69632]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-07-12 198160]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-13 39408]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-12 11952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
======List of files/folders created in the last 1 months======
2009-07-29 22:41:03 ----SHD---- C:\RECYCLER
2009-07-29 22:36:08 ----A---- C:\ComboFix.txt
2009-07-29 22:08:47 ----A---- C:\WINDOWS\zip.exe
2009-07-29 22:08:47 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-29 22:08:47 ----A---- C:\WINDOWS\SWSC.exe
2009-07-29 22:08:47 ----A---- C:\WINDOWS\SWREG.exe
2009-07-29 22:08:47 ----A---- C:\WINDOWS\sed.exe
2009-07-29 22:08:47 ----A---- C:\WINDOWS\PEV.exe
2009-07-29 22:08:47 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-29 22:08:47 ----A---- C:\WINDOWS\grep.exe
2009-07-29 22:08:29 ----D---- C:\WINDOWS\ERDNT
2009-07-29 22:08:13 ----D---- C:\Qoobox
2009-07-28 16:28:54 ----D---- C:\rsit
2009-07-28 16:28:54 ----D---- C:\Program Files\trend micro
2009-07-28 06:52:04 ----SHD---- C:\WINDOWS\CSC
2009-07-28 06:51:54 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-27 15:39:50 ----D---- C:\Program Files\Common Files\Adobe
2009-07-27 15:37:33 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-07-25 08:44:40 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-07-19 11:44:28 ----D---- C:\WINDOWS\Sun
2009-07-19 11:17:55 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\AdobeUM
2009-07-18 12:08:56 ----HD---- C:\$AVG8.VAULT$
2009-07-16 17:15:18 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\WinRAR
2009-07-16 17:01:24 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Template
2009-07-15 07:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 07:59:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 07:57:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 17:40:13 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2009-07-14 17:40:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-14 17:40:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-13 16:20:59 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\ArcSoft
2009-07-13 13:32:23 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Google
2009-07-13 13:27:41 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-13 09:59:57 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-07-13 09:59:57 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-07-13 09:46:15 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\vlc
2009-07-13 09:37:59 ----D---- C:\WINDOWS\system32\Adobe
2009-07-13 09:36:50 ----D---- C:\Program Files\NOS
2009-07-13 09:36:50 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-12 20:30:42 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-07-12 20:24:21 ----D---- C:\Program Files\Common Files\ArcSoft
2009-07-12 20:24:20 ----A---- C:\WINDOWS\system32\unicows.dll
2009-07-12 20:24:05 ----A---- C:\WINDOWS\PCDLIB32.DLL
2009-07-12 20:24:04 ----D---- C:\Program Files\ArcSoft
2009-07-12 20:22:06 ----A---- C:\WINDOWS\system32\CoInst.dll
2009-07-12 20:22:04 ----D---- C:\WINDOWS\Pixart
2009-07-12 20:22:04 ----D---- C:\Program Files\VGA USB Camera
2009-07-12 20:22:04 ----A---- C:\WINDOWS\system32\SP7302.INI
2009-07-12 20:21:44 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\InstallShield
2009-07-12 20:04:24 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
2009-07-12 18:58:47 ----A---- C:\WINDOWS\system32\clrviddc.dll
2009-07-12 18:51:48 ----D---- C:\Program Files\Common Files\xing shared
2009-07-12 18:36:01 ----D---- C:\Program Files\WinRAR
2009-07-12 18:35:12 ----D---- C:\Program Files\VideoLAN
2009-07-12 18:29:10 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-12 18:29:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-12 18:27:51 ----D---- C:\Program Files\PowerPoint Viewer
2009-07-12 17:18:06 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe
2009-07-12 17:14:54 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\VOWSoft
2009-07-12 17:14:44 ----D---- C:\Program Files\PicaLoader
2009-07-12 17:12:12 ----D---- C:\Program Files\MWSnap
2009-07-12 17:04:51 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Yahoo!
2009-07-12 17:04:51 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-07-12 17:03:43 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-07-12 17:03:38 ----D---- C:\Program Files\Yahoo!
2009-07-12 16:59:06 ----D---- C:\profiles
2009-07-12 16:49:20 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-12 16:49:05 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-07-12 16:48:50 ----D---- C:\Program Files\AVG
2009-07-12 16:48:49 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-12 16:44:47 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Macromedia
2009-07-12 16:35:32 ----A---- C:\WINDOWS\system32\LuResult.txt
2009-07-12 16:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-07-12 15:59:43 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-12 15:59:36 ----D---- C:\Program Files\MSBuild
2009-07-12 15:59:23 ----D---- C:\Program Files\Reference Assemblies
2009-07-12 15:58:56 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-07-12 15:58:55 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-07-12 15:58:55 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-07-12 15:58:54 ----D---- C:\bb2a629cce6f0cfd69f7e874
2009-07-12 15:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-07-12 15:54:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-07-12 15:53:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-07-12 15:52:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-07-12 15:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-07-12 15:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-07-12 15:52:15 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-07-12 15:48:45 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Windows Search
2009-07-12 15:14:41 ----D---- C:\52122d93794ec1445544ff
2009-07-12 15:11:04 ----D---- C:\Program Files\Microsoft Sync Framework
2009-07-12 15:10:25 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-07-12 15:10:22 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-07-12 15:10:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954708$
2009-07-12 15:09:24 ----D---- C:\Program Files\Microsoft
2009-07-12 15:09:07 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-12 15:08:44 ----D---- C:\Program Files\Windows Live
2009-07-12 14:55:13 ----D---- C:\Program Files\Common Files\Windows Live
2009-07-12 14:55:07 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-12 14:54:56 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Windows Desktop Search
2009-07-12 14:54:15 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-07-12 14:54:15 ----D---- C:\Program Files\Windows Desktop Search
2009-07-12 14:54:03 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-07-12 14:53:58 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-07-12 14:53:21 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-12 14:53:19 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-07-12 14:53:05 ----D---- C:\Program Files\Windows Media Connect 2
2009-07-12 14:52:51 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-07-12 14:52:05 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-07-12 14:51:36 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-12 14:51:33 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-07-12 14:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB925766$
2009-07-12 14:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-07-12 14:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-12 14:05:07 ----D---- C:\WINDOWS\Prefetch
2009-07-12 14:03:00 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-07-12 14:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-12 14:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-12 14:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-12 14:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-12 14:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-07-12 14:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-12 14:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-12 14:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-12 14:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-12 14:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-12 14:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-12 14:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-12 14:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-12 14:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-12 14:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-12 14:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-12 13:59:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-12 13:59:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-12 13:59:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-12 13:59:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-12 13:59:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-12 13:59:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-12 13:59:23 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-12 13:59:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-12 13:59:11 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-12 13:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-12 13:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-12 13:52:12 ----D---- C:\WINDOWS\system32\scripting
2009-07-12 13:52:11 ----D---- C:\WINDOWS\system32\en
2009-07-12 13:52:11 ----D---- C:\WINDOWS\l2schemas
2009-07-12 13:52:10 ----D---- C:\WINDOWS\system32\bits
2009-07-12 13:49:57 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-12 13:47:41 ----D---- C:\WINDOWS\network diagnostic
2009-07-12 13:43:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-12 13:29:56 ----SHD---- C:\System Volume Information
2009-07-12 13:09:09 ----RSD---- C:\WINDOWS\assembly
2009-07-12 13:09:00 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-12 13:04:30 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-12 12:45:15 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-07-12 12:45:14 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-07-12 12:45:14 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-07-12 12:45:14 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-07-12 12:45:10 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-07-12 12:45:10 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-07-12 12:45:07 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-07-12 12:45:06 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-07-12 12:45:05 ----N---- C:\WINDOWS\system32\slserv.exe
2009-07-12 12:45:05 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-07-12 12:45:05 ----N---- C:\WINDOWS\system32\slgen.dll
2009-07-12 12:45:05 ----N---- C:\WINDOWS\slrundll.exe
2009-07-12 12:45:04 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-07-12 12:45:04 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-07-12 12:45:04 ----N---- C:\WINDOWS\system32\setupn.exe
2009-07-12 12:45:03 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-07-12 12:45:02 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-07-12 12:45:02 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-07-12 12:45:01 ----N---- C:\WINDOWS\system32\qutil.dll
2009-07-12 12:45:01 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-07-12 12:45:01 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-07-12 12:45:01 ----N---- C:\WINDOWS\system32\qagent.dll
2009-07-12 12:45:00 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-07-12 12:44:59 ----N---- C:\WINDOWS\system32\onex.dll
2009-07-12 12:44:55 ----N---- C:\WINDOWS\system32\napstat.exe
2009-07-12 12:44:55 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-07-12 12:44:55 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-07-12 12:44:55 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-07-12 12:44:54 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-07-12 12:44:54 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-07-12 12:44:54 ----N---- C:\WINDOWS\system32\mssha.dll
2009-07-12 12:44:54 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-07-12 12:44:46 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-07-12 12:44:46 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-07-12 12:44:46 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-07-12 12:44:46 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-07-12 12:44:40 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-07-12 12:44:40 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-07-12 12:44:39 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-07-12 12:44:39 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-07-12 12:44:39 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-07-12 12:44:39 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-07-12 12:44:35 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-07-12 12:44:35 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-07-12 12:44:34 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-07-12 12:44:32 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-07-12 12:44:30 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-07-12 12:44:29 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-07-12 12:44:28 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-07-12 12:44:28 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-07-12 12:44:28 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-07-12 12:44:28 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-07-12 12:44:28 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-07-12 12:44:27 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-07-12 12:44:27 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-07-12 12:44:27 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-07-12 12:44:27 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-07-12 12:44:27 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-07-12 12:44:26 ----N---- C:\WINDOWS\system32\credssp.dll
2009-07-12 12:44:23 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-07-12 12:44:23 ----N---- C:\WINDOWS\system32\azroles.dll
2009-07-12 12:44:23 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-07-12 12:44:23 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-07-12 12:44:22 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-07-12 12:44:22 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-07-12 12:44:22 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-07-12 12:44:22 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-07-12 12:44:22 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-07-12 12:44:19 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-07-12 12:07:45 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-07-12 12:07:37 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-07-12 12:07:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968537_0$
2009-07-12 12:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-07-12 12:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-07-12 12:06:53 ----D---- C:\WINDOWS\ie8updates
2009-07-12 12:06:37 ----D---- C:\WINDOWS\WBEM
2009-07-12 12:05:15 ----HDC---- C:\WINDOWS\ie8
2009-07-12 12:05:15 ----D---- C:\WINDOWS\system32\en-US
2009-07-12 12:04:03 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-12 12:00:32 ----D---- C:\Program Files\MSXML 4.0
2009-07-12 12:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-07-12 12:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-07-12 12:00:09 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-07-12 11:59:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-07-12 11:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-07-12 11:59:35 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-07-12 11:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-07-12 11:59:19 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-07-12 11:59:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-07-12 11:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-07-12 11:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-07-12 11:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-12 11:58:52 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-12 11:58:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-07-12 11:58:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-07-12 11:58:34 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-07-12 11:58:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-07-12 11:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-07-12 11:58:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-07-12 11:58:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-07-12 11:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-07-12 11:57:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-07-12 11:57:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-07-12 11:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-07-12 11:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-07-12 11:57:28 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-07-12 11:57:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-07-12 11:57:13 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2009-07-12 11:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-07-12 11:57:04 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-07-12 11:56:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-07-12 11:56:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-07-12 11:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-07-12 11:53:56 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-07-12 11:53:37 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-07-12 11:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-07-12 11:53:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-07-12 11:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2009-07-12 11:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-07-12 11:53:02 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2009-07-12 11:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2009-07-12 11:52:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-07-12 11:52:26 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2009-07-12 11:52:13 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-07-12 11:51:58 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-07-12 11:51:53 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-07-12 11:51:51 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-07-12 11:51:45 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-07-12 11:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-07-12 11:51:34 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2009-07-12 11:51:30 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-07-12 11:51:24 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-07-12 11:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-07-12 11:51:14 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-07-12 11:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-07-12 11:51:06 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-07-12 11:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-07-12 11:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-07-12 11:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-07-12 11:50:46 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-07-12 11:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-07-12 11:50:32 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-07-12 11:50:27 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-07-12 11:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-07-12 11:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-07-12 11:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-07-12 11:50:06 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-07-12 11:50:00 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-07-12 11:49:54 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-07-12 11:49:49 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-07-12 11:49:41 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-07-12 11:49:36 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-07-12 11:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-07-12 11:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-07-12 11:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-07-12 11:49:16 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-07-12 11:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-07-12 11:49:03 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-07-12 11:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-07-12 11:48:45 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2009-07-12 11:48:25 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-07-12 11:48:20 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-07-12 11:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-07-12 11:48:08 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-07-12 11:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-07-12 11:47:57 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-07-12 11:47:51 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-07-12 11:45:30 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-07-12 11:45:26 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-07-12 11:45:21 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-07-12 11:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-07-12 11:45:09 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-07-12 11:45:04 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-07-12 11:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-07-12 11:44:50 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-07-12 11:11:35 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-07-12 10:59:17 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-07-12 10:59:06 ----D---- C:\WINDOWS\system32\PreInstall
2009-07-12 10:59:04 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-07-12 10:43:11 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-12 10:43:11 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-12 10:43:11 ----A---- C:\WINDOWS\system32\java.exe
2009-07-12 10:43:11 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-12 10:41:17 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Sun
2009-07-12 10:40:07 ----RASH---- C:\BOOT.BAK
2009-07-12 10:39:56 ----RSHD---- C:\cmdcons
2009-07-12 10:39:56 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-07-12 10:39:55 ----D---- C:\WINDOWS\setup.pss
2009-07-12 10:39:30 ----D---- C:\WINDOWS\setupupd
2009-07-12 10:35:08 ----ASH---- C:\Documents and Settings\Compaq_Administrator\Application Data\desktop.ini
2009-07-12 10:35:03 ----SD---- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft
2009-07-12 10:35:03 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Real
2009-07-12 10:35:03 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Intuit
2009-07-12 10:35:03 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Identities
2009-07-12 10:32:52 ----D---- C:\WINDOWS\system32\SoftwareDistribution
======List of files/folders modified in the last 1 months======
2009-07-29 22:36:10 ----D---- C:\WINDOWS\system32
2009-07-29 22:36:09 ----D---- C:\WINDOWS\system32\drivers
2009-07-29 22:35:44 ----D---- C:\WINDOWS\Temp
2009-07-29 22:35:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-29 22:30:50 ----AD---- C:\WINDOWS
2009-07-29 22:30:50 ----A---- C:\WINDOWS\system.ini
2009-07-29 22:30:09 ----D---- C:\WINDOWS\Registration
2009-07-29 22:29:47 ----SD---- C:\WINDOWS\Tasks
2009-07-29 22:27:40 ----D---- C:\Program Files
2009-07-29 22:27:39 ----SHD---- C:\WINDOWS\Installer
2009-07-29 22:25:54 ----D---- C:\WINDOWS\AppPatch
2009-07-29 22:25:43 ----D---- C:\Program Files\Common Files
2009-07-29 22:20:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-29 12:31:30 ----D---- C:\Program Files\Internet Explorer
2009-07-29 12:30:03 ----HD---- C:\WINDOWS\inf
2009-07-29 12:29:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-29 12:29:30 ----D---- C:\WINDOWS\WinSxS
2009-07-27 23:43:50 ----A---- C:\WINDOWS\WININIT.INI
2009-07-27 23:43:48 ----D---- C:\WINDOWS\wt
2009-07-27 15:40:26 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-27 15:39:50 ----D---- C:\Program Files\Adobe
2009-07-27 15:35:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 15:24:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-19 09:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-16 17:31:38 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-15 07:59:45 ----A---- C:\WINDOWS\imsins.BAK
2009-07-13 13:31:29 ----D---- C:\Program Files\Google
2009-07-13 11:33:01 ----D---- C:\Program Files\HP
2009-07-13 11:30:04 ----D---- C:\Program Files\Hewlett-Packard
2009-07-12 20:30:53 ----A---- C:\WINDOWS\win.ini
2009-07-12 20:30:45 ----D---- C:\WINDOWS\twain_32
2009-07-12 20:24:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-12 18:51:41 ----D---- C:\Program Files\Common Files\Real
2009-07-12 18:51:38 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-07-12 18:51:27 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-07-12 18:51:27 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-07-12 18:51:23 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-07-12 18:51:23 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-07-12 17:08:26 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-12 16:48:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-12 16:40:58 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-12 16:40:57 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-07-12 16:13:13 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-12 16:02:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-12 15:59:30 ----RSD---- C:\WINDOWS\Fonts
2009-07-12 15:59:07 ----D---- C:\WINDOWS\system32\spool
2009-07-12 15:53:56 ----D---- C:\WINDOWS\system32\Lang
2009-07-12 15:53:47 ----D---- C:\WINDOWS\system32\RTCOM
2009-07-12 15:53:20 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-12 15:17:51 ----D---- C:\WINDOWS\Help
2009-07-12 15:17:51 ----D---- C:\WINDOWS\ehome
2009-07-12 15:17:50 ----D---- C:\WINDOWS\nview
2009-07-12 15:17:13 ----D---- C:\WINDOWS\security
2009-07-12 15:10:26 ----D---- C:\WINDOWS\system32\DirectX
2009-07-12 14:54:15 ----D---- C:\WINDOWS\system32\wbem
2009-07-12 14:53:04 ----D---- C:\Program Files\Windows Media Player
2009-07-12 14:06:19 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-12 14:05:09 ----A---- C:\WINDOWS\setuplog.txt
2009-07-12 14:04:33 ----D---- C:\WINDOWS\system32\Setup
2009-07-12 14:04:33 ----D---- C:\WINDOWS\ime
2009-07-12 14:04:33 ----D---- C:\Program Files\Messenger
2009-07-12 13:52:23 ----D---- C:\WINDOWS\system32\inetsrv
2009-07-12 13:52:12 ----D---- C:\WINDOWS\system32\usmt
2009-07-12 13:52:10 ----D---- C:\WINDOWS\PeerNet
2009-07-12 13:52:10 ----D---- C:\Program Files\Movie Maker
2009-07-12 13:49:46 ----D---- C:\WINDOWS\system32\Restore
2009-07-12 13:49:46 ----D---- C:\WINDOWS\system32\npp
2009-07-12 13:49:46 ----D---- C:\WINDOWS\mui
2009-07-12 13:49:45 ----D---- C:\WINDOWS\msagent
2009-07-12 13:49:43 ----D---- C:\WINDOWS\srchasst
2009-07-12 13:49:43 ----D---- C:\Program Files\NetMeeting
2009-07-12 13:49:41 ----D---- C:\WINDOWS\system32\Com
2009-07-12 13:49:39 ----D---- C:\Program Files\Windows NT
2009-07-12 13:49:38 ----D---- C:\Program Files\Outlook Express
2009-07-12 13:49:35 ----D---- C:\Program Files\Common Files\System
2009-07-12 13:49:19 ----D---- C:\WINDOWS\system32\oobe
2009-07-12 13:49:17 ----D---- C:\WINDOWS\system
2009-07-12 13:28:38 ----D---- C:\WINDOWS\repair
2009-07-12 13:25:11 ----AD---- C:\WINDOWS\SMINST
2009-07-12 12:28:36 ----D---- C:\WINDOWS\Debug
2009-07-12 12:17:30 ----HD---- C:\hp
2009-07-12 12:06:28 ----D---- C:\WINDOWS\Media
2009-07-12 10:44:18 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-12 10:42:55 ----D---- C:\Program Files\Java
2009-07-12 10:40:09 ----RASH---- C:\boot.ini
2009-07-12 10:38:28 ----D---- C:\WINDOWS\I386
2009-07-12 10:37:46 ----AD---- C:\WINDOWS\system32\pcintro
2009-07-12 10:35:02 ----D---- C:\Documents and Settings
2009-07-03 13:09:28 ----A---- C:\WINDOWS\system32\wininet.dll
2009-07-03 13:09:27 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-03 13:09:27 ----A---- C:\WINDOWS\system32\occache.dll
2009-07-03 13:09:25 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-03 13:09:25 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-03 13:09:24 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-07-03 13:09:24 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-03 13:09:23 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-07-03 13:09:21 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 07:01:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-17 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-12 108552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB); C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-23 547744]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 catchme;catchme; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-11 5028352]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-05-09 3535680]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-12 298776]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-12 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-24 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-05-09 131139]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 gupdate1ca03dfb46d2e88;Google Update Service (gupdate1ca03dfb46d2e88); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-13 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-13 190448]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-07-14 66056]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Hi,
Not really sure why Flashget was removed, I will have to inquire about that, but the Rootkit was removed:bigthumb:
How are things running now?
blues10guy2
2009-07-30, 17:13
Good morning:
The only thing I find is the flash player has problems but I think that can be fixed with a reinstall. I ran malware bytes this am and it found nothing so If you say I am good to go all is well. From the bottom of this old disabled guys heart, :thanks: you are an :angel: My computer is the only thing I have that stops me from going stir crazy. I'd buy you a :beerbeerb: if I could for :cleaning: my system but I guess you will settle for this:bighug::yahoo:
Larry
will check back later today for your final thoughts
Hey,
I think your fine but why don't you run this free online virus scan as a doublecheck.
Please run this free online virus scanner from ESET (http://www.eset.eu/online-scanner)
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic
blues10guy2
2009-07-31, 01:53
I see it's going to be a long week!
11 more and I don't know where they were hidimg
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=a0123eac6250a1439806a090c2aa9e9c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-30 10:45:58
# local_time=2009-07-30 06:45:58 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 21 83 100 11603586875000
# scanned=125444
# found=11
# cleaned=11
# scan_time=6562
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent21.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent51.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent8.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\hp\bin\wbug\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\geyekrqjbvxyye.dll.vir Win32/Olmarik.JU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\geyekrtfnxdhmn.dll.vir Win32/Olmarik.KE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_geyekraordymll_.sys.zip Win32/Olmarik.KE trojan (deleted - quarantined) 00000000000000000000000000000000 C
D:\I386\APPS\APP19663\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
D:\I386\APPS\APP19663\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28\A0008977.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP28\A0008978.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
:hair::surrender::banghead:
Larry
Hello Larry,
Not to worry, almost a 100% of what ESET found where backups of what we removed , so don't lose the rest of your hair over it. :)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery <-- Delete everything in this folder but not the folder itself. Or open up Spybot and go to the quarantine folder and empty it all.
C:\Qoobox\Quarantine <--Empty this folder , these are backups of what Combofix removed.
D:\System Volume Information\_restore
System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points
Turn off System Restore.
Right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore on all Drives.
Click Apply, and then click OK.
Reboot your computer
Turn ON System Restore.
Right-click My Computer.
ClickProperties.
Click the System Restore tab.
UN-Check Turn off System Restore on all Drives.
Click Apply, and then click OK.
Create a new Restore Point <-- Very Important
Go to Start> All Programs> Assesories> System Tools> System Restore and create a New Restore Point
System Restore Tutorial (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- If you need it
If you still need help with some of your applications let me know and I can direct you to forums that deal with those issues as we just do malware removal on this one
blues10guy2
2009-07-31, 17:54
I have done as you advised what is the next step?
Larry
Looks like your good to go :bigthumb:
TFC <--Yours to keep, run it about once aweek to clean out the clutter.
Malwarebytes <-- Yours to keep also, check for updates and run a scan now and then.
Combofix <---Is not a general cleaning tool, just run it with supervision or you can bork your system
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
When shown the disclaimer, Select "2"
The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster and Spyware Guard, they will conflict with the TeaTimer in Spybot , you can still install Spybot Search and Destroy but do not enable the TeaTimer .
Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
Spybot Search and Destroy 1.6 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 3 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
Safe Surfn
Ken
blues10guy2
2009-07-31, 22:22
Thanks again I removed combofix per your instructions.
Your instructions were very easy to follow and worked every time I wish all could be as good as you! You mentioned other app help forums. Would you have a list that I can have or a site listing most of them? I do have problems from time to time and knowing where to go would help. If you don't want to list here Where can I send my e-mail addy to get them?
:wav: I here buy crown you the king of this forum:crowned::wav:
Larry
Hi,
Listing sites for you is not a problem. Read this about Flashget, you may want to think twice about reinstalling it.
http://www.siteadvisor.com/sites/flashget.com
FlashGet Network is bundled in with trojan.pophot., amongst others
Just like this forum is for removing malware, there are hundreds of forums for anything from Photoshop to Printers, almost any imaginable software program or hardware device has a forum, you can use Google to search for one.
Here are my favorites, I am sure you will find the help you need in one of them.
Windows Tech Support Forums
Windows Support (http://forums.whatthetech.com/Microsoft_Windows_f119.html) <-- Windows forum on our sister site
PcPitStop (http://pcpitstop.com/) <-- You can take your system in for a checkup here.
Bleeping Computer (http://www.bleepingcomputer.com/forums/forum56.html) <--Excellent Forum
Windows Helpnet (http://www.windowsbbs.com/) <-- Excellent Forum
Hardwareguys (http://forums.hardwareguys.com/) <-- Another good one
It's Not Always Malware
Slow Computer (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)
Microsoft (http://www.microsoft.com/windows/IE/community/columns/IEtopten.mspx)
Speedup Windows
TechBuilder (http://www.techbuilder.org/recipes/59201471)
Windows Tips
Techruler (http://www.techruler.com/tips.html#1)
Kellys Korner (http://www.kellys-korner-xp.com/xp_abc.htm)
Take care,
Ken :)
blues10guy2
2009-08-01, 17:20
Hi Ken:
I saved both of these pages to my computer for future reference. I did download flasdhget 1.96? and ran it by a couple of scanners and found nothing. Thanks for the info. I think it's getting where every page program has a clone page loaded with nasties so a person has to be careful. Thanks once again you are a dimond amoung coal.
Larry :thanks:
Hey Larry,
It appears that FlashGet may be ok ( choosing my words carefully because its up in the air ) but FlashGet Network is the problem so be very careful what you use.
FlashGet Network <--This is what you had on your system and was removed.
Take care,
Ken :)
blues10guy2
2009-08-03, 04:55
Hi Ken:
Thanks for the info I did not know Flashget 2.0 was the network :oops: and to be honest It didn't work as well as 1.9 and that is a program not a network so when I reinstalled i went back to 1.9 I am now a happy camper Thanks again and good hunting.
Larry
:bigthumb:
That's great Larry,
Take care,
Ken
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.