doubleplove
2010-09-17, 17:44
Hi,
Got some problems. Think its malware. computer very slow and SE pages
redirect to other pages not requested.
Here are my logs
DDS (Ver_10-03-17.01) - NTFSx86
Run by MoneyIsDaObject at 10:33:09.42 on Fri 09/17/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.135 [GMT -4:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MoneyIsDaObject\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Google Update] "c:\users\moneyisdaobject\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Hpafiroqu] rundll32.exe "c:\users\moneyisdaobject\appdata\local\d1cwms.dll",Startup
uRun: [{E7BB20DF-2774-076F-D116-37825B38173C}] c:\users\moneyisdaobject\appdata\roaming\odevw\okbe.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\public\docume~1\windows\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\public\documents\windows\winhelp.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\moneyi~1\appdata\roaming\mozilla\firefox\profiles\5ze65ihb.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\users\moneyisdaobject\appdata\roaming\mozilla\firefox\profiles\5ze65ihb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\moneyisdaobject\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\moneyisdaobject\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\moneyisdaobject\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-8 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-8 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-8 243024]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-8 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-8 308136]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-12 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-8 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-9-8 431432]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-9-15 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-09-17 14:25:37 54016 ----a-w- c:\windows\system32\drivers\vars.sys
2010-09-17 14:11:41 0 d-----w- c:\users\moneyi~1\appdata\roaming\Odevw
2010-09-17 14:11:41 0 d-----w- c:\users\moneyi~1\appdata\roaming\Luvas
2010-09-17 13:00:50 0 d-----w- c:\users\moneyi~1\appdata\roaming\Malwarebytes
2010-09-17 13:00:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 13:00:33 0 d-----w- c:\programdata\Malwarebytes
2010-09-17 13:00:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 13:00:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 05:48:39 0 d-----w- c:\users\moneyisdaobject\Tracing
2010-09-15 05:47:30 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-15 05:45:35 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-15 05:45:27 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-15 05:44:26 0 d-----w- c:\program files\Microsoft
2010-09-15 05:44:06 0 d-----w- c:\program files\Windows Live SkyDrive
2010-09-15 05:36:24 0 d-----w- c:\program files\common files\Windows Live
2010-09-15 05:33:10 0 d-----w- c:\windows\system32\x64
2010-09-15 03:55:47 0 d-----w- c:\users\moneyi~1\appdata\roaming\WildTangent
2010-09-15 03:33:50 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 03:33:49 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 03:33:47 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 03:33:43 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-12 18:05:56 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-12 18:05:56 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-11 15:37:28 0 d-----w- c:\program files\Windows Portable Devices
2010-09-11 08:08:44 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-09-11 08:08:44 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-09-11 08:08:44 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-09-11 08:06:34 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-09-11 08:04:28 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-09-11 08:04:28 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-09-11 08:04:28 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-09-10 18:18:20 0 d-----w- c:\windows\system32\vi-VN
2010-09-10 18:18:20 0 d-----w- c:\windows\system32\eu-ES
2010-09-10 18:18:20 0 d-----w- c:\windows\system32\ca-ES
2010-09-10 17:57:15 0 d-----w- c:\windows\system32\EventProviders
2010-09-09 20:26:53 0 d-sh--w- c:\users\moneyi~1\appdata\roaming\lowsec
2010-09-09 19:59:26 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2010-09-09 16:42:46 0 d-----w- c:\users\moneyisdaobject\New Folder
2010-09-09 16:42:08 0 d-----w- c:\program files\common files\Akamai
2010-09-09 16:33:59 9728 ----a-w- c:\windows\system32\fdBthProxy.dll
2010-09-09 16:32:59 153 ----a-w- c:\windows\system32\RacUREx.xml
2010-09-09 16:32:50 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-09-09 16:32:50 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-09-09 16:32:50 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-09-09 16:32:50 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-09-09 16:32:49 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-09-09 16:32:49 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-09-09 16:32:49 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-09-09 16:32:47 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-09-09 16:32:45 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-09-09 16:32:44 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-09-09 16:32:38 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-09-09 16:12:44 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-09-09 16:12:43 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-09-09 01:40:54 0 d-----w- c:\programdata\Office Genuine Advantage
2010-09-09 01:31:56 72704 ----a-w- c:\windows\system32\admparse.dll
2010-09-09 01:28:52 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-09-09 01:12:26 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-09 01:12:26 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-09 01:12:26 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-09-09 01:12:26 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-09 01:12:26 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-09-09 00:43:54 0 ----a-w- c:\windows\system32\sho8241.tmp
2010-09-08 23:50:58 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-09-08 23:50:57 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-09-08 23:06:32 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-09-08 23:06:32 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-09-08 23:06:31 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-09-08 23:04:13 0 d-----w- c:\program files\MSXML 4.0
2010-09-08 22:52:07 0 d-----w- c:\users\moneyi~1\appdata\roaming\KompoZer
2010-09-08 18:44:24 0 d-----w- c:\programdata\VirtualizedApplications
2010-09-08 18:04:52 0 d--h--w- C:\$AVG
2010-09-08 16:32:44 0 d-----w- c:\users\moneyi~1\appdata\roaming\SoftGrid Client
2010-09-08 16:29:04 0 d-----w- c:\program files\Microsoft Application Virtualization Client
2010-09-08 16:27:20 0 d-----w- c:\users\moneyi~1\appdata\roaming\TP
2010-09-08 16:23:49 0 d-----w- c:\programdata\Yahoo! Companion
2010-09-08 16:21:23 0 d-----w- c:\programdata\Google
2010-09-08 15:49:56 0 d-----w- c:\programdata\RoboForm
2010-09-08 15:49:26 0 d-----w- c:\program files\Siber Systems
2010-09-08 15:41:57 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-09-08 15:38:34 0 d-----r- c:\program files\Skype
2010-09-08 15:38:26 0 d-----w- c:\programdata\Skype
2010-09-08 14:50:19 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-09-08 14:50:15 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-09-08 14:50:12 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-09-08 14:50:11 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-09-08 14:50:10 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-09-08 14:50:06 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-09-08 14:50:06 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-09-08 14:50:06 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-09-08 14:50:06 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-09-08 14:50:05 9728 ----a-w- c:\windows\system32\lsass.exe
2010-09-08 14:50:05 72704 ----a-w- c:\windows\system32\secur32.dll
2010-09-08 14:48:59 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-09-08 14:47:59 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-09-08 14:47:45 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-09-08 14:47:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-09-08 14:47:45 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-09-08 14:47:45 23552 ----a-w- c:\windows\system32\lpk.dll
2010-09-08 14:47:45 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-09-08 14:47:43 623616 ----a-w- c:\windows\system32\localspl.dll
2010-09-08 14:47:42 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-09-08 14:47:34 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-09-08 14:46:57 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-09-08 14:46:57 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-09-08 14:46:49 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-09-08 14:44:50 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-09-08 06:56:54 0 d-----w- c:\program files\HP Games
2010-09-08 06:56:53 0 d-----w- c:\programdata\WildTangent
2010-09-08 06:52:08 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2010-09-08 06:51:48 9472 ----a-w- c:\windows\system32\drivers\CPQBttn.sys
2010-09-08 06:51:47 987136 ----a-w- c:\windows\system32\BttnCmn.dll
2010-09-08 06:51:47 16768 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2010-09-08 06:51:47 1560576 ----a-w- c:\windows\system32\BttnCmns_64.dll
2010-09-08 06:51:47 1560576 ----a-w- c:\windows\system32\BttnCmns.dll
2010-09-08 06:51:47 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2010-09-08 06:51:18 0 d-----w- c:\programdata\CyberLink
2010-09-08 06:51:00 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-09-08 06:51:00 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-09-08 06:50:11 89088 ------w- c:\windows\system32\atl71.dll
2010-09-08 06:49:30 16064 ----a-w- c:\windows\system32\results.xml
2010-09-08 06:45:44 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-09-08 06:45:29 126976 ----a-w- c:\windows\system32\Imsmudlg.exe
2010-09-08 06:45:29 0 d-----w- c:\windows\system32\ENU
2010-09-08 06:45:20 308248 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-09-08 06:44:54 0 d-----w- c:\program files\NetWaiting
2010-09-08 06:43:36 0 d-----w- c:\program files\Realtek
2010-09-08 06:43:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-09-08 06:43:16 0 d-----w- c:\program files\Apoint2K
2010-09-08 06:42:50 360448 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-09-08 06:42:50 155648 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-09-08 06:41:29 920088 ----a-w- c:\windows\system32\igxpun.exe
2010-09-08 06:41:29 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-09-08 06:41:29 121232 ----a-w- c:\windows\system32\IScrNBR.bmp
2010-09-08 06:41:29 121232 ----a-w- c:\windows\system32\IScrNB.bmp
2010-09-08 06:41:29 0 d-----w- c:\windows\system32\Lang
2010-09-08 06:41:28 0 d-----w- C:\Intel
2010-09-08 06:41:03 735232 ----a-w- c:\windows\system32\drivers\athr.sys
2010-09-08 06:41:03 735232 ----a-w- c:\windows\system32\athr.sys
2010-09-08 06:41:03 6483 ----a-w- c:\windows\system32\netathr.inf
2010-09-08 06:41:03 10844 ----a-w- c:\windows\system32\athrext.cat
2010-09-08 06:41:03 0 d-----w- c:\windows\Options
2010-09-08 06:41:03 0 d-----w- c:\program files\Atheros
2010-09-08 06:40:59 0 d-----w- c:\programdata\Atheros
2010-09-08 06:39:55 984064 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2010-09-08 06:39:55 660480 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2010-09-08 06:39:55 208896 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys
2010-09-08 06:34:44 0 d-----w- c:\program files\CONEXANT
2010-09-08 06:14:53 331264 ----a-w- c:\windows\system32\ShellvRTF64.dll
2010-09-08 06:14:53 274432 ----a-w- c:\windows\system32\ShellvRTF.dll
2010-09-08 06:14:51 0 d-----w- c:\windows\SMINST
2010-09-08 06:13:01 0 d-----w- c:\windows\Downloaded Installations
2010-09-08 06:12:00 0 d-----w- C:\CVS
2010-09-08 06:09:51 0 d-----w- c:\program files\earthlink totalaccess
2010-09-08 06:09:43 0 d-----w- c:\programdata\Hewlett-Packard
2010-09-08 06:09:12 0 d-----w- c:\program files\AWS
2010-09-08 06:07:06 0 d-----r- c:\program files\Online Services
2010-09-08 05:56:25 1053232 ----a-w- c:\windows\system32\MFC71u.dll
2010-09-08 05:56:24 1066544 ----a-w- c:\windows\system32\MFC71.dll
2010-09-08 05:55:46 0 d-----w- c:\programdata\Adobe
2010-09-08 05:54:02 0 d-----w- c:\program files\common files\HP
2010-09-08 05:54:01 0 d-----w- c:\program files\HP
2010-09-08 05:53:51 101605 ----a-w- c:\windows\hpqins13.dat
2010-09-08 05:53:50 0 d-----w- c:\programdata\HP
2010-09-08 05:51:29 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-08 05:50:40 0 d-----w- c:\windows\PCHEALTH
2010-09-08 05:49:19 0 d-----w- c:\programdata\Microsoft Help
2010-09-08 05:38:51 0 d-----w- c:\program files\muvee Technologies
2010-09-08 05:38:51 0 d-----w- c:\program files\common files\muvee Technologies
2010-09-08 05:38:45 0 d-----w- c:\programdata\muvee Technologies
2010-09-08 05:15:52 0 d-----w- c:\programdata\Viewpoint
2010-09-08 05:15:52 0 d-----w- c:\program files\Viewpoint
2010-09-08 05:15:35 0 d-----w- c:\program files\common files\AOL
2010-09-08 05:15:34 0 d-----w- c:\program files\AIM6
2010-09-08 05:15:31 381 ---ha-w- C:\IPH.PH
2010-09-08 04:58:20 0 d-----w- c:\programdata\Symantec
2010-09-08 04:58:18 0 d-----w- c:\program files\common files\Symantec Shared
2010-09-08 04:57:56 0 d-sh--w- c:\windows\Installer
2010-09-08 04:50:44 0 d-sh--w- C:\$RECYCLE.BIN
2010-09-08 04:41:20 0 d-----w- c:\windows\panther
2010-09-08 04:40:37 0 d--h--w- C:\HP
2010-09-08 04:12:45 0 d-----w- c:\programdata\Sun
2010-09-08 04:12:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 04:06:32 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-08 04:06:30 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-08 04:06:21 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-08 04:06:15 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-08 04:06:13 0 d-----w- c:\programdata\AVG Security Toolbar
2010-09-08 04:03:22 0 d-----w- c:\program files\AVG
2010-09-08 04:03:04 0 d-----w- c:\programdata\avg9
2010-09-08 03:38:32 98304 ----a-w- c:\windows\system32\cabview.dll
2010-09-08 03:38:30 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-09-08 03:29:52 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-09-08 03:29:31 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-09-08 03:29:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-09-08 03:29:20 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-09-08 03:26:25 0 d-----w- c:\users\moneyi~1\appdata\roaming\Symantec
2010-09-08 03:25:28 81 ----a-w- c:\windows\system32\LOG
2010-09-08 03:25:26 44 ----a-w- c:\windows\system\hpsysdrv.dat
2010-09-08 03:21:32 0 d-----w- c:\program files\Yahoo!
==================== Find3M ====================
2010-09-15 05:34:34 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-15 05:34:34 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-15 05:34:33 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-11 15:37:18 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-09-10 18:10:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-09-08 03:14:49 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Presario C700 Notebook PC_Y5335KV_0U_QCND8186QJN_E482590-001_4A_I30D9_SHP_V83.21_F.32_T080319_WV3-1_L409_M1014_J250_7Intel_86FD_91.73_#100907_N10EC8139;168C001C_(KN987UA#ABA)_XMOBILE_CN10_Z_2F.32.MRK
2010-09-03 01:47:34 27200 ----a-w- c:\windows\fonts\letteromatic.ttf
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 10:35:23.42 ===============
Got some problems. Think its malware. computer very slow and SE pages
redirect to other pages not requested.
Here are my logs
DDS (Ver_10-03-17.01) - NTFSx86
Run by MoneyIsDaObject at 10:33:09.42 on Fri 09/17/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.135 [GMT -4:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\MoneyIsDaObject\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Google Update] "c:\users\moneyisdaobject\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Hpafiroqu] rundll32.exe "c:\users\moneyisdaobject\appdata\local\d1cwms.dll",Startup
uRun: [{E7BB20DF-2774-076F-D116-37825B38173C}] c:\users\moneyisdaobject\appdata\roaming\odevw\okbe.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\public\docume~1\windows\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\public\documents\windows\winhelp.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\moneyi~1\appdata\roaming\mozilla\firefox\profiles\5ze65ihb.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\users\moneyisdaobject\appdata\roaming\mozilla\firefox\profiles\5ze65ihb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\moneyisdaobject\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\moneyisdaobject\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\moneyisdaobject\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-8 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-8 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-8 243024]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-8 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-8 308136]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-12 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-8 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-9-8 431432]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-9-15 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-09-17 14:25:37 54016 ----a-w- c:\windows\system32\drivers\vars.sys
2010-09-17 14:11:41 0 d-----w- c:\users\moneyi~1\appdata\roaming\Odevw
2010-09-17 14:11:41 0 d-----w- c:\users\moneyi~1\appdata\roaming\Luvas
2010-09-17 13:00:50 0 d-----w- c:\users\moneyi~1\appdata\roaming\Malwarebytes
2010-09-17 13:00:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 13:00:33 0 d-----w- c:\programdata\Malwarebytes
2010-09-17 13:00:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 13:00:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 05:48:39 0 d-----w- c:\users\moneyisdaobject\Tracing
2010-09-15 05:47:30 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-15 05:45:35 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-09-15 05:45:27 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-15 05:44:26 0 d-----w- c:\program files\Microsoft
2010-09-15 05:44:06 0 d-----w- c:\program files\Windows Live SkyDrive
2010-09-15 05:36:24 0 d-----w- c:\program files\common files\Windows Live
2010-09-15 05:33:10 0 d-----w- c:\windows\system32\x64
2010-09-15 03:55:47 0 d-----w- c:\users\moneyi~1\appdata\roaming\WildTangent
2010-09-15 03:33:50 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 03:33:49 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 03:33:47 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 03:33:43 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-12 18:05:56 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-12 18:05:56 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-11 15:37:28 0 d-----w- c:\program files\Windows Portable Devices
2010-09-11 08:08:44 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-09-11 08:08:44 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-09-11 08:08:44 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-09-11 08:06:34 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2010-09-11 08:04:28 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-09-11 08:04:28 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-09-11 08:04:28 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-09-10 18:18:20 0 d-----w- c:\windows\system32\vi-VN
2010-09-10 18:18:20 0 d-----w- c:\windows\system32\eu-ES
2010-09-10 18:18:20 0 d-----w- c:\windows\system32\ca-ES
2010-09-10 17:57:15 0 d-----w- c:\windows\system32\EventProviders
2010-09-09 20:26:53 0 d-sh--w- c:\users\moneyi~1\appdata\roaming\lowsec
2010-09-09 19:59:26 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2010-09-09 16:42:46 0 d-----w- c:\users\moneyisdaobject\New Folder
2010-09-09 16:42:08 0 d-----w- c:\program files\common files\Akamai
2010-09-09 16:33:59 9728 ----a-w- c:\windows\system32\fdBthProxy.dll
2010-09-09 16:32:59 153 ----a-w- c:\windows\system32\RacUREx.xml
2010-09-09 16:32:50 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-09-09 16:32:50 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-09-09 16:32:50 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-09-09 16:32:50 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-09-09 16:32:49 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-09-09 16:32:49 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-09-09 16:32:49 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-09-09 16:32:47 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-09-09 16:32:45 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-09-09 16:32:44 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-09-09 16:32:38 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-09-09 16:12:44 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-09-09 16:12:43 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-09-09 01:40:54 0 d-----w- c:\programdata\Office Genuine Advantage
2010-09-09 01:31:56 72704 ----a-w- c:\windows\system32\admparse.dll
2010-09-09 01:28:52 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-09-09 01:12:26 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-09-09 01:12:26 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-09-09 01:12:26 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-09-09 01:12:26 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-09-09 01:12:26 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-09-09 00:43:54 0 ----a-w- c:\windows\system32\sho8241.tmp
2010-09-08 23:50:58 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-09-08 23:50:57 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-09-08 23:06:32 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-09-08 23:06:32 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-09-08 23:06:31 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-09-08 23:04:13 0 d-----w- c:\program files\MSXML 4.0
2010-09-08 22:52:07 0 d-----w- c:\users\moneyi~1\appdata\roaming\KompoZer
2010-09-08 18:44:24 0 d-----w- c:\programdata\VirtualizedApplications
2010-09-08 18:04:52 0 d--h--w- C:\$AVG
2010-09-08 16:32:44 0 d-----w- c:\users\moneyi~1\appdata\roaming\SoftGrid Client
2010-09-08 16:29:04 0 d-----w- c:\program files\Microsoft Application Virtualization Client
2010-09-08 16:27:20 0 d-----w- c:\users\moneyi~1\appdata\roaming\TP
2010-09-08 16:23:49 0 d-----w- c:\programdata\Yahoo! Companion
2010-09-08 16:21:23 0 d-----w- c:\programdata\Google
2010-09-08 15:49:56 0 d-----w- c:\programdata\RoboForm
2010-09-08 15:49:26 0 d-----w- c:\program files\Siber Systems
2010-09-08 15:41:57 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-09-08 15:38:34 0 d-----r- c:\program files\Skype
2010-09-08 15:38:26 0 d-----w- c:\programdata\Skype
2010-09-08 14:50:19 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-09-08 14:50:15 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-09-08 14:50:12 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-09-08 14:50:11 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-09-08 14:50:10 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-09-08 14:50:06 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-09-08 14:50:06 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-09-08 14:50:06 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-09-08 14:50:06 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-09-08 14:50:05 9728 ----a-w- c:\windows\system32\lsass.exe
2010-09-08 14:50:05 72704 ----a-w- c:\windows\system32\secur32.dll
2010-09-08 14:48:59 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-09-08 14:47:59 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-09-08 14:47:45 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-09-08 14:47:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-09-08 14:47:45 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-09-08 14:47:45 23552 ----a-w- c:\windows\system32\lpk.dll
2010-09-08 14:47:45 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-09-08 14:47:43 623616 ----a-w- c:\windows\system32\localspl.dll
2010-09-08 14:47:42 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-09-08 14:47:34 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-09-08 14:46:57 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-09-08 14:46:57 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-09-08 14:46:49 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-09-08 14:44:50 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-09-08 06:56:54 0 d-----w- c:\program files\HP Games
2010-09-08 06:56:53 0 d-----w- c:\programdata\WildTangent
2010-09-08 06:52:08 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf
2010-09-08 06:51:48 9472 ----a-w- c:\windows\system32\drivers\CPQBttn.sys
2010-09-08 06:51:47 987136 ----a-w- c:\windows\system32\BttnCmn.dll
2010-09-08 06:51:47 16768 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2010-09-08 06:51:47 1560576 ----a-w- c:\windows\system32\BttnCmns_64.dll
2010-09-08 06:51:47 1560576 ----a-w- c:\windows\system32\BttnCmns.dll
2010-09-08 06:51:47 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2010-09-08 06:51:18 0 d-----w- c:\programdata\CyberLink
2010-09-08 06:51:00 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-09-08 06:51:00 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-09-08 06:50:11 89088 ------w- c:\windows\system32\atl71.dll
2010-09-08 06:49:30 16064 ----a-w- c:\windows\system32\results.xml
2010-09-08 06:45:44 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-09-08 06:45:29 126976 ----a-w- c:\windows\system32\Imsmudlg.exe
2010-09-08 06:45:29 0 d-----w- c:\windows\system32\ENU
2010-09-08 06:45:20 308248 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-09-08 06:44:54 0 d-----w- c:\program files\NetWaiting
2010-09-08 06:43:36 0 d-----w- c:\program files\Realtek
2010-09-08 06:43:29 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-09-08 06:43:16 0 d-----w- c:\program files\Apoint2K
2010-09-08 06:42:50 360448 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-09-08 06:42:50 155648 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-09-08 06:41:29 920088 ----a-w- c:\windows\system32\igxpun.exe
2010-09-08 06:41:29 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-09-08 06:41:29 121232 ----a-w- c:\windows\system32\IScrNBR.bmp
2010-09-08 06:41:29 121232 ----a-w- c:\windows\system32\IScrNB.bmp
2010-09-08 06:41:29 0 d-----w- c:\windows\system32\Lang
2010-09-08 06:41:28 0 d-----w- C:\Intel
2010-09-08 06:41:03 735232 ----a-w- c:\windows\system32\drivers\athr.sys
2010-09-08 06:41:03 735232 ----a-w- c:\windows\system32\athr.sys
2010-09-08 06:41:03 6483 ----a-w- c:\windows\system32\netathr.inf
2010-09-08 06:41:03 10844 ----a-w- c:\windows\system32\athrext.cat
2010-09-08 06:41:03 0 d-----w- c:\windows\Options
2010-09-08 06:41:03 0 d-----w- c:\program files\Atheros
2010-09-08 06:40:59 0 d-----w- c:\programdata\Atheros
2010-09-08 06:39:55 984064 ----a-w- c:\windows\system32\drivers\HSX_DPV.sys
2010-09-08 06:39:55 660480 ----a-w- c:\windows\system32\drivers\HSX_CNXT.sys
2010-09-08 06:39:55 208896 ----a-w- c:\windows\system32\drivers\HSXHWAZL.sys
2010-09-08 06:34:44 0 d-----w- c:\program files\CONEXANT
2010-09-08 06:14:53 331264 ----a-w- c:\windows\system32\ShellvRTF64.dll
2010-09-08 06:14:53 274432 ----a-w- c:\windows\system32\ShellvRTF.dll
2010-09-08 06:14:51 0 d-----w- c:\windows\SMINST
2010-09-08 06:13:01 0 d-----w- c:\windows\Downloaded Installations
2010-09-08 06:12:00 0 d-----w- C:\CVS
2010-09-08 06:09:51 0 d-----w- c:\program files\earthlink totalaccess
2010-09-08 06:09:43 0 d-----w- c:\programdata\Hewlett-Packard
2010-09-08 06:09:12 0 d-----w- c:\program files\AWS
2010-09-08 06:07:06 0 d-----r- c:\program files\Online Services
2010-09-08 05:56:25 1053232 ----a-w- c:\windows\system32\MFC71u.dll
2010-09-08 05:56:24 1066544 ----a-w- c:\windows\system32\MFC71.dll
2010-09-08 05:55:46 0 d-----w- c:\programdata\Adobe
2010-09-08 05:54:02 0 d-----w- c:\program files\common files\HP
2010-09-08 05:54:01 0 d-----w- c:\program files\HP
2010-09-08 05:53:51 101605 ----a-w- c:\windows\hpqins13.dat
2010-09-08 05:53:50 0 d-----w- c:\programdata\HP
2010-09-08 05:51:29 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-08 05:50:40 0 d-----w- c:\windows\PCHEALTH
2010-09-08 05:49:19 0 d-----w- c:\programdata\Microsoft Help
2010-09-08 05:38:51 0 d-----w- c:\program files\muvee Technologies
2010-09-08 05:38:51 0 d-----w- c:\program files\common files\muvee Technologies
2010-09-08 05:38:45 0 d-----w- c:\programdata\muvee Technologies
2010-09-08 05:15:52 0 d-----w- c:\programdata\Viewpoint
2010-09-08 05:15:52 0 d-----w- c:\program files\Viewpoint
2010-09-08 05:15:35 0 d-----w- c:\program files\common files\AOL
2010-09-08 05:15:34 0 d-----w- c:\program files\AIM6
2010-09-08 05:15:31 381 ---ha-w- C:\IPH.PH
2010-09-08 04:58:20 0 d-----w- c:\programdata\Symantec
2010-09-08 04:58:18 0 d-----w- c:\program files\common files\Symantec Shared
2010-09-08 04:57:56 0 d-sh--w- c:\windows\Installer
2010-09-08 04:50:44 0 d-sh--w- C:\$RECYCLE.BIN
2010-09-08 04:41:20 0 d-----w- c:\windows\panther
2010-09-08 04:40:37 0 d--h--w- C:\HP
2010-09-08 04:12:45 0 d-----w- c:\programdata\Sun
2010-09-08 04:12:29 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 04:06:32 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-08 04:06:30 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-08 04:06:21 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-08 04:06:15 0 d-----w- c:\windows\system32\drivers\Avg
2010-09-08 04:06:13 0 d-----w- c:\programdata\AVG Security Toolbar
2010-09-08 04:03:22 0 d-----w- c:\program files\AVG
2010-09-08 04:03:04 0 d-----w- c:\programdata\avg9
2010-09-08 03:38:32 98304 ----a-w- c:\windows\system32\cabview.dll
2010-09-08 03:38:30 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-09-08 03:29:52 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-09-08 03:29:31 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-09-08 03:29:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-09-08 03:29:20 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-09-08 03:26:25 0 d-----w- c:\users\moneyi~1\appdata\roaming\Symantec
2010-09-08 03:25:28 81 ----a-w- c:\windows\system32\LOG
2010-09-08 03:25:26 44 ----a-w- c:\windows\system\hpsysdrv.dat
2010-09-08 03:21:32 0 d-----w- c:\program files\Yahoo!
==================== Find3M ====================
2010-09-15 05:34:34 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-15 05:34:34 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-15 05:34:33 86016 ----a-w- c:\windows\inf\infstor.dat
2010-09-11 15:37:18 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-09-10 18:10:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-09-08 03:14:49 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Presario C700 Notebook PC_Y5335KV_0U_QCND8186QJN_E482590-001_4A_I30D9_SHP_V83.21_F.32_T080319_WV3-1_L409_M1014_J250_7Intel_86FD_91.73_#100907_N10EC8139;168C001C_(KN987UA#ABA)_XMOBILE_CN10_Z_2F.32.MRK
2010-09-03 01:47:34 27200 ----a-w- c:\windows\fonts\letteromatic.ttf
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 10:35:23.42 ===============