Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Slower than usual


  • This topic is locked This topic is locked
23 replies to this topic

#1 Vaine

Vaine

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in NewYork
  • Local time:04:43 AM

Posted 05 February 2009 - 04:22 PM

Last Night I suffered from this USB drive virus System.exe and autorun.ini.

I Removed the infections by formatting the USB Drive so it cannot regenerate. I unplugged the drive right when it was done formatting. The virus is gone from there. However, AVG Internet Security is popping up with all these infections and I removed them. I ran MBAM several times and found nothing. My PC has been going slower and my HJT log seems to be clean.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:21:09 PM, on 2/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1233360839359
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5132 bytes

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:43 AM

Posted 09 February 2009 - 08:03 PM

Hi Vaine,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have done anything since previous post. Or you have run any other tools. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Set the scan files/folders to 3 mounts.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

    Note 1: If you have difficulty finding the logs, the logs are in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.
You might want to save this page on your favorites, so you can find it again when you return.

#3 Vaine

Vaine
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in NewYork
  • Local time:04:43 AM

Posted 10 February 2009 - 07:21 AM

Set the scan files/folders to 3 mounts.


Is that supposed to say Months? Or Mounts?

I Noticed a file named SYSTEMINT.exe was at startup. I found the file and manually deleted it. It was in My settings in the Localsettings folder

Edited by Vaine, 10 February 2009 - 07:25 AM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:43 AM

Posted 10 February 2009 - 07:46 AM

Is that supposed to say Months? Or Mounts?


I'm sorry for the typo, English is not my first language.

I Noticed a file named SYSTEMINT.exe was at startup. I found the file and manually deleted it. It was in My settings in the Localsettings folder


You have done the right thing. From now on we do this together.

#5 Vaine

Vaine
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in NewYork
  • Local time:04:43 AM

Posted 10 February 2009 - 04:00 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jeff at 2009-02-10 15:56:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 44 GB (77%) free of 57 GB
Total RAM: 894 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:07 PM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jeff\Desktop\RSIT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\update\update.exe
C:\Program Files\Trend Micro\HijackThis\Jeff.exe
C:\WINDOWS\system32\SNDVOL32.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1233360839359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233879289140
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

--
End of file - 6468 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-30 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-30 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-30 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-09-15 1015808]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-30 1601304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-07-13 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 202032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-01 136600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-07-14 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-30 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Common Files\AOL\1233705763\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1233705763\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1233705763\ee\AOLDesktop.exe"="C:\Program Files\Common Files\AOL\1233705763\ee\AOLDesktop.exe:*:Enabled:AOL Desktop"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\dlcxcoms.exe"="C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Dell 926 Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 3 months======

2009-02-10 15:56:44 ----D---- C:\WINDOWS\LastGood
2009-02-10 15:56:04 ----D---- C:\rsit
2009-02-09 19:43:51 ----D---- C:\Program Files\Dl_cats
2009-02-09 19:42:51 ----A---- C:\WINDOWS\system32\dlcxvs.dll
2009-02-09 19:42:39 ----A---- C:\WINDOWS\system32\dlcxcoin.dll
2009-02-09 19:42:03 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2009-02-09 19:41:57 ----A---- C:\WINDOWS\system32\dlcxcaps.dll
2009-02-09 19:41:56 ----A---- C:\WINDOWS\system32\dlcxdrs.dll
2009-02-09 19:41:56 ----A---- C:\WINDOWS\system32\dlcxcnv4.dll
2009-02-09 19:41:05 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2009-02-09 19:40:47 ----D---- C:\Program Files\Dell
2009-02-09 19:39:57 ----A---- C:\WINDOWS\system32\DLPRMON.DLL
2009-02-09 19:39:57 ----A---- C:\WINDOWS\system32\DLPMONUI.DLL
2009-02-09 19:39:37 ----A---- C:\WINDOWS\system32\IMHOST32.DLL
2009-02-09 19:39:37 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL
2009-02-09 19:39:29 ----D---- C:\Documents and Settings\All Users\Application Data\DellFaxCtr
2009-02-09 19:39:09 ----D---- C:\Program Files\Dell PC Fax
2009-02-09 19:39:00 ----D---- C:\Program Files\Dell Photo AIO Printer 926
2009-02-09 19:38:46 ----A---- C:\WINDOWS\system32\dlcxinst.dll
2009-02-09 19:38:46 ----A---- C:\WINDOWS\system32\dlcxhcp.dll
2009-02-09 19:38:45 ----A---- C:\WINDOWS\system32\dlcxutil.dll
2009-02-09 19:38:45 ----A---- C:\WINDOWS\system32\dlcxusb1.dll
2009-02-09 19:38:45 ----A---- C:\WINDOWS\system32\dlcxinpa.dll
2009-02-09 19:38:45 ----A---- C:\WINDOWS\system32\dlcxiesc.dll
2009-02-09 19:38:44 ----A---- C:\WINDOWS\system32\dlcxserv.dll
2009-02-09 19:38:43 ----A---- C:\WINDOWS\system32\dlcxprox.dll
2009-02-09 19:38:43 ----A---- C:\WINDOWS\system32\dlcxpplc.dll
2009-02-09 19:38:43 ----A---- C:\WINDOWS\system32\dlcxpmui.dll
2009-02-09 19:38:43 ----A---- C:\WINDOWS\system32\dlcxlmpm.dll
2009-02-09 19:38:42 ----A---- C:\WINDOWS\system32\dlcxjswr.dll
2009-02-09 19:38:42 ----A---- C:\WINDOWS\system32\dlcxinsr.dll
2009-02-09 19:38:42 ----A---- C:\WINDOWS\system32\dlcxinsb.dll
2009-02-09 19:38:42 ----A---- C:\WINDOWS\system32\dlcxins.dll
2009-02-09 19:38:42 ----A---- C:\WINDOWS\system32\dlcxih.exe
2009-02-09 19:38:41 ----A---- C:\WINDOWS\system32\dlcxhbn3.dll
2009-02-09 19:38:41 ----A---- C:\WINDOWS\system32\dlcxgrd.dll
2009-02-09 19:38:41 ----A---- C:\WINDOWS\system32\dlcxgf.dll
2009-02-09 19:38:40 ----A---- C:\WINDOWS\system32\dlcxcur.dll
2009-02-09 19:38:40 ----A---- C:\WINDOWS\system32\dlcxcub.dll
2009-02-09 19:38:40 ----A---- C:\WINDOWS\system32\dlcxcu.dll
2009-02-09 19:38:40 ----A---- C:\WINDOWS\system32\dlcxcoms.exe
2009-02-09 19:38:39 ----A---- C:\WINDOWS\system32\dlcxcomm.dll
2009-02-09 19:38:39 ----A---- C:\WINDOWS\system32\dlcxcomc.dll
2009-02-09 19:38:38 ----A---- C:\WINDOWS\system32\dlcxcfg.exe
2009-02-09 19:38:38 ----A---- C:\WINDOWS\system32\DLCXcfg.dll
2009-02-06 23:23:45 ----D---- C:\WINDOWS\Minidump
2009-02-06 21:46:21 ----D---- C:\Documents and Settings\All Users\Application Data\Raxco
2009-02-06 21:45:30 ----D---- C:\Program Files\Raxco
2009-02-06 20:37:20 ----D---- C:\Documents and Settings\Jeff\Application Data\gtk-2.0
2009-02-06 19:38:38 ----D---- C:\Documents and Settings\Jeff\Application Data\Auslogics
2009-02-06 06:46:45 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-02-06 06:46:45 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-02-05 20:27:34 ----D---- C:\WINDOWS\pss
2009-02-05 20:18:12 ----D---- C:\Program Files\Microsoft
2009-02-05 19:40:38 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-02-05 19:06:47 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-02-05 19:02:35 ----D---- C:\Program Files\Microsoft Works
2009-02-05 18:59:49 ----D---- C:\Program Files\Microsoft Visual Studio
2009-02-05 18:59:49 ----D---- C:\Program Files\Common Files\DESIGNER
2009-02-05 18:57:02 ----D---- C:\Program Files\Microsoft.NET
2009-02-05 18:47:05 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-02-05 18:44:39 ----D---- C:\WINDOWS\SHELLNEW
2009-02-05 18:43:42 ----D---- C:\Program Files\Microsoft Office
2009-02-05 18:43:41 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-05 18:42:00 ----RHD---- C:\MSOCache
2009-02-05 15:55:11 ----D---- C:\Program Files\Trend Micro
2009-02-04 21:34:27 ----A---- C:\regdump.arm9.txt
2009-02-04 19:09:05 ----A---- C:\WINDOWS\gmer.ini
2009-02-04 19:09:03 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-04 19:09:03 ----A---- C:\WINDOWS\gmer.exe
2009-02-04 19:09:03 ----A---- C:\WINDOWS\gmer.dll
2009-02-04 18:48:10 ----A---- C:\WINDOWS\rootkitno.ini
2009-02-04 18:35:44 ----HD---- C:\WINDOWS\PIF
2009-02-04 16:24:19 ----D---- C:\WINDOWS\system32\NtmsData
2009-02-03 19:08:55 ----D---- C:\Documents and Settings\Jeff\Application Data\acccore
2009-02-03 19:04:33 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-02-03 19:04:31 ----D---- C:\Program Files\Viewpoint
2009-02-03 19:02:31 ----D---- C:\Program Files\Common Files\aolshare
2009-02-03 19:02:31 ----D---- C:\Program Files\Common Files\AOL
2009-02-03 19:02:19 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2009-02-03 19:02:19 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-02-03 19:01:38 ----D---- C:\Program Files\AOL
2009-02-03 18:55:10 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2009-02-01 20:37:34 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-02-01 20:33:50 ----HD---- C:\$AVG8.VAULT$
2009-02-01 14:35:41 ----D---- C:\Program Files\Adobe Media Player
2009-02-01 14:32:08 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-02-01 12:33:15 ----D---- C:\Program Files\Universal Extractor
2009-02-01 12:24:39 ----D---- C:\Documents and Settings\Jeff\Application Data\LimeWire
2009-02-01 12:19:35 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-01 12:19:34 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-01 12:19:34 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-01 12:19:34 ----A---- C:\WINDOWS\system32\java.exe
2009-02-01 12:18:57 ----D---- C:\Program Files\Java
2009-02-01 12:18:01 ----D---- C:\Documents and Settings\Jeff\Application Data\Sun
2009-02-01 12:17:41 ----D---- C:\Program Files\LimeWire
2009-02-01 10:51:54 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-02-01 10:47:56 ----D---- C:\Documents and Settings\Jeff\Application Data\DAEMON Tools Lite
2009-02-01 10:43:08 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2009-02-01 10:42:57 ----D---- C:\Program Files\MagicISO
2009-01-31 16:41:33 ----A---- C:\WINDOWS\system32\TweakUI.exe
2009-01-30 22:46:07 ----D---- C:\Documents and Settings\Jeff\Application Data\BitTorrent
2009-01-30 22:45:44 ----D---- C:\Program Files\DNA
2009-01-30 22:45:44 ----D---- C:\Program Files\BitTorrent
2009-01-30 22:45:44 ----D---- C:\Documents and Settings\Jeff\Application Data\DNA
2009-01-30 22:18:59 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-30 22:18:46 ----D---- C:\Documents and Settings\Jeff\Application Data\AVGTOOLBAR
2009-01-30 22:17:27 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2009-01-30 22:17:25 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-30 21:52:24 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-01-30 21:52:08 ----D---- C:\Program Files\Yahoo!
2009-01-30 21:36:22 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-01-30 21:36:21 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-01-30 21:36:21 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-01-30 21:36:21 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-01-30 21:36:21 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-01-30 21:36:21 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-01-30 21:36:21 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-01-30 21:36:21 ----N---- C:\WINDOWS\system32\px.dll
2009-01-30 21:36:19 ----D---- C:\Program Files\Winamp
2009-01-30 21:36:19 ----D---- C:\Documents and Settings\Jeff\Application Data\Winamp
2009-01-30 21:34:48 ----D---- C:\Program Files\AVG
2009-01-30 21:26:49 ----D---- C:\Program Files\QuickTime
2009-01-30 21:26:47 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-30 21:26:28 ----D---- C:\Program Files\Apple Software Update
2009-01-30 21:26:28 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-01-30 21:19:50 ----D---- C:\Program Files\VS Revo Group
2009-01-30 21:17:10 ----D---- C:\Program Files\Camtech
2009-01-30 21:16:07 ----D---- C:\Documents and Settings\Jeff\Application Data\Macromedia
2009-01-30 21:16:07 ----D---- C:\Documents and Settings\Jeff\Application Data\Adobe
2009-01-30 21:15:52 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-30 21:15:36 ----D---- C:\Program Files\Common Files\Adobe
2009-01-30 21:15:36 ----D---- C:\Program Files\Adobe
2009-01-30 20:59:10 ----D---- C:\Documents and Settings\Jeff\Application Data\Mozilla
2009-01-30 20:59:03 ----D---- C:\Program Files\Mozilla Firefox
2009-01-30 20:55:50 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-01-30 20:55:42 ----D---- C:\Program Files\WinZip
2009-01-30 20:53:44 ----D---- C:\Program Files\System
2009-01-30 20:50:51 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-01-30 20:47:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-01-30 20:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-01-30 20:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-01-30 20:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-30 20:31:57 ----D---- C:\WINDOWS\system32\XPSViewer
2009-01-30 20:31:53 ----D---- C:\Program Files\MSBuild
2009-01-30 20:31:43 ----D---- C:\Program Files\Reference Assemblies
2009-01-30 20:31:07 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-01-30 20:31:07 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-01-30 20:31:07 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-01-30 20:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-30 20:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-30 20:24:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-30 20:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2009-01-30 20:23:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-30 20:23:26 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-30 20:21:24 ----D---- C:\WINDOWS\ie7updates
2009-01-30 20:21:00 ----D---- C:\WINDOWS\WBEM
2009-01-30 20:19:25 ----HDC---- C:\WINDOWS\ie7
2009-01-30 20:19:16 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-01-30 20:19:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-01-30 20:17:59 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-30 20:12:46 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-30 20:12:44 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-01-30 20:12:30 ----D---- C:\Program Files\Windows Media Connect 2
2009-01-30 20:11:13 ----D---- C:\WINDOWS\system32\LogFiles
2009-01-30 20:11:08 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-01-30 20:08:19 ----RSD---- C:\WINDOWS\assembly
2009-01-30 20:08:19 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-30 20:08:16 ----D---- C:\WINDOWS\system32\URTTemp
2009-01-30 19:52:46 ----D---- C:\WINDOWS\Prefetch
2009-01-30 19:47:04 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-01-30 19:47:04 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-01-30 19:46:45 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-01-30 19:46:45 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-01-30 19:46:45 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-01-30 19:46:42 ----N---- C:\WINDOWS\system32\azroles.dll
2009-01-30 19:46:42 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-01-30 19:46:42 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-01-30 19:46:42 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-01-30 19:46:42 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-01-30 19:46:41 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-01-30 19:46:41 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-01-30 19:46:41 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-01-30 19:46:41 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-01-30 19:46:41 ----N---- C:\WINDOWS\system32\credssp.dll
2009-01-30 19:46:41 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-01-30 19:46:39 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-01-30 19:46:39 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-01-30 19:46:39 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-01-30 19:46:38 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-01-30 19:46:38 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-01-30 19:46:38 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-01-30 19:46:38 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\napstat.exe
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\mssha.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-01-30 19:46:37 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\slgen.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\setupn.exe
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\qutil.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\qagent.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\onex.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-01-30 19:46:35 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-01-30 19:46:35 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-01-30 19:46:35 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-01-30 19:46:35 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-01-30 19:46:35 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-01-30 19:46:35 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-01-30 19:46:35 ----N---- C:\WINDOWS\system32\slserv.exe
2009-01-30 19:46:34 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-01-30 19:46:34 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-01-30 19:46:34 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-01-30 19:46:33 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-01-30 19:46:33 ----N---- C:\WINDOWS\slrundll.exe
2009-01-30 19:46:33 ----D---- C:\WINDOWS\system32\scripting
2009-01-30 19:46:33 ----D---- C:\WINDOWS\system32\en-us
2009-01-30 19:46:32 ----D---- C:\WINDOWS\system32\en
2009-01-30 19:46:32 ----D---- C:\WINDOWS\l2schemas
2009-01-30 19:46:31 ----D---- C:\WINDOWS\system32\bits
2009-01-30 19:43:52 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-30 19:40:32 ----D---- C:\WINDOWS\network diagnostic
2009-01-30 19:18:12 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-01-30 19:18:05 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-30 19:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-01-30 19:18:03 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-30 19:14:16 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-01-30 19:12:39 ----SHD---- C:\RECYCLER
2009-01-30 19:11:01 ----A---- C:\WINDOWS\system32\oeminfo.ini
2009-01-30 19:08:44 ----D---- C:\Program Files\HP
2009-01-30 19:06:54 ----D---- C:\Program Files\HPQ
2009-01-30 19:06:09 ----D---- C:\Program Files\Broadcom
2009-01-30 19:05:25 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2009-01-30 19:05:25 ----A---- C:\WINDOWS\system32\SynTPCo2.dll
2009-01-30 19:05:25 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2009-01-30 19:05:24 ----D---- C:\Program Files\Synaptics
2009-01-30 19:05:24 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2009-01-30 19:05:24 ----A---- C:\WINDOWS\system32\SynCOM.dll
2009-01-30 19:03:25 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-01-30 19:03:23 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-01-30 19:03:04 ----D---- C:\Program Files\Hewlett-Packard
2009-01-30 19:03:04 ----A---- C:\WINDOWS\system32\wdfcoinstaller01005.dll
2009-01-30 19:03:04 ----A---- C:\WINDOWS\system32\BttnCmns_64.dll
2009-01-30 19:03:04 ----A---- C:\WINDOWS\system32\BttnCmns.dll
2009-01-30 19:03:04 ----A---- C:\WINDOWS\system32\BttnCmn.dll
2009-01-30 19:02:57 ----D---- C:\Documents and Settings\Jeff\Application Data\InstallShield
2009-01-30 19:01:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-30 19:01:12 ----D---- C:\Program Files\ATI Technologies
2009-01-30 19:01:10 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-30 19:00:55 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-30 18:58:13 ----D---- C:\Program Files\CONEXANT
2009-01-30 18:58:12 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-01-30 18:58:06 ----D---- C:\swsetup
2009-01-30 18:56:19 ----D---- C:\Documents and Settings\Jeff\Application Data\Identities
2009-01-30 18:56:17 ----HD---- C:\Program Files\Uninstall Information
2009-01-30 18:56:09 ----ASH---- C:\Documents and Settings\Jeff\Application Data\desktop.ini
2009-01-30 18:56:08 ----SD---- C:\Documents and Settings\Jeff\Application Data\Microsoft
2009-01-30 18:55:10 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-30 18:54:58 ----SD---- C:\WINDOWS\system32\Microsoft
2009-01-30 18:54:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-30 18:50:47 ----D---- C:\WINDOWS\system32\xircom
2009-01-30 18:50:47 ----D---- C:\Program Files\xerox
2009-01-30 18:50:47 ----D---- C:\Program Files\microsoft frontpage
2009-01-30 18:50:23 ----A---- C:\WINDOWS\control.ini
2009-01-30 18:49:59 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-01-30 18:48:37 ----RD---- C:\WINDOWS\Offline Web Pages
2009-01-30 18:48:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-30 18:48:36 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-01-30 18:48:29 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-01-30 18:48:22 ----HD---- C:\Program Files\WindowsUpdate
2009-01-30 18:47:55 ----D---- C:\WINDOWS\system32\DirectX
2009-01-30 18:47:33 ----A---- C:\WINDOWS\system32\atrace.dll
2009-01-30 18:47:30 ----A---- C:\WINDOWS\system32\desktop.ini
2009-01-30 18:47:30 ----A---- C:\WINDOWS\desktop.ini
2009-01-30 18:47:24 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-01-30 18:47:23 ----A---- C:\WINDOWS\system32\acctres.dll
2009-01-30 18:47:22 ----D---- C:\Program Files\Common Files\Services
2009-01-30 18:47:20 ----SD---- C:\WINDOWS\Tasks
2009-01-30 18:47:20 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-01-30 18:47:19 ----D---- C:\Program Files\Common Files\MSSoap
2009-01-30 18:47:14 ----D---- C:\WINDOWS\srchasst
2009-01-30 18:47:13 ----D---- C:\WINDOWS\system32\Macromed
2009-01-30 18:47:10 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-01-30 18:47:10 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-01-30 18:47:10 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-01-30 18:47:10 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-01-30 18:47:09 ----A---- C:\WINDOWS\system32\wups.dll
2009-01-30 18:47:09 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-01-30 18:47:09 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-01-30 18:47:09 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-01-30 18:47:09 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-01-30 18:47:09 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-01-30 18:47:09 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-01-30 18:47:08 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-01-30 18:47:08 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-01-30 18:47:03 ----D---- C:\Program Files\Movie Maker
2009-01-30 18:46:59 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-01-30 18:46:59 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-01-30 18:46:59 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-01-30 18:46:59 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-01-30 18:46:54 ----D---- C:\WINDOWS\system32\Restore
2009-01-30 18:46:54 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-01-30 18:46:54 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-01-30 18:46:54 ----A---- C:\WINDOWS\system32\srclient.dll
2009-01-30 18:46:54 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-01-30 18:46:54 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-01-30 18:46:53 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-01-30 18:46:53 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-01-30 18:46:53 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-01-30 18:46:53 ----A---- C:\WINDOWS\system32\ils.dll
2009-01-30 18:46:52 ----A---- C:\WINDOWS\system32\msconf.dll
2009-01-30 18:46:52 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-01-30 18:46:50 ----D---- C:\Program Files\NetMeeting
2009-01-30 18:46:50 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-01-30 18:46:50 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-01-30 18:46:49 ----A---- C:\WINDOWS\system32\inetres.dll
2009-01-30 18:46:48 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-01-30 18:46:46 ----D---- C:\Program Files\Outlook Express
2009-01-30 18:46:46 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-01-30 18:46:46 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-01-30 18:46:46 ----A---- C:\WINDOWS\system32\mstask.dll
2009-01-30 18:46:45 ----A---- C:\WINDOWS\system32\isign32.dll
2009-01-30 18:46:45 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-01-30 18:46:45 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-01-30 18:46:45 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-01-30 18:46:39 ----D---- C:\Program Files\Common Files\System
2009-01-30 18:46:35 ----D---- C:\Program Files\Internet Explorer
2009-01-30 18:45:47 ----A---- C:\WINDOWS\vbaddin.ini
2009-01-30 18:45:47 ----A---- C:\WINDOWS\vb.ini
2009-01-30 18:45:40 ----D---- C:\WINDOWS\Registration
2009-01-30 18:45:28 ----D---- C:\Program Files\Online Services
2009-01-30 18:45:27 ----D---- C:\Program Files\Windows Media Player
2009-01-30 18:45:19 ----D---- C:\Program Files\Messenger
2009-01-30 18:45:15 ----D---- C:\Program Files\MSN Gaming Zone
2009-01-30 18:45:15 ----A---- C:\WINDOWS\system32\write.exe
2009-01-30 18:45:07 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-01-30 18:45:07 ----A---- C:\WINDOWS\system32\hticons.dll
2009-01-30 18:45:06 ----A---- C:\WINDOWS\system32\winchat.exe
2009-01-30 18:45:06 ----A---- C:\WINDOWS\system32\avwav.dll
2009-01-30 18:45:06 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-01-30 18:45:06 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-01-30 18:45:00 ----A---- C:\WINDOWS\system32\getuname.dll
2009-01-30 18:45:00 ----A---- C:\WINDOWS\system32\charmap.exe
2009-01-30 18:44:59 ----A---- C:\WINDOWS\system32\winmine.exe
2009-01-30 18:44:59 ----A---- C:\WINDOWS\system32\sol.exe
2009-01-30 18:44:59 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-01-30 18:44:59 ----A---- C:\WINDOWS\system32\calc.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\tskill.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\tscon.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\shadow.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\reset.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\regini.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\freecell.exe
2009-01-30 18:44:57 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-01-30 18:44:57 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-01-30 18:44:57 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-01-30 18:44:57 ----A---- C:\WINDOWS\system32\msg.exe
2009-01-30 18:44:57 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-01-30 18:44:57 ----A---- C:\WINDOWS\system32\logoff.exe
2009-01-30 18:44:57 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-01-30 18:44:56 ----A---- C:\WINDOWS\system32\stclient.dll
2009-01-30 18:44:56 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-01-30 18:44:56 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-01-30 18:44:56 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-01-30 18:44:56 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-01-30 18:44:56 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-01-30 18:44:56 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-01-30 18:44:55 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-01-30 18:44:50 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-01-30 18:44:31 ----D---- C:\Program Files\MSN
2009-01-30 18:44:30 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-01-30 18:44:29 ----D---- C:\Program Files\Windows NT
2009-01-30 18:44:29 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-01-30 18:44:29 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-01-30 18:44:29 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-01-30 18:44:29 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-01-30 18:44:28 ----A---- C:\WINDOWS\system32\spider.exe
2009-01-30 18:44:28 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-01-30 18:44:27 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-01-30 18:44:27 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-01-30 18:44:27 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-01-30 18:44:27 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-01-30 18:44:27 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-01-30 18:44:27 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-01-30 18:44:25 ----D---- C:\WINDOWS\system32\MsDtc
2009-01-30 18:44:25 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-01-30 18:44:25 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-01-30 18:44:25 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-01-30 18:44:25 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-01-30 18:44:25 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-01-30 18:44:24 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-01-30 18:44:24 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-01-30 18:44:24 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-01-30 18:44:23 ----D---- C:\WINDOWS\system32\Com
2009-01-30 18:44:23 ----A---- C:\WINDOWS\system32\colbact.dll
2009-01-30 18:44:23 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-01-30 18:44:23 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-01-30 18:44:23 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-01-30 18:44:23 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-01-30 18:44:22 ----A---- C:\WINDOWS\system32\comuid.dll
2009-01-30 18:44:22 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-01-30 18:44:21 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-01-30 18:44:14 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-01-30 18:44:14 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-01-30 18:44:14 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-01-30 18:44:14 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-01-30 13:42:24 ----A---- C:\WINDOWS\system32\h323log.txt
2009-01-30 13:40:52 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-01-30 13:39:04 ----A---- C:\WINDOWS\system32\usbui.dll
2009-01-30 13:37:33 ----SHD---- C:\WINDOWS\Installer
2009-01-30 13:37:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-30 13:37:32 ----D---- C:\Program Files\Common Files\ODBC
2009-01-30 13:37:32 ----A---- C:\WINDOWS\ODBCINST.INI
2009-01-30 13:37:27 ----RD---- C:\Program Files
2009-01-30 13:37:27 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-01-30 13:37:27 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-30 13:37:27 ----D---- C:\Program Files\Common Files
2009-01-30 13:37:24 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-01-30 13:37:24 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-01-30 13:37:24 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-01-30 13:37:20 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-01-30 13:37:20 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-01-30 13:37:20 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-01-30 13:37:20 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-01-30 13:37:20 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-01-30 13:37:20 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-01-30 13:37:20 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-01-30 13:37:19 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-01-30 13:37:19 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-01-30 13:37:19 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-01-30 13:37:19 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-01-30 13:37:19 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-01-30 13:37:14 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-01-30 13:37:14 ----A---- C:\WINDOWS\system32\irclass.dll
2009-01-30 13:37:14 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-01-30 13:37:14 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-01-30 13:37:14 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-01-30 13:37:12 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-01-30 13:37:12 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-01-30 13:37:11 ----A---- C:\WINDOWS\system32\batt.dll
2009-01-30 13:37:11 ----A---- C:\WINDOWS\notepad.exe
2009-01-30 13:37:10 ----A---- C:\WINDOWS\system32\storprop.dll
2009-01-30 13:36:58 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-01-30 13:36:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-30 13:36:40 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-30 13:36:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-30 13:36:02 ----SHD---- C:\System Volume Information
2009-01-30 13:36:02 ----D---- C:\Documents and Settings
2009-01-30 13:35:02 ----SH---- C:\boot.ini
2009-01-30 13:26:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-30 13:26:43 ----RSD---- C:\WINDOWS\Fonts
2009-01-30 13:26:43 ----RD---- C:\WINDOWS\Web
2009-01-30 13:26:43 ----HD---- C:\WINDOWS\inf
2009-01-30 13:26:43 ----D---- C:\WINDOWS\WinSxS
2009-01-30 13:26:43 ----D---- C:\WINDOWS\twain_32
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Temp
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\wins
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\wbem
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\usmt
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\spool
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\ShellExt
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\Setup
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\ras
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\oobe
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\npp
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\mui
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\IME
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\icsxml
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\ias
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\export
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\drivers
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\dhcp
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\config
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\1033
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system
2009-01-30 13:26:43 ----D---- C:\WINDOWS\security
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Resources
2009-01-30 13:26:43 ----D---- C:\WINDOWS\repair
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Provisioning
2009-01-30 13:26:43 ----D---- C:\WINDOWS\PeerNet
2009-01-30 13:26:43 ----D---- C:\WINDOWS\pchealth
2009-01-30 13:26:43 ----D---- C:\WINDOWS\mui
2009-01-30 13:26:43 ----D---- C:\WINDOWS\msapps
2009-01-30 13:26:43 ----D---- C:\WINDOWS\msagent
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Media
2009-01-30 13:26:43 ----D---- C:\WINDOWS\java
2009-01-30 13:26:43 ----D---- C:\WINDOWS\ime
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Help
2009-01-30 13:26:43 ----D---- C:\WINDOWS\ehome
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Driver Cache
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Debug
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Cursors
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Connection Wizard
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Config
2009-01-30 13:26:43 ----D---- C:\WINDOWS\AppPatch
2009-01-30 13:26:43 ----D---- C:\WINDOWS\addins
2009-01-30 13:26:43 ----D---- C:\WINDOWS
2008-12-31 13:12:50 ----A---- C:\WINDOWS\system32\PDBoot.exe
2008-11-27 11:47:56 ----A---- C:\WINDOWS\system32\RtNicProp32.dll

======List of files/folders modified in the last 3 months======

2009-02-05 20:28:10 ----A---- C:\WINDOWS\win.ini
2009-02-05 20:28:10 ----A---- C:\WINDOWS\system.ini
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-30 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-30 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-30 107272]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2009-01-05 71184]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-07-14 1269760]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-01-30 29208]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-23 1391104]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-04-20 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-04-20 350080]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-12-02 118656]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-15 213696]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-01-30 29208]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-04 85969]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-07-14 380928]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-30 903960]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-30 298264]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-01-30 1339600]
R2 dlcx_device;dlcx_device; C:\WINDOWS\system32\dlcxcoms.exe [2006-10-11 532480]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 PD91Agent;PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]
S3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-01 152984]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PD91Engine;PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-02-10 15:57:20

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AOL Registration-->"C:\Program Files\AOL\RC\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
Dell PC Fax-->C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 926-->C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\Setup.exe" -l0x9 -removeonly
HP Quick Launch Buttons 6.30 J1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP Wireless Assistant 2.00 C1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\Setup.exe" -l0x9 hpquninst
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kels' CPL Bonus Pack!-->rundll32.exe advpack.dll,LaunchINFSection CPLBonus.inf,uninstall
LimeWire PRO 5.0.11-->"C:\Program Files\LimeWire\uninstall.exe"
Magic ISO Maker v5.5 (build 0273)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
New Folder Here-->C:\PROGRA~1\Camtech\NEWFOL~1\UNWISE.EXE C:\PROGRA~1\Camtech\NEWFOL~1\INSTALL.LOG
PerfectDisk 2008 Professional-->MsiExec.exe /I{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Revo Uninstaller 1.80-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Universal Extractor 1.6-->"C:\Program Files\Universal Extractor\unins000.exe"
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office InfoPath 2007 Help (KB957243)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {766DF26B-5F03-48ED-9307-5326F2790ED0}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Sign-in Assistant-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Internet Security
FW: AVG Firewall

System event log

Computer Name: JEFF-LAPTOP
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the running state.

Record Number: 5
Source Name: Service Control Manager
Time Written: 20090204174524.000000-300
Event Type: information
User:

Computer Name: JEFF-LAPTOP
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 4
Source Name: Service Control Manager
Time Written: 20090204174524.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: JEFF-LAPTOP
Event Code: 7036
Message: The Removable Storage service entered the stopped state.

Record Number: 3
Source Name: Service Control Manager
Time Written: 20090204162632.000000-300
Event Type: information
User:

Computer Name: JEFF-LAPTOP
Event Code: 98
Message: RSM was stopped.

Record Number: 2
Source Name: Removable Storage Service
Time Written: 20090204162632.000000-300
Event Type: information
User:

Computer Name: JEFF-LAPTOP
Event Code: 7036
Message: The Logical Disk Manager Administrative Service service entered the stopped state.

Record Number: 1
Source Name: Service Control Manager
Time Written: 20090204162601.000000-300
Event Type: information
User:

Application event log

Computer Name: JEFF-LAPTOP
Event Code: 1
Message:
Record Number: 5
Source Name: avg8emc
Time Written: 20090204184606.000000-300
Event Type: information
User:

Computer Name: JEFF-LAPTOP
Event Code: 1002
Message: The shell stopped unexpectedly and Explorer.exe was restarted.

Record Number: 4
Source Name: Winlogon
Time Written: 20090204180737.000000-300
Event Type: information
User:

Computer Name: JEFF-LAPTOP
Event Code: 1002
Message: The shell stopped unexpectedly and Explorer.exe was restarted.

Record Number: 3
Source Name: Winlogon
Time Written: 20090204180530.000000-300
Event Type: information
User:

Computer Name: JEFF-LAPTOP
Event Code: 11724
Message: Product: SUPERAntiSpyware Free Edition -- Removal completed successfully.

Record Number: 2
Source Name: MsiInstaller
Time Written: 20090204180443.000000-300
Event Type: information
User: JEFF-LAPTOP\Jeff

Computer Name: JEFF-LAPTOP
Event Code: 11707
Message: Product: SUPERAntiSpyware Free Edition -- Installation operation completed successfully.

Record Number: 1
Source Name: MsiInstaller
Time Written: 20090204175301.000000-300
Event Type: information
User: JEFF-LAPTOP\Jeff

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Universal Extractor;C:\Program Files\Universal Extractor\bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:43 AM

Posted 10 February 2009 - 05:54 PM

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions
  • Turn off Windows automatic updates as it might lead to unexpected results at this stage:
    • Go to start -> Control Panel -> double-click System to open it.
    • Go to the Automatic Updates tab.
    • Select the "Turn off Automatic Updates" box.
    • Click Apply and then OK.
    • Important: Reboot.
  • You have run GMER before. To uninstall is go to start > run and copy and paste the following then hit Enter:

    C:\WINDOWS\gmer_uninstall.cmd

  • We need to repair a broken file association. Download this file and place it on your desktop.
    • Unzip jscript_fix.zip.
    • This will create a new file on your desktop with the name: jscript_fix.reg
    • Doubleclick the jscript_fix.reg file present in order to let it merge into the registry.
  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools (see below if you don't know how)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
++++++++++++++++

To Disable AVG Resident Shield:
  • Double click AVG system tray icon to open AVG.
  • In Overview section double click Resident Shield.
  • Uncheck Resident Shield Active.
  • Press Save Changes.

    Note: It is important to activate the resident shield immediately after running ComboFix.


#7 Vaine

Vaine
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in NewYork
  • Local time:04:43 AM

Posted 10 February 2009 - 09:26 PM

I noticed that the systemint.exe came back and a red icon on my taskbar says NSKET Important security alert!. Then It installed this mywebsearch.

ComboFix 09-02-10.01 - Jeff 2009-02-10 21:12:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.441 [GMT -5:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
.

2009-02-10 19:07 . 2009-02-10 19:07 <DIR> d-------- c:\documents and settings\Jeff\Application Data\Thinstall
2009-02-10 15:58 . 2009-02-10 15:58 1,374 --a------ c:\windows\imsins.BAK
2009-02-10 15:56 . 2009-02-10 15:57 <DIR> d-------- C:\rsit
2009-02-09 19:43 . 2009-02-09 20:13 <DIR> d-------- c:\program files\Dl_cats
2009-02-09 19:42 . 2006-10-28 09:31 344,064 --a------ c:\windows\system32\dlcxcoin.dll
2009-02-09 19:42 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2009-02-09 19:42 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2009-02-09 19:42 . 2006-04-24 14:09 40,960 --a------ c:\windows\system32\dlcxvs.dll
2009-02-09 19:42 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-09 19:42 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-09 19:41 . 2009-02-09 19:41 <DIR> d-------- c:\program files\Abbyy FineReader 6.0 Sprint
2009-02-09 19:41 . 2006-08-08 14:58 692,224 --a------ c:\windows\system32\dlcxdrs.dll
2009-02-09 19:41 . 2006-09-22 06:42 65,536 --a------ c:\windows\system32\dlcxcaps.dll
2009-02-09 19:41 . 2006-03-19 19:03 61,440 --a------ c:\windows\system32\dlcxcnv4.dll
2009-02-09 19:40 . 2009-02-09 19:40 <DIR> d-------- c:\program files\Dell
2009-02-09 19:39 . 2009-02-09 19:41 <DIR> d-------- c:\program files\Dell Photo AIO Printer 926
2009-02-09 19:39 . 2009-02-09 19:40 <DIR> d-------- c:\program files\Dell PC Fax
2009-02-09 19:39 . 2009-02-09 19:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\DellFaxCtr
2009-02-09 19:39 . 2006-04-24 14:58 339,968 --a------ c:\windows\system32\IMGMAN32.DLL
2009-02-09 19:39 . 2006-04-24 14:58 98,345 --a------ c:\windows\system32\IMHOST32.DLL
2009-02-09 19:39 . 2006-04-24 14:58 98,304 --a------ c:\windows\system32\IM31XPNG.DEL
2009-02-09 19:39 . 2006-04-24 14:58 69,632 --a------ c:\windows\system32\IM31XTIF.DEL
2009-02-09 19:39 . 2006-04-24 14:58 49,152 --a------ c:\windows\system32\IM31IMG.DIL
2009-02-09 19:39 . 2006-10-06 07:06 45,056 --a------ c:\windows\system32\DLPRMON.DLL
2009-02-09 19:39 . 2006-10-06 07:05 32,768 --a------ c:\windows\system32\DLPMONUI.DLL
2009-02-09 19:37 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-09 19:37 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-06 21:50 . 2009-01-05 14:16 71,184 -ra------ c:\windows\system32\drivers\DefragFS.sys
2009-02-06 21:46 . 2009-02-06 21:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Raxco
2009-02-06 21:45 . 2009-02-06 21:46 <DIR> d-------- c:\program files\Raxco
2009-02-06 20:37 . 2009-02-06 20:58 <DIR> d-------- c:\documents and settings\Jeff\Application Data\gtk-2.0
2009-02-06 20:37 . 2009-02-06 20:37 <DIR> d-------- c:\documents and settings\Jeff\.thumbnails
2009-02-06 20:00 . 2009-02-06 21:08 <DIR> d-------- c:\documents and settings\Jeff\.gimp-2.6
2009-02-06 20:00 . 2009-02-06 20:00 <DIR> d-------- c:\documents and settings\Jeff\.gegl-0.0
2009-02-06 19:38 . 2009-02-06 19:38 <DIR> d-------- c:\documents and settings\Jeff\Application Data\Auslogics
2009-02-06 06:46 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-06 06:46 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-05 20:18 . 2009-02-05 20:18 <DIR> d-------- c:\program files\Microsoft
2009-02-05 19:40 . 2009-02-05 19:40 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-05 19:10 . 2009-02-05 19:10 <DIR> d--hs---- c:\documents and settings\Jeff\UserData
2009-02-05 19:06 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-02-05 19:02 . 2009-02-05 19:02 <DIR> d-------- c:\program files\Microsoft Works
2009-02-05 18:57 . 2009-02-05 18:57 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-05 18:47 . 2009-02-05 18:47 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-02-05 18:44 . 2009-02-05 18:59 <DIR> d-------- c:\windows\SHELLNEW
2009-02-05 18:43 . 2009-02-10 15:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-05 18:42 . 2009-02-05 18:42 <DIR> dr-h----- C:\MSOCache
2009-02-05 15:55 . 2009-02-05 15:55 <DIR> d-------- c:\program files\Trend Micro
2009-02-04 19:09 . 2009-02-04 19:09 250 --a------ c:\windows\gmer.ini
2009-02-04 18:48 . 2009-02-04 18:48 123 --a------ c:\windows\rootkitno.ini
2009-02-04 18:35 . 2009-02-04 18:35 <DIR> d--h----- c:\windows\PIF
2009-02-04 16:24 . 2009-02-04 16:26 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-04 07:16 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2009-02-04 07:16 . 2001-08-17 13:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys
2009-02-03 19:08 . 2009-02-03 19:08 <DIR> d-------- c:\documents and settings\Jeff\Application Data\acccore
2009-02-03 19:05 . 2003-01-10 16:13 33,588 -ra------ c:\windows\system32\drivers\wanatw4.sys
2009-02-03 19:04 . 2009-02-03 19:04 <DIR> d-------- c:\program files\Viewpoint
2009-02-03 19:04 . 2009-02-03 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-03 19:02 . 2009-02-03 19:02 <DIR> d-------- c:\program files\Common Files\aolshare
2009-02-03 19:02 . 2009-02-03 19:06 <DIR> d-------- c:\program files\Common Files\AOL
2009-02-03 19:02 . 2009-02-03 19:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2009-02-03 19:02 . 2009-02-03 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2009-02-03 18:55 . 2009-02-03 18:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-02-01 20:37 . 2009-02-01 20:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-01 20:33 . 2009-02-10 20:48 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-01 14:35 . 2009-02-01 14:35 <DIR> d-------- c:\program files\Adobe Media Player
2009-02-01 14:32 . 2009-02-01 14:32 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-01 12:33 . 2009-02-01 12:33 <DIR> d-------- c:\program files\Universal Extractor
2009-02-01 12:24 . 2009-02-01 12:26 <DIR> d-------- c:\documents and settings\Jeff\Application Data\LimeWire
2009-02-01 12:19 . 2009-02-01 12:19 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-01 12:19 . 2009-02-01 12:19 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-01 12:18 . 2009-02-01 12:18 <DIR> d-------- c:\program files\Java
2009-02-01 12:17 . 2009-02-01 12:21 <DIR> d-------- c:\program files\LimeWire
2009-02-01 10:51 . 2009-02-01 10:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-02-01 10:48 . 2009-02-01 10:48 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-01 10:47 . 2009-02-01 10:54 <DIR> d-------- c:\documents and settings\Jeff\Application Data\DAEMON Tools Lite
2009-02-01 10:42 . 2009-02-01 10:43 <DIR> d-------- c:\program files\MagicISO
2009-01-31 16:41 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-01-31 16:41 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-01-30 22:46 . 2009-02-09 19:26 <DIR> d-------- c:\documents and settings\Jeff\Application Data\BitTorrent
2009-01-30 22:45 . 2009-01-30 22:45 <DIR> d-------- c:\program files\DNA
2009-01-30 22:45 . 2009-01-30 22:45 <DIR> d-------- c:\program files\BitTorrent
2009-01-30 22:45 . 2009-02-09 22:24 <DIR> d-------- c:\documents and settings\Jeff\Application Data\DNA
2009-01-30 22:18 . 2009-02-10 15:50 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-30 22:18 . 2009-01-30 22:25 <DIR> d-------- c:\documents and settings\Jeff\Application Data\AVGTOOLBAR
2009-01-30 22:18 . 2009-01-30 22:18 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-30 22:18 . 2009-01-30 22:18 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-30 22:18 . 2009-01-30 22:18 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-01-30 22:18 . 2009-01-30 22:18 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-30 22:17 . 2009-02-05 06:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-30 22:17 . 2009-01-30 22:17 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-01-30 22:17 . 2009-01-30 22:17 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2009-01-30 21:52 . 2009-01-30 21:52 <DIR> d-------- c:\program files\Yahoo!
2009-01-30 21:52 . 2009-01-30 21:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-30 21:36 . 2009-01-30 21:36 <DIR> d-------- c:\program files\Winamp
2009-01-30 21:36 . 2009-01-30 22:09 <DIR> d-------- c:\documents and settings\Jeff\Application Data\Winamp
2009-01-30 21:36 . 2007-03-07 18:51 129,784 --------- c:\windows\system32\pxafs.dll
2009-01-30 21:34 . 2009-01-30 21:34 <DIR> d-------- c:\program files\AVG
2009-01-30 21:26 . 2009-01-30 21:27 <DIR> d-------- c:\program files\QuickTime
2009-01-30 21:26 . 2009-01-30 21:26 <DIR> d-------- c:\program files\Apple Software Update
2009-01-30 21:26 . 2009-01-30 21:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-30 21:26 . 2009-01-30 21:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-30 21:19 . 2009-01-30 21:19 <DIR> d-------- c:\program files\VS Revo Group
2009-01-30 21:17 . 2009-01-30 21:17 <DIR> d-------- c:\program files\Camtech
2009-01-30 21:17 . 2001-09-03 07:52 766 --a------ c:\windows\win98Logo.ico
2009-01-30 21:15 . 2009-02-02 18:29 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-30 20:59 . 2009-02-03 18:55 335 --a------ c:\windows\nsreg.dat
2009-01-30 20:55 . 2009-01-30 20:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-01-30 20:53 . 2009-01-30 20:53 <DIR> d-------- c:\program files\System
2009-01-30 20:53 . 2004-07-29 12:56 208,896 --a------ c:\windows\system32\cttune.cpl
2009-01-30 20:53 . 2004-09-30 11:17 122,880 --a------ c:\windows\system32\directx.cpl
2009-01-30 20:53 . 2002-12-29 01:14 110,592 --a------ c:\windows\system32\Startup.cpl
2009-01-30 20:50 . 2009-01-30 20:50 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-30 20:31 . 2009-01-30 20:31 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-30 20:31 . 2009-01-30 20:31 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-30 20:31 . 2009-02-05 19:01 <DIR> d-------- c:\program files\MSBuild
2009-01-30 20:31 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-30 20:31 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-30 20:31 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-30 20:31 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-30 20:31 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-30 20:31 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-30 20:31 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-30 20:24 . 2008-10-31 19:36 873,374 --a------ c:\windows\system32\oem14.inf
2009-01-30 20:21 . 2008-12-20 18:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 01:10 --------- d-----w c:\program files\CONEXANT
2009-01-30 23:50 --------- d-----w c:\program files\microsoft frontpage
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-30 1601304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-30 22:18 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-07-13 21:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
--a------ 2007-10-19 13:28 202032 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-01 12:19 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1233705763\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1233705763\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-30 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-30 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-30 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-30 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-30 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-30 1339600]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-01-30 29208]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-08-22 231424]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-01-30 29208]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\4c8gx0de.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=108&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 21:16:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1268)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-10 21:19:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-11 02:19:29
ComboFix2.txt 2009-02-11 00:03:57

Pre-Run: 46,003,208,192 bytes free
Post-Run: 45,994,651,648 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

343 --- E O F --- 2009-02-10 21:02:23


I did not realize Limewire and bittorrent was even on here. My son must have installed something.

I also noticed after the reboot there was an error message regarding mywebsearch

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:43 AM

Posted 11 February 2009 - 11:17 AM

Thanks for the feedback.
  • Combofix is run twice and the log is from the second run. I need to see the log of the first run. Please go to start -> Run.
    • Copy and paste the bold line in the run-box and click OK: notepad C:\Qoobox\ComboFix2.txt
    • A text file opens, copy and paste the content to your reply.
  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.

    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • Please run RSIT, set the list of Files/Folders created to 1 Months and copy/paste the content of log.txt to your reply (this time RSIT creates just one log).


#9 Vaine

Vaine
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in NewYork
  • Local time:04:43 AM

Posted 11 February 2009 - 03:54 PM

ComboFix 09-02-10.01 - Jeff 2009-02-10 18:54:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.476 [GMT -5:00]
Running from: f:\pc repair programs\Combofix\Combofix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00820660
c:\program files\MyWebSearch\bar\Cache\0082098D
c:\program files\MyWebSearch\bar\Cache\00820A38.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
.

2009-02-10 15:58 . 2009-02-10 15:58 1,374 --a------ c:\windows\imsins.BAK
2009-02-10 15:56 . 2009-02-10 15:57 <DIR> d-------- C:\rsit
2009-02-09 19:43 . 2009-02-09 20:13 <DIR> d-------- c:\program files\Dl_cats
2009-02-09 19:42 . 2006-10-28 09:31 344,064 --a------ c:\windows\system32\dlcxcoin.dll
2009-02-09 19:42 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2009-02-09 19:42 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2009-02-09 19:42 . 2006-04-24 14:09 40,960 --a------ c:\windows\system32\dlcxvs.dll
2009-02-09 19:42 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-09 19:42 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-02-09 19:41 . 2009-02-09 19:41 <DIR> d-------- c:\program files\Abbyy FineReader 6.0 Sprint
2009-02-09 19:41 . 2006-08-08 14:58 692,224 --a------ c:\windows\system32\dlcxdrs.dll
2009-02-09 19:41 . 2006-09-22 06:42 65,536 --a------ c:\windows\system32\dlcxcaps.dll
2009-02-09 19:41 . 2006-03-19 19:03 61,440 --a------ c:\windows\system32\dlcxcnv4.dll
2009-02-09 19:40 . 2009-02-09 19:40 <DIR> d-------- c:\program files\Dell
2009-02-09 19:39 . 2009-02-09 19:41 <DIR> d-------- c:\program files\Dell Photo AIO Printer 926
2009-02-09 19:39 . 2009-02-09 19:40 <DIR> d-------- c:\program files\Dell PC Fax
2009-02-09 19:39 . 2009-02-09 19:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\DellFaxCtr
2009-02-09 19:39 . 2006-04-24 14:58 339,968 --a------ c:\windows\system32\IMGMAN32.DLL
2009-02-09 19:39 . 2006-04-24 14:58 98,345 --a------ c:\windows\system32\IMHOST32.DLL
2009-02-09 19:39 . 2006-04-24 14:58 98,304 --a------ c:\windows\system32\IM31XPNG.DEL
2009-02-09 19:39 . 2006-04-24 14:58 69,632 --a------ c:\windows\system32\IM31XTIF.DEL
2009-02-09 19:39 . 2006-04-24 14:58 49,152 --a------ c:\windows\system32\IM31IMG.DIL
2009-02-09 19:39 . 2006-10-06 07:06 45,056 --a------ c:\windows\system32\DLPRMON.DLL
2009-02-09 19:39 . 2006-10-06 07:05 32,768 --a------ c:\windows\system32\DLPMONUI.DLL
2009-02-09 19:37 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-02-09 19:37 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-02-06 21:50 . 2009-01-05 14:16 71,184 -ra------ c:\windows\system32\drivers\DefragFS.sys
2009-02-06 21:46 . 2009-02-06 21:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Raxco
2009-02-06 21:45 . 2009-02-06 21:46 <DIR> d-------- c:\program files\Raxco
2009-02-06 20:37 . 2009-02-06 20:58 <DIR> d-------- c:\documents and settings\Jeff\Application Data\gtk-2.0
2009-02-06 20:37 . 2009-02-06 20:37 <DIR> d-------- c:\documents and settings\Jeff\.thumbnails
2009-02-06 20:00 . 2009-02-06 21:08 <DIR> d-------- c:\documents and settings\Jeff\.gimp-2.6
2009-02-06 20:00 . 2009-02-06 20:00 <DIR> d-------- c:\documents and settings\Jeff\.gegl-0.0
2009-02-06 19:38 . 2009-02-06 19:38 <DIR> d-------- c:\documents and settings\Jeff\Application Data\Auslogics
2009-02-06 06:46 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-06 06:46 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-05 20:18 . 2009-02-05 20:18 <DIR> d-------- c:\program files\Microsoft
2009-02-05 19:40 . 2009-02-05 19:40 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-05 19:10 . 2009-02-05 19:10 <DIR> d--hs---- c:\documents and settings\Jeff\UserData
2009-02-05 19:06 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-02-05 19:02 . 2009-02-05 19:02 <DIR> d-------- c:\program files\Microsoft Works
2009-02-05 18:57 . 2009-02-05 18:57 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-05 18:47 . 2009-02-05 18:47 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-02-05 18:44 . 2009-02-05 18:59 <DIR> d-------- c:\windows\SHELLNEW
2009-02-05 18:43 . 2009-02-10 15:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-05 18:42 . 2009-02-05 18:42 <DIR> dr-h----- C:\MSOCache
2009-02-05 15:55 . 2009-02-05 15:55 <DIR> d-------- c:\program files\Trend Micro
2009-02-04 19:09 . 2009-02-04 19:09 250 --a------ c:\windows\gmer.ini
2009-02-04 18:48 . 2009-02-04 18:48 123 --a------ c:\windows\rootkitno.ini
2009-02-04 18:35 . 2009-02-04 18:35 <DIR> d--h----- c:\windows\PIF
2009-02-04 16:24 . 2009-02-04 16:26 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-04 07:16 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS
2009-02-04 07:16 . 2001-08-17 13:56 7,552 --a--c--- c:\windows\system32\dllcache\sonypvu1.sys
2009-02-03 19:08 . 2009-02-03 19:08 <DIR> d-------- c:\documents and settings\Jeff\Application Data\acccore
2009-02-03 19:05 . 2003-01-10 16:13 33,588 -ra------ c:\windows\system32\drivers\wanatw4.sys
2009-02-03 19:04 . 2009-02-03 19:04 <DIR> d-------- c:\program files\Viewpoint
2009-02-03 19:04 . 2009-02-03 19:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-03 19:02 . 2009-02-03 19:02 <DIR> d-------- c:\program files\Common Files\aolshare
2009-02-03 19:02 . 2009-02-03 19:06 <DIR> d-------- c:\program files\Common Files\AOL
2009-02-03 19:02 . 2009-02-03 19:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2009-02-03 19:02 . 2009-02-03 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL
2009-02-03 18:55 . 2009-02-03 18:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-02-01 20:37 . 2009-02-01 20:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-01 20:33 . 2009-02-10 17:46 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-01 14:35 . 2009-02-01 14:35 <DIR> d-------- c:\program files\Adobe Media Player
2009-02-01 14:32 . 2009-02-01 14:32 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-01 12:33 . 2009-02-01 12:33 <DIR> d-------- c:\program files\Universal Extractor
2009-02-01 12:24 . 2009-02-01 12:26 <DIR> d-------- c:\documents and settings\Jeff\Application Data\LimeWire
2009-02-01 12:19 . 2009-02-01 12:19 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-01 12:19 . 2009-02-01 12:19 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-01 12:18 . 2009-02-01 12:18 <DIR> d-------- c:\program files\Java
2009-02-01 12:17 . 2009-02-01 12:21 <DIR> d-------- c:\program files\LimeWire
2009-02-01 10:51 . 2009-02-01 10:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-02-01 10:48 . 2009-02-01 10:48 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-01 10:47 . 2009-02-01 10:54 <DIR> d-------- c:\documents and settings\Jeff\Application Data\DAEMON Tools Lite
2009-02-01 10:42 . 2009-02-01 10:43 <DIR> d-------- c:\program files\MagicISO
2009-01-31 16:41 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-01-31 16:41 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2009-01-30 22:46 . 2009-02-09 19:26 <DIR> d-------- c:\documents and settings\Jeff\Application Data\BitTorrent
2009-01-30 22:45 . 2009-01-30 22:45 <DIR> d-------- c:\program files\DNA
2009-01-30 22:45 . 2009-01-30 22:45 <DIR> d-------- c:\program files\BitTorrent
2009-01-30 22:45 . 2009-02-09 22:24 <DIR> d-------- c:\documents and settings\Jeff\Application Data\DNA
2009-01-30 22:18 . 2009-02-10 15:50 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-30 22:18 . 2009-01-30 22:25 <DIR> d-------- c:\documents and settings\Jeff\Application Data\AVGTOOLBAR
2009-01-30 22:18 . 2009-01-30 22:18 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-30 22:18 . 2009-01-30 22:18 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-30 22:18 . 2009-01-30 22:18 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-01-30 22:18 . 2009-01-30 22:18 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-30 22:17 . 2009-02-05 06:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-30 22:17 . 2009-01-30 22:17 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-01-30 22:17 . 2009-01-30 22:17 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2009-01-30 21:52 . 2009-01-30 21:52 <DIR> d-------- c:\program files\Yahoo!
2009-01-30 21:52 . 2009-01-30 21:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-30 21:36 . 2009-01-30 21:36 <DIR> d-------- c:\program files\Winamp
2009-01-30 21:36 . 2009-01-30 22:09 <DIR> d-------- c:\documents and settings\Jeff\Application Data\Winamp
2009-01-30 21:36 . 2007-03-07 18:51 129,784 --------- c:\windows\system32\pxafs.dll
2009-01-30 21:34 . 2009-01-30 21:34 <DIR> d-------- c:\program files\AVG
2009-01-30 21:26 . 2009-01-30 21:27 <DIR> d-------- c:\program files\QuickTime
2009-01-30 21:26 . 2009-01-30 21:26 <DIR> d-------- c:\program files\Apple Software Update
2009-01-30 21:26 . 2009-01-30 21:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-30 21:26 . 2009-01-30 21:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-30 21:19 . 2009-01-30 21:19 <DIR> d-------- c:\program files\VS Revo Group
2009-01-30 21:17 . 2009-01-30 21:17 <DIR> d-------- c:\program files\Camtech
2009-01-30 21:17 . 2001-09-03 07:52 766 --a------ c:\windows\win98Logo.ico
2009-01-30 21:15 . 2009-02-02 18:29 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-30 20:59 . 2009-02-03 18:55 335 --a------ c:\windows\nsreg.dat
2009-01-30 20:55 . 2009-01-30 20:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-01-30 20:53 . 2009-01-30 20:53 <DIR> d-------- c:\program files\System
2009-01-30 20:53 . 2004-07-29 12:56 208,896 --a------ c:\windows\system32\cttune.cpl
2009-01-30 20:53 . 2004-09-30 11:17 122,880 --a------ c:\windows\system32\directx.cpl
2009-01-30 20:53 . 2002-12-29 01:14 110,592 --a------ c:\windows\system32\Startup.cpl
2009-01-30 20:50 . 2009-01-30 20:50 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-30 20:31 . 2009-01-30 20:31 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-30 20:31 . 2009-01-30 20:31 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-30 20:31 . 2009-02-05 19:01 <DIR> d-------- c:\program files\MSBuild
2009-01-30 20:31 . 2008-07-06 07:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-30 20:31 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-30 20:31 . 2008-07-06 05:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-30 20:31 . 2008-07-06 07:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-30 20:31 . 2008-07-06 07:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-30 20:31 . 2008-07-06 07:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-30 20:31 . 2008-07-06 07:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-30 20:24 . 2008-10-31 19:36 873,374 --a------ c:\windows\system32\oem14.inf
2009-01-30 20:21 . 2008-12-20 18:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-01-30 20:21 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 01:10 --------- d-----w c:\program files\CONEXANT
2009-01-30 23:50 --------- d-----w c:\program files\microsoft frontpage
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-30 1601304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-30 22:18 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-07-13 21:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
--a------ 2007-10-19 13:28 202032 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-01 12:19 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1233705763\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1233705763\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-30 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-30 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-30 107272]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-30 903960]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-30 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-30 1339600]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-01-30 29208]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-08-22 231424]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-01-30 29208]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
FF - ProfilePath - c:\documents and settings\Jeff\Application Data\Mozilla\Firefox\Profiles\4c8gx0de.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=108&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 18:59:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1272)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\dlcxcoms.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\taskmgr.exe
f:\pc repair programs\cwshredder.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2009-02-10 19:03:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-11 00:03:38

Pre-Run: 46,156,230,656 bytes free
Post-Run: 46,059,155,456 bytes free

341 --- E O F --- 2009-02-10 21:02:23

#10 Vaine

Vaine
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in NewYork
  • Local time:04:43 AM

Posted 11 February 2009 - 04:10 PM

Malwarebytes' Anti-Malware 1.34
Database version: 1750
Windows 5.1.2600 Service Pack 3

2/11/2009 4:09:15 PM
mbam-log-2009-02-11 (16-09-15).txt

Scan type: Quick Scan
Objects scanned: 61401
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 89
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 Vaine

Vaine
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in NewYork
  • Local time:04:43 AM

Posted 11 February 2009 - 04:13 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jeff at 2009-02-11 16:11:09
Microsoft Windows XP Professional Service Pack 3
System drive C: has 43 GB (76%) free of 57 GB
Total RAM: 894 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:28 PM, on 2/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jeff\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jeff.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1233360839359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233879289140
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

--
End of file - 6352 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-30 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-30 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-30 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-09-15 1015808]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-30 1601304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-07-13 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 202032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-01 136600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-07-14 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-30 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Common Files\AOL\1233705763\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1233705763\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1233705763\ee\AOLDesktop.exe"="C:\Program Files\Common Files\AOL\1233705763\ee\AOLDesktop.exe:*:Enabled:AOL Desktop"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\dlcxcoms.exe"="C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Dell 926 Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.txt - open -

======List of files/folders created in the last 1 months======

2009-02-11 16:00:29 ----D---- C:\Documents and Settings\Jeff\Application Data\Malwarebytes
2009-02-11 16:00:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-10 21:34:51 ----SHD---- C:\RECYCLER
2009-02-10 21:19:35 ----D---- C:\WINDOWS\temp
2009-02-10 21:19:34 ----A---- C:\ComboFix.txt
2009-02-10 21:12:07 ----A---- C:\Boot.bak
2009-02-10 21:11:58 ----RASHD---- C:\cmdcons
2009-02-10 19:07:05 ----D---- C:\Documents and Settings\Jeff\Application Data\Thinstall
2009-02-10 18:53:57 ----A---- C:\WINDOWS\zip.exe
2009-02-10 18:53:57 ----A---- C:\WINDOWS\VFIND.exe
2009-02-10 18:53:57 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-10 18:53:57 ----A---- C:\WINDOWS\SWSC.exe
2009-02-10 18:53:57 ----A---- C:\WINDOWS\SWREG.exe
2009-02-10 18:53:57 ----A---- C:\WINDOWS\sed.exe
2009-02-10 18:53:57 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-10 18:53:57 ----A---- C:\WINDOWS\grep.exe
2009-02-10 18:53:57 ----A---- C:\WINDOWS\fdsv.exe
2009-02-10 18:53:06 ----D---- C:\WINDOWS\ERDNT
2009-02-10 18:53:06 ----D---- C:\Qoobox
2009-02-10 15:58:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-10 15:56:04 ----D---- C:\rsit
2009-02-09 19:43:51 ----D---- C:\Program Files\Dl_cats
2009-02-09 19:42:51 ----A---- C:\WINDOWS\system32\dlcxvs.dll
2009-02-09 19:42:39 ----A---- C:\WINDOWS\system32\dlcxcoin.dll
2009-02-09 19:42:03 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2009-02-09 19:41:57 ----A---- C:\WINDOWS\system32\dlcxcaps.dll
2009-02-09 19:41:56 ----A---- C:\WINDOWS\system32\dlcxdrs.dll
2009-02-09 19:41:56 ----A---- C:\WINDOWS\system32\dlcxcnv4.dll
2009-02-09 19:41:05 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2009-02-09 19:40:47 ----D---- C:\Program Files\Dell
2009-02-09 19:39:57 ----A---- C:\WINDOWS\system32\DLPRMON.DLL
2009-02-09 19:39:57 ----A---- C:\WINDOWS\system32\DLPMONUI.DLL
2009-02-09 19:39:37 ----A---- C:\WINDOWS\system32\IMHOST32.DLL
2009-02-09 19:39:37 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL
2009-02-09 19:39:29 ----D---- C:\Documents and Settings\All Users\Application Data\DellFaxCtr
2009-02-09 19:39:09 ----D---- C:\Program Files\Dell PC Fax
2009-02-09 19:39:00 ----D---- C:\Program Files\Dell Photo AIO Printer 926
2009-02-09 19:38:46 ----A---- C:\WINDOWS\system32\dlcxinst.dll
2009-02-09 19:38:46 ----A---- C:\WINDOWS\system32\dlcxhcp.dll
2009-02-09 19:38:45 ----A---- C:\WINDOWS\system32\dlcxutil.dll
2009-02-09 19:38:45 ----A---- C:\WINDOWS\system32\dlcxusb1.dll
2009-02-09 19:38:45 ----A---- C:\WINDOWS\system32\dlcxinpa.dll
2009-02-09 19:38:45 ----A---- C:\WINDOWS\system32\dlcxiesc.dll
2009-02-09 19:38:44 ----A---- C:\WINDOWS\system32\dlcxserv.dll
2009-02-09 19:38:43 ----A---- C:\WINDOWS\system32\dlcxprox.dll
2009-02-09 19:38:43 ----A---- C:\WINDOWS\system32\dlcxpplc.dll
2009-02-09 19:38:43 ----A---- C:\WINDOWS\system32\dlcxpmui.dll
2009-02-09 19:38:43 ----A---- C:\WINDOWS\system32\dlcxlmpm.dll
2009-02-09 19:38:42 ----A---- C:\WINDOWS\system32\dlcxjswr.dll
2009-02-09 19:38:42 ----A---- C:\WINDOWS\system32\dlcxinsr.dll
2009-02-09 19:38:42 ----A---- C:\WINDOWS\system32\dlcxinsb.dll
2009-02-09 19:38:42 ----A---- C:\WINDOWS\system32\dlcxins.dll
2009-02-09 19:38:42 ----A---- C:\WINDOWS\system32\dlcxih.exe
2009-02-09 19:38:41 ----A---- C:\WINDOWS\system32\dlcxhbn3.dll
2009-02-09 19:38:41 ----A---- C:\WINDOWS\system32\dlcxgrd.dll
2009-02-09 19:38:41 ----A---- C:\WINDOWS\system32\dlcxgf.dll
2009-02-09 19:38:40 ----A---- C:\WINDOWS\system32\dlcxcur.dll
2009-02-09 19:38:40 ----A---- C:\WINDOWS\system32\dlcxcub.dll
2009-02-09 19:38:40 ----A---- C:\WINDOWS\system32\dlcxcu.dll
2009-02-09 19:38:40 ----A---- C:\WINDOWS\system32\dlcxcoms.exe
2009-02-09 19:38:39 ----A---- C:\WINDOWS\system32\dlcxcomm.dll
2009-02-09 19:38:39 ----A---- C:\WINDOWS\system32\dlcxcomc.dll
2009-02-09 19:38:38 ----A---- C:\WINDOWS\system32\dlcxcfg.exe
2009-02-09 19:38:38 ----A---- C:\WINDOWS\system32\DLCXcfg.dll
2009-02-06 23:23:45 ----D---- C:\WINDOWS\Minidump
2009-02-06 21:46:21 ----D---- C:\Documents and Settings\All Users\Application Data\Raxco
2009-02-06 21:45:30 ----D---- C:\Program Files\Raxco
2009-02-06 20:37:20 ----D---- C:\Documents and Settings\Jeff\Application Data\gtk-2.0
2009-02-06 19:38:38 ----D---- C:\Documents and Settings\Jeff\Application Data\Auslogics
2009-02-06 06:46:45 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-02-06 06:46:45 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-02-05 20:27:34 ----D---- C:\WINDOWS\pss
2009-02-05 20:18:12 ----D---- C:\Program Files\Microsoft
2009-02-05 19:40:38 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-02-05 19:06:47 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-02-05 19:02:35 ----D---- C:\Program Files\Microsoft Works
2009-02-05 18:59:49 ----D---- C:\Program Files\Microsoft Visual Studio
2009-02-05 18:59:49 ----D---- C:\Program Files\Common Files\DESIGNER
2009-02-05 18:57:02 ----D---- C:\Program Files\Microsoft.NET
2009-02-05 18:47:05 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-02-05 18:44:39 ----D---- C:\WINDOWS\SHELLNEW
2009-02-05 18:43:42 ----D---- C:\Program Files\Microsoft Office
2009-02-05 18:43:41 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-05 18:42:00 ----RHD---- C:\MSOCache
2009-02-05 15:55:11 ----D---- C:\Program Files\Trend Micro
2009-02-04 21:34:27 ----A---- C:\regdump.arm9.txt
2009-02-04 19:09:05 ----A---- C:\WINDOWS\gmer.ini
2009-02-04 19:09:03 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-04 18:48:10 ----A---- C:\WINDOWS\rootkitno.ini
2009-02-04 18:35:44 ----HD---- C:\WINDOWS\PIF
2009-02-04 16:24:19 ----D---- C:\WINDOWS\system32\NtmsData
2009-02-03 19:08:55 ----D---- C:\Documents and Settings\Jeff\Application Data\acccore
2009-02-03 19:04:33 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-02-03 19:04:31 ----D---- C:\Program Files\Viewpoint
2009-02-03 19:02:31 ----D---- C:\Program Files\Common Files\aolshare
2009-02-03 19:02:31 ----D---- C:\Program Files\Common Files\AOL
2009-02-03 19:02:19 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2009-02-03 19:02:19 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-02-03 19:01:38 ----D---- C:\Program Files\AOL
2009-02-03 18:55:10 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2009-02-01 20:37:34 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-02-01 20:33:50 ----HD---- C:\$AVG8.VAULT$
2009-02-01 14:35:41 ----D---- C:\Program Files\Adobe Media Player
2009-02-01 14:32:08 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-02-01 12:33:15 ----D---- C:\Program Files\Universal Extractor
2009-02-01 12:24:39 ----D---- C:\Documents and Settings\Jeff\Application Data\LimeWire
2009-02-01 12:19:35 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-01 12:19:34 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-01 12:19:34 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-01 12:19:34 ----A---- C:\WINDOWS\system32\java.exe
2009-02-01 12:18:57 ----D---- C:\Program Files\Java
2009-02-01 12:18:01 ----D---- C:\Documents and Settings\Jeff\Application Data\Sun
2009-02-01 12:17:41 ----D---- C:\Program Files\LimeWire
2009-02-01 10:51:54 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-02-01 10:47:56 ----D---- C:\Documents and Settings\Jeff\Application Data\DAEMON Tools Lite
2009-02-01 10:43:08 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2009-02-01 10:42:57 ----D---- C:\Program Files\MagicISO
2009-01-31 16:41:33 ----A---- C:\WINDOWS\system32\TweakUI.exe
2009-01-30 22:46:07 ----D---- C:\Documents and Settings\Jeff\Application Data\BitTorrent
2009-01-30 22:45:44 ----D---- C:\Program Files\DNA
2009-01-30 22:45:44 ----D---- C:\Program Files\BitTorrent
2009-01-30 22:45:44 ----D---- C:\Documents and Settings\Jeff\Application Data\DNA
2009-01-30 22:18:59 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-30 22:18:46 ----D---- C:\Documents and Settings\Jeff\Application Data\AVGTOOLBAR
2009-01-30 22:17:27 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2009-01-30 22:17:25 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-30 21:52:24 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-01-30 21:52:08 ----D---- C:\Program Files\Yahoo!
2009-01-30 21:36:22 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-01-30 21:36:21 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-01-30 21:36:21 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-01-30 21:36:21 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-01-30 21:36:21 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-01-30 21:36:21 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-01-30 21:36:21 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-01-30 21:36:21 ----N---- C:\WINDOWS\system32\px.dll
2009-01-30 21:36:19 ----D---- C:\Program Files\Winamp
2009-01-30 21:36:19 ----D---- C:\Documents and Settings\Jeff\Application Data\Winamp
2009-01-30 21:34:48 ----D---- C:\Program Files\AVG
2009-01-30 21:26:49 ----D---- C:\Program Files\QuickTime
2009-01-30 21:26:47 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-30 21:26:28 ----D---- C:\Program Files\Apple Software Update
2009-01-30 21:26:28 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-01-30 21:19:50 ----D---- C:\Program Files\VS Revo Group
2009-01-30 21:17:10 ----D---- C:\Program Files\Camtech
2009-01-30 21:16:07 ----D---- C:\Documents and Settings\Jeff\Application Data\Macromedia
2009-01-30 21:16:07 ----D---- C:\Documents and Settings\Jeff\Application Data\Adobe
2009-01-30 21:15:52 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-30 21:15:36 ----D---- C:\Program Files\Common Files\Adobe
2009-01-30 21:15:36 ----D---- C:\Program Files\Adobe
2009-01-30 20:59:10 ----D---- C:\Documents and Settings\Jeff\Application Data\Mozilla
2009-01-30 20:59:03 ----D---- C:\Program Files\Mozilla Firefox
2009-01-30 20:55:50 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-01-30 20:55:42 ----D---- C:\Program Files\WinZip
2009-01-30 20:53:44 ----D---- C:\Program Files\System
2009-01-30 20:50:51 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-01-30 20:47:14 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-01-30 20:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-01-30 20:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-01-30 20:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-30 20:31:57 ----D---- C:\WINDOWS\system32\XPSViewer
2009-01-30 20:31:53 ----D---- C:\Program Files\MSBuild
2009-01-30 20:31:43 ----D---- C:\Program Files\Reference Assemblies
2009-01-30 20:31:07 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-01-30 20:31:07 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-01-30 20:31:07 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-01-30 20:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-30 20:25:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-30 20:24:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-30 20:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2009-01-30 20:23:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-30 20:23:26 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-30 20:21:24 ----D---- C:\WINDOWS\ie7updates
2009-01-30 20:21:00 ----D---- C:\WINDOWS\WBEM
2009-01-30 20:19:25 ----HDC---- C:\WINDOWS\ie7
2009-01-30 20:19:16 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-01-30 20:19:04 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-01-30 20:17:59 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-30 20:12:46 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-30 20:12:44 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-01-30 20:12:30 ----D---- C:\Program Files\Windows Media Connect 2
2009-01-30 20:11:13 ----D---- C:\WINDOWS\system32\LogFiles
2009-01-30 20:11:08 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-01-30 20:08:19 ----RSD---- C:\WINDOWS\assembly
2009-01-30 20:08:19 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-30 20:08:16 ----D---- C:\WINDOWS\system32\URTTemp
2009-01-30 19:52:46 ----D---- C:\WINDOWS\Prefetch
2009-01-30 19:47:04 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-01-30 19:47:04 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-01-30 19:46:45 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-01-30 19:46:45 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-01-30 19:46:45 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-01-30 19:46:42 ----N---- C:\WINDOWS\system32\azroles.dll
2009-01-30 19:46:42 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-01-30 19:46:42 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-01-30 19:46:42 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-01-30 19:46:42 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-01-30 19:46:41 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-01-30 19:46:41 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-01-30 19:46:41 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-01-30 19:46:41 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-01-30 19:46:41 ----N---- C:\WINDOWS\system32\credssp.dll
2009-01-30 19:46:41 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-01-30 19:46:40 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-01-30 19:46:39 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-01-30 19:46:39 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-01-30 19:46:39 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-01-30 19:46:38 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-01-30 19:46:38 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-01-30 19:46:38 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-01-30 19:46:38 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\napstat.exe
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\mssha.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-01-30 19:46:37 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-01-30 19:46:37 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\slgen.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\setupn.exe
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\qutil.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\qagent.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\onex.dll
2009-01-30 19:46:36 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-01-30 19:46:35 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-01-30 19:46:35 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-01-30 19:46:35 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-01-30 19:46:35 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-01-30 19:46:35 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-01-30 19:46:35 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-01-30 19:46:35 ----N---- C:\WINDOWS\system32\slserv.exe
2009-01-30 19:46:34 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-01-30 19:46:34 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-01-30 19:46:34 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-01-30 19:46:33 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-01-30 19:46:33 ----N---- C:\WINDOWS\slrundll.exe
2009-01-30 19:46:33 ----D---- C:\WINDOWS\system32\scripting
2009-01-30 19:46:33 ----D---- C:\WINDOWS\system32\en-us
2009-01-30 19:46:32 ----D---- C:\WINDOWS\system32\en
2009-01-30 19:46:32 ----D---- C:\WINDOWS\l2schemas
2009-01-30 19:46:31 ----D---- C:\WINDOWS\system32\bits
2009-01-30 19:43:52 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-30 19:40:32 ----D---- C:\WINDOWS\network diagnostic
2009-01-30 19:18:12 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-01-30 19:18:05 ----D---- C:\WINDOWS\system32\PreInstall
2009-01-30 19:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-01-30 19:18:03 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-30 19:14:16 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-01-30 19:11:01 ----A---- C:\WINDOWS\system32\oeminfo.ini
2009-01-30 19:08:44 ----D---- C:\Program Files\HP
2009-01-30 19:06:54 ----D---- C:\Program Files\HPQ
2009-01-30 19:06:09 ----D---- C:\Program Files\Broadcom
2009-01-30 19:05:25 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2009-01-30 19:05:25 ----A---- C:\WINDOWS\system32\SynTPCo2.dll
2009-01-30 19:05:25 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2009-01-30 19:05:24 ----D---- C:\Program Files\Synaptics
2009-01-30 19:05:24 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2009-01-30 19:05:24 ----A---- C:\WINDOWS\system32\SynCOM.dll
2009-01-30 19:03:25 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-01-30 19:03:23 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-01-30 19:03:04 ----D---- C:\Program Files\Hewlett-Packard
2009-01-30 19:03:04 ----A---- C:\WINDOWS\system32\wdfcoinstaller01005.dll
2009-01-30 19:03:04 ----A---- C:\WINDOWS\system32\BttnCmns_64.dll
2009-01-30 19:03:04 ----A---- C:\WINDOWS\system32\BttnCmns.dll
2009-01-30 19:03:04 ----A---- C:\WINDOWS\system32\BttnCmn.dll
2009-01-30 19:02:57 ----D---- C:\Documents and Settings\Jeff\Application Data\InstallShield
2009-01-30 19:01:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-30 19:01:12 ----D---- C:\Program Files\ATI Technologies
2009-01-30 19:01:10 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-30 19:00:55 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-30 18:58:13 ----D---- C:\Program Files\CONEXANT
2009-01-30 18:58:12 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-01-30 18:58:06 ----D---- C:\swsetup
2009-01-30 18:56:19 ----D---- C:\Documents and Settings\Jeff\Application Data\Identities
2009-01-30 18:56:17 ----HD---- C:\Program Files\Uninstall Information
2009-01-30 18:56:09 ----ASH---- C:\Documents and Settings\Jeff\Application Data\desktop.ini
2009-01-30 18:56:08 ----SD---- C:\Documents and Settings\Jeff\Application Data\Microsoft
2009-01-30 18:55:10 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-30 18:54:58 ----SD---- C:\WINDOWS\system32\Microsoft
2009-01-30 18:54:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-30 18:50:47 ----D---- C:\WINDOWS\system32\xircom
2009-01-30 18:50:47 ----D---- C:\Program Files\xerox
2009-01-30 18:50:47 ----D---- C:\Program Files\microsoft frontpage
2009-01-30 18:50:23 ----A---- C:\WINDOWS\control.ini
2009-01-30 18:49:59 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-01-30 18:48:37 ----RD---- C:\WINDOWS\Offline Web Pages
2009-01-30 18:48:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-30 18:48:36 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-01-30 18:48:29 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-01-30 18:48:22 ----HD---- C:\Program Files\WindowsUpdate
2009-01-30 18:47:55 ----D---- C:\WINDOWS\system32\DirectX
2009-01-30 18:47:33 ----A---- C:\WINDOWS\system32\atrace.dll
2009-01-30 18:47:30 ----A---- C:\WINDOWS\system32\desktop.ini
2009-01-30 18:47:30 ----A---- C:\WINDOWS\desktop.ini
2009-01-30 18:47:24 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-01-30 18:47:23 ----A---- C:\WINDOWS\system32\acctres.dll
2009-01-30 18:47:22 ----D---- C:\Program Files\Common Files\Services
2009-01-30 18:47:20 ----SD---- C:\WINDOWS\Tasks
2009-01-30 18:47:20 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-01-30 18:47:19 ----D---- C:\Program Files\Common Files\MSSoap
2009-01-30 18:47:14 ----D---- C:\WINDOWS\srchasst
2009-01-30 18:47:13 ----D---- C:\WINDOWS\system32\Macromed
2009-01-30 18:47:10 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-01-30 18:47:10 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-01-30 18:47:10 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-01-30 18:47:10 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-01-30 18:47:09 ----A---- C:\WINDOWS\system32\wups.dll
2009-01-30 18:47:09 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-01-30 18:47:09 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-01-30 18:47:09 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-01-30 18:47:09 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-01-30 18:47:09 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-01-30 18:47:09 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-01-30 18:47:08 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-01-30 18:47:08 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-01-30 18:47:03 ----D---- C:\Program Files\Movie Maker
2009-01-30 18:46:59 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-01-30 18:46:59 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-01-30 18:46:59 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-01-30 18:46:59 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-01-30 18:46:54 ----D---- C:\WINDOWS\system32\Restore
2009-01-30 18:46:54 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-01-30 18:46:54 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-01-30 18:46:54 ----A---- C:\WINDOWS\system32\srclient.dll
2009-01-30 18:46:54 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-01-30 18:46:54 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-01-30 18:46:53 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-01-30 18:46:53 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-01-30 18:46:53 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-01-30 18:46:53 ----A---- C:\WINDOWS\system32\ils.dll
2009-01-30 18:46:52 ----A---- C:\WINDOWS\system32\msconf.dll
2009-01-30 18:46:52 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-01-30 18:46:50 ----D---- C:\Program Files\NetMeeting
2009-01-30 18:46:50 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-01-30 18:46:50 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-01-30 18:46:49 ----A---- C:\WINDOWS\system32\inetres.dll
2009-01-30 18:46:48 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-01-30 18:46:46 ----D---- C:\Program Files\Outlook Express
2009-01-30 18:46:46 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-01-30 18:46:46 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-01-30 18:46:46 ----A---- C:\WINDOWS\system32\mstask.dll
2009-01-30 18:46:45 ----A---- C:\WINDOWS\system32\isign32.dll
2009-01-30 18:46:45 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-01-30 18:46:45 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-01-30 18:46:45 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-01-30 18:46:39 ----D---- C:\Program Files\Common Files\System
2009-01-30 18:46:35 ----D---- C:\Program Files\Internet Explorer
2009-01-30 18:45:47 ----A---- C:\WINDOWS\vbaddin.ini
2009-01-30 18:45:47 ----A---- C:\WINDOWS\vb.ini
2009-01-30 18:45:40 ----D---- C:\WINDOWS\Registration
2009-01-30 18:45:28 ----D---- C:\Program Files\Online Services
2009-01-30 18:45:27 ----D---- C:\Program Files\Windows Media Player
2009-01-30 18:45:19 ----D---- C:\Program Files\Messenger
2009-01-30 18:45:15 ----D---- C:\Program Files\MSN Gaming Zone
2009-01-30 18:45:15 ----A---- C:\WINDOWS\system32\write.exe
2009-01-30 18:45:07 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-01-30 18:45:07 ----A---- C:\WINDOWS\system32\hticons.dll
2009-01-30 18:45:06 ----A---- C:\WINDOWS\system32\winchat.exe
2009-01-30 18:45:06 ----A---- C:\WINDOWS\system32\avwav.dll
2009-01-30 18:45:06 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-01-30 18:45:06 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-01-30 18:45:00 ----A---- C:\WINDOWS\system32\getuname.dll
2009-01-30 18:45:00 ----A---- C:\WINDOWS\system32\charmap.exe
2009-01-30 18:44:59 ----A---- C:\WINDOWS\system32\winmine.exe
2009-01-30 18:44:59 ----A---- C:\WINDOWS\system32\sol.exe
2009-01-30 18:44:59 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-01-30 18:44:59 ----A---- C:\WINDOWS\system32\calc.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\tskill.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\tscon.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\shadow.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\reset.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\regini.exe
2009-01-30 18:44:58 ----A---- C:\WINDOWS\system32\freecell.exe
2009-01-30 18:44:57 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-01-30 18:44:57 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-01-30 18:44:57 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-01-30 18:44:57 ----A---- C:\WINDOWS\system32\msg.exe
2009-01-30 18:44:57 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-01-30 18:44:57 ----A---- C:\WINDOWS\system32\logoff.exe
2009-01-30 18:44:57 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-01-30 18:44:56 ----A---- C:\WINDOWS\system32\stclient.dll
2009-01-30 18:44:56 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-01-30 18:44:56 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-01-30 18:44:56 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-01-30 18:44:56 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-01-30 18:44:56 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-01-30 18:44:56 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-01-30 18:44:55 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-01-30 18:44:50 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-01-30 18:44:31 ----D---- C:\Program Files\MSN
2009-01-30 18:44:30 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-01-30 18:44:29 ----D---- C:\Program Files\Windows NT
2009-01-30 18:44:29 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-01-30 18:44:29 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-01-30 18:44:29 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-01-30 18:44:29 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-01-30 18:44:28 ----A---- C:\WINDOWS\system32\spider.exe
2009-01-30 18:44:28 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-01-30 18:44:27 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-01-30 18:44:27 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-01-30 18:44:27 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-01-30 18:44:27 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-01-30 18:44:27 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-01-30 18:44:27 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-01-30 18:44:26 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-01-30 18:44:25 ----D---- C:\WINDOWS\system32\MsDtc
2009-01-30 18:44:25 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-01-30 18:44:25 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-01-30 18:44:25 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-01-30 18:44:25 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-01-30 18:44:25 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-01-30 18:44:24 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-01-30 18:44:24 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-01-30 18:44:24 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-01-30 18:44:23 ----D---- C:\WINDOWS\system32\Com
2009-01-30 18:44:23 ----A---- C:\WINDOWS\system32\colbact.dll
2009-01-30 18:44:23 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-01-30 18:44:23 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-01-30 18:44:23 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-01-30 18:44:23 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-01-30 18:44:22 ----A---- C:\WINDOWS\system32\comuid.dll
2009-01-30 18:44:22 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-01-30 18:44:21 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-01-30 18:44:14 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-01-30 18:44:14 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-01-30 18:44:14 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-01-30 18:44:14 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-01-30 13:42:24 ----A---- C:\WINDOWS\system32\h323log.txt
2009-01-30 13:40:52 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-01-30 13:39:04 ----A---- C:\WINDOWS\system32\usbui.dll
2009-01-30 13:37:33 ----SHD---- C:\WINDOWS\Installer
2009-01-30 13:37:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-30 13:37:32 ----D---- C:\Program Files\Common Files\ODBC
2009-01-30 13:37:32 ----A---- C:\WINDOWS\ODBCINST.INI
2009-01-30 13:37:27 ----RD---- C:\Program Files
2009-01-30 13:37:27 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-01-30 13:37:27 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-30 13:37:27 ----D---- C:\Program Files\Common Files
2009-01-30 13:37:24 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-01-30 13:37:24 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-01-30 13:37:24 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-01-30 13:37:22 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-01-30 13:37:20 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-01-30 13:37:20 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-01-30 13:37:20 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-01-30 13:37:20 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-01-30 13:37:20 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-01-30 13:37:20 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-01-30 13:37:20 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-01-30 13:37:19 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-01-30 13:37:19 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-01-30 13:37:19 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-01-30 13:37:19 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-01-30 13:37:19 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-01-30 13:37:17 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-01-30 13:37:14 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-01-30 13:37:14 ----A---- C:\WINDOWS\system32\irclass.dll
2009-01-30 13:37:14 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-01-30 13:37:14 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-01-30 13:37:14 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-01-30 13:37:12 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-01-30 13:37:12 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-01-30 13:37:11 ----A---- C:\WINDOWS\system32\batt.dll
2009-01-30 13:37:11 ----A---- C:\WINDOWS\notepad.exe
2009-01-30 13:37:10 ----A---- C:\WINDOWS\system32\storprop.dll
2009-01-30 13:36:58 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-01-30 13:36:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-30 13:36:40 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-30 13:36:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-30 13:36:02 ----SHD---- C:\System Volume Information
2009-01-30 13:36:02 ----D---- C:\Documents and Settings
2009-01-30 13:35:02 ----RASH---- C:\boot.ini
2009-01-30 13:26:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-30 13:26:43 ----RSD---- C:\WINDOWS\Fonts
2009-01-30 13:26:43 ----RD---- C:\WINDOWS\Web
2009-01-30 13:26:43 ----HD---- C:\WINDOWS\inf
2009-01-30 13:26:43 ----D---- C:\WINDOWS\WinSxS
2009-01-30 13:26:43 ----D---- C:\WINDOWS\twain_32
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\wins
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\wbem
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\usmt
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\spool
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\ShellExt
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\Setup
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\ras
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\oobe
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\npp
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\mui
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\IME
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\icsxml
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\ias
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\export
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\drivers
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\dhcp
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\config
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32\1033
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system32
2009-01-30 13:26:43 ----D---- C:\WINDOWS\system
2009-01-30 13:26:43 ----D---- C:\WINDOWS\security
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Resources
2009-01-30 13:26:43 ----D---- C:\WINDOWS\repair
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Provisioning
2009-01-30 13:26:43 ----D---- C:\WINDOWS\PeerNet
2009-01-30 13:26:43 ----D---- C:\WINDOWS\pchealth
2009-01-30 13:26:43 ----D---- C:\WINDOWS\mui
2009-01-30 13:26:43 ----D---- C:\WINDOWS\msapps
2009-01-30 13:26:43 ----D---- C:\WINDOWS\msagent
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Media
2009-01-30 13:26:43 ----D---- C:\WINDOWS\java
2009-01-30 13:26:43 ----D---- C:\WINDOWS\ime
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Help
2009-01-30 13:26:43 ----D---- C:\WINDOWS\ehome
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Driver Cache
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Debug
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Cursors
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Connection Wizard
2009-01-30 13:26:43 ----D---- C:\WINDOWS\Config
2009-01-30 13:26:43 ----D---- C:\WINDOWS\AppPatch
2009-01-30 13:26:43 ----D---- C:\WINDOWS\addins
2009-01-30 13:26:43 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-02-10 21:16:48 ----A---- C:\WINDOWS\system.ini
2009-02-05 20:28:10 ----A---- C:\WINDOWS\win.ini
2009-01-16 21:35:14 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-30 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-30 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-30 107272]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2009-01-05 71184]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-07-14 1269760]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-01-30 29208]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-23 1391104]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-04-20 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-04-20 350080]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-12-02 118656]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-15 213696]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-01-30 29208]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-07-14 380928]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-30 903960]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-30 298264]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-01-30 1339600]
R2 dlcx_device;dlcx_device; C:\WINDOWS\system32\dlcxcoms.exe [2006-10-11 532480]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 PD91Agent;PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]
S3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-01 152984]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PD91Engine;PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:43 AM

Posted 11 February 2009 - 05:24 PM

  • Please use Internet Explorer to perform a BitDefender Online Virus and Malware Scan
    • Click on I Agree.
    • If an Active X warning box will appear Click on Install.
      Note: If you got the message:"Could not load the Online Scanner! Click here for other possible fixes", it means Internet Explorer has blocked the Active X being installed. Just above the page under the Internet Explorer toolbar you see this message:
      "This website wants to install the following add-on: "Bitdefender OnlineScanner v8' from 'BITDEFENDER LLC'. If you trust the website and the add-on and want to install it, click here..."
      Click on that and select: Install Active x.
    • Now Click On Start Scan. Please wait as it might take some time.
    • If it found anything when it finished click Click here to export the scan report
    • Give the report a name and save it. The file will be a .HTML file.
    • Please attach the file to your reply.
    • To attach the file press ADDREPLY, under the reply window press Browse... show the path to the file on your computer.
    • Highlight the file and click Open then press the green UPLOAD button.
  • Tell me also how is your computer running.


#13 Vaine

Vaine
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in NewYork
  • Local time:04:43 AM

Posted 12 February 2009 - 08:24 PM

All I know is when I right click on my address bar in Firefox it still shows the MYWEBSEARCH option. My computer is a little faster, still needs some cleaning I suppose. I will have the scan done soon.

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:43 AM

Posted 13 February 2009 - 05:55 AM

Mywebsearch has come back or it is a left over?

Beside the scan log of BitDefender please do the following:

Please perform the following scan:
  • Download DDS by sUBs from the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run. When done it will open two logs:
    • DDS.txt
    • Attach.txt
  • Copy and paste the logs to your reply.


#15 Vaine

Vaine
  • Topic Starter

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Somewhere in NewYork
  • Local time:04:43 AM

Posted 13 February 2009 - 07:10 AM

I think it is a left over. For some reason www.bitdefender.com/scan8/ie.html keeps telling me in InterNet Explorer "WebPage Not found" I had the scanner running yesterday but my system shutdown. I wanted to run this at 7 am EST which it is here before I go to work at 9.

http://www.techsupportforum.com/sectools/sUBs/dds >>>>Notfound

Edited by Vaine, 13 February 2009 - 07:19 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users