PDA

View Full Version : Google Re-Direct of Results


danuchay
2012-01-25, 05:16
Hello......infected and cannot clean.....any help is much appreciated....Thank You :bigthumb:

Spybot Tea-Timer is now off......Attached are the DDS logs.


------------------------------------------------------------------


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Gooderham at 21:29:55 on 2012-01-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1355 [GMT -5:00]
.
AV: AVG Anti-Virus 7.1.405 *Enabled/Updated* {41564737-3200-1071-989B-0000E87B4FB1}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\NLSSRV32.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\WIND\WIND.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe
C:\Documents and Settings\All Users\Application Data\WIND\OnlineUpdate\ouc.exe
svchost.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AutorunsDisabled - No File
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\program files\searchpredict\SearchPredict.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SBCONVERT Class: {92a9acf4-9333-43ae-9698-db283326f87f} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\program files\speedbit video downloader\toolbar\grabber.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [cdloader] "c:\documents and settings\gooderham.laptop\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Mobile Partner] c:\program files\wind\WIND.exe
uRun: [SpeedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\gooder~1.lap\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\gooder~1.lap\startm~1\programs\startup\hpsimp~1.lnk - c:\documents and settings\gooderham.laptop\application data\hp simplesave application\StartHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\PMREMIND.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\speedbit video accelerator\SBLSP.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7}
DPF: {4B48D5DF-9021-45F7-A240-60304302A215}
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822}
TCP: Interfaces\{DDF6F85E-CD3A-420A-9EA1-18EB04C811FE} : NameServer = 74.115.197.69 74.115.197.68
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
Hosts: 94.63.240.165 www.google.com
Hosts: 94.63.240.166 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gooderham.laptop\application data\mozilla\firefox\profiles\9yflb6sv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?st=1
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\speedbit video downloader\spfirefox\components\Engine.dll
FF - plugin: c:\documents and settings\gooderham.laptop\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: SearchPredict: searchpredict@speedbit.com - c:\program files\searchpredict\PRFireFox
FF - Ext: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\SPFireFox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: UnMHT: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0} - %profile%\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
.
============= SERVICES / DRIVERS ===============
.
R0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\system32\drivers\SMR250.SYS [2012-1-24 83064]
R2 BackupService;BackupService;c:\documents and settings\gooderham.laptop\application data\hp simplesave application\uUACTokenSvc.exe [2012-1-6 83512]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe [2011-3-14 271712]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-12-30 11136]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-12-30 73216]
S2 gupdate1c9d47de932459a;Google Update Service (gupdate1c9d47de932459a);c:\program files\google\update\GoogleUpdate.exe [2009-5-14 133104]
S2 WIND. RunOuc;WIND. OUC;c:\program files\wind\updatedog\ouc.exe [2011-12-30 246112]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-12-30 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-12-30 235392]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-5-14 133104]
S4 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2006-8-6 777472]
S4 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2006-8-6 4224]
S4 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2006-8-6 28416]
S4 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2006-8-6 39987]
S4 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2006-8-6 4960]
.
=============== Created Last 30 ================
.
2012-01-25 02:02:44 20 ----a-w- c:\windows\system32\drivers\SMR250.dat
2012-01-25 02:02:20 83064 ----a-w- c:\windows\system32\drivers\SMR250.SYS
2012-01-25 01:41:46 -------- d-----w- c:\documents and settings\gooderham.laptop\local settings\application data\NPE
2012-01-25 01:41:46 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-01-24 13:16:45 6557240 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{54cd94a6-f2c1-4ffa-a54a-dce8660019f2}\mpengine.dll
2012-01-17 13:21:15 -------- d-----w- c:\program files\Defraggler
2012-01-17 06:44:10 -------- d-----w- c:\program files\CCleaner
2012-01-14 13:07:37 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2012-01-14 13:07:20 -------- d-----w- c:\documents and settings\gooderham.laptop\application data\Toolbar4
2012-01-14 13:07:18 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2012-01-14 13:07:18 -------- d-----w- c:\program files\SearchPredict
2012-01-14 13:07:18 -------- d-----w- c:\documents and settings\all users\application data\SpeedBit
2012-01-14 13:07:17 -------- d-----w- c:\program files\SpeedBit Video Downloader
2012-01-06 20:02:05 -------- d-----w- c:\program files\HP
2012-01-06 15:24:32 -------- d-----w- c:\documents and settings\all users\application data\HPSS
2012-01-06 15:15:02 -------- d-----w- c:\documents and settings\gooderham.laptop\application data\HP SimpleSave Application
2012-01-06 15:15:01 -------- d-----w- c:\documents and settings\gooderham.laptop\application data\HPSS
2011-12-30 19:52:13 -------- d-----w- c:\documents and settings\all users\application data\WIND
2011-12-30 19:50:58 -------- d-----w- c:\program files\WIND
2011-12-30 19:50:18 -------- d-----w- c:\documents and settings\all users\application data\DatacardService
.
==================== Find3M ====================
.
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 00:05:03 56 -csh--r- c:\windows\system32\7C208F4B37.sys
2011-12-07 00:05:03 2620 -csha-w- c:\windows\system32\KGyGaAvL.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 19:29:56 222080 -c----w- c:\windows\system32\MpSigStub.exe
2011-11-13 16:03:56 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 12:32:46 573100 ----a-w- c:\windows\system32\sqlite3.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-21 11:37:42 4752189 -c--a-w- c:\program files\exiftool(-k).exe
.
============= FINISH: 21:30:17.40 ===============
ken545
2012-01-29, 13:11
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR


Your Timer is still enabled and may interfere with programs removing bad entries, open up Spybot and click on Mode and select Advanced Mode, then click on Tools > Resident and make sure TeaTimer is unchecked, if it dont work than just uninstall Spybot via Add Remove Programs in the Control Panel , we can always reinstall it when where done.

Looks like your Hosts file is infected and your searches are being redirected through the uKraine


Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
danuchay
2012-01-29, 23:51
I looked at the Tea Timer and it was unchecked.....so I uninstalled SpyBot just to ensure no problem.

I then attempted to run the ComboFix but a warning came up about an AVG AntiVirus 7.1.405 conflict

I didn't even know AVG was installed....it does not show up on my list of programs....and is not shown in the "remove programs" list of the control panel.

I clicked the "x" (not the "ok") on the pop-up....then an new pop-up appeared......see picture below

I haven't yet but assume if I click the "x" it will run anyways.


.
ken545
2012-01-30, 01:36
Hi,

AVG is still running on your system, when where done we can remove it. A few months ago Combofix would not run with AVG installed but that has been fixed so go ahead and run it
danuchay
2012-01-30, 02:31
Hello Ken,

Ran ComboFix......and installed the Microsoft Windows Recovery Console in the process.

ComboFix removed my ISP software (WIND Mobile).....it re-installed after the re-start.

But.....ComboFix had not quite finished yet.....so I'm not sure if it affected the report.

Here is the log.....

-------------------------------------------------------

ComboFix 12-01-29.02 - Gooderham 29/01/2012 18:47:17.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1562 [GMT -5:00]
Running from: c:\documents and settings\Gooderham.LAPTOP\Desktop\ComboFix.exe
AV: AVG Anti-Virus 7.1.405 *Enabled/Updated* {41564737-3200-1071-989B-0000E87B4FB1}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Dell
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\AxInterop.SHDocVw.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\BackgroundCopyManager.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\da-DK\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\da\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\de-DE\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\de\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\en-US\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\en\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\es-ES\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\es\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\fi-FI\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\fi\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\fr-FR\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\fr\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\Interop.SHDocVw.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\it-IT\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\it\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\ja-JP\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\ja\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\ko-KR\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\ko\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\Microsoft.Msdn.Samples.BITS.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_da-DK.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_de-DE.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_en-US.htm
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_en-US.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_en.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_es-ES.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_fi-FI.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_fr-FR.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_it-IT.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_ja-JP.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_ko-KR.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_nb-NO.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_nl-BE.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_nl-NL.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_pt-BR.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_sv-FI.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_sv-SE.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_zh-CN.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_zh-HK.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\more_details_zh-TW.html
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\nb-NO\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\nl-BE\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\nl-NL\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\nl\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\nn-NO\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\no\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\pt-BR\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\pt\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\SIDUtilities.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\sv-FI\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\sv-SE\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\sv\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe.config
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\zh-CHS\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\zh-CHT\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\zh-CN\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\zh-HK\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\Dell\TransferAgent\zh-TW\TransferAgent.resources.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\about SpeedBit Video Downloader.html
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\Affid.dat
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\amazon_logo.png
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\Ask-logo-16.png
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\basis.xml
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\6f52dca438370b63146a128c3829cc7e
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cache\bbb9c886cf2ba534f4be36c9ba863f2f
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\cog.png
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\Ebay-logo-16.png
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\empty.png
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\include_files\ee60e2a7608438eb575a87560d63d054
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\info.txt
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\localcopy.xml
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\Mercado_Livre.png
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\Mercado_Livre0.1.png
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\speedbit_icon0.2.bmp
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\speedbit_icon0.2.png
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\SpeedBitToolbar_icons.bmp
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\TbHelper2.exe
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\Translate_webpage.png
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\uninstall.exe
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\update.exe
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\version.txt
c:\documents and settings\Gooderham.LAPTOP\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\video.png
c:\documents and settings\Gooderham.LAPTOP\System
c:\documents and settings\Gooderham.LAPTOP\System\win_qs8.jqx
c:\documents and settings\Gooderham.LAPTOP\WINDOWS
c:\program files\wind
c:\program files\wind\AboutPlugin.dll
c:\program files\wind\AddPbk.exe
c:\program files\wind\AddrBookPlugin.dll
c:\program files\wind\AddrBookSrvPlugin.dll
c:\program files\wind\AddrBookUIPlugin.dll
c:\program files\wind\AtCodec.dll
c:\program files\wind\ATR2SMgr.dll
c:\program files\wind\AutoRun\AutoRunSetup.exe
c:\program files\wind\AutoRun\AutoRunUninstall.exe
c:\program files\wind\CallAppPlugin.dll
c:\program files\wind\CallLogSrvPlugin.dll
c:\program files\wind\CallLogUIPlugin.dll
c:\program files\wind\CallSrvPlugin.dll
c:\program files\wind\CallUIPlugin.dll
c:\program files\wind\Common.dll
c:\program files\wind\config\addrConfig.xml
c:\program files\wind\config\addrfield.xml
c:\program files\wind\config\PluginsConfig.xml
c:\program files\wind\config\pluginslib.xml
c:\program files\wind\config\sdkplugins.xml
c:\program files\wind\config\Spain2ASCII.dat
c:\program files\wind\core.dll
c:\program files\wind\DataServicePlugin.dll
c:\program files\wind\DeviceAppPlugin.dll
c:\program files\wind\DeviceInfo.xml
c:\program files\wind\DeviceMgrUIPlugin.dll
c:\program files\wind\DeviceSrvPlugin.dll
c:\program files\wind\DiagnosisPlugin.dll
c:\program files\wind\DialUpPlugin.dll
c:\program files\wind\DialupUIPlugin.dll
c:\program files\wind\Driver\devsetup32.exe
c:\program files\wind\Driver\devsetup64.exe
c:\program files\wind\Driver\Driver\install.xml
c:\program files\wind\Driver\Driver\X64\ew_busfilter.inf
c:\program files\wind\Driver\Driver\X64\ew_hwupgrade.cat
c:\program files\wind\Driver\Driver\X64\ew_hwupgrade.inf
c:\program files\wind\Driver\Driver\X64\ew_hwupgrade.sys
c:\program files\wind\Driver\Driver\X64\ew_hwusbdev.cat
c:\program files\wind\Driver\Driver\X64\ew_hwusbdev.inf
c:\program files\wind\Driver\Driver\X64\ew_hwusbdev.sys
c:\program files\wind\Driver\Driver\X64\ew_jubusenum.cat
c:\program files\wind\Driver\Driver\X64\ew_jubusenum.inf
c:\program files\wind\Driver\Driver\X64\ew_jubusenum.sys
c:\program files\wind\Driver\Driver\X64\ew_jucdcacm.cat
c:\program files\wind\Driver\Driver\X64\ew_jucdcacm.inf
c:\program files\wind\Driver\Driver\X64\ew_jucdcacm.sys
c:\program files\wind\Driver\Driver\X64\ew_jucdcecm.cat
c:\program files\wind\Driver\Driver\X64\ew_jucdcecm.inf
c:\program files\wind\Driver\Driver\X64\ew_jucdcecm.sys
c:\program files\wind\Driver\Driver\X64\ew_jucdcmdm.cat
c:\program files\wind\Driver\Driver\X64\ew_jucdcmdm.inf
c:\program files\wind\Driver\Driver\X64\ew_juextctrl.cat
c:\program files\wind\Driver\Driver\X64\ew_juextctrl.inf
c:\program files\wind\Driver\Driver\X64\ew_juextctrl.sys
c:\program files\wind\Driver\Driver\X64\ew_juwwanecm.cat
c:\program files\wind\Driver\Driver\X64\ew_juwwanecm.inf
c:\program files\wind\Driver\Driver\X64\ew_juwwanecm.sys
c:\program files\wind\Driver\Driver\X64\ew_usbenumfilter.cat
c:\program files\wind\Driver\Driver\X64\ew_usbenumfilter.sys
c:\program files\wind\Driver\Driver\X64\ewdcsc.cat
c:\program files\wind\Driver\Driver\X64\ewdcsc.inf
c:\program files\wind\Driver\Driver\X64\ewdcsc.sys
c:\program files\wind\Driver\Driver\X64\ewmdm2k.cat
c:\program files\wind\Driver\Driver\X64\ewmdm2k.inf
c:\program files\wind\Driver\Driver\X64\ewnet.inf
c:\program files\wind\Driver\Driver\X64\ewser2k.cat
c:\program files\wind\Driver\Driver\X64\ewser2k.inf
c:\program files\wind\Driver\Driver\X64\ewsmartcard.cat
c:\program files\wind\Driver\Driver\X64\ewsmartcard.inf
c:\program files\wind\Driver\Driver\X64\ewusbmdm.sys
c:\program files\wind\Driver\Driver\X64\ewusbnet.cat
c:\program files\wind\Driver\Driver\X64\ewusbnet.sys
c:\program files\wind\Driver\Driver\X64\ewusbwwan.cat
c:\program files\wind\Driver\Driver\X64\ewusbwwan.inf
c:\program files\wind\Driver\Driver\X64\ewusbwwan.sys
c:\program files\wind\Driver\Driver\X64\hwgpssensor.cat
c:\program files\wind\Driver\Driver\X64\hwgpssensor.dll
c:\program files\wind\Driver\Driver\X64\hwgpssensor.inf
c:\program files\wind\Driver\Driver\X64\mod7700.cat
c:\program files\wind\Driver\Driver\X64\mod7700.inf
c:\program files\wind\Driver\Driver\X64\mod7700.sys
c:\program files\wind\Driver\Driver\X64\WdfCoInstaller01007.dll
c:\program files\wind\Driver\Driver\X86\ew_busfilter.inf
c:\program files\wind\Driver\Driver\X86\ew_hwupgrade.cat
c:\program files\wind\Driver\Driver\X86\ew_hwupgrade.inf
c:\program files\wind\Driver\Driver\X86\ew_hwupgrade.sys
c:\program files\wind\Driver\Driver\X86\ew_hwusbdev.cat
c:\program files\wind\Driver\Driver\X86\ew_hwusbdev.inf
c:\program files\wind\Driver\Driver\X86\ew_hwusbdev.sys
c:\program files\wind\Driver\Driver\X86\ew_jubusenum.cat
c:\program files\wind\Driver\Driver\X86\ew_jubusenum.inf
c:\program files\wind\Driver\Driver\X86\ew_jubusenum.sys
c:\program files\wind\Driver\Driver\X86\ew_jucdcacm.cat
c:\program files\wind\Driver\Driver\X86\ew_jucdcacm.inf
c:\program files\wind\Driver\Driver\X86\ew_jucdcacm.sys
c:\program files\wind\Driver\Driver\X86\ew_jucdcecm.cat
c:\program files\wind\Driver\Driver\X86\ew_jucdcecm.inf
c:\program files\wind\Driver\Driver\X86\ew_jucdcecm.sys
c:\program files\wind\Driver\Driver\X86\ew_jucdcmdm.cat
c:\program files\wind\Driver\Driver\X86\ew_jucdcmdm.inf
c:\program files\wind\Driver\Driver\X86\ew_juextctrl.cat
c:\program files\wind\Driver\Driver\X86\ew_juextctrl.inf
c:\program files\wind\Driver\Driver\X86\ew_juextctrl.sys
c:\program files\wind\Driver\Driver\X86\ew_juwwanecm.cat
c:\program files\wind\Driver\Driver\X86\ew_juwwanecm.inf
c:\program files\wind\Driver\Driver\X86\ew_juwwanecm.sys
c:\program files\wind\Driver\Driver\X86\ew_usbenumfilter.cat
c:\program files\wind\Driver\Driver\X86\ew_usbenumfilter.sys
c:\program files\wind\Driver\Driver\X86\ewdcsc.cat
c:\program files\wind\Driver\Driver\X86\ewdcsc.inf
c:\program files\wind\Driver\Driver\X86\ewdcsc.sys
c:\program files\wind\Driver\Driver\X86\ewmdm2k.cat
c:\program files\wind\Driver\Driver\X86\ewmdm2k.inf
c:\program files\wind\Driver\Driver\X86\ewnet.inf
c:\program files\wind\Driver\Driver\X86\ewser2k.cat
c:\program files\wind\Driver\Driver\X86\ewser2k.inf
c:\program files\wind\Driver\Driver\X86\ewsmartcard.cat
c:\program files\wind\Driver\Driver\X86\ewsmartcard.inf
c:\program files\wind\Driver\Driver\X86\ewusbmdm.sys
c:\program files\wind\Driver\Driver\X86\ewusbnet.cat
c:\program files\wind\Driver\Driver\X86\ewusbnet.sys
c:\program files\wind\Driver\Driver\X86\ewusbwwan.cat
c:\program files\wind\Driver\Driver\X86\ewusbwwan.inf
c:\program files\wind\Driver\Driver\X86\ewusbwwan.sys
c:\program files\wind\Driver\Driver\X86\hwgpssensor.cat
c:\program files\wind\Driver\Driver\X86\hwgpssensor.dll
c:\program files\wind\Driver\Driver\X86\hwgpssensor.inf
c:\program files\wind\Driver\Driver\X86\mod7700.cat
c:\program files\wind\Driver\Driver\X86\mod7700.inf
c:\program files\wind\Driver\Driver\X86\mod7700.sys
c:\program files\wind\Driver\Driver\X86\usbccid.cat
c:\program files\wind\Driver\Driver\X86\usbccid.inf
c:\program files\wind\Driver\Driver\X86\usbccid.sys
c:\program files\wind\Driver\Driver\X86\WdfCoInstaller01007.dll
c:\program files\wind\Driver\DriverSetup.exe
c:\program files\wind\Driver\DriverUninstall.exe
c:\program files\wind\Driver\Install.log
c:\program files\wind\Driver\LocateDevice.dll
c:\program files\wind\Driver\release notes.txt
c:\program files\wind\LangAreaForShort.xml
c:\program files\wind\LayoutPlugin.dll
c:\program files\wind\lgpl-2_1.txt
c:\program files\wind\libgcc_s_dw2-1.dll
c:\program files\wind\LiveUpdateInterface.dll
c:\program files\wind\logo.png
c:\program files\wind\mcciwin32.dll
c:\program files\wind\MenuMgrPlugin.dll
c:\program files\wind\mingwm10.dll
c:\program files\wind\MobilePartner.manifest
c:\program files\wind\msvcp60.dll
c:\program files\wind\mt.exe
c:\program files\wind\NDISAPI.dll
c:\program files\wind\NDISPlugin.dll
c:\program files\wind\NetConnectPlugin.dll
c:\program files\wind\NetConnectSrvPlugin.dll
c:\program files\wind\NetInfoRecordUIPlugin.dll
c:\program files\wind\NetInfoSrvPlugin.dll
c:\program files\wind\NetInfoUIExPlugin.dll
c:\program files\wind\NetSettingPlugin.dll
c:\program files\wind\NetSrvPlugin.dll
c:\program files\wind\NotifyServicePlugin.dll
c:\program files\wind\nsisXML.dll
c:\program files\wind\OSAdapt.dll
c:\program files\wind\OSCall.dll
c:\program files\wind\OSDialup.dll
c:\program files\wind\OSNDIS.dll
c:\program files\wind\OSPowerMgr.dll
c:\program files\wind\PluginContainer.dll
c:\program files\wind\plugins\AboutPlugin\AboutPlugin_en-us.lang
c:\program files\wind\plugins\AboutPlugin\AboutPlugin_fr-fr.lang
c:\program files\wind\plugins\AboutPlugin\AboutPlugin_zh-cn.lang
c:\program files\wind\plugins\AboutPlugin\left_image.png
c:\program files\wind\plugins\AddrBookUIPlugin\addr_tre_images.png
c:\program files\wind\plugins\AddrBookUIPlugin\AddrBookUIPlugin_001.png
c:\program files\wind\plugins\AddrBookUIPlugin\AddrBookUIPlugin_en-us.lang
c:\program files\wind\plugins\AddrBookUIPlugin\AddrBookUIPlugin_fr-fr.lang
c:\program files\wind\plugins\AddrBookUIPlugin\AddrBookUIPlugin_zh-cn.lang
c:\program files\wind\plugins\AddrBookUIPlugin\Config.xml
c:\program files\wind\plugins\AddrBookUIPlugin\pb_head_sortdown.png
c:\program files\wind\plugins\AddrBookUIPlugin\pb_head_sortup.png
c:\program files\wind\plugins\AddrBookUIPlugin\pb_icon_call.png
c:\program files\wind\plugins\AddrBookUIPlugin\pb_icon_delect.png
c:\program files\wind\plugins\AddrBookUIPlugin\pb_icon_ecport.png
c:\program files\wind\plugins\AddrBookUIPlugin\pb_icon_edit.png
c:\program files\wind\plugins\AddrBookUIPlugin\pb_icon_inport.png
c:\program files\wind\plugins\AddrBookUIPlugin\pb_icon_new.png
c:\program files\wind\plugins\AddrBookUIPlugin\pb_icon_outlook.png
c:\program files\wind\plugins\AddrBookUIPlugin\pb_icon_outlook_express.png
c:\program files\wind\plugins\AddrBookUIPlugin\pb_icon_send.png
c:\program files\wind\plugins\AddrBookUIPlugin\pb_icon_video_call.png
c:\program files\wind\plugins\AddrBookUIPlugin\search.png
c:\program files\wind\plugins\AddrBookUIPlugin\tab_pb_call_gray.png
c:\program files\wind\plugins\AddrBookUIPlugin\tab_pb_delete_gray.png
c:\program files\wind\plugins\AddrBookUIPlugin\tab_pb_edit_gray.png
c:\program files\wind\plugins\AddrBookUIPlugin\tab_pb_icon_outlook_express_gray.png
c:\program files\wind\plugins\AddrBookUIPlugin\tab_pb_icon_outlook_gray.png
c:\program files\wind\plugins\AddrBookUIPlugin\tab_pb_new_gray.png
c:\program files\wind\plugins\AddrBookUIPlugin\tab_pb_send message_gray.png
c:\program files\wind\plugins\AddrBookUIPlugin\tab_pb_video_call_gray.png
c:\program files\wind\plugins\CallLogUIPlugin\CallLogUIPlugin_001.png
c:\program files\wind\plugins\CallLogUIPlugin\CallLogUIPlugin_en-us.lang
c:\program files\wind\plugins\CallLogUIPlugin\CallLogUIPlugin_fr-fr.lang
c:\program files\wind\plugins\CallLogUIPlugin\CallLogUIPlugin_zh-cn.lang
c:\program files\wind\plugins\CallLogUIPlugin\Config.xml
c:\program files\wind\plugins\CallLogUIPlugin\dialedcall.png
c:\program files\wind\plugins\CallLogUIPlugin\file_open.png
c:\program files\wind\plugins\CallLogUIPlugin\folder open.png
c:\program files\wind\plugins\CallLogUIPlugin\list_status.png
c:\program files\wind\plugins\CallLogUIPlugin\missedcall.png
c:\program files\wind\plugins\CallLogUIPlugin\receivedcall.png
c:\program files\wind\plugins\CallLogUIPlugin\tab_callhistory_call.png
c:\program files\wind\plugins\CallLogUIPlugin\tab_callhistory_call_gray.png
c:\program files\wind\plugins\CallLogUIPlugin\tab_callhistory_clear.png
c:\program files\wind\plugins\CallLogUIPlugin\tab_callhistory_clear_gray.png
c:\program files\wind\plugins\CallLogUIPlugin\tab_callhistory_delete.png
c:\program files\wind\plugins\CallLogUIPlugin\tab_callhistory_delete_gray.png
c:\program files\wind\plugins\CallLogUIPlugin\tab_callhistory_save.png
c:\program files\wind\plugins\CallLogUIPlugin\tab_callhistory_save_gray.png
c:\program files\wind\plugins\CallLogUIPlugin\tab_callhistory_send message.png
c:\program files\wind\plugins\CallLogUIPlugin\tab_callhistory_send_message.png
c:\program files\wind\plugins\CallLogUIPlugin\tab_callhistory_send_message_gray.png
c:\program files\wind\plugins\CallLogUIPlugin\tab_callhistory_videocall.png
c:\program files\wind\plugins\CallLogUIPlugin\tab_callhistory_videocall_gray.png
c:\program files\wind\plugins\CallUIPlugin\call_mike_close.png
c:\program files\wind\plugins\CallUIPlugin\call_mike_open.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_asterisk.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_call.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_call_gray.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_cancel.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_clear.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_forword.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_forword_gray.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_hangup.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_hangup_gray.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_pb.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_pb_gray.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_plus.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_sharp.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_videocall.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_videocall_gray.ico
c:\program files\wind\plugins\CallUIPlugin\call_modul_videocall_gray.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_volume_add.png
c:\program files\wind\plugins\CallUIPlugin\call_modul_volume_reduce.png
c:\program files\wind\plugins\CallUIPlugin\call_Taskbar_call.png
c:\program files\wind\plugins\CallUIPlugin\call_Taskbar_hangup.png
c:\program files\wind\plugins\CallUIPlugin\call_Taskbar_videocall.png
c:\program files\wind\plugins\CallUIPlugin\call_Taskbar_voicecall.png
c:\program files\wind\plugins\CallUIPlugin\call_volume_open.png
c:\program files\wind\plugins\CallUIPlugin\CallUIPlugin_001.png
c:\program files\wind\plugins\CallUIPlugin\CallUIPlugin_en-us.lang
c:\program files\wind\plugins\CallUIPlugin\CallUIPlugin_fr-fr.lang
c:\program files\wind\plugins\CallUIPlugin\CallUIPlugin_zh-cn.lang
c:\program files\wind\plugins\CallUIPlugin\callvoice.wav
c:\program files\wind\plugins\CallUIPlugin\Config.xml
c:\program files\wind\plugins\CallUIPlugin\default.wav
c:\program files\wind\plugins\CallUIPlugin\number_0.png
c:\program files\wind\plugins\CallUIPlugin\number_1.png
c:\program files\wind\plugins\CallUIPlugin\number_2.png
c:\program files\wind\plugins\CallUIPlugin\number_3.png
c:\program files\wind\plugins\CallUIPlugin\number_4.png
c:\program files\wind\plugins\CallUIPlugin\number_5.png
c:\program files\wind\plugins\CallUIPlugin\number_6.png
c:\program files\wind\plugins\CallUIPlugin\number_7.png
c:\program files\wind\plugins\CallUIPlugin\number_8.png
c:\program files\wind\plugins\CallUIPlugin\number_9.png
c:\program files\wind\plugins\codecs\qcncodecs4.dll
c:\program files\wind\plugins\DeviceMgrUIPlugin\active.xml
c:\program files\wind\plugins\DeviceMgrUIPlugin\DeviceMgrUIPlugin_en-us.lang
c:\program files\wind\plugins\DeviceMgrUIPlugin\DeviceMgrUIPlugin_fr-fr.lang
c:\program files\wind\plugins\DeviceMgrUIPlugin\DeviceMgrUIPlugin_zh-cn.lang
c:\program files\wind\plugins\DeviceMgrUIPlugin\DeviceSelect.png
c:\program files\wind\plugins\DiagnosisPlugin\DiagnosisConfig.xml
c:\program files\wind\plugins\DiagnosisPlugin\DiagnosisPlugin_en-us.lang
c:\program files\wind\plugins\DiagnosisPlugin\DiagnosisPlugin_fr-fr.lang
c:\program files\wind\plugins\DiagnosisPlugin\DiagnosisPlugin_zh-cn.lang
c:\program files\wind\plugins\DialupUIPlugin\1xEVDV.png
c:\program files\wind\plugins\DialupUIPlugin\1xRTT.png
c:\program files\wind\plugins\DialupUIPlugin\3xRTT.png
c:\program files\wind\plugins\DialupUIPlugin\AMPS.png
c:\program files\wind\plugins\DialupUIPlugin\CDMA.png
c:\program files\wind\plugins\DialupUIPlugin\connectIcon.png
c:\program files\wind\plugins\DialupUIPlugin\DialupUIConfig.xml
c:\program files\wind\plugins\DialupUIPlugin\DialupUIPlugin_001.png
c:\program files\wind\plugins\DialupUIPlugin\DialupUIPlugin_en-us.lang
c:\program files\wind\plugins\DialupUIPlugin\DialupUIPlugin_fr-fr.lang
c:\program files\wind\plugins\DialupUIPlugin\DialupUIPlugin_zh-cn.lang
c:\program files\wind\plugins\DialupUIPlugin\down.png
c:\program files\wind\plugins\DialupUIPlugin\EDGE2.png
c:\program files\wind\plugins\DialupUIPlugin\EVDO.png
c:\program files\wind\plugins\DialupUIPlugin\GPRS2.png
c:\program files\wind\plugins\DialupUIPlugin\GPS.png
c:\program files\wind\plugins\DialupUIPlugin\GSM.png
c:\program files\wind\plugins\DialupUIPlugin\HDR_HYBRID.png
c:\program files\wind\plugins\DialupUIPlugin\HSDPA.png
c:\program files\wind\plugins\DialupUIPlugin\HSPA.png
c:\program files\wind\plugins\DialupUIPlugin\HSUPA2.png
c:\program files\wind\plugins\DialupUIPlugin\HYBRID.png
c:\program files\wind\plugins\DialupUIPlugin\NoImage.png
c:\program files\wind\plugins\DialupUIPlugin\OperatorBand.png
c:\program files\wind\plugins\DialupUIPlugin\signal0.png
c:\program files\wind\plugins\DialupUIPlugin\signal1.png
c:\program files\wind\plugins\DialupUIPlugin\signal2.png
c:\program files\wind\plugins\DialupUIPlugin\signal3.png
c:\program files\wind\plugins\DialupUIPlugin\signal4.png
c:\program files\wind\plugins\DialupUIPlugin\signal5.png
c:\program files\wind\plugins\DialupUIPlugin\TD-SCDMA.png
c:\program files\wind\plugins\DialupUIPlugin\time.png
c:\program files\wind\plugins\DialupUIPlugin\timer.png
c:\program files\wind\plugins\DialupUIPlugin\UMB.png
c:\program files\wind\plugins\DialupUIPlugin\up.png
c:\program files\wind\plugins\DialupUIPlugin\Wcdma2.png
c:\program files\wind\plugins\imageformats\qgif4.dll
c:\program files\wind\plugins\imageformats\qico4.dll
c:\program files\wind\plugins\imageformats\qjpeg4.dll
c:\program files\wind\plugins\imageformats\qmng4.dll
c:\program files\wind\plugins\imageformats\qtiff4.dll
c:\program files\wind\plugins\LayoutPlugin\LayoutConfig.xml
c:\program files\wind\plugins\NetConnectPlugin\disconn_001.png
c:\program files\wind\plugins\NetConnectPlugin\netconn_001.png
c:\program files\wind\plugins\NetConnectPlugin\NetConnectConfig.xml
c:\program files\wind\plugins\NetConnectPlugin\NetConnectPlugin_en-us.lang
c:\program files\wind\plugins\NetConnectPlugin\NetConnectPlugin_fr-fr.lang
c:\program files\wind\plugins\NetConnectPlugin\NetConnectPlugin_zh-cn.lang
c:\program files\wind\plugins\NetConnectPlugin\ProfileLib.prof
c:\program files\wind\plugins\NetConnectPlugin\SysProfile.prof
c:\program files\wind\plugins\NetInfoRecordUIPlugin\NetInfoRecordUIPlugin_001.png
c:\program files\wind\plugins\NetInfoRecordUIPlugin\NetInfoRecordUIPlugin_en-us.lang
c:\program files\wind\plugins\NetInfoRecordUIPlugin\NetInfoRecordUIPlugin_fr-fr.lang
c:\program files\wind\plugins\NetInfoRecordUIPlugin\NetInfoRecordUIPlugin_zh-cn.lang
c:\program files\wind\plugins\NetInfoUIExPlugin\DataUsageLimit.ini
c:\program files\wind\plugins\NetInfoUIExPlugin\Icon_01.png
c:\program files\wind\plugins\NetInfoUIExPlugin\Icon_02.png
c:\program files\wind\plugins\NetInfoUIExPlugin\Icon_03.png
c:\program files\wind\plugins\NetInfoUIExPlugin\Icon_04.png
c:\program files\wind\plugins\NetInfoUIExPlugin\Icon_06.png
c:\program files\wind\plugins\NetInfoUIExPlugin\Icon_07.png
c:\program files\wind\plugins\NetInfoUIExPlugin\Icon_08.png
c:\program files\wind\plugins\NetInfoUIExPlugin\Icon_09.png
c:\program files\wind\plugins\NetInfoUIExPlugin\NetInfoUIExConfig.xml
c:\program files\wind\plugins\NetInfoUIExPlugin\NetInfoUIExPlugin_001.png
c:\program files\wind\plugins\NetInfoUIExPlugin\NetInfoUIExPlugin_en-us.lang
c:\program files\wind\plugins\NetInfoUIExPlugin\NetInfoUIExPlugin_fr-fr.lang
c:\program files\wind\plugins\NetInfoUIExPlugin\NetInfoUIExPlugin_zh-cn.lang
c:\program files\wind\plugins\NetInfoUIExPlugin\NetInfoUIPlugin_001.png
c:\program files\wind\plugins\NetInfoUIExPlugin\TrendsCtrlProfile.dtd
c:\program files\wind\plugins\NetInfoUIExPlugin\TrendsCtrlProfile.xml
c:\program files\wind\plugins\NetSettingPlugin\NetSettingConfig.xml
c:\program files\wind\plugins\NetSettingPlugin\NetSettingPlugin_en-us.lang
c:\program files\wind\plugins\NetSettingPlugin\NetSettingPlugin_fr-fr.lang
c:\program files\wind\plugins\NetSettingPlugin\NetSettingPlugin_zh-cn.lang
c:\program files\wind\plugins\SettingUIPlugin\filedir.png
c:\program files\wind\plugins\SettingUIPlugin\SettingUIPlugin_en-us.lang
c:\program files\wind\plugins\SettingUIPlugin\SettingUIPlugin_fr-fr.lang
c:\program files\wind\plugins\SettingUIPlugin\SettingUIPlugin_zh-cn.lang
c:\program files\wind\plugins\SMSUIPlugin\Config.xml
c:\program files\wind\plugins\SMSUIPlugin\Draft.png
c:\program files\wind\plugins\SMSUIPlugin\errorread.png
c:\program files\wind\plugins\SMSUIPlugin\Favorite.png
c:\program files\wind\plugins\SMSUIPlugin\folder open.png
c:\program files\wind\plugins\SMSUIPlugin\folder.png
c:\program files\wind\plugins\SMSUIPlugin\inbox.png
c:\program files\wind\plugins\SMSUIPlugin\miss call.png
c:\program files\wind\plugins\SMSUIPlugin\miss messages.png
c:\program files\wind\plugins\SMSUIPlugin\newSms2.png
c:\program files\wind\plugins\SMSUIPlugin\outbox.png
c:\program files\wind\plugins\SMSUIPlugin\read.png
c:\program files\wind\plugins\SMSUIPlugin\Received_Msg.png
c:\program files\wind\plugins\SMSUIPlugin\reports.png
c:\program files\wind\plugins\SMSUIPlugin\search.png
c:\program files\wind\plugins\SMSUIPlugin\sent1.png
c:\program files\wind\plugins\SMSUIPlugin\sms_call.png
c:\program files\wind\plugins\SMSUIPlugin\sms_call_gray.png
c:\program files\wind\plugins\SMSUIPlugin\sms_delete.png
c:\program files\wind\plugins\SMSUIPlugin\sms_delete_gray.png
c:\program files\wind\plugins\SMSUIPlugin\sms_forward.png
c:\program files\wind\plugins\SMSUIPlugin\sms_forward_gray.png
c:\program files\wind\plugins\SMSUIPlugin\sms_new.png
c:\program files\wind\plugins\SMSUIPlugin\sms_new_gray.png
c:\program files\wind\plugins\SMSUIPlugin\sms_reply.png
c:\program files\wind\plugins\SMSUIPlugin\sms_reply_gray.png
c:\program files\wind\plugins\SMSUIPlugin\sms_search.png
c:\program files\wind\plugins\SMSUIPlugin\sms_search_gray.png
c:\program files\wind\plugins\SMSUIPlugin\sms_send.png
c:\program files\wind\plugins\SMSUIPlugin\sms_send_gray.png
c:\program files\wind\plugins\SMSUIPlugin\sms_status.png
c:\program files\wind\plugins\SMSUIPlugin\sms_tree_Images.png
c:\program files\wind\plugins\SMSUIPlugin\sms_video_call.png
c:\program files\wind\plugins\SMSUIPlugin\sms_video_call_gray.png
c:\program files\wind\plugins\SMSUIPlugin\SMSUIPlugin_001.png
c:\program files\wind\plugins\SMSUIPlugin\SMSUIPlugin_en-us.lang
c:\program files\wind\plugins\SMSUIPlugin\SMSUIPlugin_fr-fr.lang
c:\program files\wind\plugins\SMSUIPlugin\SMSUIPlugin_zh-cn.lang
c:\program files\wind\plugins\SMSUIPlugin\SMSUIPluginConfig.xml
c:\program files\wind\plugins\SMSUIPlugin\SMSVoice.wav
c:\program files\wind\plugins\SMSUIPlugin\trashr.png
c:\program files\wind\plugins\SMSUIPlugin\unread.png
c:\program files\wind\plugins\StatusBarMgrPlugin\Flying_Mode.png
c:\program files\wind\plugins\StatusBarMgrPlugin\OperatorList.dtd
c:\program files\wind\plugins\StatusBarMgrPlugin\OperatorList.xml
c:\program files\wind\plugins\StatusBarMgrPlugin\separator.png
c:\program files\wind\plugins\StatusBarMgrPlugin\signal_roaming.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_icon_call.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_icon_connect.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_icon_connect_no_rrc.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_icon_disconnect.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_icon_download.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_icon_message.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_icon_singnal_0.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_icon_singnal_1.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_icon_singnal_2.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_icon_singnal_3.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_icon_singnal_4.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_icon_singnal_5.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_icon_singnal_flymode.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_icon_upload.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_icon_video_call.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_show_adsl.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_show_dialup.png
c:\program files\wind\plugins\StatusBarMgrPlugin\status bar_show_wlan.png
c:\program files\wind\plugins\StatusBarMgrPlugin\StatusBarMgrConfig.xml
c:\program files\wind\plugins\StatusBarMgrPlugin\StatusBarMgrPlugin_en-us.lang
c:\program files\wind\plugins\StatusBarMgrPlugin\StatusBarMgrPlugin_fr-fr.lang
c:\program files\wind\plugins\StatusBarMgrPlugin\StatusBarMgrPlugin_zh-cn.lang
c:\program files\wind\plugins\StatusBarMgrPlugin\switchermain.png
c:\program files\wind\plugins\StatusBarMgrPlugin\switchermainmouseover.png
c:\program files\wind\plugins\StatusBarMgrPlugin\switchermainpress.png
c:\program files\wind\plugins\StatusBarMgrPlugin\switchermini.png
c:\program files\wind\plugins\StatusBarMgrPlugin\switcherminimouseover.png
c:\program files\wind\plugins\StatusBarMgrPlugin\switcherminipress.png
c:\program files\wind\plugins\STKPlugin\STKPlugin_en-us.lang
c:\program files\wind\plugins\STKPlugin\STKPlugin_fr-fr.lang
c:\program files\wind\plugins\STKPlugin\STKPlugin_zh-cn.lang
c:\program files\wind\plugins\STKPlugin\STKPluginConfig.xml
c:\program files\wind\plugins\STKPlugin\tone_0.wav
c:\program files\wind\plugins\STKPlugin\tone_1.wav
c:\program files\wind\plugins\STKPlugin\tone_10.wav
c:\program files\wind\plugins\STKPlugin\tone_2.wav
c:\program files\wind\plugins\STKPlugin\tone_3.wav
c:\program files\wind\plugins\STKPlugin\tone_4.wav
c:\program files\wind\plugins\STKPlugin\tone_5.wav
c:\program files\wind\plugins\STKPlugin\tone_6.wav
c:\program files\wind\plugins\STKPlugin\tone_7.wav
c:\program files\wind\plugins\STKPlugin\tone_8.wav
c:\program files\wind\plugins\STKPlugin\tone_9.wav
c:\program files\wind\plugins\USSDUIPlugin\USSDPluginConfig.xml
c:\program files\wind\plugins\USSDUIPlugin\ussdsysprofile.xml
c:\program files\wind\plugins\USSDUIPlugin\USSDUIPlugin_001.png
c:\program files\wind\plugins\USSDUIPlugin\USSDUIPlugin_en-us.lang
c:\program files\wind\plugins\USSDUIPlugin\USSDUIPlugin_fr-fr.lang
c:\program files\wind\plugins\USSDUIPlugin\USSDUIPlugin_zh-cn.lang
c:\program files\wind\plugins\XFramePlugin\Browser_001.png
c:\program files\wind\plugins\XFramePlugin\Config.xml
c:\program files\wind\plugins\XFramePlugin\Email_001.png
c:\program files\wind\plugins\XFramePlugin\Freivolumen_001.png
c:\program files\wind\plugins\XFramePlugin\query_ussd.png
c:\program files\wind\plugins\XFramePlugin\splash.png
c:\program files\wind\plugins\XFramePlugin\Startup.png
c:\program files\wind\plugins\XFramePlugin\Transparent.ico
c:\program files\wind\plugins\XFramePlugin\traymenu.xml
c:\program files\wind\plugins\XFramePlugin\ussd_001.png
c:\program files\wind\plugins\XFramePlugin\ussd_set.png
c:\program files\wind\plugins\XFramePlugin\UssdDisable_001.png
c:\program files\wind\plugins\XFramePlugin\XFramePlugin_en-us.lang
c:\program files\wind\plugins\XFramePlugin\XFramePlugin_fr-fr.lang
c:\program files\wind\plugins\XFramePlugin\XFramePlugin_zh-cn.lang
c:\program files\wind\Proxy.dll
c:\program files\wind\QtCore4.dll
c:\program files\wind\QtGui4.dll
c:\program files\wind\qtlib\libgcc_s_dw2-1.dll
c:\program files\wind\qtlib\mingwm10.dll
c:\program files\wind\qtlib\QtCore4.dll
c:\program files\wind\qtlib\QtGui4.dll
c:\program files\wind\qtlib\QtNetwork4.dll
c:\program files\wind\qtlib\QtXml4.dll
c:\program files\wind\QtNetwork4.dll
c:\program files\wind\QtXml4.dll
c:\program files\wind\RunInfo.ini
c:\program files\wind\sdk.dll
c:\program files\wind\SettingUIPlugin.dll
c:\program files\wind\skin\default\images\border_line.png
c:\program files\wind\skin\default\images\button_disabled.png
c:\program files\wind\skin\default\images\button_focus.png
c:\program files\wind\skin\default\images\button_hover.png
c:\program files\wind\skin\default\images\button_normal.png
c:\program files\wind\skin\default\images\button_pressed.png
c:\program files\wind\skin\default\images\call_button_disable.png
c:\program files\wind\skin\default\images\call_button_hover.png
c:\program files\wind\skin\default\images\call_button_normal.png
c:\program files\wind\skin\default\images\call_button_pressed.png
c:\program files\wind\skin\default\images\call_idle_screen.png
c:\program files\wind\skin\default\images\call_slider_groove.png
c:\program files\wind\skin\default\images\call_slider_handle.png
c:\program files\wind\skin\default\images\call_volume_bg.png
c:\program files\wind\skin\default\images\checkbox_checked_disabled.png
c:\program files\wind\skin\default\images\checkbox_checked_hover.png
c:\program files\wind\skin\default\images\checkbox_checked_normal.png
c:\program files\wind\skin\default\images\checkbox_checked_pressed.png
c:\program files\wind\skin\default\images\close_button_disable.png
c:\program files\wind\skin\default\images\close_button_hover.png
c:\program files\wind\skin\default\images\close_button_normal.png
c:\program files\wind\skin\default\images\close_button_press.png
c:\program files\wind\skin\default\images\combobox_down_arrow_gray.png
c:\program files\wind\skin\default\images\combobox_down_arrow_hover.png
c:\program files\wind\skin\default\images\combobox_down_arrow_normal.png
c:\program files\wind\skin\default\images\combobox_down_arrow_press.png
c:\program files\wind\skin\default\images\connect_plugin_bg.png
c:\program files\wind\skin\default\images\edit_ctrl_border_line_box.png
c:\program files\wind\skin\default\images\frame_border.png
c:\program files\wind\skin\default\images\frame_child_border.png
c:\program files\wind\skin\default\images\frame_thinborder_bg.png
c:\program files\wind\skin\default\images\group_box_bg_line_curve_box.png
c:\program files\wind\skin\default\images\line_vertical.png
c:\program files\wind\skin\default\images\list_sel.png
c:\program files\wind\skin\default\images\mac\close_button_disable.png
c:\program files\wind\skin\default\images\mac\close_button_hover.png
c:\program files\wind\skin\default\images\mac\close_button_normal.png
c:\program files\wind\skin\default\images\mac\close_button_press.png
c:\program files\wind\skin\default\images\mac\maximize_button_disable.png
c:\program files\wind\skin\default\images\mac\maximize_button_hover.png
c:\program files\wind\skin\default\images\mac\maximize_button_normal.png
c:\program files\wind\skin\default\images\mac\maximize_button_press.png
c:\program files\wind\skin\default\images\mac\minimum_disable.png
c:\program files\wind\skin\default\images\mac\minimum_hover.png
c:\program files\wind\skin\default\images\mac\minimum_normal.png
c:\program files\wind\skin\default\images\mac\minimum_press.png
c:\program files\wind\skin\default\images\mac\restore_button_disable.png
c:\program files\wind\skin\default\images\mac\restore_button_hover.png
c:\program files\wind\skin\default\images\mac\restore_button_normal.png
c:\program files\wind\skin\default\images\mac\restore_button_press.png
c:\program files\wind\skin\default\images\maximize_button_disable.png
c:\program files\wind\skin\default\images\maximize_button_hover.png
c:\program files\wind\skin\default\images\maximize_button_normal.png
c:\program files\wind\skin\default\images\maximize_button_press.png
c:\program files\wind\skin\default\images\menu_bar_button_hover.png
c:\program files\wind\skin\default\images\menu_bar_button_sel.png
c:\program files\wind\skin\default\images\menu_bg.png
c:\program files\wind\skin\default\images\menu_check.png
c:\program files\wind\skin\default\images\menu_expand.png
c:\program files\wind\skin\default\images\menu_popup_bg.png
c:\program files\wind\skin\default\images\menu_seperator.png
c:\program files\wind\skin\default\images\minimum_disable.png
c:\program files\wind\skin\default\images\minimum_hover.png
c:\program files\wind\skin\default\images\minimum_normal.png
c:\program files\wind\skin\default\images\minimum_press.png
c:\program files\wind\skin\default\images\popup_controls_button_down.png
c:\program files\wind\skin\default\images\popup_controls_button_down_gray.png
c:\program files\wind\skin\default\images\popup_controls_button_down_hover.png
c:\program files\wind\skin\default\images\popup_controls_button_down_press.png
c:\program files\wind\skin\default\images\popup_controls_button_left.png
c:\program files\wind\skin\default\images\popup_controls_button_left_gray.png
c:\program files\wind\skin\default\images\popup_controls_button_left_hover.png
c:\program files\wind\skin\default\images\popup_controls_button_left_press.png
c:\program files\wind\skin\default\images\popup_controls_button_right.png
c:\program files\wind\skin\default\images\popup_controls_button_right_gray.png
c:\program files\wind\skin\default\images\popup_controls_button_right_hover.png
c:\program files\wind\skin\default\images\popup_controls_button_right_press.png
c:\program files\wind\skin\default\images\popup_controls_button_up.png
c:\program files\wind\skin\default\images\popup_controls_button_up_gray.png
c:\program files\wind\skin\default\images\popup_controls_button_up_hover.png
c:\program files\wind\skin\default\images\popup_controls_button_up_press.png
c:\program files\wind\skin\default\images\progressbar_bg.png
c:\program files\wind\skin\default\images\progressbar_unbg.png
c:\program files\wind\skin\default\images\radio_button_disabled.png
c:\program files\wind\skin\default\images\radio_button_hover.png
c:\program files\wind\skin\default\images\radio_button_normal.png
c:\program files\wind\skin\default\images\radio_button_pressed.png
c:\program files\wind\skin\default\images\restore_button_disable.png
c:\program files\wind\skin\default\images\restore_button_hover.png
c:\program files\wind\skin\default\images\restore_button_normal.png
c:\program files\wind\skin\default\images\restore_button_press.png
c:\program files\wind\skin\default\images\scrollbar_horizontal_hover.png
c:\program files\wind\skin\default\images\scrollbar_horizontal_normal.png
c:\program files\wind\skin\default\images\scrollbar_horizontal_press.png
c:\program files\wind\skin\default\images\scrollbar_vertical_hover.png
c:\program files\wind\skin\default\images\scrollbar_vertical_normal.png
c:\program files\wind\skin\default\images\scrollbar_vertical_press.png
c:\program files\wind\skin\default\images\sel_button.png
c:\program files\wind\skin\default\images\sel_radio_button_disabled.png
c:\program files\wind\skin\default\images\sel_radio_button_hover.png
c:\program files\wind\skin\default\images\sel_radio_button_normal.png
c:\program files\wind\skin\default\images\sel_radio_button_pressed.png
c:\program files\wind\skin\default\images\small_widge_bg.png
c:\program files\wind\skin\default\images\status_bar_ref.png
c:\program files\wind\skin\default\images\tab_bg.png
c:\program files\wind\skin\default\images\tab_select.png
c:\program files\wind\skin\default\images\tab_unselect.png
c:\program files\wind\skin\default\images\table_header_arrow_down.png
c:\program files\wind\skin\default\images\table_header_arrow_up.png
c:\program files\wind\skin\default\images\table_header_bg.png
c:\program files\wind\skin\default\images\table_header_hover.png
c:\program files\wind\skin\default\images\table_header_press.png
c:\program files\wind\skin\default\images\table_header_separator.png
c:\program files\wind\skin\default\images\title_bar.png
c:\program files\wind\skin\default\images\tool_bar_bg.png
c:\program files\wind\skin\default\images\tool_child_hover.png
c:\program files\wind\skin\default\images\tool_child_press.png
c:\program files\wind\skin\default\images\toolbar_arrow_hover.png
c:\program files\wind\skin\default\images\toolbar_arrow_normal.png
c:\program files\wind\skin\default\images\toolbar_arrow_press.png
c:\program files\wind\skin\default\images\tree_widget_bg_line_box.png
c:\program files\wind\skin\default\images\tree_widget_bg_line_curve_box.png
c:\program files\wind\skin\default\images\tree_widget_bg_line_top_curve_box.png
c:\program files\wind\skin\default\images\treeview_or_listview_bg.png
c:\program files\wind\skin\default\images\uiplugin_bg.png
c:\program files\wind\skin\default\images\unsel_button.png
c:\program files\wind\skin\default\images\unsel_check_box_disabled.png
c:\program files\wind\skin\default\images\unsel_check_box_hover.png
c:\program files\wind\skin\default\images\unsel_check_box_pressed.png
c:\program files\wind\skin\default\images\unsel_check_box_unchecked.png
c:\program files\wind\skin\IDS_SKIN_DEFAULT.qss
c:\program files\wind\SmsAppPlugin.dll
c:\program files\wind\SmsSrvPlugin.dll
c:\program files\wind\SMSUIPlugin.dll
c:\program files\wind\start.ini
c:\program files\wind\StatusBarMgrPlugin.dll
c:\program files\wind\STKPlugin.dll
c:\program files\wind\STKSrvPlugin.dll
c:\program files\wind\subinacl.exe
c:\program files\wind\SubOperator.xml
c:\program files\wind\SysConfig.dat
c:\program files\wind\SysSetting.xml
c:\program files\wind\Thumbs.db
c:\program files\wind\ToolBarMgrPlugin.dll
c:\program files\wind\Trace.dll
danuchay
2012-01-30, 02:32
Part 2

----------------------------------

c:\program files\wind\uninst.exe
c:\program files\wind\UpdateDog\HttpInterface.dll
c:\program files\wind\UpdateDog\Language\Liveupdate_ar.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_bg.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_cs.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_da.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_de-de.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_el.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_en-us.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_es-ar.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_es-es.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_et.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_fi.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_fr-fr.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_he.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_hr.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_hu.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_id.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_it-it.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_ja.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_ko.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_lv.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_mk.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_nl-nl.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_no.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_pl.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_pt-br.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_pt-pt.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_ro.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_ru.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_sk.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_sl.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_sr-sp.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_sv-se.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_tr.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_uk.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_zh-cn.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_zh-hk.lang
c:\program files\wind\UpdateDog\Language\Liveupdate_zh-tw.lang
c:\program files\wind\UpdateDog\libgcc_s_dw2-1.dll
c:\program files\wind\UpdateDog\LiveUpd.exe
c:\program files\wind\UpdateDog\LiveUpdate.dat
c:\program files\wind\UpdateDog\mingwm10.dll
c:\program files\wind\UpdateDog\OnlineUpdate Data\Config.xml
c:\program files\wind\UpdateDog\ouc.exe
c:\program files\wind\UpdateDog\plugins\imageformats\qgif4.dll
c:\program files\wind\UpdateDog\plugins\imageformats\qico4.dll
c:\program files\wind\UpdateDog\qt.conf
c:\program files\wind\UpdateDog\QtCore4.dll
c:\program files\wind\UpdateDog\QtGui4.dll
c:\program files\wind\UpdateDog\QtNetwork4.dll
c:\program files\wind\UpdateDog\QtXml4.dll
c:\program files\wind\UpdateDog\QueryStrategy.dll
c:\program files\wind\UpdateDog\res\BGUpdate.bmp
c:\program files\wind\UpdateDog\res\BGUpdate.gif
c:\program files\wind\UpdateDog\res\BGUpdate_ar.bmp
c:\program files\wind\UpdateDog\res\BGUpdate_ar.gif
c:\program files\wind\UpdateDog\res\loading.gif
c:\program files\wind\UpdateDog\res\loading_ar.gif
c:\program files\wind\UpdateDog\RunLiveUpd.exe
c:\program files\wind\UpdateDog\RunOuc.exe
c:\program files\wind\UpdateDog\Skin\OL_SKIN_DEFAULT.qss
c:\program files\wind\UpdateDog\Skin\OL_SKIN_DEFAULT_MAC.qss
c:\program files\wind\UpdateDog\Skin\res\border_line.png
c:\program files\wind\UpdateDog\Skin\res\button_disabled.png
c:\program files\wind\UpdateDog\Skin\res\button_focus.png
c:\program files\wind\UpdateDog\Skin\res\button_hover.png
c:\program files\wind\UpdateDog\Skin\res\button_normal.png
c:\program files\wind\UpdateDog\Skin\res\button_pressed.png
c:\program files\wind\UpdateDog\Skin\res\checkbox_checked_disabled.png
c:\program files\wind\UpdateDog\Skin\res\checkbox_checked_hover.png
c:\program files\wind\UpdateDog\Skin\res\checkbox_checked_normal.png
c:\program files\wind\UpdateDog\Skin\res\checkbox_checked_pressed.png
c:\program files\wind\UpdateDog\Skin\res\close_button_disable.png
c:\program files\wind\UpdateDog\Skin\res\close_button_hover.png
c:\program files\wind\UpdateDog\Skin\res\close_button_normal.png
c:\program files\wind\UpdateDog\Skin\res\close_button_press.png
c:\program files\wind\UpdateDog\Skin\res\frame_child_border.png
c:\program files\wind\UpdateDog\Skin\res\group_box_bg_line_curve_box.png
c:\program files\wind\UpdateDog\Skin\res\mac\close_button_disable.png
c:\program files\wind\UpdateDog\Skin\res\mac\close_button_hover.png
c:\program files\wind\UpdateDog\Skin\res\mac\close_button_normal.png
c:\program files\wind\UpdateDog\Skin\res\mac\close_button_press.png
c:\program files\wind\UpdateDog\Skin\res\mac\minimum_disable.png
c:\program files\wind\UpdateDog\Skin\res\mac\minimum_hover.png
c:\program files\wind\UpdateDog\Skin\res\mac\minimum_normal.png
c:\program files\wind\UpdateDog\Skin\res\mac\minimum_press.png
c:\program files\wind\UpdateDog\Skin\res\minimum_disable.png
c:\program files\wind\UpdateDog\Skin\res\minimum_hover.png
c:\program files\wind\UpdateDog\Skin\res\minimum_normal.png
c:\program files\wind\UpdateDog\Skin\res\minimum_press.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_down.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_down_gray.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_down_hover.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_down_press.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_left.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_left_gray.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_left_hover.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_left_press.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_right.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_right_gray.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_right_hover.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_right_press.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_up.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_up_gray.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_up_hover.png
c:\program files\wind\UpdateDog\Skin\res\popup_controls_button_up_press.png
c:\program files\wind\UpdateDog\Skin\res\progressbar_bg.png
c:\program files\wind\UpdateDog\Skin\res\progressbar_unbg.png
c:\program files\wind\UpdateDog\Skin\res\radio_button_disabled.png
c:\program files\wind\UpdateDog\Skin\res\radio_button_hover.png
c:\program files\wind\UpdateDog\Skin\res\radio_button_normal.png
c:\program files\wind\UpdateDog\Skin\res\radio_button_pressed.png
c:\program files\wind\UpdateDog\Skin\res\scrollbar_horizontal_hover.png
c:\program files\wind\UpdateDog\Skin\res\scrollbar_horizontal_normal.png
c:\program files\wind\UpdateDog\Skin\res\scrollbar_horizontal_press.png
c:\program files\wind\UpdateDog\Skin\res\scrollbar_vertical_hover.png
c:\program files\wind\UpdateDog\Skin\res\scrollbar_vertical_normal.png
c:\program files\wind\UpdateDog\Skin\res\scrollbar_vertical_press.png
c:\program files\wind\UpdateDog\Skin\res\sel_radio_button_disabled.png
c:\program files\wind\UpdateDog\Skin\res\sel_radio_button_hover.png
c:\program files\wind\UpdateDog\Skin\res\sel_radio_button_normal.png
c:\program files\wind\UpdateDog\Skin\res\sel_radio_button_pressed.png
c:\program files\wind\UpdateDog\Skin\res\table_header_bg.png
c:\program files\wind\UpdateDog\Skin\res\table_header_hover.png
c:\program files\wind\UpdateDog\Skin\res\table_header_press.png
c:\program files\wind\UpdateDog\Skin\res\table_header_separator.png
c:\program files\wind\UpdateDog\Skin\res\tree_widget_bg_line_box.png
c:\program files\wind\UpdateDog\Skin\res\tree_widget_bg_line_top_curve_box.png
c:\program files\wind\UpdateDog\Skin\res\uiplugin_bg.png
c:\program files\wind\UpdateDog\Skin\res\unsel_check_box_disabled.png
c:\program files\wind\UpdateDog\Skin\res\unsel_check_box_hover.png
c:\program files\wind\UpdateDog\Skin\res\unsel_check_box_pressed.png
c:\program files\wind\UpdateDog\Skin\res\unsel_check_box_unchecked.png
c:\program files\wind\UpdateDog\Skin\res\widget_bg_line_box.png
c:\program files\wind\UpdateDog\UpdateInfo.dat
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\images\phonebook_new_contact.png
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\images\sms_search.png
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\images\tool_bar_icon_phonebook_c00.png
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\utps_addrbook_concept_00001.html
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\utps_addrbook_concept_00002.html
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\utps_addrbook_concept_00006.html
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\utps_addrbook_concept_00012.html
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\utps_addrbook_task_00003.html
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\utps_addrbook_task_00004.html
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\utps_addrbook_task_00005.html
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\utps_addrbook_task_00007.html
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\utps_addrbook_task_00008.html
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\utps_addrbook_task_00009.html
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\utps_addrbook_task_00010.html
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\utps_addrbook_task_00011.html
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\utps_addrbook_task_00013.html
c:\program files\wind\usermanual\en-us\plugins\AddrBookUIPlugin\utps_addrbook_task_00014.html
c:\program files\wind\usermanual\en-us\plugins\DiagnosisPlugin\utps_diagnosis_concept_00001.html
c:\program files\wind\usermanual\en-us\plugins\DiagnosisPlugin\utps_diagnosis_task_00002.html
c:\program files\wind\usermanual\en-us\plugins\DiagnosisPlugin\utps_diagnosis_task_00003.html
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\images\4share.png
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\images\bitmap1.png
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\images\Browser.png
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\images\Browser_001.png
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\images\connected.png
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\images\disconnected.png
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\images\e-learning.png
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\images\FangZi.png
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\images\globe.png
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\images\logo.png
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\images\run.png
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\images\Thumbs.db
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\images\tool_bar_icon_connect_c00.png
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\utps_netconnect_concept_00001.html
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\utps_netconnect_concept_00008.html
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\utps_netconnect_task_00002.html
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\utps_netconnect_task_00009.html
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\utps_netconnect_task_00010.html
c:\program files\wind\usermanual\en-us\plugins\NetConnectPlugin\utps_netconnect_task_00011.html
c:\program files\wind\usermanual\en-us\plugins\NetInfoUIExPlugin\images\download.png
c:\program files\wind\usermanual\en-us\plugins\NetInfoUIExPlugin\images\tool_bar_icon_statistic_c00.png
c:\program files\wind\usermanual\en-us\plugins\NetInfoUIExPlugin\images\Upload.png
c:\program files\wind\usermanual\en-us\plugins\NetInfoUIExPlugin\utps_netinfo_concept_00001.html
c:\program files\wind\usermanual\en-us\plugins\NetInfoUIExPlugin\utps_netinfo_task_00002.html
c:\program files\wind\usermanual\en-us\plugins\NetInfoUIExPlugin\utps_netinfo_task_00003.html
c:\program files\wind\usermanual\en-us\plugins\NetSettingPlugin\utps_netconnect_concept_00003.html
c:\program files\wind\usermanual\en-us\plugins\NetSettingPlugin\utps_netconnect_concept_wcdmaedge_00005.html
c:\program files\wind\usermanual\en-us\plugins\NetSettingPlugin\utps_netconnect_task_00006.html
c:\program files\wind\usermanual\en-us\plugins\NetSettingPlugin\utps_netconnect_task_00007.html
c:\program files\wind\usermanual\en-us\plugins\NetSettingPlugin\utps_netconnect_task_wcdmaedge_00004.html
c:\program files\wind\usermanual\en-us\plugins\SMSUIPlugin\images\sms_new.png
c:\program files\wind\usermanual\en-us\plugins\SMSUIPlugin\images\sms_search.png
c:\program files\wind\usermanual\en-us\plugins\SMSUIPlugin\images\tool_bar_icon_sms_c00.png
c:\program files\wind\usermanual\en-us\plugins\SMSUIPlugin\utps_sms_concept_00001.html
c:\program files\wind\usermanual\en-us\plugins\SMSUIPlugin\utps_sms_concept_00003.html
c:\program files\wind\usermanual\en-us\plugins\SMSUIPlugin\utps_sms_concept_00006.html
c:\program files\wind\usermanual\en-us\plugins\SMSUIPlugin\utps_sms_concept_00007.html
c:\program files\wind\usermanual\en-us\plugins\SMSUIPlugin\utps_sms_task_00002.html
c:\program files\wind\usermanual\en-us\plugins\SMSUIPlugin\utps_sms_task_00004.html
c:\program files\wind\usermanual\en-us\plugins\SMSUIPlugin\utps_sms_task_00005.html
c:\program files\wind\usermanual\en-us\plugins\SMSUIPlugin\utps_sms_task_00008.html
c:\program files\wind\usermanual\en-us\plugins\SMSUIPlugin\utps_sms_task_00010.html
c:\program files\wind\usermanual\en-us\plugins\SMSUIPlugin\utps_sms_task_00012.html
c:\program files\wind\usermanual\en-us\plugins\SMSUIPlugin\utps_sms_task_00013.html
c:\program files\wind\usermanual\en-us\plugins\STKPlugin\utps_stk_task_00001.html
c:\program files\wind\usermanual\en-us\plugins\Support\images\Support_001.png
c:\program files\wind\usermanual\en-us\plugins\Support\images\Thumbs.db
c:\program files\wind\usermanual\en-us\plugins\Support\utps_support_task_00001.html
c:\program files\wind\usermanual\en-us\public_sys-resources\Buttun_Current.gif
c:\program files\wind\usermanual\en-us\public_sys-resources\Buttun_Normal.gif
c:\program files\wind\usermanual\en-us\public_sys-resources\commonltr.css
c:\program files\wind\usermanual\en-us\public_sys-resources\commonltr_zh-cn.css
c:\program files\wind\usermanual\en-us\public_sys-resources\commonrtl.css
c:\program files\wind\usermanual\en-us\public_sys-resources\delta.gif
c:\program files\wind\usermanual\en-us\public_sys-resources\deltaend.gif
c:\program files\wind\usermanual\en-us\public_sys-resources\ExpandCollapse.js
c:\program files\wind\usermanual\en-us\public_sys-resources\icon-arrowdn.gif
c:\program files\wind\usermanual\en-us\public_sys-resources\icon-arrowrt.gif
c:\program files\wind\usermanual\en-us\public_sys-resources\icon-caution.gif
c:\program files\wind\usermanual\en-us\public_sys-resources\icon-danger.gif
c:\program files\wind\usermanual\en-us\public_sys-resources\icon-huawei.gif
c:\program files\wind\usermanual\en-us\public_sys-resources\icon-note.gif
c:\program files\wind\usermanual\en-us\public_sys-resources\icon-tip.gif
c:\program files\wind\usermanual\en-us\public_sys-resources\icon-warning.gif
c:\program files\wind\usermanual\en-us\public_sys-resources\Thumbs.db
c:\program files\wind\usermanual\en-us\usermanual\changelanguage\utps_changelanguage_task_00001.html
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image001.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image002.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image003.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image004.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image005.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image006.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image007.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image008.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image009.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image010.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image011.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image012.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image013.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image014.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image015.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image016.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image017.png
c:\program files\wind\usermanual\en-us\usermanual\computer\images\image018.png
c:\program files\wind\usermanual\en-us\usermanual\computer\utps_computer_concept_00001.html
c:\program files\wind\usermanual\en-us\usermanual\computer\utps_computer_topic_00002.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_concept_00001.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_concept_00006.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_concept_00012.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_concept_00019.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00002.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00003.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00004.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00005.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00007.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00008.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00009.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00010.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00011.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00013.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00014.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00015.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00016.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00017.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00018.html
c:\program files\wind\usermanual\en-us\usermanual\faq\utps_faq_task_00020.html
c:\program files\wind\usermanual\en-us\usermanual\images\huaweismall.gif
c:\program files\wind\usermanual\en-us\usermanual\images\Thumbs.db
c:\program files\wind\usermanual\en-us\usermanual\OnlineUpdate\utps_onlineupdate_task_00002.html
c:\program files\wind\usermanual\en-us\usermanual\OnlineUpdate\utps_onlineupdate_task_00003.html
c:\program files\wind\usermanual\en-us\usermanual\OnlineUpdate\utps_onlineupdate_task_00004.html
c:\program files\wind\usermanual\en-us\usermanual\pin\utps_pin_concept_00001.html
c:\program files\wind\usermanual\en-us\usermanual\pin\utps_pin_task_00002.html
c:\program files\wind\usermanual\en-us\usermanual\pin\utps_pin_task_00003.html
c:\program files\wind\usermanual\en-us\usermanual\pin\utps_pin_task_00004.html
c:\program files\wind\usermanual\en-us\usermanual\pin\utps_pin_task_00005.html
c:\program files\wind\usermanual\en-us\usermanual\start\utps_start_task_Win_00001.html
c:\program files\wind\usermanual\en-us\usermanual\utps_content_concept_00001.html
c:\program files\wind\usermanual\en-us\usermanual\utps_copyright_concept_00001.html
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\images\phonebook_new_contact.png
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\images\sms_search.png
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\images\tool_bar_icon_phonebook_c00.png
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\utps_addrbook_concept_00001.html
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\utps_addrbook_concept_00002.html
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\utps_addrbook_concept_00006.html
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\utps_addrbook_concept_00012.html
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\utps_addrbook_task_00003.html
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\utps_addrbook_task_00004.html
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\utps_addrbook_task_00005.html
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\utps_addrbook_task_00007.html
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\utps_addrbook_task_00008.html
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\utps_addrbook_task_00009.html
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\utps_addrbook_task_00010.html
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\utps_addrbook_task_00011.html
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\utps_addrbook_task_00013.html
c:\program files\wind\usermanual\fr-fr\plugins\AddrBookUIPlugin\utps_addrbook_task_00014.html
c:\program files\wind\usermanual\fr-fr\plugins\DiagnosisPlugin\utps_diagnosis_concept_00001.html
c:\program files\wind\usermanual\fr-fr\plugins\DiagnosisPlugin\utps_diagnosis_task_00002.html
c:\program files\wind\usermanual\fr-fr\plugins\DiagnosisPlugin\utps_diagnosis_task_00003.html
c:\program files\wind\usermanual\fr-fr\plugins\NetConnectPlugin\images\Browser.png
c:\program files\wind\usermanual\fr-fr\plugins\NetConnectPlugin\images\connected.png
c:\program files\wind\usermanual\fr-fr\plugins\NetConnectPlugin\images\disconnected.png
c:\program files\wind\usermanual\fr-fr\plugins\NetConnectPlugin\images\logo.png
c:\program files\wind\usermanual\fr-fr\plugins\NetConnectPlugin\images\tool_bar_icon_connect_c00.png
c:\program files\wind\usermanual\fr-fr\plugins\NetConnectPlugin\utps_netconnect_concept_00001.html
c:\program files\wind\usermanual\fr-fr\plugins\NetConnectPlugin\utps_netconnect_concept_00008.html
c:\program files\wind\usermanual\fr-fr\plugins\NetConnectPlugin\utps_netconnect_task_00002.html
c:\program files\wind\usermanual\fr-fr\plugins\NetConnectPlugin\utps_netconnect_task_00009.html
c:\program files\wind\usermanual\fr-fr\plugins\NetConnectPlugin\utps_netconnect_task_00010.html
c:\program files\wind\usermanual\fr-fr\plugins\NetConnectPlugin\utps_netconnect_task_00011.html
c:\program files\wind\usermanual\fr-fr\plugins\NetInfoUIExPlugin\images\download.png
c:\program files\wind\usermanual\fr-fr\plugins\NetInfoUIExPlugin\images\tool_bar_icon_statistic_c00.png
c:\program files\wind\usermanual\fr-fr\plugins\NetInfoUIExPlugin\images\Upload.png
c:\program files\wind\usermanual\fr-fr\plugins\NetInfoUIExPlugin\utps_netinfo_concept_00001.html
c:\program files\wind\usermanual\fr-fr\plugins\NetInfoUIExPlugin\utps_netinfo_task_00002.html
c:\program files\wind\usermanual\fr-fr\plugins\NetInfoUIExPlugin\utps_netinfo_task_00003.html
c:\program files\wind\usermanual\fr-fr\plugins\NetSettingPlugin\utps_netconnect_concept_00003.html
c:\program files\wind\usermanual\fr-fr\plugins\NetSettingPlugin\utps_netconnect_concept_wcdmaedge_00005.html
c:\program files\wind\usermanual\fr-fr\plugins\NetSettingPlugin\utps_netconnect_task_00006.html
c:\program files\wind\usermanual\fr-fr\plugins\NetSettingPlugin\utps_netconnect_task_00007.html
c:\program files\wind\usermanual\fr-fr\plugins\NetSettingPlugin\utps_netconnect_task_wcdmaedge_00004.html
c:\program files\wind\usermanual\fr-fr\plugins\SMSUIPlugin\images\sms_new.png
c:\program files\wind\usermanual\fr-fr\plugins\SMSUIPlugin\images\sms_search.png
c:\program files\wind\usermanual\fr-fr\plugins\SMSUIPlugin\images\tool_bar_icon_sms_c00.png
c:\program files\wind\usermanual\fr-fr\plugins\SMSUIPlugin\utps_sms_concept_00001.html
c:\program files\wind\usermanual\fr-fr\plugins\SMSUIPlugin\utps_sms_concept_00003.html
c:\program files\wind\usermanual\fr-fr\plugins\SMSUIPlugin\utps_sms_concept_00006.html
c:\program files\wind\usermanual\fr-fr\plugins\SMSUIPlugin\utps_sms_concept_00007.html
c:\program files\wind\usermanual\fr-fr\plugins\SMSUIPlugin\utps_sms_task_00002.html
c:\program files\wind\usermanual\fr-fr\plugins\SMSUIPlugin\utps_sms_task_00004.html
c:\program files\wind\usermanual\fr-fr\plugins\SMSUIPlugin\utps_sms_task_00005.html
c:\program files\wind\usermanual\fr-fr\plugins\SMSUIPlugin\utps_sms_task_00008.html
c:\program files\wind\usermanual\fr-fr\plugins\SMSUIPlugin\utps_sms_task_00010.html
c:\program files\wind\usermanual\fr-fr\plugins\SMSUIPlugin\utps_sms_task_00012.html
c:\program files\wind\usermanual\fr-fr\plugins\SMSUIPlugin\utps_sms_task_00013.html
c:\program files\wind\usermanual\fr-fr\plugins\STKPlugin\utps_stk_task_00001.html
c:\program files\wind\usermanual\fr-fr\public_sys-resources\Buttun_Current.gif
c:\program files\wind\usermanual\fr-fr\public_sys-resources\Buttun_Normal.gif
c:\program files\wind\usermanual\fr-fr\public_sys-resources\commonltr.css
c:\program files\wind\usermanual\fr-fr\public_sys-resources\commonltr_zh-cn.css
c:\program files\wind\usermanual\fr-fr\public_sys-resources\commonrtl.css
c:\program files\wind\usermanual\fr-fr\public_sys-resources\delta.gif
c:\program files\wind\usermanual\fr-fr\public_sys-resources\deltaend.gif
c:\program files\wind\usermanual\fr-fr\public_sys-resources\ExpandCollapse.js
c:\program files\wind\usermanual\fr-fr\public_sys-resources\icon-arrowdn.gif
c:\program files\wind\usermanual\fr-fr\public_sys-resources\icon-arrowrt.gif
c:\program files\wind\usermanual\fr-fr\public_sys-resources\icon-caution.gif
c:\program files\wind\usermanual\fr-fr\public_sys-resources\icon-danger.gif
c:\program files\wind\usermanual\fr-fr\public_sys-resources\icon-huawei.gif
c:\program files\wind\usermanual\fr-fr\public_sys-resources\icon-note.gif
c:\program files\wind\usermanual\fr-fr\public_sys-resources\icon-tip.gif
c:\program files\wind\usermanual\fr-fr\public_sys-resources\icon-warning.gif
c:\program files\wind\usermanual\fr-fr\usermanual\changelanguage\utps_changelanguage_task_00001.html
c:\program files\wind\usermanual\fr-fr\usermanual\faq\utps_faq_concept_00001.html
c:\program files\wind\usermanual\fr-fr\usermanual\faq\utps_faq_task_00002.html
c:\program files\wind\usermanual\fr-fr\usermanual\faq\utps_faq_task_00003.html
c:\program files\wind\usermanual\fr-fr\usermanual\faq\utps_faq_task_00004.html
c:\program files\wind\usermanual\fr-fr\usermanual\faq\utps_faq_task_00005.html
c:\program files\wind\usermanual\fr-fr\usermanual\images\huaweismall.gif
c:\program files\wind\usermanual\fr-fr\usermanual\OnlineUpdate\utps_onlineupdate_task_00002.html
c:\program files\wind\usermanual\fr-fr\usermanual\OnlineUpdate\utps_onlineupdate_task_00003.html
c:\program files\wind\usermanual\fr-fr\usermanual\OnlineUpdate\utps_onlineupdate_task_00004.html
c:\program files\wind\usermanual\fr-fr\usermanual\pin\utps_pin_concept_00001.html
c:\program files\wind\usermanual\fr-fr\usermanual\pin\utps_pin_task_00002.html
c:\program files\wind\usermanual\fr-fr\usermanual\pin\utps_pin_task_00003.html
c:\program files\wind\usermanual\fr-fr\usermanual\pin\utps_pin_task_00004.html
c:\program files\wind\usermanual\fr-fr\usermanual\pin\utps_pin_task_00005.html
c:\program files\wind\usermanual\fr-fr\usermanual\start\utps_start_task_Win_00001.html
c:\program files\wind\usermanual\fr-fr\usermanual\utps_content_concept_00001.html
c:\program files\wind\usermanual\fr-fr\usermanual\utps_copyright_concept_00001.html
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\images\phonebook_new_contact.png
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\images\sms_search.png
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\images\tool_bar_icon_phonebook_c00.png
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\utps_addrbook_concept_00001.html
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\utps_addrbook_concept_00002.html
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\utps_addrbook_concept_00006.html
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\utps_addrbook_concept_00012.html
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\utps_addrbook_task_00003.html
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\utps_addrbook_task_00004.html
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\utps_addrbook_task_00005.html
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\utps_addrbook_task_00007.html
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\utps_addrbook_task_00008.html
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\utps_addrbook_task_00009.html
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\utps_addrbook_task_00010.html
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\utps_addrbook_task_00011.html
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\utps_addrbook_task_00013.html
c:\program files\wind\usermanual\zh-cn\plugins\AddrBookUIPlugin\utps_addrbook_task_00014.html
c:\program files\wind\usermanual\zh-cn\plugins\DiagnosisPlugin\utps_diagnosis_concept_00001.html
c:\program files\wind\usermanual\zh-cn\plugins\DiagnosisPlugin\utps_diagnosis_task_00002.html
c:\program files\wind\usermanual\zh-cn\plugins\DiagnosisPlugin\utps_diagnosis_task_00003.html
c:\program files\wind\usermanual\zh-cn\plugins\NetConnectPlugin\images\Browser.png
c:\program files\wind\usermanual\zh-cn\plugins\NetConnectPlugin\images\connected.png
c:\program files\wind\usermanual\zh-cn\plugins\NetConnectPlugin\images\disconnected.png
c:\program files\wind\usermanual\zh-cn\plugins\NetConnectPlugin\images\logo.png
c:\program files\wind\usermanual\zh-cn\plugins\NetConnectPlugin\images\tool_bar_icon_connect_c00.png
c:\program files\wind\usermanual\zh-cn\plugins\NetConnectPlugin\utps_netconnect_concept_00001.html
c:\program files\wind\usermanual\zh-cn\plugins\NetConnectPlugin\utps_netconnect_concept_00008.html
c:\program files\wind\usermanual\zh-cn\plugins\NetConnectPlugin\utps_netconnect_task_00002.html
c:\program files\wind\usermanual\zh-cn\plugins\NetConnectPlugin\utps_netconnect_task_00009.html
c:\program files\wind\usermanual\zh-cn\plugins\NetConnectPlugin\utps_netconnect_task_00010.html
c:\program files\wind\usermanual\zh-cn\plugins\NetConnectPlugin\utps_netconnect_task_00011.html
c:\program files\wind\usermanual\zh-cn\plugins\NetInfoUIExPlugin\images\download.png
c:\program files\wind\usermanual\zh-cn\plugins\NetInfoUIExPlugin\images\tool_bar_icon_statistic_c00.png
c:\program files\wind\usermanual\zh-cn\plugins\NetInfoUIExPlugin\images\Upload.png
c:\program files\wind\usermanual\zh-cn\plugins\NetInfoUIExPlugin\utps_netinfo_concept_00001.html
c:\program files\wind\usermanual\zh-cn\plugins\NetInfoUIExPlugin\utps_netinfo_task_00002.html
c:\program files\wind\usermanual\zh-cn\plugins\NetInfoUIExPlugin\utps_netinfo_task_00003.html
c:\program files\wind\usermanual\zh-cn\plugins\NetSettingPlugin\utps_netconnect_concept_00003.html
c:\program files\wind\usermanual\zh-cn\plugins\NetSettingPlugin\utps_netconnect_concept_wcdmaedge_00005.html
c:\program files\wind\usermanual\zh-cn\plugins\NetSettingPlugin\utps_netconnect_task_00006.html
c:\program files\wind\usermanual\zh-cn\plugins\NetSettingPlugin\utps_netconnect_task_00007.html
c:\program files\wind\usermanual\zh-cn\plugins\NetSettingPlugin\utps_netconnect_task_wcdmaedge_00004.html
c:\program files\wind\usermanual\zh-cn\plugins\SMSUIPlugin\images\sms_new.png
c:\program files\wind\usermanual\zh-cn\plugins\SMSUIPlugin\images\sms_search.png
c:\program files\wind\usermanual\zh-cn\plugins\SMSUIPlugin\images\tool_bar_icon_sms_c00.png
c:\program files\wind\usermanual\zh-cn\plugins\SMSUIPlugin\utps_sms_concept_00001.html
c:\program files\wind\usermanual\zh-cn\plugins\SMSUIPlugin\utps_sms_concept_00003.html
c:\program files\wind\usermanual\zh-cn\plugins\SMSUIPlugin\utps_sms_concept_00006.html
c:\program files\wind\usermanual\zh-cn\plugins\SMSUIPlugin\utps_sms_concept_00007.html
c:\program files\wind\usermanual\zh-cn\plugins\SMSUIPlugin\utps_sms_task_00002.html
c:\program files\wind\usermanual\zh-cn\plugins\SMSUIPlugin\utps_sms_task_00004.html
c:\program files\wind\usermanual\zh-cn\plugins\SMSUIPlugin\utps_sms_task_00005.html
c:\program files\wind\usermanual\zh-cn\plugins\SMSUIPlugin\utps_sms_task_00008.html
c:\program files\wind\usermanual\zh-cn\plugins\SMSUIPlugin\utps_sms_task_00010.html
c:\program files\wind\usermanual\zh-cn\plugins\SMSUIPlugin\utps_sms_task_00012.html
c:\program files\wind\usermanual\zh-cn\plugins\SMSUIPlugin\utps_sms_task_00013.html
c:\program files\wind\usermanual\zh-cn\plugins\STKPlugin\utps_stk_task_00001.html
c:\program files\wind\usermanual\zh-cn\public_sys-resources\Buttun_Current.gif
c:\program files\wind\usermanual\zh-cn\public_sys-resources\Buttun_Normal.gif
c:\program files\wind\usermanual\zh-cn\public_sys-resources\commonltr.css
c:\program files\wind\usermanual\zh-cn\public_sys-resources\commonltr_zh-cn.css
c:\program files\wind\usermanual\zh-cn\public_sys-resources\commonrtl.css
c:\program files\wind\usermanual\zh-cn\public_sys-resources\delta.gif
c:\program files\wind\usermanual\zh-cn\public_sys-resources\deltaend.gif
c:\program files\wind\usermanual\zh-cn\public_sys-resources\ExpandCollapse.js
c:\program files\wind\usermanual\zh-cn\public_sys-resources\icon-arrowdn.gif
c:\program files\wind\usermanual\zh-cn\public_sys-resources\icon-arrowrt.gif
c:\program files\wind\usermanual\zh-cn\public_sys-resources\icon-caution.gif
c:\program files\wind\usermanual\zh-cn\public_sys-resources\icon-danger.gif
c:\program files\wind\usermanual\zh-cn\public_sys-resources\icon-huawei.gif
c:\program files\wind\usermanual\zh-cn\public_sys-resources\icon-note.gif
c:\program files\wind\usermanual\zh-cn\public_sys-resources\icon-tip.gif
c:\program files\wind\usermanual\zh-cn\public_sys-resources\icon-warning.gif
c:\program files\wind\usermanual\zh-cn\usermanual\changelanguage\utps_changelanguage_task_00001.html
c:\program files\wind\usermanual\zh-cn\usermanual\faq\utps_faq_concept_00001.html
c:\program files\wind\usermanual\zh-cn\usermanual\faq\utps_faq_task_00002.html
c:\program files\wind\usermanual\zh-cn\usermanual\faq\utps_faq_task_00003.html
c:\program files\wind\usermanual\zh-cn\usermanual\faq\utps_faq_task_00004.html
c:\program files\wind\usermanual\zh-cn\usermanual\faq\utps_faq_task_00005.html
c:\program files\wind\usermanual\zh-cn\usermanual\images\huawei1.png
c:\program files\wind\usermanual\zh-cn\usermanual\images\huawei2.png
c:\program files\wind\usermanual\zh-cn\usermanual\images\huaweismall.gif
c:\program files\wind\usermanual\zh-cn\usermanual\OnlineUpdate\utps_onlineupdate_task_00002.html
c:\program files\wind\usermanual\zh-cn\usermanual\OnlineUpdate\utps_onlineupdate_task_00003.html
c:\program files\wind\usermanual\zh-cn\usermanual\OnlineUpdate\utps_onlineupdate_task_00004.html
c:\program files\wind\usermanual\zh-cn\usermanual\pin\utps_pin_concept_00001.html
c:\program files\wind\usermanual\zh-cn\usermanual\pin\utps_pin_task_00002.html
c:\program files\wind\usermanual\zh-cn\usermanual\pin\utps_pin_task_00003.html
c:\program files\wind\usermanual\zh-cn\usermanual\pin\utps_pin_task_00004.html
c:\program files\wind\usermanual\zh-cn\usermanual\pin\utps_pin_task_00005.html
c:\program files\wind\usermanual\zh-cn\usermanual\start\utps_start_task_Win_00001.html
c:\program files\wind\usermanual\zh-cn\usermanual\utps_content_concept_00001.html
c:\program files\wind\usermanual\zh-cn\usermanual\utps_copyright_concept_00001.html
c:\program files\wind\USSDSrvPlugin.dll
c:\program files\wind\USSDUIPlugin.dll
c:\program files\wind\Win7Support.dll
c:\program files\WIND\WIND.exe
c:\program files\wind\XCodec.dll
c:\program files\wind\XFramePlugin.dll
c:\windows\Downloaded Installations\BMP
c:\windows\Downloaded Installations\BMP\{44C774BE-1389-4E84-B5DE-54D9FB4A2253}\1033.MST
c:\windows\Downloaded Installations\BMP\{44C774BE-1389-4E84-B5DE-54D9FB4A2253}\BACS.msi
c:\windows\system32\Corel Photo Album 6(2).scr
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\linkinfo(3).dll
c:\windows\system32\linkinfo(4).dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FAD
-------\Legacy_WIND._RunOuc
-------\Legacy_WIND._RunOuc
-------\Service_WIND. RunOuc
-------\Service_WIND. RunOuc
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-27 13:07 . 2012-01-06 04:19 6557240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{18F77F56-0301-4F36-86BD-8935125F3D85}\mpengine.dll
2012-01-25 02:20 . 2012-01-25 02:20 -------- d-----w- c:\program files\ERUNT
2012-01-25 01:41 . 2012-01-25 02:04 -------- d-----w- c:\documents and settings\Gooderham.LAPTOP\Local Settings\Application Data\NPE
2012-01-25 01:41 . 2012-01-25 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2012-01-17 13:21 . 2012-01-17 13:21 -------- d-----w- c:\program files\Defraggler
2012-01-17 06:44 . 2012-01-17 06:44 -------- d-----w- c:\program files\CCleaner
2012-01-14 13:07 . 2012-01-14 13:08 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2012-01-14 13:07 . 2012-01-14 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2012-01-14 13:07 . 2012-01-14 13:07 -------- d-----w- c:\program files\SearchPredict
2012-01-14 13:07 . 1998-12-05 18:18 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2012-01-14 13:07 . 2012-01-14 13:07 -------- d-----w- c:\program files\SpeedBit Video Downloader
2012-01-06 20:02 . 2012-01-06 20:02 -------- d-----w- c:\program files\Hewlett-Packard
2012-01-06 20:02 . 2012-01-06 20:02 -------- d-----w- c:\program files\HP
2012-01-06 15:24 . 2012-01-06 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSS
2012-01-06 15:15 . 2012-01-06 15:15 -------- d-----w- c:\documents and settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application
2012-01-06 15:15 . 2012-01-06 15:15 -------- d-----w- c:\documents and settings\Gooderham.LAPTOP\Application Data\HPSS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-06 04:19 . 2006-05-04 10:00 6557240 -c--a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-12-30 19:51 . 2011-12-30 19:51 90112 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2011-12-30 19:51 . 2011-12-30 19:51 861696 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-12-30 19:51 . 2011-12-30 19:51 73216 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2011-12-30 19:51 . 2011-12-30 19:51 64384 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2011-12-30 19:51 . 2011-12-30 19:51 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2011-12-30 19:51 . 2011-12-30 19:51 26624 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2011-12-30 19:51 . 2011-12-30 19:51 25856 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-12-30 19:51 . 2011-12-30 19:51 235392 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-12-30 19:51 . 2011-12-30 19:51 193792 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-12-30 19:51 . 2011-12-30 19:51 19200 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2011-12-30 19:51 . 2011-12-30 19:51 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2011-12-30 19:51 . 2011-12-30 19:51 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2011-12-30 19:51 . 2011-12-30 19:51 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2011-12-30 19:51 . 2011-12-30 19:51 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2011-12-10 20:24 . 2008-09-04 04:31 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-07 15:08 . 2009-10-07 16:09 236576 -c----w- c:\windows\system32\MpSigStub.exe
2011-11-25 21:57 . 2004-08-10 18:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-10 18:51 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-10 18:51 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-10 18:51 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-10 18:51 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-13 16:03 . 2011-05-25 18:38 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2004-08-10 18:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2004-08-10 18:51 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2004-08-10 18:51 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-10 18:51 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-11-01 12:32 . 2011-11-01 12:32 573100 ----a-w- c:\windows\system32\sqlite3.dll
2011-10-21 11:37 . 2011-10-21 11:37 4752189 -c--a-w- c:\program files\exiftool(-k).exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
2011-06-28 22:41 498840 ----a-w- c:\program files\SearchPredict\SearchPredict.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
2012-01-14 13:07 2660016 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Gooderham.LAPTOP\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-23 39408]
"Mobile Partner"="c:\program files\WIND\WIND.exe" [2012-01-30 514048]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2012-01-14 1406664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Gooderham.LAPTOP\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
HP SimpleSave Monitor.lnk - c:\documents and settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe [2012-1-6 477080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-19 24576]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMREMIND.EXE [2007-4-1 327680]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
R2 BackupService;BackupService;c:\documents and settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [06/01/2012 10:15 AM 83512]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe [14/03/2011 10:27 AM 271712]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [16/12/2009 9:11 AM 65856]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 6:19 PM 13592]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [29/01/2012 7:06 PM 11136]
S2 gupdate1c9d47de932459a;Google Update Service (gupdate1c9d47de932459a);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 5:22 AM 133104]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [29/01/2012 7:06 PM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [29/01/2012 7:06 PM 235392]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 5:22 AM 133104]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [29/01/2012 7:06 PM 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 10:22]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 10:22]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006Core.job
- c:\documents and settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-17 18:48]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006UA.job
- c:\documents and settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-17 18:48]
.
2012-01-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
TCP: Interfaces\{DDF6F85E-CD3A-420A-9EA1-18EB04C811FE}: NameServer = 74.115.197.69 74.115.197.68
DPF: {4B48D5DF-9021-45F7-A240-60304302A215}
FF - ProfilePath - c:\documents and settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?st=1
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: SearchPredict: searchpredict@speedbit.com - c:\program files\SearchPredict\PRFireFox
FF - Ext: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\SpeedBit Video Downloader\SPFireFox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: UnMHT: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0} - %profile%\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-WIND - c:\program files\WIND\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-29 19:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(436)
c:\program files\SpeedBit Video Accelerator\SBLSP.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
.
- - - - - - - > 'explorer.exe'(3304)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe
c:\documents and settings\All Users\Application Data\DatacardService\Temp\WIND\setup.exe
c:\program files\WIND\driver\driversetup.exe
c:\program files\WIND\driver\devsetup32.exe
c:\program files\WIND\AutoRun\AutoRunSetup.exe
.
**************************************************************************
.
Completion time: 2012-01-29 19:09:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-30 00:09
.
Pre-Run: 7,407,747,072 bytes free
Post-Run: 7,196,966,912 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C757BDCF6EBEB17D90A45F86871FED44
danuchay
2012-01-30, 02:35
Just an FYI.....when I launched Explorer after the reboot....a pop-up said it was no longer my default browser.
ken545
2012-01-30, 02:40
Hey,
Looks like we cross posted. Next time you launch IE and it tells you its not your default to you want to make it your default , say yes if you want it to be.

It looks like Combofix may have mistaken Wind Mobile for Wind Optimizer which is a rogue program.


What are you experiencing now, any browser redirects or anything else to make you think your infected ?

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please





OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
danuchay
2012-01-30, 03:45
Hello Ken,

Google at the moment appears to be working correctly..... :)

Here are the reports as requested.

--------------------------------------------

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.29.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gooderham :: DELL [administrator]

29/01/2012 8:12:13 PM
mbam-log-2012-01-29 (20-12-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234268
Time elapsed: 5 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


-----------------------------------------------------------


OTL logfile created on: 29/01/2012 8:30:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Gooderham.LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.40% Memory free
4.83 Gb Paging File | 4.54 Gb Available in Paging File | 94.07% Paging File free
Paging file location(s): C:\pagefile.sys 3058 3058 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 6.78 Gb Free Space | 19.82% Space Free | Partition Type: NTFS
Drive E: | 35.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DELL | User Name: Gooderham | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\WIND\WIND.exe ()
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (SpeedBit LTD)
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
PRC - C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe ()
PRC - C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\uUACTokenSvc.exe (ArcSoft, Inc.)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\WIND\WIND.exe ()
MOD - C:\Program Files\WIND\XFramePlugin.dll ()
MOD - C:\Program Files\WIND\XCodec.dll ()
MOD - C:\Program Files\WIND\Win7Support.dll ()
MOD - C:\Program Files\WIND\SMSUIPlugin.dll ()
MOD - C:\Program Files\WIND\SmsAppPlugin.dll ()
MOD - C:\Program Files\WIND\StatusBarMgrPlugin.dll ()
MOD - C:\Program Files\WIND\ToolBarMgrPlugin.dll ()
MOD - C:\Program Files\WIND\SmsSrvPlugin.dll ()
MOD - C:\Program Files\WIND\STKSrvPlugin.dll ()
MOD - C:\Program Files\WIND\USSDSrvPlugin.dll ()
MOD - C:\Program Files\WIND\Trace.dll ()
MOD - C:\Program Files\WIND\QtNetwork4.dll ()
MOD - C:\Program Files\WIND\sdk.dll ()
MOD - C:\Program Files\WIND\QtGui4.dll ()
MOD - C:\Program Files\WIND\plugins\imageformats\qtiff4.dll ()
MOD - C:\Program Files\WIND\QtCore4.dll ()
MOD - C:\Program Files\WIND\PluginContainer.dll ()
MOD - C:\Program Files\WIND\Proxy.dll ()
MOD - C:\Program Files\WIND\plugins\imageformats\qmng4.dll ()
MOD - C:\Program Files\WIND\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\WIND\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files\WIND\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files\WIND\OSPowerMgr.dll ()
MOD - C:\Program Files\WIND\NetInfoUIExPlugin.dll ()
MOD - C:\Program Files\WIND\NetSrvPlugin.dll ()
MOD - C:\Program Files\WIND\OSDialup.dll ()
MOD - C:\Program Files\WIND\OSNDIS.dll ()
MOD - C:\Program Files\WIND\OSAdapt.dll ()
MOD - C:\Program Files\WIND\NotifyServicePlugin.dll ()
MOD - C:\Program Files\WIND\OSCall.dll ()
MOD - C:\Program Files\WIND\NDISAPI.dll ()
MOD - C:\Program Files\WIND\NetConnectPlugin.dll ()
MOD - C:\Program Files\WIND\NetInfoSrvPlugin.dll ()
MOD - C:\Program Files\WIND\MenuMgrPlugin.dll ()
MOD - C:\Program Files\WIND\NDISPlugin.dll ()
MOD - C:\Program Files\WIND\NetConnectSrvPlugin.dll ()
MOD - C:\Program Files\WIND\mingwm10.dll ()
MOD - C:\Program Files\WIND\LiveUpdateInterface.dll ()
MOD - C:\Program Files\WIND\LayoutPlugin.dll ()
MOD - C:\Program Files\WIND\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files\WIND\DeviceMgrUIPlugin.dll ()
MOD - C:\Program Files\WIND\DialupUIPlugin.dll ()
MOD - C:\Program Files\WIND\DeviceAppPlugin.dll ()
MOD - C:\Program Files\WIND\DeviceSrvPlugin.dll ()
MOD - C:\Program Files\WIND\DialUpPlugin.dll ()
MOD - C:\Program Files\WIND\core.dll ()
MOD - C:\Program Files\WIND\Common.dll ()
MOD - C:\Program Files\WIND\CallSrvPlugin.dll ()
MOD - C:\Program Files\WIND\DataServicePlugin.dll ()
MOD - C:\Program Files\WIND\AddrBookUIPlugin.dll ()
MOD - C:\Program Files\WIND\CallAppPlugin.dll ()
MOD - C:\Program Files\WIND\CallLogSrvPlugin.dll ()
MOD - C:\Program Files\WIND\AtCodec.dll ()
MOD - C:\Program Files\WIND\ATR2SMgr.dll ()
MOD - C:\Program Files\WIND\AddrBookPlugin.dll ()
MOD - C:\Program Files\WIND\AddrBookSrvPlugin.dll ()
MOD - C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe ()
MOD - C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\pdfmonnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HWDeviceService.exe) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (VideoAcceleratorService) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
SRV - (BackupService) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\uUACTokenSvc.exe (ArcSoft, Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (Avg7UpdSvc) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe (GRISOFT, s.r.o.)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_usbenumfilter) -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (AvgTdi) -- C:\WINDOWS\System32\Drivers\avgtdi.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsXP) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys (GRISOFT, s.r.o.)
DRV - (Avg7RsW) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys (GRISOFT, s.r.o.)
DRV - (Avg7Core) -- C:\WINDOWS\System32\Drivers\avg7core.sys (GRISOFT, s.r.o.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.ca/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.ca/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?st=1"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: searchpredict@speedbit.com:1.0.1.0
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.4.1
FF - prefs.js..extensions.enabledItems: {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}:5.7.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\searchpredict@speedbit.com: C:\Program Files\SearchPredict\PRFireFox [2012/01/14 08:07:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2012/01/14 08:07:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/18 10:15:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/18 10:15:38 | 000,000,000 | ---D | M]

[2011/02/16 00:42:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Extensions
[2009/08/09 19:02:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/01/24 12:28:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions
[2012/01/23 09:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[2012/01/09 07:49:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/27 20:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/01/24 12:28:15 | 000,000,000 | ---D | M] (UnMHT) -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}
[2010/03/28 11:08:00 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Mozilla\Firefox\Profiles\9yflb6sv.default\searchplugins\askcom.xml
[2011/02/16 00:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/22 08:56:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/01/14 08:07:18 | 000,000,000 | ---D | M] (SearchPredict) -- C:\PROGRAM FILES\SEARCHPREDICT\PRFIREFOX
[2012/01/14 08:07:23 | 000,000,000 | ---D | M] (SpeedBit Video Downloader) -- C:\PROGRAM FILES\SPEEDBIT VIDEO DOWNLOADER\SPFIREFOX
[2011/03/29 14:23:53 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchTerms}&rls=p,com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/29 19:00:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (SpeedBit Ltd.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (SpeedBit)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O4 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (SpeedBit LTD)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/30 10:19:15 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE (The Learning Company)
O4 - Startup: C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\HP SimpleSave Monitor.lnk = C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application\StartHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDF6F85E-CD3A-420A-9EA1-18EB04C811FE}: NameServer = 74.115.197.69 74.115.197.68
O18 - Protocol\Filter\x-sdch - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (zwebauth.dll) -C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/16 10:27:21 | 000,148,320 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/11/30 12:53:56 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 20:29:10 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/29 20:22:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
[2012/01/29 20:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/29 20:09:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/29 20:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/29 19:06:56 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2012/01/29 19:06:56 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2012/01/29 19:06:55 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2012/01/29 19:06:55 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2012/01/29 19:06:54 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2012/01/29 19:06:54 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2012/01/29 19:06:54 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2012/01/29 19:06:54 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2012/01/29 19:06:54 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2012/01/29 19:06:54 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2012/01/29 19:06:54 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2012/01/29 19:06:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/01/29 19:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\WIND
[2012/01/29 18:45:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/29 18:43:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/29 18:43:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/29 18:43:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/29 18:43:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/29 16:32:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/29 16:29:23 | 004,393,882 | R--- | C] (Swearware) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\ComboFix.exe
[2012/01/24 21:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/01/24 21:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/01/24 20:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\NPE
[2012/01/24 20:41:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2012/01/19 23:20:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Wind Mobile Internet
[2012/01/17 09:46:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Google Chrome
[2012/01/17 08:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2012/01/17 08:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012/01/17 01:47:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Recent
[2012/01/17 01:44:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/01/17 01:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/01/14 08:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpeedBit Video Accelerator
[2012/01/14 08:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Accelerator
[2012/01/14 08:07:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpeedBit Video Downloader
[2012/01/14 08:07:18 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2012/01/14 08:07:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2012/01/14 08:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\SearchPredict
[2012/01/14 08:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Downloader
[2012/01/11 19:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Christmas House
[2012/01/06 15:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012/01/06 15:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/01/06 10:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HPSS
[2012/01/06 10:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HP SimpleSave Application
[2012/01/06 10:15:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HPSS
[2011/10/21 06:37:42 | 004,752,189 | ---- | C] (Phil Harvey) -- C:\Program Files\exiftool(-k).exe
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/29 20:22:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\OTL.exe
[2012/01/29 19:53:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/29 19:47:00 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006UA.job
[2012/01/29 19:10:04 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WIND.lnk
[2012/01/29 19:04:51 | 000,861,696 | ---- | M] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2012/01/29 19:04:51 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccid.sys
[2012/01/29 19:04:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2012/01/29 19:04:50 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2012/01/29 19:04:50 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2012/01/29 19:04:50 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2012/01/29 19:04:50 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2012/01/29 19:04:50 | 000,019,200 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2012/01/29 19:04:50 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2012/01/29 19:04:49 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2012/01/29 19:04:49 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2012/01/29 19:04:49 | 000,025,856 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2012/01/29 19:04:45 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
[2012/01/29 19:04:45 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WdfCoInstaller01007.dll
[2012/01/29 19:01:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/29 19:00:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/29 18:59:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/29 18:59:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/29 18:58:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/29 18:58:24 | 2138,505,216 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/29 18:45:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/29 16:29:24 | 004,393,882 | R--- | M] (Swearware) -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\ComboFix.exe
[2012/01/29 09:47:00 | 000,000,956 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006Core.job
[2012/01/27 21:01:34 | 003,072,054 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Gas TM5.bmp
[2012/01/24 21:20:26 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\ERUNT AutoBackup.lnk
[2012/01/24 21:00:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/01/24 17:24:54 | 001,951,542 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\IRS Bid-Auth TAF-Trading.pdf
[2012/01/24 16:46:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\FOXIT_PDF
[2012/01/21 09:11:54 | 000,090,624 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/19 09:13:54 | 000,188,998 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\100_0413.jpg
[2012/01/17 09:46:24 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/17 09:36:38 | 000,104,887 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\carlos-yoga-couples-retreat.jpg
[2012/01/17 01:50:04 | 000,259,748 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\cc_20120117_014918.reg
[2012/01/16 22:11:40 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/01/16 21:49:23 | 000,520,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/16 21:49:23 | 000,103,696 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/06 11:32:50 | 000,001,999 | ---- | M] () -- C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\HP SimpleSave Monitor.lnk
[2012/01/06 10:48:52 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LockFilePath.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/29 18:45:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/29 18:45:40 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/29 18:43:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/29 18:43:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/29 18:43:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/29 18:43:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/29 18:43:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/27 21:01:33 | 003,072,054 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Desktop\Gas TM5.bmp
[2012/01/24 21:20:26 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\ERUNT AutoBackup.lnk
[2012/01/24 17:24:52 | 001,951,542 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\IRS Bid-Auth TAF-Trading.pdf
[2012/01/19 09:12:26 | 000,188,998 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\100_0413.jpg
[2012/01/19 09:10:43 | 001,578,268 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\100_0467.jpg
[2012/01/19 09:08:10 | 000,048,676 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\Roxy Cleopatra.jpg
[2012/01/17 09:46:24 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/17 09:42:27 | 000,001,008 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006UA.job
[2012/01/17 09:42:26 | 000,000,956 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1111717751-3393396884-3224383096-1006Core.job
[2012/01/17 09:37:02 | 000,104,887 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\carlos-yoga-couples-retreat.jpg
[2012/01/17 01:49:29 | 000,259,748 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\My Documents\cc_20120117_014918.reg
[2012/01/06 11:02:42 | 000,001,999 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Start Menu\programs\Startup\HP SimpleSave Monitor.lnk
[2012/01/06 10:48:52 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LockFilePath.ini
[2011/12/06 15:50:28 | 000,001,314 | ---- | C] () -- C:\WINDOWS\COCR2.INI
[2011/12/06 15:28:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/11/01 07:32:46 | 000,573,100 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2011/05/07 16:19:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/05/06 14:56:02 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/05/06 14:56:02 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/05/06 14:54:52 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPNX110.ini
[2010/08/22 07:57:17 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/07/06 07:25:40 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\keyfile3.drm
[2010/04/27 08:26:22 | 000,204,848 | ---- | C] () -- C:\WINDOWS\System32\gswin32c.exe
[2009/08/08 21:23:49 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\housecall.guid.cache
[2009/07/27 18:46:18 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/17 10:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/06/01 18:56:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/09/16 14:18:32 | 000,026,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2007/11/15 03:25:29 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/01/17 21:51:32 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2007/01/17 21:51:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2006/08/09 14:42:51 | 000,032,072 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2006/07/28 00:19:05 | 000,000,058 | ---- | C] () -- C:\WINDOWS\ph401.dll
[2006/06/17 16:59:18 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2006/06/17 16:59:18 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2006/06/17 16:59:18 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2006/06/17 16:59:18 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2006/06/17 16:59:18 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2006/06/17 16:59:18 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2006/06/17 16:59:18 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2006/06/17 16:59:18 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2006/06/17 16:59:18 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2006/06/17 16:59:18 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2006/06/17 16:59:18 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2006/06/17 16:59:18 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2006/06/17 16:59:18 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2006/06/17 16:59:18 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/06/17 16:54:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4200.ini
[2006/04/29 07:20:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mgshell.INI
[2006/04/29 07:17:38 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2006/04/02 08:48:49 | 000,000,576 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/04/02 00:17:08 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/01/25 18:31:24 | 000,002,620 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/25 18:31:24 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\7C208F4B37.sys
[2006/01/25 18:26:22 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2006/01/23 09:00:11 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\PFP120JPR.{PB
[2006/01/23 09:00:11 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\PFP120JCM.{PB
[2006/01/21 15:50:39 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/01/11 00:38:58 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2005/12/19 20:00:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/19 19:50:21 | 000,000,427 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/19 19:45:38 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/19 19:44:57 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/12/19 19:44:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2005/12/19 19:44:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2005/12/19 19:22:46 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/19 19:22:16 | 000,000,492 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/31 12:07:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cpascrrc6(2).dll
[2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 14:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 14:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 14:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 13:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 13:57:15 | 000,391,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 13:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 13:51:20 | 000,520,986 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 13:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 13:51:20 | 000,103,696 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 13:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 13:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 13:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 13:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 13:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 13:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 13:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2000/01/07 22:34:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll
[2000/01/06 19:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\sysgtime.dll
[2000/01/06 19:00:00 | 000,024,448 | ---- | C] () -- C:\WINDOWS\System32\proclsvr.drv
[1998/09/11 09:14:50 | 000,021,504 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll

========== LOP Check ==========

[2006/09/19 07:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2012/01/29 19:10:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2011/05/06 14:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2006/09/19 07:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/04/27 10:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2009/12/25 00:27:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2011/05/10 05:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor(2)
[2008/06/21 19:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/01/11 07:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2012/01/14 08:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2006/09/11 05:47:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2008/03/17 23:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2011/12/30 14:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WIND
[2011/04/27 07:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Amazon
[2006/09/19 07:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\AVG7
[2010/04/27 10:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Downloaded Installations
[2011/05/25 07:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\EPSON
[2009/03/02 07:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Foxit
[2011/03/29 14:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Foxit Software
[2008/01/25 09:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\GameHouse
[2010/05/26 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\GetRightToGo
[2010/02/16 16:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\HTNetMeter
[2008/12/09 03:15:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\IObit
[2011/05/06 15:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Leader Technologies
[2006/06/17 17:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Leadertech
[2012/01/01 10:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\mjusbsp
[2008/01/12 09:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\MSNInstaller
[2010/10/05 07:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Nitro PDF
[2011/05/09 22:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\OnlineArmor(2)
[2011/12/23 18:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Sierra Wireless
[2006/10/28 15:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\SmartDraw
[2007/11/15 03:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\TrojanHunter
[2008/09/16 04:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\TweakNow RegCleaner Professional
[2010/09/29 08:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Uniblue
[2006/12/19 12:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gooderham.LAPTOP\Application Data\WholeSecurity
[2006/09/19 07:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2012/01/29 19:01:32 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
danuchay
2012-01-30, 03:46
OTL Extras logfile created on: 29/01/2012 8:30:53 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Gooderham.LAPTOP\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 73.40% Memory free
4.83 Gb Paging File | 4.54 Gb Available in Paging File | 94.07% Paging File free
Paging file location(s): C:\pagefile.sys 3058 3058 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 6.78 Gb Free Space | 19.82% Space Free | Partition Type: NTFS
Drive E: | 35.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DELL | User Name: Gooderham | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager.exe -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{28938B7C-B11B-49BD-84E4-44C8416D4C07}" = Mobilink Lite
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}" = WordPerfect OfficeReady
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Auction Client" = Auction Client
"AviSplit Classic (Freeware)_is1" = AviSplit Classic Version 1.43
"AviTricks Pro_is1" = AviTricks Pro version 3.10
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CombiMovie (Freeware)_is1" = CombiMovie Version 1.31
"Defraggler" = Defraggler
"EPSON NX110 Series" = EPSON NX110 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Focus Magic_is1" = Focus Magic 3.02
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Internet Gaming Zone" = MSN Gaming Zone
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Monopoly Classic" = Monopoly Classic
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NirSoft IE PassView" = NirSoft IE PassView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars.net" = PokerStars.net
"PrintMaster 8.0" = PrintMaster® Platinum 8.0
"Prism" = Prism Video Converter
"RADVideo" = RAD Video Tools
"RealPlayer 6.0" = RealPlayer Basic
"SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ULTIMATER" = Microsoft Office Ultimate 2007
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"WIND" = WIND
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YouConvert Classic (Shareware)_is1" = YouConvert Classic

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1111717751-3393396884-3224383096-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/01/2012 10:45:02 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

Error - 15/01/2012 12:16:59 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

Error - 27/01/2012 1:35:46 PM | Computer Name = DELL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.19170, fault address 0x00067978.

[ OSession Events ]
Error - 25/10/2009 10:15:24 AM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25/10/2009 10:15:50 AM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25/10/2009 10:15:57 AM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25/10/2009 10:16:25 AM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 23/02/2010 9:41:20 PM | Computer Name = LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 505
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 24/01/2012 10:02:28 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 24/01/2012 10:38:11 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WIND. OUC service to
connect.

Error - 24/01/2012 10:38:11 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The WIND. OUC service failed to start due to the following error:
%%1053

Error - 24/01/2012 10:38:14 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 29/01/2012 5:25:07 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WIND. OUC service to
connect.

Error - 29/01/2012 5:25:07 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7000
Description = The WIND. OUC service failed to start due to the following error:
%%1053

Error - 29/01/2012 5:32:00 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The BackupService service terminated unexpectedly. It has done this
1 time(s).

Error - 29/01/2012 5:32:00 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The HWDeviceService.exe service terminated unexpectedly. It has done
this 1 time(s).

Error - 29/01/2012 5:32:00 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The VideoAcceleratorService service terminated unexpectedly. It has
done this 1 time(s).

Error - 29/01/2012 7:47:04 PM | Computer Name = DELL | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
ken545
2012-01-30, 11:06
Good Morning,

You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.

C:\WINDOWS\System32\ZWebAuth.dll

If the site is busy you can try this one
http://virusscan.jotti.org/en




ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
danuchay
2012-01-30, 17:56
Hello Ken,

Here is the VirusTotal link.....

https://www.virustotal.com/file/d136a98c51fd4b7ee096888f75a67574550b60f13761ac32f6996b2b3980f017/analysis/1327931495/

------------------------------------------------------------

Here is the ESET scan......

C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Sun\Java\Deployment\cache\6.0\33\7a01fba1-724f96ba multiple threats
C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Sun\Java\Deployment\cache\6.0\47\42cc9baf-525dbdc2 multiple threats
C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application
C:\Documents and Settings\Gooderham.LAPTOP\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_track_install.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\SpeedUpMyPC\Launcher.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\SpeedUpMyPC\sp_move_serial.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\SpeedUpMyPC\sp_track_install.exe Win32/SpeedUpMyPC application
C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe Win32/SpeedUpMyPC application



.
ken545
2012-01-30, 19:22
Hi,

The issue with Combofix removing Wind Remote has been fixed, sorry for the inconvenience .

Registry Booster installs with a program you have installed, its not recommended, do you want to remove it ?

That file we checked looks fine, I am sure it was but better be safe than sorry
danuchay
2012-01-30, 19:41
Hello Ken,

So.....Registry Booster itself is not a good program?

It seems to find errors each time I run it.

If you suggest that it is not recommended and better to get rid of it then let's do it.

Also, is AVG actually installed on my machine?

If so, should we revive it so it actually runs properly and then can be updated?



.
ken545
2012-01-30, 20:28
Well, no kind of registry cleaners are recommended , remove the wrong entry or entries and you can make your system unbootable, it looks like you have the entire Uniblue suite of programs, up to you to keep them or not , just dont use the reg cleaner.

AVG is installed all over the place, will it not run, see if you can open it and update it.

Run this one by VirusTotal

C:\WINDOWS\System32\7C208F4B37.sys
danuchay
2012-01-30, 21:21
Hello Ken,

ok.....no more Boosting of the Registry..... :bigthumb:

---------------------------------------------------------

Here is the VirusTotal link.....

https://www.virustotal.com/file/e35c9d79eef8a22eadba3818df57de606150751324211d0edf383dfe995016da/analysis/1327949248/

---------------------------------------------------------

I did a search of all AVG files.....see the attached list (screenshot)

Should I delete all these files?

I think I stopped using it a long time ago because it was a resource hog.

Is there a virus program I can download that you recommend?



.
ken545
2012-01-30, 23:20
That file looks ok .

You can try there uninstaller here, let me know if it worked
http://www.avg.com/us-en/download-tools
http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe


After you uninstall AVG, you can give this free one a try from Microsoft

http://windows.microsoft.com/en-GB/windows/products/security-essentials



How is your system behaving now ?
danuchay
2012-01-31, 03:10
Hello Ken,

Everything appears to be ok......I will re-install Spybot and am going to try Avast Antivirus

One last question.....I will be needing help on another badly infected machine and will be starting a new thread.

Should I back-up the infected computer on my HP portable USB drive first?

Upon connecting.....this HP device will install it's own "SimpleSave" software.

I want a back-up in case there is a problem with the cleaning that will be done here.

But........will I also be copying all the viruses?

Thanks again for all your help and Best Regards



.
ken545
2012-01-31, 10:38
Good Morning,

Yes, when you back up the entire system the viruses come with it. What I would do is just back up all your documents and pictures that you dont want to lose.

You had bad entries in your Java Cache, run this cleaner to clean it all out

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean







Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png




Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken
danuchay
2012-01-31, 16:34
Hello Ken,

TFC completed.....uninstalled Combofix......and OTL cleaned up

However.....Combofix is still saying that AVG-7 is present and running

I re-ran the uninstall .exe via your link....and then ran another utility direct from the AVG site (uninstall AVG 7.x)

I then did a search and deleted all remaining AVG files

Should I now re-install ComboFix and check to see if it's gone? (to avoid a conflict if I install another anti-virus)

Thanks



.
ken545
2012-01-31, 19:12
No, dont run Combofix again


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
AVG
:folderfind
AVG
:regfind
AVG


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
danuchay
2012-01-31, 20:03
Hello Ken,

Here is the SystemLook log as requested.......

--------------------------------------------------------------

SystemLook 30.07.11 by jpshortstuff
Log created at 12:57 on 31/01/2012 by Gooderham
Administrator - Elevation successful

========== filefind ==========

Searching for "AVG"
No files found.

========== folderfind ==========

Searching for "AVG"
No folders found.

========== regfind ==========

Searching for "AVG"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="avg"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"j"="C:\Documents and Settings\Gooderham.LAPTOP\Desktop\AVG.jpg"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\JPG]
"c"="C:\Documents and Settings\Gooderham.LAPTOP\Desktop\AVG.jpg"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temporary Internet Files\Content.IE5\8342ZUPM\avg_remover_stf_x86_2011_1322[1].exe"="AVG Remover Utility"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temporary Internet Files\Content.IE5\8342ZUPM\avg_remover_stf_x86_2012_1796[1].exe"="AVG Remover Utility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\avgamsvr.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\avgemc.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\avgupsvc.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\avgvault.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3C9EFEA1-8D1A-11D5-989F-0000E87B4FB1}]
@="avgemc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3C9EFEA1-8D1A-11D5-989F-0000E87B4FB1}]
"LocalService"="AVGEMS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{41564737-3200-1076-989B-0000E87B4FB1}]
@="avgvault"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{833EE712-3BB4-4DFB-8ACE-4686829895B7}]
@="avgupsvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{833EE712-3BB4-4DFB-8ACE-4686829895B7}]
"LocalService"="Avg7UpdSvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A434D6BB-090E-4DF6-8B03-AA04A6F58804}]
@="avgamsvr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{A434D6BB-090E-4DF6-8B03-AA04A6F58804}]
"LocalService"="Avg7Alrt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVG.UpdateService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVG.UpdateService]
@="AvgUpdateService Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVG.UpdateService\CurVer]
@="AVG.UpdateService.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVG.UpdateService.7]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVG.UpdateService.7]
@="AvgUpdateService Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification]
@="AVGeneralNotification Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification\CurVer]
@="AVGeneralNotification.AVGeneralNotification.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AVGeneralNotification.AVGeneralNotification.1]
@="AVGeneralNotification Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239A3C5E-8D41-11D1-B675-00C04FA3C554}]
@="AVGeneralNotification Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239A3C5E-8D41-11D1-B675-00C04FA3C554}\ProgID]
@="AVGeneralNotification.AVGeneralNotification.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{239A3C5E-8D41-11D1-B675-00C04FA3C554}\VersionIndependentProgID]
@="AVGeneralNotification.AVGeneralNotification"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}]
@="AVG 7.0 Control Center Plugin Enumerator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A5624-1E72-4BD9-B454-299127582DA5}]
@="AVG 7.0 Control Center Scheduler Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A5625-1E72-4BD9-B454-299127582DA5}]
@="AVG 7.0 Control Center Resident Shield Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A5626-1E72-4BD9-B454-299127582DA5}]
@="AVG 7.0 Control Center Virus Vault Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A5627-1E72-4BD9-B454-299127582DA5}]
@="AVG 7.0 Control Center Update Manager Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A5628-1E72-4BD9-B454-299127582DA5}]
@="AVG 7.0 Control Center Virus Database Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A562A-1E72-4BD9-B454-299127582DA5}]
@="AVG 7.0 Control Center Shell Extension Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A562C-1E72-4BD9-B454-299127582DA5}]
@="AVG 7.0 Control Center Email Scanner Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A562D-1E72-4BD9-B454-299127582DA5}]
@="AVG 7.0 Control Center Alert Manager Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F10B322D-D5EB-45B1-81C0-380EB462A462}\{491A562E-1E72-4BD9-B454-299127582DA5}]
@="AVG 7.0 Control Center License Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F82EDB94-BE85-42BE-9B70-EA5005AB5BAA}]
@="AvgUpdateService Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F82EDB94-BE85-42BE-9B70-EA5005AB5BAA}\LocalServer32]
@=""C:\Program Files\Grisoft\AVG7\avgupsvc.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F82EDB94-BE85-42BE-9B70-EA5005AB5BAA}\ProgID]
@="AVG.UpdateService.7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F82EDB94-BE85-42BE-9B70-EA5005AB5BAA}\VersionIndependentProgID]
@="AVG.UpdateService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\c:|Program Files|Microsoft Silverlight|4.0.60129.0|hr|system.resources.dll]
"system.resources,culture="hr",fileVersion="4.0.60129.0",processorArchitecture="MSIL",publicKeyToken="7cec85d7bea7798e",version="2.0.5.0""="3PgDT0$gy?~Dc}DI]?&!Complete4.0.60129.0>NGEM5AVgG=~j$-v0s9cr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2133AA56-84E6-4df1-886D-2948783CF2B6}]
@="IAvgAmAlertManagerPluginValuesConfig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED0-8D1A-11D5-989F-0000E87B4FB1}]
@="IAvgEmailControl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED1-8D1A-11D5-989F-0000E87B4FB1}]
@="IAvgEmailServer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED2-8D1A-11D5-989F-0000E87B4FB1}]
@="IAvgEmailMonitor"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED3-8D1A-11D5-989F-0000E87B4FB1}]
@="IAvgEmailServerPop3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED4-8D1A-11D5-989F-0000E87B4FB1}]
@="IAvgEmailServerSmtp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED5-8D1A-11D5-989F-0000E87B4FB1}]
@="IAvgEmailControl2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED6-8D1A-11D5-989F-0000E87B4FB1}]
@="IAvgServerMoreParams"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3C9EFED7-8D1A-11D5-989F-0000E87B4FB1}]
@="IAvgEmailControl3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41564737-3200-1100-989B-0000E87B4FB1}]
@="IAvgUpdateManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41564737-3200-1101-989B-0000E87B4FB1}]
@="IAvgCheckUpdateCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41564737-3200-1105-989B-0000E87B4FB1}]
@="IAvgProcessUpdateCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{41564737-3200-1110-989B-0000E87B4FB1}]
@="IAvgUpdateManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AA70B423-9C37-4793-9EB8-6292160324E8}]
@="IAvgAmRule2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC8FF1FA-0040-4318-99EA-205DD4FD25C8}]
@="IAvgAmEnumAttributes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC8FF1FA-0040-4321-99EA-205DD4FD25C8}]
@="IAvgAmEnumBSTR"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC6BB3BB-5EE8-4046-8D20-1A6975C45141}]
@="IAvgAmEvent2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F7A533DB-676E-4cc2-9890-BD547A7CFD28}]
@="IAvgAmAlertManager2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Grisoft\Clients\{3C9EFEC2-8D1A-11D5-989F-0000E87B4FB1}]
@="@Avg_App_Mail"
[HKEY_LOCAL_MACHINE\SOFTWARE\Grisoft\Clients\{3C9EFEC2-8D1A-11D5-989F-0000E87B4FB1}]
"Log"="C:\Documents and Settings\All Users\Application Data\AVG7\Log"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\delavg7_en[1]]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"="avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Registration\{91120000-002E-0000-0000-0000000FF1CE}]
"Current"="TQBJAEMAUgBPAFMATwBGAFQAIABTAE8ARgBUAFcAQQBSAEUAIABMAEkAQwBFAE4AUwBFACAAVABFAFIATQBTAA0ACgAyADAAMAA3ACAATQBJAEMAUgBPAFMATwBGAFQAIABPAEYARgBJAEMARQAgAFMAWQBTAFQARQBNACAARABFAFMASwBUAE8AUAAgAEEAUABQAEwASQBDAEEAVABJAE8ATgAgAFMATwBGAFQAVwBBAFIARQANAAoAQgBlAGwAbwB3ACAAYQByAGUAIAB0AGgAcgBlAGUAIABzAGUAcABhAHIAYQB0AGUAIABzAGUAdABzACAAbwBmACAATABpAGMAZQBuAHMAZQAgAFQAZQByAG0AcwAuAKAAIABPAG4AbAB5ACAAbwBuAGUAIABzAGUAdAAgAGEAcABwAGwAaQBlAHMAIAB0AG8AIAB5AG8AdQAuAKAAIABUAG8AIABkAGUAdABlAHIAbQBpAG4AZQAgAHcAaABpAGMAaAAgAEwAaQBjAGUAbgBzAGUAIABUAGUAcgBtAHMAIABhAHAAcABsAHkAIAB0AG8AIAB5AG8AdQAgAGMAaABlAGMAawAgAHQAaABlACAAbABpAGMAZQBuAHMAZQAgAGQAZQBzAGkAZwBuAGEAdABpAG8AbgAgAHAAcgBpAG4AdABlAGQAIABlAGkAdABoAGUAcgAgAG8AbgAgAHkAbwB1AHIAIABwAHIAbwBkAHUAYwB0ACAAawBlAHkALAAgAG4AZQBhAHIAIAB0AGgAZQAgAHAAcgBvAGQAdQBjAHQAIABuAGEAbQBlACAAbwBuACAAeQBvAHUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAG8AZgAgAEEAdQB0AGgAZQBuAHQAaQBjAGkAdAB5
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119E20000000000000000F01FEC\Features]
"VSTAIDEFiles"="*'=!-^1,a=%'HvwuM1s`lKe5wH&]&@iPgg*yzeka^FHUlH5uN9JD-'X2le-Ps(AJAjg'5=pm02,i9u5Td?k78go{S9v~.(_vyvb?7hLd@@7WH?biopFjqbsZ4?0!M_EtF9n3t3Yv}eU**z@Br{g1g(Rsy?VXB]2dxS}AW1_mOA!$oMQKOGPv*5!ULp'a99B&BsXmnNlg^k^shb2)g(FNy?VXB]2dgMB+sWA*0?jr)%4E?mxW}?0KnSBBC@uW&p3_R8rRJ54(qwdUx@+wP31En{vb`BzOcNs9F9~+.(+LTJE7ydnm1rV!1A1_C0b~kk=YW@g!R3IjB@l52{kc-~ak={8UQmN?b?x%%F%R9~S_@!iX2C%EJ@-,dmh3~OTp%chs4XT1W@.n.cJ&=gEZ%m[NUKVZU?&~nA,q7iv-R*hIkzh[)@*)d?=di1Y&v,B]z(D@4AAgL2?R3hF,z@(CfHR}{9(tu$Vq'QBd!FH'Qp8GB@Z2YrD[[C?9x)rAZTkpo9u!-Gb}$QWPlH*czRL2*96Y3KkKmxWX_q'UA+WQJAj%VbnaI0G?y68!l89BL@n~CX`crX-O5$&uxpTp_=A89%l7Qjzj46CT9*IvZ8=EXq+,6+([Ae-p$J{+o=QtITuzyO8Zs.C2V_Fe`A~HkA-Ty8qv!42?$gW$r9lZ)wXcl7aRwE?=@sCO3=HmWx%iGDJ*,!!V-bI9%9sresQy6&Xc'BFM1pD(u8=H@`P&+d$2m}[fE+4Ia?QI?y=)RA)^-d%_JNIM]8P1ch1vDV6P}'-*F{zoM@Slv={j_uap)^fAv9p'S?&tq64pQ10,{zJA,Yg!GA[^F.EP^h6RToHvwCweq?[FVtL,~k~,kDG-p
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\AutorunsDisabled]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\AutorunsDisabled]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the duration of the idle thread is active in the sample interval, and subtracting that time from interval duration. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7CORE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7CORE\0000]
"Service"="Avg7Core"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7CORE\0000]
"DeviceDesc"="AVG7 Kernel"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSW]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSW\0000]
"Service"="Avg7RsW"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSW\0000]
"DeviceDesc"="AVG7 Wrap Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSXP]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSXP\0000]
"Service"="Avg7RsXP"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7RSXP\0000]
"DeviceDesc"="AVG7 Resident Driver XP"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7UPDSVC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7UPDSVC\0000]
"Service"="Avg7UpdSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVG7UPDSVC\0000]
"DeviceDesc"="AVG7 Update Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIO]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGNTFLT]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGNTFLT\0000]
"Service"="avgntflt"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGNTFLT\0000]
"DeviceDesc"="avgntflt"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDI]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDI\0000]
"Service"="AvgTdi"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDI\0000]
"DeviceDesc"="AVG Network Redirector"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN wltrysvc WinMgmt Winlogon Windows Product Activation Windows Media Encoder Windows 3.1 Migration WinDefendRtp WebClient VSS VBRuntime Userinit Userenv TrojanHunter System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter SQLWriter SQLWEP SQLVDI SQLNCLI SQLDumper SQLCTR$MSSMLBIZ SQLBrowser Spybot - Search & Destroy 2 SpoolerCtrs Software Restriction Policies Software Installation SNL HiveManager ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance Professional PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley Ntbackup.ini ntbackup NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2656353-X86 NDP1.1sp1-KB2572067-X86 NDP1.1sp1-KB2416447-X86 MSSQLServerADHelper MSSQLSERVER/MSD
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\AVG7]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\AVG7]
"EventMessageFile"="C:\Program Files\Grisoft\AVG7\avglog.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\AVG7]
"CategoryMessageFile"="C:\Program Files\Grisoft\AVG7\avglog.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Avg7Alrt]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Avg7Alrt]
"EventMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgamint.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Avg7Alrt]
"CategoryMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgamint.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Avg7UpdSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Avg7UpdSvc]
"EventMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgupsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysmonLog\Log Queries\{bdb21d47-4c9c-4bbd-a74c-6ff76a2c1ef3}]
"Counter List"="\Processor(_Total)\% Processor Time \Memory\Pages/sec \PhysicalDisk(_Total)\Avg. Disk Queue Length"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVG7CORE]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVG7CORE\0000]
"Service"="Avg7Core"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVG7CORE\0000]
"DeviceDesc"="AVG7 Kernel"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVG7RSW]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVG7RSW\0000]
"Service"="Avg7RsW"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVG7RSW\0000]
"DeviceDesc"="AVG7 Wrap Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVG7RSXP]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVG7RSXP\0000]
"Service"="Avg7RsXP"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVG7RSXP\0000]
"DeviceDesc"="AVG7 Resident Driver XP"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVG7UPDSVC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVG7UPDSVC\0000]
"Service"="Avg7UpdSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVG7UPDSVC\0000]
"DeviceDesc"="AVG7 Update Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVGIO]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVGNTFLT]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVGNTFLT\0000]
"Service"="avgntflt"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVGNTFLT\0000]
"DeviceDesc"="avgntflt"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVGTDI]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVGTDI\0000]
"Service"="AvgTdi"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_AVGTDI\0000]
"DeviceDesc"="AVG Network Redirector"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN wltrysvc WinMgmt Winlogon Windows Product Activation Windows Media Encoder Windows 3.1 Migration WinDefendRtp WebClient VSS VBRuntime Userinit Userenv TrojanHunter System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter SQLWriter SQLWEP SQLVDI SQLNCLI SQLDumper SQLCTR$MSSMLBIZ SQLBrowser Spybot - Search & Destroy 2 SpoolerCtrs Software Restriction Policies Software Installation SNL HiveManager ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance Professional PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley Ntbackup.ini ntbackup NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2656353-X86 NDP1.1sp1-KB2572067-X86 NDP1.1sp1-KB2416447-X86 MSSQLServerADHelper MSSQLSERVER/MSD
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\AVG7]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\AVG7]
"EventMessageFile"="C:\Program Files\Grisoft\AVG7\avglog.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\AVG7]
"CategoryMessageFile"="C:\Program Files\Grisoft\AVG7\avglog.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\Avg7Alrt]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\Avg7Alrt]
"EventMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgamint.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\Avg7Alrt]
"CategoryMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgamint.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\Avg7UpdSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\Avg7UpdSvc]
"EventMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgupsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SysmonLog\Log Queries\{bdb21d47-4c9c-4bbd-a74c-6ff76a2c1ef3}]
"Counter List"="\Processor(_Total)\% Processor Time \Memory\Pages/sec \PhysicalDisk(_Total)\Avg. Disk Queue Length"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7CORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7CORE\0000]
"Service"="Avg7Core"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7CORE\0000]
"DeviceDesc"="AVG7 Kernel"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSW]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSW\0000]
"Service"="Avg7RsW"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSW\0000]
"DeviceDesc"="AVG7 Wrap Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSXP]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSXP\0000]
"Service"="Avg7RsXP"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7RSXP\0000]
"DeviceDesc"="AVG7 Resident Driver XP"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7UPDSVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7UPDSVC\0000]
"Service"="Avg7UpdSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVG7UPDSVC\0000]
"DeviceDesc"="AVG7 Update Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIO]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGNTFLT]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGNTFLT\0000]
"Service"="avgntflt"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGNTFLT\0000]
"DeviceDesc"="avgntflt"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDI]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDI\0000]
"Service"="AvgTdi"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDI\0000]
"DeviceDesc"="AVG Network Redirector"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
"Sources"="WSH WMIAdapter WMI.NET Provider Extension WmdmPmSN wltrysvc WinMgmt Winlogon Windows Product Activation Windows Media Encoder Windows 3.1 Migration WinDefendRtp WebClient VSS VBRuntime Userinit Userenv TrojanHunter System.ServiceModel.Install 3.0.0.0 System.ServiceModel 3.0.0.0 System.Runtime.Serialization 3.0.0.0 System.IO.Log 3.0.0.0 System.IdentityModel 3.0.0.0 SysmonLog Starter SQLWriter SQLWEP SQLVDI SQLNCLI SQLDumper SQLCTR$MSSMLBIZ SQLBrowser Spybot - Search & Destroy 2 SpoolerCtrs Software Restriction Policies Software Installation SNL HiveManager ServiceModel Audit 3.0.0.0 SecurityCenter SclgNtfy SceSrv SceCli safrslv SAFrdms RPC Remote Assistance Professional PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Outlook Offline Files Oakley Ntbackup.ini ntbackup NDP1.1sp1-KB979906-X86 NDP1.1sp1-KB953297-X86 NDP1.1sp1-KB2656353-X86 NDP1.1sp1-KB2572067-X86 NDP1.1sp1-KB2416447-X86 MSSQLServerADHelper MSSQLSERVER
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVG7]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVG7]
"EventMessageFile"="C:\Program Files\Grisoft\AVG7\avglog.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AVG7]
"CategoryMessageFile"="C:\Program Files\Grisoft\AVG7\avglog.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg7Alrt]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg7Alrt]
"EventMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgamint.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg7Alrt]
"CategoryMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgamint.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg7UpdSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg7UpdSvc]
"EventMessageFile"="C:\PROGRA~1\Grisoft\AVG7\avgupsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{bdb21d47-4c9c-4bbd-a74c-6ff76a2c1ef3}]
"Counter List"="\Processor(_Total)\% Processor Time \Memory\Pages/sec \PhysicalDisk(_Total)\Avg. Disk Queue Length"
[HKEY_USERS\.DEFAULT\Software\Grisoft\Avg7]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-19\Software\Grisoft\Avg7]
[HKEY_USERS\S-1-5-20\Software\Grisoft\Avg7]
[HKEY_USERS\S-1-5-21-1111717751-3393396884-3224383096-1006\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="avg"
[HKEY_USERS\S-1-5-21-1111717751-3393396884-3224383096-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"j"="C:\Documents and Settings\Gooderham.LAPTOP\Desktop\AVG.jpg"
[HKEY_USERS\S-1-5-21-1111717751-3393396884-3224383096-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\JPG]
"c"="C:\Documents and Settings\Gooderham.LAPTOP\Desktop\AVG.jpg"
[HKEY_USERS\S-1-5-21-1111717751-3393396884-3224383096-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temporary Internet Files\Content.IE5\8342ZUPM\avg_remover_stf_x86_2011_1322[1].exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-21-1111717751-3393396884-3224383096-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\Gooderham.LAPTOP\Local Settings\Temporary Internet Files\Content.IE5\8342ZUPM\avg_remover_stf_x86_2012_1796[1].exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-18\Software\Grisoft\Avg7]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]

-= EOF =-



.
ken545
2012-01-31, 23:23
Hi,

AVG is uninstalled, these are just leftover registry entries, there more clutter than anything else, try using this uninstaller from Revo

You can try the freeware version
http://www.revouninstaller.com/revo_uninstaller_free_download.html

You can try this one also
http://www.appremover.com/supported-applications

You can also post on there forum and ask about getting rid of the leftovers
http://forums.avg.com/us-en/avg-free-forum


You can still install another AV, AVG is not running and wont interfere
danuchay
2012-02-01, 03:23
Hello Ken,

Things seem to be running ok.....so maybe I'll just leave the AVG fluff as is.



.
ken545
2012-02-01, 11:19
Well, like I said, AVG has been removed and those reg entries and just more clutter than anything else so its up to you to remove them, I would post at there forum and ask, it cant hurt, you can copy and paste all the results from System Look so they can see what needs to be removed, they know the program better than I do

Ken :)
danuchay
2012-02-02, 16:28
ok.....will do.

Anything else that needs attention?.....everything seems to be operating as it should.

Thanks again for all the help..... :cool:

Best Regards

.
ken545
2012-02-02, 20:02
Hey, glad things are running better for you, looks like your good to go.


Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png



Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken
danuchay
2012-02-02, 21:08
.



done and done....... :bigthumb: ........ :thanks:




.
ken545
2012-02-03, 00:22
Your more than welcome,

Take care,

Ken :)
ken545
2012-02-05, 11:50
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.