Jump to content

Recommended Posts

Okay i have the string because i restored back before the string disappear.

OTL Log:

OTL logfile created on: 11/18/2010 7:20:20 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 495.00 Mb Available Physical Memory | 55.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 180.31 Gb Total Space | 136.88 Gb Free Space | 75.91% Space Free | Partition Type: NTFS

Drive D: | 5.99 Gb Total Space | 1.51 Gb Free Space | 25.22% Space Free | Partition Type: FAT32

Computer Name: YOUR-F78BF48CE2 | User Name: Compaq_Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 19:20:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe

PRC - [2010/10/26 22:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2005/06/23 03:26:55 | 001,191,936 | ---- | M] (InterMute, Inc.) -- C:\Program Files\InterMute\SpySubtract\SpySub.exe

PRC - [2005/06/23 03:01:02 | 000,241,772 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jucheck.exe

PRC - [2005/06/23 03:01:02 | 000,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe

PRC - [2004/11/02 22:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

PRC - [2004/08/30 10:34:20 | 000,176,768 | ---- | M] (Symantec Corporation) -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

PRC - [2004/08/27 15:22:48 | 000,164,984 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

PRC - [2004/08/27 15:22:46 | 000,234,616 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe

PRC - [2004/08/27 15:22:42 | 000,197,752 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

PRC - [2004/08/27 15:22:40 | 000,058,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2004/08/27 14:02:54 | 000,206,048 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/11/18 19:20:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe

MOD - [2004/08/24 14:05:02 | 000,197,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll

MOD - [2004/08/04 10:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2004/11/02 22:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)

SRV - [2004/08/30 18:29:46 | 000,078,992 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\ISSVC.exe -- (ISSVC)

SRV - [2004/08/30 10:34:20 | 000,176,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)

SRV - [2004/08/27 15:22:48 | 000,164,984 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)

SRV - [2004/08/27 15:22:48 | 000,078,968 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2004/08/27 15:22:46 | 000,234,616 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)

SRV - [2004/08/27 15:22:42 | 000,197,752 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

SRV - [2004/08/27 14:02:54 | 000,206,048 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

SRV - [2004/07/23 11:47:22 | 000,197,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)

SRV - [2004/07/21 08:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\intelppm.sys -- (intelppm)

DRV - [2005/03/09 13:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005/03/09 08:00:00 | 000,631,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050309.032\NAVEX15.SYS -- (NAVEX15)

DRV - [2005/03/09 08:00:00 | 000,073,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050309.032\NAVENG.SYS -- (NAVENG)

DRV - [2005/01/19 16:21:56 | 000,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)

DRV - [2005/01/04 16:46:14 | 000,013,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2005/01/04 16:01:48 | 000,239,104 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2004/10/01 09:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004/08/27 14:02:28 | 000,266,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2004/08/27 14:02:26 | 000,025,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2004/08/26 06:03:38 | 000,104,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2004/08/03 20:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/07/23 11:47:24 | 000,049,808 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)

DRV - [2004/07/23 11:47:22 | 000,335,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- c:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)

DRV - [2004/07/21 08:24:02 | 000,341,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2003/12/02 17:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)

DRV - [2003/07/11 14:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2002/07/29 13:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

[2010/11/18 18:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions

[2010/11/18 18:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\dsyukx7r.default\extensions

[2010/11/18 17:35:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/21 17:45:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/11/14 23:21:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/11/14 23:21:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/12/10 19:45:23 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

[2010/08/06 15:31:59 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

[2010/09/14 04:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2004/08/04 10:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)

O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [iS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe (Symantec Corporation)

O4 - HKLM..\Run: [LSBWatcher] c:\HP\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [sSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)

O4 - HKLM..\Run: [urlLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe (Symantec Corporation)

O4 - HKLM..\RunOnce: [regcmdcons] c:\HP\bin\cmdcons2.reg ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe (InterMute, Inc.)

O4 - Startup: C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Start Menu\Programs\Startup\Compaq Organize.lnk = C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe (NeoPlanet)

O4 - Startup: C:\Documents and Settings\PS\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe File not found

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134 192.168.1.1 68.87.76.182 68.87.78.134

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp

O28 - HKLM ShellExecuteHooks: {FA010552-4A27-4cb1-A1BB-3E2D697F1639} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/01/26 20:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/07/11 18:55:43 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2009/07/11 19:55:42 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2035/02/20 17:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender

[2035/02/20 17:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender

[2035/02/20 17:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender

[2010/11/18 18:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe

[2010/11/18 18:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads

[2010/11/18 18:40:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner\UserData

[2010/11/18 18:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla

[2010/11/18 18:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla

[2010/11/18 18:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia

[2010/11/18 18:34:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent

[2010/11/18 17:33:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft

[2010/11/18 17:33:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner\Cookies

[2010/11/18 17:33:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\SendTo

[2010/11/18 17:33:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Videos

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Music

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\Favorites

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Templates

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\PrintHood

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\NetHood

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Symantec

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Real

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Identities

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Apple Computer

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}

[2010/11/18 17:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\WINDOWS

[2010/11/18 17:28:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[2010/11/18 17:05:06 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache

[2010/11/18 17:03:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/11/18 16:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\NetZero

[2010/11/18 16:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\NEXON

[2010/11/18 16:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media

[2010/11/18 16:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Save(2)

[2010/11/18 16:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft

[2010/11/18 16:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems

[2010/11/18 16:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\SeedC Pacific

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Styler

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Softnyx

[2010/11/18 16:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith

[2010/11/18 16:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games

[2010/11/17 22:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\HP

[2010/11/16 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)

[2010/11/14 21:34:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\I386

[2010/11/13 11:21:37 | 000,000,000 | ---D | C] -- C:\ERDNT

[2010/11/06 21:12:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/10/25 20:35:39 | 000,000,000 | ---D | C] -- C:\i386

[2010/10/22 21:32:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/10/22 21:32:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/10/22 21:32:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/10/22 21:32:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/10/20 20:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth

[2010/10/20 18:32:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/18 19:15:34 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/11/18 19:08:00 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3529863423-2296698273-380274974-1009UA.job

[2010/11/18 19:08:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2010/11/18 18:36:51 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job

[2010/11/18 18:36:22 | 000,002,150 | ---- | M] () -- C:\WINDOWS\System32\ssmute.ini

[2010/11/18 18:35:28 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/18 18:35:27 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/18 18:34:28 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat

[2010/11/18 18:34:11 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/18 18:33:57 | 000,001,861 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PX807AA-ABA SR1575CL NA530_YC_0Pres_QCNH526_E53NAheRED3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.12_T050420_WXH2_L409_M896_J200_7AMD_8Athlon 64_92.41_#051107_N10390900_Z11C1048C_G10396330.MRK

[2010/11/18 18:33:48 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/18 17:33:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/18 17:33:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/18 17:33:04 | 000,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/11/18 17:31:43 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2010/11/18 17:30:40 | 000,000,213 | RHS- | M] () -- C:\boot.ini

[2010/11/15 17:46:50 | 000,000,208 | ---- | M] () -- C:\WINDOWS\freestylegameInfo.xml

[2010/11/14 22:10:54 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/11/13 15:08:00 | 000,000,954 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3529863423-2296698273-380274974-1009Core.job

[2010/11/13 12:11:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/11/13 10:50:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2010/11/10 18:04:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2010/11/03 17:36:29 | 000,088,064 | ---- | M] () -- C:\WINDOWS\MBR.exe

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/18 19:15:34 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/11/18 18:36:41 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job

[2010/11/18 18:33:53 | 000,001,861 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PX807AA-ABA SR1575CL NA530_YC_0Pres_QCNH526_E53NAheRED3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.12_T050420_WXH2_L409_M896_J200_7AMD_8Athlon 64_92.41_#051107_N10390900_Z11C1048C_G10396330.MRK

[2010/11/18 18:33:48 | 939,053,056 | -HS- | C] () -- C:\hiberfil.sys

[2010/11/18 17:33:28 | 000,001,640 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2010/11/18 17:33:28 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk

[2010/11/18 17:33:28 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/18 17:33:28 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk

[2010/11/18 17:33:28 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2010/11/17 22:48:37 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2010/11/15 17:42:19 | 000,000,208 | ---- | C] () -- C:\WINDOWS\freestylegameInfo.xml

[2010/10/22 21:32:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/10/22 21:32:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/10/22 21:32:03 | 000,088,064 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/10/22 21:32:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/10/22 21:32:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/06/03 08:13:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL

[2010/01/24 21:51:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI

[2009/06/16 16:09:36 | 000,000,230 | ---- | C] () -- C:\WINDOWS\reimage.ini

[2008/12/09 21:28:48 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2007/12/17 17:39:54 | 000,000,050 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI

[2007/11/26 21:03:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini

[2007/03/17 21:49:48 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2007/03/17 21:49:48 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2007/03/17 20:58:55 | 000,000,870 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2007/03/17 20:58:55 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2007/01/20 16:16:08 | 000,000,699 | ---- | C] () -- C:\WINDOWS\HEGAMES.INI

[2006/01/30 19:00:39 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TTL3.ini

[2005/12/17 21:36:16 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005/12/09 19:46:57 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005/11/29 18:04:19 | 000,000,949 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/11/24 20:07:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini

[2005/11/08 18:06:16 | 000,000,229 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2005/06/23 03:58:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/06/23 03:55:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005/06/23 03:55:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005/06/23 03:55:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005/06/23 03:55:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005/06/23 03:55:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005/06/23 03:55:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005/06/23 03:27:21 | 000,013,975 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2005/06/23 03:27:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2005/06/23 03:26:56 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini

[2005/06/23 03:24:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/06/23 03:11:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/06/23 03:06:13 | 000,094,143 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2005/06/23 03:06:13 | 000,083,779 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

[2005/06/23 02:56:53 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/06/23 02:55:02 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll

[2005/06/23 02:55:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll

[2005/06/23 02:54:42 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2005/02/18 09:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/01/26 20:53:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/01/19 21:45:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll

[2005/01/19 21:45:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll

[2004/08/04 04:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll

[2004/08/04 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2004/06/15 20:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/04/10 21:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

[2003/01/07 21:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterMute

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView

[2010/09/24 16:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\36D

[2009/04/29 19:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aHisoft

[2010/02/11 19:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM

[2008/12/26 21:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America's Army Deploy Client

[2010/01/16 13:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2010/09/26 11:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender

[2010/06/02 20:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2009/06/08 17:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2010/06/02 18:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure

[2010/01/24 21:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier

[2007/06/17 19:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise

[2009/02/14 10:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2

[2009/03/30 13:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse

[2009/03/26 16:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games

[2007/09/10 19:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft

[2010/09/24 22:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2010/08/09 11:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker

[2009/06/08 21:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame

[2007/09/03 09:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games

[2007/05/24 17:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive

[2010/01/24 21:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Megaupload

[2010/06/30 09:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

[2009/02/16 18:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9

[2009/07/21 17:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS

[2007/07/21 12:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games

[2006/02/04 21:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media

[2010/09/18 13:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2009/04/06 15:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2010/05/15 09:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2009/08/19 20:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm

[2009/06/06 16:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games

[2007/03/17 20:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2010/07/02 15:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC

[2010/09/26 21:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/08/05 06:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tencent

[2010/11/08 19:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

[2007/10/29 17:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2007/07/15 19:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

[2008/12/04 14:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2010/05/10 16:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/07/10 20:28:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

[2009/04/09 09:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2008/12/13 14:55:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathy\Application Data\InterMute

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathy\Application Data\SampleView

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView

[2009/02/15 13:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\AVGTOOLBAR

[2009/04/04 18:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\BitTorrent

[2009/04/04 18:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\DNA

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\InterMute

[2008/12/09 21:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\InterVideo

[2009/04/04 18:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\LimeWire

[2008/12/11 14:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Nexon

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\SampleView

[2008/12/09 20:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Template

[2008/12/13 10:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Unity

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterMute

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily\Application Data\InterMute

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily\Application Data\SampleView

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\InterMute

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.STANLEY\Application Data\InterMute

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.STANLEY\Application Data\SampleView

[2005/12/18 16:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Parents\Application Data\Aim

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Parents\Application Data\InterMute

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Parents\Application Data\SampleView

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PS\Application Data\InterMute

[2009/04/04 18:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PS\Application Data\LimeWire

[2009/02/26 19:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PS\Application Data\Nexon

[2009/03/23 16:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PS\Application Data\Opera

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PS\Application Data\SampleView

[2009/03/03 20:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PS\Application Data\Template

[2010/11/10 18:04:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job

[2010/11/13 10:50:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

[2010/11/18 19:08:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

[2010/11/18 18:36:51 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98

@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:679ABA25

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B22A8503

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3750BE5

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92C9159A

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE0E5BC2

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDCAE7B5

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:945FE29C

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F99F761

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F5D95B

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B3D4833

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9D528D

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13AA281B

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B3A4EC2

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B19CC382

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DC6E295

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5804A24D

< End of report >

Share this post


Link to post
Share on other sites

Hi, looks we have a missing Intel driver file here. With a bit of luck Combofix shoudl replace it. Please delete any old copy of combofix, download a new one, run it and post me the log.

Share this post


Link to post
Share on other sites

ComboFix 10-11-19.01 - Compaq_Owner 11/19/2010 17:52:43.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.895.560 [GMT -8:00]

Running from: c:\documents and settings\Compaq_Owner\My Documents\Downloads\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 )))))))))))))))))))))))))))))))

.

2035-02-21 01:10 . 2010-09-26 19:15 -------- d-----w- c:\program files\BitDefender

2035-02-21 01:10 . 2010-09-26 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender

2035-02-21 01:04 . 2010-09-26 19:15 -------- d-----w- c:\program files\Common Files\BitDefender

2010-11-20 01:35 . 2010-11-20 01:35 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-20 01:35 . 2010-11-20 01:35 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-20 01:14 . 2010-11-20 01:25 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-11-20 01:08 . 2010-11-20 01:08 -------- d-----w- c:\windows\LastGood

2010-11-19 06:14 . 2005-02-25 03:35 22752 ----a-w- c:\windows\system32\spupdsvc.exe

2010-11-19 02:36 . 2004-08-04 08:56 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-11-19 02:36 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-11-19 02:36 . 2004-08-04 06:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-11-19 02:34 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-11-19 01:33 . 2010-11-20 01:19 -------- d-----w- c:\documents and settings\Compaq_Owner

2010-11-19 01:31 . 2005-06-23 11:25 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS

2010-11-19 01:26 . 2004-08-04 08:56 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-11-19 01:26 . 2004-08-04 06:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-11-19 01:26 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-11-19 01:26 . 2004-08-04 07:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-11-19 01:26 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-11-19 01:05 . 2010-11-19 06:14 -------- d-sh--r- c:\windows\system32\dllcache

2010-11-18 06:49 . 2010-11-18 06:49 -------- d-----w- c:\program files\HP

2010-11-17 02:02 . 2006-12-29 08:31 19569 ----a-w- c:\windows\005110_.tmp

2010-11-16 02:10 . 2006-12-29 08:31 19569 ----a-w- c:\windows\005331_.tmp

2010-11-15 06:10 . 2010-10-27 06:10 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2010-11-15 06:10 . 2010-10-27 06:10 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2010-11-15 05:34 . 2010-11-19 01:15 -------- d-----w- c:\windows\I386

2010-11-13 19:21 . 2010-11-13 19:22 -------- d-----w- C:\ERDNT

2010-11-06 16:56 . 2010-11-06 16:56 -------- d-----w- c:\documents and settings\Administrator

2010-10-26 04:35 . 2010-10-26 04:35 -------- d-----w- C:\i386

2010-10-21 04:28 . 2010-10-21 04:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-10-21 02:36 . 2006-12-29 07:31 19569 ----a-w- c:\windows\002767_.tmp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2005-01-04 49152]

"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-03 218240]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-23 180269]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Compaq_Owner.YOUR-F78BF48CE2\Start Menu\Programs\Startup\

Compaq Organize.lnk - c:\program files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2005-6-23 36864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

SpySubtract.lnk - c:\program files\InterMute\SpySubtract\sslaunch.exe [2005-6-23 73728]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

*Deregistered* - NAVENG

*Deregistered* - NAVEX15

*Deregistered* - SAVRT

*Deregistered* - SAVRTPEL

*Deregistered* - SymEvent

*Deregistered* - SYMREDRV

.

Contents of the 'Scheduled Tasks' folder

2010-11-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-08 01:26]

2010-11-19 c:\windows\Tasks\Easy Internet Sign-up.job

- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-04 01:04]

2005-06-23 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-06-23 07:26]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

.

- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-isDeleteMe - c:\docume~1\COMPAQ~1\LOCALS~1\Temp\isDel.bat

ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-19 18:02

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3512)

c:\windows\system32\msi.dll

.

Completion time: 2010-11-19 18:04:42

ComboFix-quarantined-files.txt 2010-11-20 02:04

ComboFix2.txt 2010-11-05 02:25

ComboFix3.txt 2010-10-30 03:25

ComboFix4.txt 2010-10-28 02:47

ComboFix5.txt 2010-11-20 01:28

Pre-Run: 146,824,089,600 bytes free

Post-Run: 150,621,368,320 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 89C65DA53DFAB9AD03479339AF5D106A

Share this post


Link to post
Share on other sites

Hi again,

OTL

-----

  1. Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Copy and Paste the following code into the customFix.png textbox.

netsvcs
/md5start
intelppm.sys
/md5stop

[*]Push runscanbutton.png

[*]A report will open. Copy and Paste that report in your next reply.

Share this post


Link to post
Share on other sites

OTL logfile created on: 11/20/2010 9:36:14 AM - Run 2

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 443.00 Mb Available Physical Memory | 50.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 180.31 Gb Total Space | 137.47 Gb Free Space | 76.24% Space Free | Partition Type: NTFS

Drive D: | 5.99 Gb Total Space | 1.51 Gb Free Space | 25.22% Space Free | Partition Type: FAT32

Computer Name: YOUR-F78BF48CE2 | User Name: Compaq_Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/20 09:34:35 | 025,188,112 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\setpoint620.exe

PRC - [2010/11/18 19:20:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe

PRC - [2010/11/09 12:37:54 | 000,302,960 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Logitech\SetPoint_1\5-SetPoint\Setup.exe

PRC - [2010/10/28 02:22:52 | 004,022,400 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Logitech\SetPoint_1\5-SetPoint\CDDRV3\Setup.exe

PRC - [2010/10/28 02:12:00 | 000,297,552 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\CDDRV3\LDPInst.exe

PRC - [2010/10/26 22:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/10/26 22:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/10/01 15:01:50 | 000,128,336 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Logitech\SetPoint_1\Setup.exe

PRC - [2010/10/01 15:01:42 | 001,115,472 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\Logitech\SetPoint_1\MSetup.exe

PRC - [2005/06/23 03:26:55 | 001,191,936 | ---- | M] (InterMute, Inc.) -- C:\Program Files\InterMute\SpySubtract\SpySub.exe

PRC - [2004/11/02 22:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/11/18 19:20:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe

MOD - [2004/08/04 10:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/10/28 02:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2008/11/07 18:55:30 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)

SRV - [2004/11/02 22:59:50 | 000,316,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\intelppm.sys -- (intelppm)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2010/08/24 09:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2010/08/24 09:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)

DRV - [2005/04/20 11:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2005/04/12 11:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2005/04/12 11:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2005/03/09 13:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005/01/19 16:21:56 | 000,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)

DRV - [2004/08/03 20:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2003/12/02 17:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)

DRV - [2003/07/11 14:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2002/07/29 13:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "swagbucks.com"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/19 18:19:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/19 18:19:03 | 000,000,000 | ---D | M]

[2010/11/18 18:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions

[2010/11/18 18:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\dsyukx7r.default\extensions

[2010/11/19 19:39:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/21 17:45:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/11/14 23:21:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/11/14 23:21:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/12/10 19:45:23 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

[2010/08/06 15:31:59 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

[2010/09/14 04:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2004/08/04 10:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [LSBWatcher] c:\HP\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [sSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe (InterMute, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134 192.168.1.1 68.87.76.182 68.87.78.134

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/01/26 20:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/07/11 18:55:43 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2009/07/11 19:55:42 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2035/02/20 17:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender

[2035/02/20 17:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender

[2035/02/20 17:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender

[2010/11/20 09:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech

[2010/11/20 09:36:13 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys

[2010/11/20 09:36:11 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll

[2010/11/20 09:35:32 | 000,010,448 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LBeepKE.sys

[2010/11/20 09:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

[2010/11/20 09:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Logitech

[2010/11/20 09:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Logishrd

[2010/11/20 09:34:27 | 025,188,112 | ---- | C] (Logitech Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\setpoint620.exe

[2010/11/20 09:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2010/11/20 09:12:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2010/11/19 18:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\GameKiss

[2010/11/19 17:35:21 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/11/19 17:35:20 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/11/19 17:35:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/11/19 17:35:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/11/19 17:35:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/11/19 17:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Sun

[2010/11/19 17:33:36 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/11/19 17:14:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak

[2010/11/19 17:12:04 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys

[2010/11/19 17:11:59 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll

[2010/11/19 17:11:27 | 002,181,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe

[2010/11/19 17:11:27 | 002,016,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe

[2010/11/19 17:11:26 | 002,137,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe

[2010/11/19 17:11:26 | 002,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe

[2010/11/19 17:10:56 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys

[2010/11/19 17:10:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll

[2010/11/19 17:10:01 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll

[2010/11/19 17:08:57 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll

[2010/11/18 22:14:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2010/11/18 22:14:03 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe

[2010/11/18 18:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe

[2010/11/18 18:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads

[2010/11/18 18:40:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner\UserData

[2010/11/18 18:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla

[2010/11/18 18:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla

[2010/11/18 18:36:35 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll

[2010/11/18 18:36:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll

[2010/11/18 18:36:34 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys

[2010/11/18 18:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia

[2010/11/18 18:34:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent

[2010/11/18 17:33:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft

[2010/11/18 17:33:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner\Cookies

[2010/11/18 17:33:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\SendTo

[2010/11/18 17:33:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Videos

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Music

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\Favorites

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Templates

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\PrintHood

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\NetHood

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Symantec

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Real

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Identities

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Apple Computer

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}

[2010/11/18 17:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\WINDOWS

[2010/11/18 17:28:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[2010/11/18 17:26:48 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys

[2010/11/18 17:26:41 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys

[2010/11/18 17:26:36 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys

[2010/11/18 17:05:06 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache

[2010/11/18 17:03:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/11/18 16:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\NetZero

[2010/11/18 16:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\NEXON

[2010/11/18 16:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media

[2010/11/18 16:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Save(2)

[2010/11/18 16:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft

[2010/11/18 16:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems

[2010/11/18 16:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\SeedC Pacific

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Styler

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Softnyx

[2010/11/18 16:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith

[2010/11/18 16:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games

[2010/11/17 22:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\HP

[2010/11/16 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)

[2010/11/14 21:34:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\I386

[2010/11/13 11:21:37 | 000,000,000 | ---D | C] -- C:\ERDNT

[2010/11/06 21:12:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/10/25 20:35:39 | 000,000,000 | ---D | C] -- C:\i386

[2010/10/22 21:32:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/10/22 21:32:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/10/22 21:32:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/10/22 21:32:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/20 09:38:15 | 000,000,959 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2010/11/20 09:36:13 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys

[2010/11/20 09:36:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010/11/20 09:34:35 | 025,188,112 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\Compaq_Owner\Desktop\setpoint620.exe

[2010/11/20 09:23:51 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/11/20 09:20:24 | 000,000,150 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf

[2010/11/20 09:12:01 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat

[2010/11/20 09:11:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/20 09:11:19 | 939,053,056 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/19 23:08:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2010/11/19 19:03:01 | 000,000,208 | ---- | M] () -- C:\WINDOWS\freestylegameInfo.xml

[2010/11/19 18:58:15 | 000,000,143 | ---- | M] () -- C:\WINDOWS\GKLauncherInfo.ini

[2010/11/19 18:56:59 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FreeStyle.lnk

[2010/11/19 18:56:57 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GameKiss Launcher.lnk

[2010/11/19 18:19:05 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/19 18:19:05 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/11/19 17:35:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/11/19 17:35:03 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/11/19 17:35:03 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/11/19 17:35:03 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/11/19 17:35:03 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/11/19 17:33:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010/11/19 17:07:26 | 000,000,212 | ---- | M] () -- C:\Boot.bak

[2010/11/18 19:15:34 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/11/18 18:36:51 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job

[2010/11/18 18:36:22 | 000,002,150 | ---- | M] () -- C:\WINDOWS\System32\ssmute.ini

[2010/11/18 18:35:28 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/18 18:35:27 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/18 18:34:11 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/18 18:33:57 | 000,001,861 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PX807AA-ABA SR1575CL NA530_YC_0Pres_QCNH526_E53NAheRED3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.12_T050420_WXH2_L409_M896_J200_7AMD_8Athlon 64_92.41_#051107_N10390900_Z11C1048C_G10396330.MRK

[2010/11/18 17:33:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/18 17:33:04 | 000,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/11/18 17:31:43 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[42 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/20 09:38:15 | 000,000,959 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2010/11/20 09:36:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010/11/20 09:20:24 | 000,000,150 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf

[2010/11/19 18:56:59 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FreeStyle.lnk

[2010/11/19 18:56:57 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GameKiss Launcher.lnk

[2010/11/19 18:56:57 | 000,000,143 | ---- | C] () -- C:\WINDOWS\GKLauncherInfo.ini

[2010/11/19 18:19:05 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/19 17:19:01 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\LuResult.txt

[2010/11/18 19:15:34 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/11/18 18:36:41 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job

[2010/11/18 18:33:53 | 000,001,861 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PX807AA-ABA SR1575CL NA530_YC_0Pres_QCNH526_E53NAheRED3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.12_T050420_WXH2_L409_M896_J200_7AMD_8Athlon 64_92.41_#051107_N10390900_Z11C1048C_G10396330.MRK

[2010/11/18 18:33:48 | 939,053,056 | -HS- | C] () -- C:\hiberfil.sys

[2010/11/18 17:33:28 | 000,001,640 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2010/11/18 17:33:28 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk

[2010/11/18 17:33:28 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/18 17:33:28 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk

[2010/11/18 17:33:28 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2010/11/17 22:48:37 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2010/11/15 17:42:19 | 000,000,208 | ---- | C] () -- C:\WINDOWS\freestylegameInfo.xml

[2010/10/22 21:32:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/10/22 21:32:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/10/22 21:32:03 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/10/22 21:32:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/10/22 21:32:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/06/03 08:13:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL

[2010/01/24 21:51:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI

[2009/06/16 16:09:36 | 000,000,230 | ---- | C] () -- C:\WINDOWS\reimage.ini

[2008/12/09 21:28:48 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2007/12/17 17:39:54 | 000,000,050 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI

[2007/11/26 21:03:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini

[2007/03/17 21:49:48 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2007/03/17 21:49:48 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2007/03/17 20:58:55 | 000,000,870 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2007/03/17 20:58:55 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2007/01/20 16:16:08 | 000,000,699 | ---- | C] () -- C:\WINDOWS\HEGAMES.INI

[2006/01/30 19:00:39 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TTL3.ini

[2005/12/17 21:36:16 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005/12/09 19:46:57 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005/11/29 18:04:19 | 000,000,949 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/11/24 20:07:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini

[2005/11/08 18:06:16 | 000,000,229 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2005/06/23 03:58:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/06/23 03:55:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005/06/23 03:55:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005/06/23 03:55:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005/06/23 03:55:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005/06/23 03:55:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005/06/23 03:55:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005/06/23 03:27:21 | 000,013,975 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2005/06/23 03:27:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2005/06/23 03:26:56 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini

[2005/06/23 03:24:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/06/23 03:11:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/06/23 03:06:13 | 000,094,143 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2005/06/23 03:06:13 | 000,083,779 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

[2005/06/23 02:56:53 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/06/23 02:55:02 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll

[2005/06/23 02:55:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll

[2005/06/23 02:54:42 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2005/02/18 09:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/01/26 20:53:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/01/19 21:45:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll

[2005/01/19 21:45:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll

[2004/08/04 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2004/06/15 20:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/04/10 21:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

[2003/01/07 21:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========

< MD5 for: INTELPPM.SYS >

[2004/08/04 10:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:intelppm.sys

[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\i386\sp3.cab:intelppm.sys

[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS backup\I386\sp2.cab:intelppm.sys

[2004/08/04 10:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:intelppm.sys

[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:intelppm.sys

[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:intelppm.sys

[2008/04/14 04:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:intelppm.sys

[2008/04/13 10:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=8C953733D8F36EB2133F5BB58808B66B -- C:\WINDOWS\ServicePackFiles\i386\intelppm.sys

[2008/04/13 10:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=8C953733D8F36EB2133F5BB58808B66B -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\intelppm.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98

@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:679ABA25

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B22A8503

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3750BE5

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92C9159A

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE0E5BC2

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDCAE7B5

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:945FE29C

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F99F761

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F5D95B

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B3D4833

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9D528D

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13AA281B

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B3A4EC2

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B19CC382

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DC6E295

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5804A24D

< End of report >

Share this post


Link to post
Share on other sites

Hi again, please let me know how things are running. After the following fix. try to install Service Pack 3.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox.
    :files
    c:\windows\system32\drivers\intelppm.sys|C:\WINDOWS\ServicePackFiles\i386\intelppm.sys /replace

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

Share this post


Link to post
Share on other sites

After it rebooted after fix I had not tryed installing SP3 as i cannot reboot due to STOP: 0x0000007E(0xC0000005, 0xF756C756, 02xF78D7430, 0xF78D712C)

Share this post


Link to post
Share on other sites

Can you boot in safe mode? Are you sure that before this fix it booted normally? Nothing we did during the fix could have caused a BSOD. Was anything else done (for example windows automatic updates installed)?

Share this post


Link to post
Share on other sites

Please rerun an OTL quick scan from safe mode, so I can have a look at what might be causing this.

Share this post


Link to post
Share on other sites

When i opened OTL it gave me the fix's log

All processes killed

========== FILES ==========

File c:\windows\system32\drivers\intelppm.sys successfully replaced with C:\WINDOWS\ServicePackFiles\i386\intelppm.sys

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 41620 bytes

User: All Users

User: Cathy

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 803 bytes

User: Compaq_Owner

->Temp folder emptied: 26441274 bytes

->Temporary Internet Files folder emptied: 45485993 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 96661447 bytes

->Flash cache emptied: 7732 bytes

User: Compaq_Owner.YOUR-F78BF48CE2

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 5555190 bytes

->Java cache emptied: 36716730 bytes

->FireFox cache emptied: 26653252 bytes

->Google Chrome cache emptied: 6042513 bytes

->Flash cache emptied: 125287 bytes

User: Compaq_Owner.YOUR-F78BF48CE2.000

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: Emily

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 871 bytes

User: Guest.STANLEY

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->FireFox cache emptied: 49403525 bytes

->Flash cache emptied: 12574 bytes

User: LocalService

->Temp folder emptied: 65716 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 15932 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->FireFox cache emptied: 718905 bytes

->Flash cache emptied: 405 bytes

User: Parents

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: PS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Java cache emptied: 13615065 bytes

->FireFox cache emptied: 3264494 bytes

->Opera cache emptied: 61029360 bytes

->Flash cache emptied: 19680 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1112004 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 36352 bytes

Windows Temp folder emptied: 5701122 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 54360640 bytes

Total Files Cleaned = 413.00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11202010_172559

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Safe Mode scan

OTL logfile created on: 11/21/2010 11:45:56 AM - Run 3

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Compaq_Owner\My Documents\Downloads

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

895.00 Mb Total Physical Memory | 430.00 Mb Available Physical Memory | 48.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 180.31 Gb Total Space | 138.70 Gb Free Space | 76.92% Space Free | Partition Type: NTFS

Drive D: | 5.99 Gb Total Space | 1.51 Gb Free Space | 25.22% Space Free | Partition Type: FAT32

Computer Name: YOUR-F78BF48CE2 | User Name: Compaq_Owner | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/18 19:20:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe

PRC - [2010/10/26 22:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/10/26 22:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/10/12 15:11:42 | 004,258,136 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe

PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/11/18 19:20:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\OTL.exe

MOD - [2004/08/04 10:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/10/28 02:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2010/08/24 09:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2010/08/24 09:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2010/08/24 09:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2010/08/24 09:30:18 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)

DRV - [2005/04/20 11:00:56 | 002,317,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2005/04/12 11:42:16 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

DRV - [2005/04/12 11:08:44 | 000,247,296 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

DRV - [2005/03/09 13:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005/01/19 16:21:56 | 000,012,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)

DRV - [2004/08/03 20:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/06/29 09:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2003/12/02 17:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)

DRV - [2003/07/11 14:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2002/07/29 13:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

IE - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "swagbucks.com"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/19 18:19:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/19 18:19:03 | 000,000,000 | ---D | M]

[2010/11/18 18:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions

[2010/11/18 18:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\dsyukx7r.default\extensions

[2010/11/20 19:42:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/21 17:45:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/11/14 23:21:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/11/14 23:21:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/12/10 19:45:23 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

[2010/08/06 15:31:59 | 000,002,226 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

[2010/09/14 04:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2004/08/04 10:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O3 - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [LSBWatcher] c:\HP\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe (InterMute, Inc.)

O4 - Startup: C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

O4 - Startup: C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Start Menu\Programs\Startup\Compaq Organize.lnk = C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe (NeoPlanet)

O4 - Startup: C:\Documents and Settings\PS\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-3761166188-4149508775-1200913391-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134 192.168.1.1 68.87.76.182 68.87.78.134

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper2.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/01/26 20:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/07/11 18:55:43 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2009/07/11 19:55:42 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2035/02/20 17:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender

[2035/02/20 17:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender

[2035/02/20 17:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender

[2010/11/20 20:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\WinRAR

[2010/11/20 17:25:59 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/11/20 13:28:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp

[2010/11/20 11:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\acccore

[2010/11/20 11:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AOL

[2010/11/20 11:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\AIM

[2010/11/20 11:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\AIM

[2010/11/20 11:02:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/11/20 09:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech

[2010/11/20 09:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

[2010/11/20 09:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Logitech

[2010/11/20 09:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Logishrd

[2010/11/20 09:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2010/11/19 18:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\GameKiss

[2010/11/19 17:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Sun

[2010/11/19 17:33:36 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/11/19 17:14:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak

[2010/11/18 22:14:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall

[2010/11/18 18:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe

[2010/11/18 18:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\Downloads

[2010/11/18 18:40:54 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner\UserData

[2010/11/18 18:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Mozilla

[2010/11/18 18:37:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla

[2010/11/18 18:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Macromedia

[2010/11/18 18:34:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent

[2010/11/18 17:33:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft

[2010/11/18 17:33:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Compaq_Owner\Cookies

[2010/11/18 17:33:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\SendTo

[2010/11/18 17:33:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\Start Menu

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Videos

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Pictures

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents\My Music

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\My Documents

[2010/11/18 17:33:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Compaq_Owner\Favorites

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Templates

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\PrintHood

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\NetHood

[2010/11/18 17:33:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Symantec

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Real

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Identities

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\ApplicationHistory

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Apple Computer

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer

[2010/11/18 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000}

[2010/11/18 17:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\WINDOWS

[2010/11/18 17:28:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution

[2010/11/18 17:05:06 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache

[2010/11/18 17:03:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010/11/18 16:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\NetZero

[2010/11/18 16:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\NEXON

[2010/11/18 16:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media

[2010/11/18 16:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\Save(2)

[2010/11/18 16:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\ScanSoft

[2010/11/18 16:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems

[2010/11/18 16:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\SeedC Pacific

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Styler

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2010/11/18 16:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Softnyx

[2010/11/18 16:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith

[2010/11/18 16:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games

[2010/11/17 22:49:07 | 000,000,000 | ---D | C] -- C:\Program Files\HP

[2010/11/16 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood(2)

[2010/11/14 21:34:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\I386

[2010/11/13 11:21:37 | 000,000,000 | ---D | C] -- C:\ERDNT

[2010/11/06 21:12:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/10/25 20:35:39 | 000,000,000 | ---D | C] -- C:\i386

[2010/10/22 21:32:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/10/22 21:32:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/10/22 21:32:03 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/10/22 21:32:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/21 10:37:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/21 08:35:04 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/11/21 08:29:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/20 20:06:12 | 001,107,282 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQW Hax v1.2.RAR

[2010/11/20 17:08:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

[2010/11/20 11:45:02 | 000,005,668 | -H-- | M] () -- C:\IPH.PH

[2010/11/20 11:43:08 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk

[2010/11/20 11:43:08 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk

[2010/11/20 11:37:33 | 000,000,248 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat

[2010/11/20 11:02:36 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/11/20 11:00:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/20 10:54:16 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/20 10:54:16 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/20 10:50:05 | 000,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/11/20 09:38:15 | 000,000,959 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2010/11/20 09:36:13 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/11/20 09:36:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010/11/19 19:03:01 | 000,000,208 | ---- | M] () -- C:\WINDOWS\freestylegameInfo.xml

[2010/11/19 18:58:15 | 000,000,143 | ---- | M] () -- C:\WINDOWS\GKLauncherInfo.ini

[2010/11/19 18:56:59 | 000,001,759 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FreeStyle.lnk

[2010/11/19 18:56:57 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GameKiss Launcher.lnk

[2010/11/19 18:19:05 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/19 18:19:05 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/11/19 17:33:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010/11/19 17:07:26 | 000,000,212 | ---- | M] () -- C:\Boot.bak

[2010/11/18 19:15:34 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/11/18 18:36:51 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job

[2010/11/18 18:36:22 | 000,002,150 | ---- | M] () -- C:\WINDOWS\System32\ssmute.ini

[2010/11/18 18:34:11 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/18 18:33:57 | 000,001,861 | RHS- | M] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PX807AA-ABA SR1575CL NA530_YC_0Pres_QCNH526_E53NAheRED3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.12_T050420_WXH2_L409_M896_J200_7AMD_8Athlon 64_92.41_#051107_N10390900_Z11C1048C_G10396330.MRK

[2010/11/18 17:31:43 | 000,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf

[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/20 20:48:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/20 20:06:08 | 001,107,282 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\AQW Hax v1.2.RAR

[2010/11/20 11:43:08 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk

[2010/11/20 11:43:08 | 000,001,584 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk

[2010/11/20 11:07:45 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/11/20 11:02:36 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/11/20 09:38:15 | 000,000,959 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Logitech . Product Registration.lnk

[2010/11/20 09:36:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2010/11/19 18:56:59 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FreeStyle.lnk

[2010/11/19 18:56:57 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GameKiss Launcher.lnk

[2010/11/19 18:56:57 | 000,000,143 | ---- | C] () -- C:\WINDOWS\GKLauncherInfo.ini

[2010/11/19 18:19:05 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/19 17:19:01 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\LuResult.txt

[2010/11/18 19:15:34 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2010/11/18 18:36:41 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job

[2010/11/18 18:33:53 | 000,001,861 | RHS- | C] () -- C:\WINDOWS\System32\drivers\103C_HP_CPC_PX807AA-ABA SR1575CL NA530_YC_0Pres_QCNH526_E53NAheRED3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.12_T050420_WXH2_L409_M896_J200_7AMD_8Athlon 64_92.41_#051107_N10390900_Z11C1048C_G10396330.MRK

[2010/11/18 17:33:28 | 000,001,640 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2010/11/18 17:33:28 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk

[2010/11/18 17:33:28 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2010/11/18 17:33:28 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk

[2010/11/18 17:33:28 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

[2010/11/17 22:48:37 | 000,000,402 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2010/11/15 17:42:19 | 000,000,208 | ---- | C] () -- C:\WINDOWS\freestylegameInfo.xml

[2010/10/22 21:32:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/10/22 21:32:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/10/22 21:32:03 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/10/22 21:32:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/10/22 21:32:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/06/03 08:13:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL

[2010/01/24 21:51:10 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI

[2009/06/16 16:09:36 | 000,000,230 | ---- | C] () -- C:\WINDOWS\reimage.ini

[2008/12/09 21:28:48 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2007/12/17 17:39:54 | 000,000,050 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI

[2007/11/26 21:03:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini

[2007/03/17 21:49:48 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2007/03/17 21:49:48 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2007/03/17 20:58:55 | 000,000,870 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2007/03/17 20:58:55 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2007/01/20 16:16:08 | 000,000,699 | ---- | C] () -- C:\WINDOWS\HEGAMES.INI

[2006/01/30 19:00:39 | 000,000,128 | ---- | C] () -- C:\WINDOWS\TTL3.ini

[2005/12/17 21:36:16 | 000,000,008 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2005/12/09 19:46:57 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005/11/29 18:04:19 | 000,000,949 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/11/24 20:07:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini

[2005/11/08 18:06:16 | 000,000,229 | ---- | C] () -- C:\WINDOWS\QTW.INI

[2005/06/23 03:58:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/06/23 03:55:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2005/06/23 03:55:57 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2005/06/23 03:55:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2005/06/23 03:55:57 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2005/06/23 03:55:57 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2005/06/23 03:55:57 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2005/06/23 03:27:21 | 000,013,975 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2005/06/23 03:27:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2005/06/23 03:26:56 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini

[2005/06/23 03:24:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/06/23 03:11:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2005/06/23 03:06:13 | 000,094,143 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2005/06/23 03:06:13 | 000,083,779 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

[2005/06/23 02:56:53 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/06/23 02:55:02 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll

[2005/06/23 02:55:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll

[2005/06/23 02:54:42 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2005/02/18 09:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/01/26 20:53:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/01/19 21:45:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll

[2005/01/19 21:45:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll

[2004/08/04 04:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2004/06/15 20:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/04/10 21:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

[2003/01/07 21:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterMute

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView

[2010/09/24 16:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\36D

[2009/04/29 19:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\aHisoft

[2010/02/11 19:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM

[2008/12/26 21:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America's Army Deploy Client

[2010/01/16 13:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus

[2010/09/26 11:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender

[2010/06/02 20:49:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited

[2009/06/08 17:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations

[2010/06/02 18:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure

[2010/01/24 21:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier

[2007/06/17 19:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Escape From Paradise

[2009/02/14 10:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy2

[2009/03/30 13:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse

[2009/03/26 16:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games

[2007/09/10 19:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft

[2010/09/24 22:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2010/08/09 11:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker

[2009/06/08 21:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame

[2007/09/03 09:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games

[2007/05/24 17:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Legacy Interactive

[2010/01/24 21:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Megaupload

[2010/06/30 09:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

[2009/02/16 18:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9

[2009/07/21 17:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS

[2007/07/21 12:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games

[2006/02/04 21:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media

[2010/09/18 13:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2009/04/06 15:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst

[2010/05/15 09:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files

[2009/08/19 20:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm

[2009/06/06 16:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games

[2007/03/17 20:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2010/07/02 15:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC

[2010/09/26 21:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/08/05 06:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tencent

[2010/11/08 19:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

[2007/10/29 17:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2007/07/15 19:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom

[2008/12/04 14:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2010/05/10 16:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/07/10 20:28:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

[2009/04/09 09:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2008/12/13 14:55:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathy\Application Data\InterMute

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cathy\Application Data\SampleView

[2010/11/20 11:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\acccore

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\InterMute

[2010/11/20 09:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Leadertech

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SampleView

[2009/02/15 13:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\AVGTOOLBAR

[2009/04/04 18:53:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\BitTorrent

[2009/04/04 18:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\DNA

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\InterMute

[2008/12/09 21:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\InterVideo

[2009/04/04 18:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\LimeWire

[2008/12/11 14:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Nexon

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\SampleView

[2008/12/09 20:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Template

[2008/12/13 10:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Unity

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterMute

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily\Application Data\InterMute

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emily\Application Data\SampleView

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\InterMute

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.STANLEY\Application Data\InterMute

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest.STANLEY\Application Data\SampleView

[2005/12/18 16:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Parents\Application Data\Aim

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Parents\Application Data\InterMute

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Parents\Application Data\SampleView

[2005/06/23 03:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PS\Application Data\InterMute

[2009/04/04 18:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PS\Application Data\LimeWire

[2009/02/26 19:45:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PS\Application Data\Nexon

[2009/03/23 16:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PS\Application Data\Opera

[2005/06/23 03:39:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PS\Application Data\SampleView

[2009/03/03 20:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PS\Application Data\Template

[2010/11/20 17:08:00 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

[2010/11/18 18:36:51 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\Easy Internet Sign-up.job

[2010/11/21 08:35:04 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7B98566

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10D98D98

@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:679ABA25

@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6346EE9

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B22A8503

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3750BE5

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C86B29EB

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92C9159A

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE0E5BC2

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDCAE7B5

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:945FE29C

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F99F761

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E965A533

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F5D95B

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DA89B1

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1982A23

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8B3D4833

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61A065F2

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B9D528D

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94F67F32

@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13AA281B

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE6885F1

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E3E060F

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B3A4EC2

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B19CC382

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:241FA548

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DC6E295

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5804A24D

< End of report >

Share this post


Link to post
Share on other sites

I see the problem now. One of the temporary files that were also cleaned, was in the Drivers folder. Why one of the drivers was a tmp file is strange, but lets see if Combofix will automatically fix it.

Please download a new copy and run it. Post me the log.

Share this post


Link to post
Share on other sites

ComboFix 10-11-22.04 - Compaq_Owner 11/22/2010 16:27:36.2.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.895.661 [GMT -8:00]

Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))

.

2035-02-21 01:10 . 2010-09-26 19:15 -------- d-----w- c:\program files\BitDefender

2035-02-21 01:10 . 2010-09-26 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender

2035-02-21 01:04 . 2010-09-26 19:15 -------- d-----w- c:\program files\Common Files\BitDefender

2010-11-21 01:26 . 2004-08-04 06:59 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys

2010-11-21 01:25 . 2010-11-21 01:25 -------- d-----w- C:\_OTL

2010-11-20 21:28 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-11-20 21:28 . 2009-08-07 03:23 215920 ----a-w- c:\windows\system32\muweb.dll

2010-11-20 21:28 . 2010-11-21 01:26 -------- d-----w- c:\windows\LastGood.Tmp

2010-11-20 19:42 . 2010-11-20 19:43 -------- d-----w- c:\program files\AIM

2010-11-20 19:04 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B92CC9C-C286-4568-830A-9B1323A0DE4F}\mpengine.dll

2010-11-20 19:04 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-11-20 19:02 . 2010-11-20 19:02 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-11-20 17:36 . 2010-11-20 17:36 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2010-11-20 17:36 . 2008-11-08 02:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-11-20 17:35 . 2010-08-24 17:30 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys

2010-11-20 17:35 . 2010-11-20 17:35 -------- d-----w- c:\program files\Logitech

2010-11-20 17:14 . 2010-11-20 17:14 -------- d-----w- c:\program files\MSXML 4.0

2010-11-20 02:46 . 2010-11-20 02:56 -------- d-----w- c:\program files\GameKiss

2010-11-20 01:35 . 2010-11-20 01:35 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-11-20 01:35 . 2010-11-20 01:35 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-20 01:14 . 2010-11-20 21:59 -------- d-----w- c:\windows\system32\CatRoot_bak

2010-11-20 01:10 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys

2010-11-19 06:14 . 2008-11-08 02:55 26144 ----a-w- c:\windows\system32\spupdsvc.exe

2010-11-19 02:36 . 2004-08-04 08:56 159232 ----a-w- c:\windows\system32\ptpusd.dll

2010-11-19 02:36 . 2001-08-18 06:36 5632 ----a-w- c:\windows\system32\ptpusb.dll

2010-11-19 02:36 . 2004-08-04 06:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2010-11-19 02:34 . 2004-08-04 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-11-19 01:33 . 2010-11-21 01:27 -------- d-----w- c:\documents and settings\Compaq_Owner

2010-11-19 01:31 . 2005-06-23 11:25 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS

2010-11-19 01:26 . 2004-08-04 08:56 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-11-19 01:26 . 2004-08-04 06:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-11-19 01:26 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-11-19 01:26 . 2004-08-04 07:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-11-19 01:26 . 2001-08-17 22:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-11-19 01:05 . 2010-11-21 01:26 -------- d-sh--r- c:\windows\system32\dllcache

2010-11-18 06:49 . 2010-11-18 06:49 -------- d-----w- c:\program files\HP

2010-11-17 02:15 . 2010-11-19 00:45 -------- d-----w- c:\windows\LastGood(2)

2010-11-15 06:10 . 2010-10-27 06:10 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe

2010-11-15 06:10 . 2010-10-27 06:10 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

2010-11-15 05:34 . 2010-11-19 01:15 -------- d-----w- c:\windows\I386

2010-11-13 19:21 . 2010-11-13 19:22 -------- d-----w- C:\ERDNT

2010-11-06 16:56 . 2010-11-06 16:56 -------- d-----w- c:\documents and settings\Administrator

2010-10-26 04:35 . 2010-10-26 04:35 -------- d-----w- C:\i386

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((( SnapShot@2010-11-20_02.02.52 )))))))))))))))))))))))))))))))))))))))))

.

+ 2007-11-07 10:19 . 2007-11-07 10:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll

+ 2008-07-29 16:05 . 2008-07-29 16:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll

+ 2008-07-29 16:05 . 2008-07-29 16:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll

+ 2008-07-29 16:05 . 2008-07-29 16:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll

+ 2008-07-29 16:05 . 2008-07-29 16:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll

+ 2008-07-29 16:05 . 2008-07-29 16:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll

+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll

+ 2008-07-29 16:05 . 2008-07-29 16:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll

+ 2008-07-29 16:05 . 2008-07-29 16:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll

+ 2008-07-29 16:05 . 2008-07-29 16:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll

+ 2008-07-29 16:05 . 2008-07-29 16:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll

+ 2008-07-29 16:05 . 2008-07-29 16:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll

+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll

+ 2008-07-29 14:07 . 2008-07-29 14:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll

+ 2009-06-29 07:42 . 2009-06-29 07:42 91656 c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll

+ 2004-08-04 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll

+ 2010-11-20 01:10 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe

+ 2004-08-04 18:00 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe

+ 2005-06-23 11:03 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll

+ 2005-06-23 11:06 . 2005-04-12 19:30 28672 c:\windows\system32\SiSPInst.dll

- 2005-06-23 11:06 . 2005-01-04 23:54 28672 c:\windows\system32\SiSPInst.dll

+ 2005-06-23 11:06 . 2003-11-27 00:10 65536 c:\windows\system32\sis760.bin

- 2005-06-23 11:06 . 2003-11-26 23:10 65536 c:\windows\system32\sis760.bin

+ 2005-06-23 11:06 . 2003-11-27 00:10 65536 c:\windows\system32\sis741.bin

- 2005-06-23 11:06 . 2003-11-26 23:10 65536 c:\windows\system32\sis741.bin

+ 2005-06-23 11:06 . 2005-04-08 19:52 49152 c:\windows\system32\sis660.bin

- 2005-06-23 11:06 . 2005-01-05 00:00 49152 c:\windows\system32\sis660.bin

+ 2004-08-04 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll

+ 2004-08-04 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe

+ 2010-11-20 17:37 . 2001-08-17 21:48 12160 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\mouhid.sys

+ 2010-11-20 17:37 . 2004-08-04 06:58 23040 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\mouclass.sys

+ 2010-11-20 17:36 . 2004-08-04 06:58 14848 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\kbdhid.sys

+ 2010-11-20 17:36 . 2004-08-04 12:00 24576 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\kbdclass.sys

+ 2010-11-20 17:36 . 2001-08-17 21:48 12160 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\mouhid.sys

+ 2010-11-20 17:36 . 2004-08-04 18:00 23040 c:\windows\system32\ReinstallBackups\0007\DriverFiles\i386\mouclass.sys

+ 2010-11-20 17:17 . 2004-08-04 14:56 23552 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\wdmaud.drv

+ 2010-11-20 17:17 . 2004-08-04 13:08 48640 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\stream.sys

+ 2010-11-20 17:17 . 2004-08-04 13:08 60288 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\drmk.sys

+ 2010-11-20 17:17 . 2004-09-07 20:47 57344 c:\windows\system32\ReinstallBackups\0006\DriverFiles\ALCXMNTR.EXE

+ 2010-11-20 17:35 . 2004-08-04 12:00 24960 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\hidparse.sys

+ 2010-11-20 17:35 . 2004-08-04 12:00 36224 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\hidclass.sys

+ 2010-11-20 17:35 . 2004-08-04 18:00 20992 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\hid.dll

+ 2010-11-20 17:18 . 2005-01-05 00:46 13184 c:\windows\system32\ReinstallBackups\0002\DriverFiles\srvkp.sys

+ 2010-11-20 17:18 . 2005-01-04 23:54 28672 c:\windows\system32\ReinstallBackups\0002\DriverFiles\SiSPInst.dll

+ 2010-11-20 17:18 . 2003-11-26 23:10 65536 c:\windows\system32\ReinstallBackups\0002\DriverFiles\sis760.bin

+ 2010-11-20 17:18 . 2003-11-26 23:10 65536 c:\windows\system32\ReinstallBackups\0002\DriverFiles\sis741.bin

+ 2010-11-20 17:18 . 2005-01-05 00:00 49152 c:\windows\system32\ReinstallBackups\0002\DriverFiles\sis660.bin

- 2004-08-04 12:00 . 2004-08-04 12:00 69632 c:\windows\system32\raschap.dll

+ 2004-08-04 12:00 . 2009-10-12 13:54 69632 c:\windows\system32\raschap.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 39424 c:\windows\system32\pngfilt.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 39424 c:\windows\system32\pngfilt.dll

- 2005-01-27 04:58 . 2010-11-19 02:35 53640 c:\windows\system32\perfc009.dat

+ 2005-01-27 04:58 . 2010-11-20 18:54 53640 c:\windows\system32\perfc009.dat

+ 2009-11-06 06:17 . 2009-11-06 06:17 11600 c:\windows\system32\mui\0409\mscorees.dll

+ 2004-08-04 12:00 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 66560 c:\windows\system32\mtxclu.dll

+ 2004-08-04 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll

+ 2004-08-04 18:00 . 2009-11-27 17:33 17920 c:\windows\system32\msyuv.dll

+ 2004-08-04 12:00 . 2009-11-27 16:37 28672 c:\windows\system32\msvidc32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 11264 c:\windows\system32\msrle32.dll

+ 2004-08-04 12:00 . 2009-11-27 16:37 11264 c:\windows\system32\msrle32.dll

+ 2004-08-04 12:00 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\msdtclog.dll

+ 2004-08-04 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\mscms.dll

+ 2004-08-04 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\msasn1.dll

+ 2010-08-24 17:31 . 2010-08-24 17:31 53328 c:\windows\system32\LMouFiltCoInst.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 16384 c:\windows\system32\jsproxy.dll

+ 2004-08-04 18:00 . 2009-11-27 16:37 48128 c:\windows\system32\iyuv_32.dll

- 2004-08-04 11:00 . 2005-01-28 00:13 96256 c:\windows\system32\inseng.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 96256 c:\windows\system32\inseng.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 81920 c:\windows\system32\ieencode.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 81920 c:\windows\system32\ieencode.dll

+ 2004-08-04 12:00 . 2009-10-15 17:21 82432 c:\windows\system32\fontsub.dll

+ 2004-08-04 12:00 . 2006-02-21 03:01 23040 c:\windows\system32\fltmc.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\fltlib.dll

+ 2004-08-04 12:00 . 2006-02-21 06:57 16896 c:\windows\system32\fltlib.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 55808 c:\windows\system32\extmgr.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 55808 c:\windows\system32\extmgr.dll

+ 2009-07-14 18:35 . 2009-07-14 18:35 37608 c:\windows\system32\drivers\wdfldr.sys

+ 2004-08-04 18:00 . 2004-08-04 07:08 48640 c:\windows\system32\drivers\stream.sys

- 2004-08-04 18:00 . 2004-08-04 13:08 48640 c:\windows\system32\drivers\stream.sys

+ 2005-06-23 11:06 . 2005-04-12 19:42 11904 c:\windows\system32\drivers\srvkp.sys

+ 2004-08-04 18:00 . 2004-08-04 06:58 23040 c:\windows\system32\drivers\mouclass.sys

- 2004-08-04 18:00 . 2004-08-04 18:00 23040 c:\windows\system32\drivers\mouclass.sys

+ 2010-08-24 17:31 . 2010-08-24 17:31 28624 c:\windows\system32\drivers\LUsbFilt.sys

+ 2010-08-24 17:31 . 2010-08-24 17:31 37328 c:\windows\system32\drivers\LMouFilt.Sys

+ 2010-08-24 17:30 . 2010-08-24 17:30 38864 c:\windows\system32\drivers\LHidFilt.Sys

+ 2004-08-04 18:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys

+ 2004-08-04 12:00 . 2004-08-04 06:58 24576 c:\windows\system32\drivers\kbdclass.sys

- 2004-08-04 12:00 . 2004-08-04 12:00 24576 c:\windows\system32\drivers\kbdclass.sys

+ 2004-08-04 12:00 . 2004-08-04 07:08 24960 c:\windows\system32\drivers\hidparse.sys

- 2004-08-04 12:00 . 2004-08-04 12:00 24960 c:\windows\system32\drivers\hidparse.sys

+ 2004-08-04 12:00 . 2004-08-04 07:08 36224 c:\windows\system32\drivers\hidclass.sys

- 2004-08-04 12:00 . 2004-08-04 12:00 36224 c:\windows\system32\drivers\hidclass.sys

+ 2005-06-23 11:09 . 2004-08-04 07:08 60288 c:\windows\system32\drivers\drmk.sys

- 2005-06-23 11:09 . 2004-08-04 13:08 60288 c:\windows\system32\drivers\drmk.sys

+ 2004-08-04 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll

+ 2004-08-04 18:00 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe

- 2004-08-04 18:00 . 2004-08-04 13:08 48640 c:\windows\system32\dllcache\stream.sys

+ 2004-08-04 18:00 . 2004-08-04 07:08 48640 c:\windows\system32\dllcache\stream.sys

+ 2004-08-04 12:00 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll

+ 2004-08-04 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 69632 c:\windows\system32\dllcache\raschap.dll

+ 2004-08-04 12:00 . 2009-10-12 13:54 69632 c:\windows\system32\dllcache\raschap.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 39424 c:\windows\system32\dllcache\pngfilt.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 39424 c:\windows\system32\dllcache\pngfilt.dll

+ 2004-08-04 12:00 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll

+ 2004-08-04 12:00 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 66560 c:\windows\system32\dllcache\mtxclu.dll

+ 2010-11-20 01:11 . 2009-11-27 17:33 17920 c:\windows\system32\dllcache\msyuv.dll

+ 2004-08-04 12:00 . 2009-11-27 16:37 28672 c:\windows\system32\dllcache\msvidc32.dll

+ 2004-08-04 12:00 . 2009-11-27 16:37 11264 c:\windows\system32\dllcache\msrle32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 11264 c:\windows\system32\dllcache\msrle32.dll

+ 2004-08-04 12:00 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\dllcache\msdtclog.dll

+ 2004-08-04 12:00 . 2008-06-24 16:23 74240 c:\windows\system32\dllcache\mscms.dll

+ 2004-08-04 12:00 . 2009-09-04 20:45 58880 c:\windows\system32\dllcache\msasn1.dll

+ 2010-11-19 01:26 . 2001-08-17 21:48 12160 c:\windows\system32\dllcache\mouhid.sys

+ 2004-08-04 18:00 . 2004-08-04 06:58 23040 c:\windows\system32\dllcache\mouclass.sys

+ 2004-08-04 18:00 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys

+ 2010-11-19 01:26 . 2004-08-04 06:58 14848 c:\windows\system32\dllcache\kbdhid.sys

+ 2004-08-04 12:00 . 2004-08-04 06:58 24576 c:\windows\system32\dllcache\kbdclass.sys

- 2004-08-04 12:00 . 2004-08-04 12:00 24576 c:\windows\system32\dllcache\kbdclass.sys

+ 2004-08-04 12:00 . 2010-04-16 15:36 16384 c:\windows\system32\dllcache\jsproxy.dll

+ 2010-11-20 01:10 . 2009-11-27 16:37 48128 c:\windows\system32\dllcache\iyuv_32.dll

+ 2010-11-21 01:26 . 2004-08-04 06:59 36096 c:\windows\system32\dllcache\intelppm.sys

- 2004-08-04 11:00 . 2005-01-28 00:13 96256 c:\windows\system32\dllcache\inseng.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 96256 c:\windows\system32\dllcache\inseng.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 81920 c:\windows\system32\dllcache\ieencode.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 81920 c:\windows\system32\dllcache\ieencode.dll

+ 2004-08-04 12:00 . 2010-04-16 13:36 18432 c:\windows\system32\dllcache\iedw.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 18432 c:\windows\system32\dllcache\iedw.exe

+ 2004-08-04 12:00 . 2004-08-04 07:08 24960 c:\windows\system32\dllcache\hidparse.sys

+ 2004-08-04 12:00 . 2004-08-04 07:08 36224 c:\windows\system32\dllcache\hidclass.sys

+ 2004-08-04 12:00 . 2009-10-15 17:21 82432 c:\windows\system32\dllcache\fontsub.dll

+ 2004-08-04 12:00 . 2006-02-21 03:01 23040 c:\windows\system32\dllcache\fltmc.exe

+ 2004-08-04 12:00 . 2006-02-21 06:57 16896 c:\windows\system32\dllcache\fltlib.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 16896 c:\windows\system32\dllcache\fltlib.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 55808 c:\windows\system32\dllcache\extmgr.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 55808 c:\windows\system32\dllcache\extmgr.dll

+ 2005-06-23 11:09 . 2004-08-04 07:08 60288 c:\windows\system32\dllcache\drmk.sys

- 2005-06-23 11:09 . 2004-08-04 13:08 60288 c:\windows\system32\dllcache\drmk.sys

+ 2004-08-04 12:00 . 2009-12-14 07:35 33280 c:\windows\system32\dllcache\csrsrv.dll

+ 2004-08-04 12:00 . 2005-07-26 04:39 60416 c:\windows\system32\dllcache\colbact.dll

+ 2004-08-04 12:00 . 2010-01-13 14:10 85504 c:\windows\system32\dllcache\cabview.dll

+ 2004-08-04 12:00 . 2009-11-27 16:37 84992 c:\windows\system32\dllcache\avifil32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 84992 c:\windows\system32\dllcache\avifil32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\dllcache\atl.dll

+ 2004-08-04 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll

+ 2004-08-04 12:00 . 2009-12-14 07:35 33280 c:\windows\system32\csrsrv.dll

+ 2004-08-04 12:00 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll

+ 2004-08-04 12:00 . 2010-01-13 14:10 85504 c:\windows\system32\cabview.dll

+ 2004-08-04 12:00 . 2009-11-27 16:37 84992 c:\windows\system32\avifil32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 84992 c:\windows\system32\avifil32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 58880 c:\windows\system32\atl.dll

+ 2004-08-04 12:00 . 2009-07-17 18:55 58880 c:\windows\system32\atl.dll

+ 2009-06-25 03:56 . 2009-06-25 03:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe

+ 2010-04-01 19:42 . 2010-04-01 19:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll

+ 2010-03-31 22:51 . 2010-03-31 22:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

- 2003-02-21 09:09 . 2003-02-21 09:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll

+ 2010-03-31 22:51 . 2010-03-31 22:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2003-02-21 09:09 . 2003-02-21 09:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll

- 2004-07-15 14:32 . 2004-07-15 14:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

+ 2010-03-31 22:51 . 2010-03-31 22:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll

- 2004-07-15 15:49 . 2004-07-15 15:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2010-03-31 23:32 . 2010-03-31 23:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe

+ 2010-03-31 23:32 . 2010-03-31 23:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

- 2003-02-21 09:19 . 2003-02-21 09:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll

+ 2010-11-21 01:26 . 2008-04-13 18:31 36352 c:\windows\LastGood.Tmp\system32\drivers\intelppm.sys

- 2010-03-04 05:53 . 2010-03-04 05:53 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe

+ 2010-03-04 05:53 . 2010-11-20 17:14 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe

+ 2008-11-23 07:21 . 2010-11-20 17:14 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe

- 2008-11-23 07:21 . 2009-06-03 00:40 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe

+ 2010-11-20 01:11 . 2009-11-27 17:33 17920 c:\windows\Driver Cache\i386\msyuv.dll

+ 2010-11-20 01:10 . 2009-11-27 16:37 48128 c:\windows\Driver Cache\i386\iyuv_32.dll

+ 2010-11-20 17:22 . 2010-11-20 17:22 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll

+ 2010-11-20 17:22 . 2009-05-26 09:01 17272 c:\windows\$NtUninstallKB980232$\spmsg.dll

+ 2010-11-20 17:22 . 2009-05-26 09:01 26488 c:\windows\$NtUninstallKB980232$\spcustom.dll

+ 2010-11-20 17:23 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB980218$\spmsg.dll

+ 2010-11-20 17:23 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB980218$\spcustom.dll

+ 2010-11-20 17:22 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB980195$\spmsg.dll

+ 2010-11-20 17:22 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB980195$\spcustom.dll

+ 2010-11-20 17:22 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB979683$\spmsg.dll

+ 2010-11-20 17:22 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB979683$\spcustom.dll

+ 2010-11-20 17:18 . 2009-05-26 09:01 17272 c:\windows\$NtUninstallKB979559$\spmsg.dll

+ 2010-11-20 17:18 . 2009-05-26 09:01 26488 c:\windows\$NtUninstallKB979559$\spcustom.dll

+ 2010-11-20 17:16 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB979309$\spmsg.dll

+ 2010-11-20 17:16 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB979309$\spcustom.dll

+ 2010-11-20 17:18 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB978601$\spmsg.dll

+ 2010-11-20 17:18 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB978601$\spcustom.dll

+ 2010-11-20 17:16 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB978542$\spmsg.dll

+ 2010-11-20 17:16 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB978542$\spcustom.dll

+ 2010-11-20 17:20 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB978338$\spmsg.dll

+ 2010-11-20 17:20 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB978338$\spcustom.dll

+ 2010-11-20 17:18 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB977816$\spmsg.dll

+ 2010-11-20 17:18 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB977816$\spcustom.dll

+ 2010-11-20 17:15 . 2008-07-08 13:02 17272 c:\windows\$NtUninstallKB975562$\spmsg.dll

+ 2010-11-20 17:15 . 2008-07-08 13:02 26488 c:\windows\$NtUninstallKB975562$\spcustom.dll

+ 2010-11-20 17:14 . 2008-07-09 07:38 17272 c:\windows\$NtUninstallKB923561$\spmsg.dll

+ 2010-11-20 17:14 . 2008-07-09 07:38 26488 c:\windows\$NtUninstallKB923561$\spcustom.dll

+ 2010-11-20 17:21 . 2009-05-26 11:40 17272 c:\windows\$NtUninstallKB2229593$\spmsg.dll

+ 2010-11-20 17:21 . 2009-05-26 11:40 26488 c:\windows\$NtUninstallKB2229593$\spcustom.dll

+ 2004-08-04 18:00 . 2009-11-27 16:37 8704 c:\windows\system32\tsbyuv.dll

+ 2010-11-20 17:17 . 2004-08-04 14:56 4096 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ksuser.dll

+ 2010-11-20 17:35 . 2001-08-17 22:02 9600 c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\hidusb.sys

+ 2010-11-20 01:10 . 2009-11-27 16:37 8704 c:\windows\system32\dllcache\tsbyuv.dll

+ 2010-11-19 01:26 . 2001-08-17 22:02 9600 c:\windows\system32\dllcache\hidusb.sys

+ 2008-07-29 16:05 . 2008-07-29 16:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll

+ 2008-07-29 16:05 . 2008-07-29 16:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll

+ 2008-07-29 11:54 . 2008-07-29 11:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll

+ 2008-07-29 16:05 . 2008-07-29 16:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll

+ 2005-09-23 06:48 . 2005-09-23 06:48 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll

+ 2005-09-23 06:48 . 2005-09-23 06:48 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll

+ 2005-09-23 06:48 . 2005-09-23 06:48 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll

+ 2010-11-20 01:08 . 2010-04-16 13:21 352768 c:\windows\system32\xpsp3res.dll

+ 2004-08-04 11:00 . 2009-07-13 18:08 286720 c:\windows\system32\wmpdxm.dll

+ 2004-08-04 11:00 . 2007-10-28 01:40 227328 c:\windows\system32\wmasf.dll

+ 2004-08-04 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 132096 c:\windows\system32\wkssvc.dll

+ 2004-08-04 12:00 . 2009-12-24 07:05 177664 c:\windows\system32\wintrust.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 662016 c:\windows\system32\wininet.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 351232 c:\windows\system32\winhttp.dll

+ 2004-08-04 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll

+ 2004-08-04 12:00 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe

+ 2004-08-04 12:00 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll

+ 2004-08-04 12:00 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 417792 c:\windows\system32\vbscript.dll

+ 2004-08-04 12:00 . 2010-03-10 08:02 417792 c:\windows\system32\vbscript.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 624640 c:\windows\system32\urlmon.dll

+ 2004-08-04 12:00 . 2009-10-16 06:51 119808 c:\windows\system32\t2embed.dll

+ 2004-08-04 12:00 . 2009-08-26 08:16 247326 c:\windows\system32\strmdll.dll

+ 2005-06-23 11:06 . 2005-04-12 18:56 884736 c:\windows\system32\sisgrv.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 474112 c:\windows\system32\shlwapi.dll

+ 2004-08-04 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe

+ 2004-08-04 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll

+ 2004-08-04 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll

+ 2004-08-04 12:00 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll

+ 2010-11-20 17:17 . 2004-08-04 13:15 145792 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\portcls.sys

+ 2010-11-20 17:17 . 2004-08-04 13:15 140928 c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\ks.sys

+ 2010-11-20 17:18 . 2005-01-05 00:09 861184 c:\windows\system32\ReinstallBackups\0002\DriverFiles\sisgrv.dll

+ 2010-11-20 17:18 . 2005-01-05 00:01 239104 c:\windows\system32\ReinstallBackups\0002\DriverFiles\sisgrp.sys

+ 2004-08-04 12:00 . 2009-10-12 13:54 112128 c:\windows\system32\rastls.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 112128 c:\windows\system32\rastls.dll

+ 2005-01-27 04:58 . 2010-11-20 18:54 382022 c:\windows\system32\perfh009.dat

- 2005-01-27 04:58 . 2010-11-19 02:35 382022 c:\windows\system32\perfh009.dat

- 2004-08-04 12:00 . 2004-08-04 12:00 283648 c:\windows\system32\pdh.dll

+ 2004-08-04 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll

+ 2004-08-04 12:00 . 2009-10-13 10:53 266752 c:\windows\system32\oakley.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 266752 c:\windows\system32\oakley.dll

+ 2004-08-04 18:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll

+ 2004-08-04 12:00 . 2008-10-15 16:57 332800 c:\windows\system32\netapi32.dll

+ 2004-08-04 12:00 . 2008-06-20 17:41 245248 c:\windows\system32\mswsock.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 245248 c:\windows\system32\mswsock.dll

+ 2004-08-04 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\mswebdvd.dll

+ 2004-08-04 12:00 . 2009-09-11 14:33 133632 c:\windows\system32\msv1_0.dll

+ 2004-08-04 12:00 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 532480 c:\windows\system32\mstime.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 146432 c:\windows\system32\msrating.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 146432 c:\windows\system32\msrating.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 343040 c:\windows\system32\mspaint.exe

+ 2004-08-04 12:00 . 2009-12-16 12:58 343040 c:\windows\system32\mspaint.exe

+ 2004-08-04 12:00 . 2010-04-16 15:36 449024 c:\windows\system32\mshtmled.dll

+ 2004-08-04 12:00 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll

+ 2004-08-04 12:00 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll

+ 2004-08-04 12:00 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll

+ 2004-08-04 11:00 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll

+ 2004-08-04 12:00 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll

+ 2004-08-04 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll

+ 2004-08-04 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 450560 c:\windows\system32\jscript.dll

+ 2004-08-04 12:00 . 2009-08-21 09:46 450560 c:\windows\system32\jscript.dll

+ 2004-08-04 12:00 . 2010-01-29 15:08 683520 c:\windows\system32\inetcomm.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 251392 c:\windows\system32\iepeers.dll

+ 2004-08-04 12:00 . 2008-10-23 13:01 283648 c:\windows\system32\gdi32.dll

+ 2005-01-27 04:56 . 2010-11-20 18:50 169896 c:\windows\system32\FNTCACHE.DAT

- 2005-01-27 04:56 . 2010-11-19 01:33 169896 c:\windows\system32\FNTCACHE.DAT

+ 2004-08-04 12:00 . 2008-07-07 20:32 253952 c:\windows\system32\es.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 205312 c:\windows\system32\dxtrans.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 357888 c:\windows\system32\dxtmsft.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 357888 c:\windows\system32\dxtmsft.dll

+ 2009-07-14 18:35 . 2009-07-14 18:35 444136 c:\windows\system32\drivers\wdf01000.sys

+ 2004-08-04 12:00 . 2010-02-11 12:01 226880 c:\windows\system32\drivers\tcpip6.sys

+ 2004-08-04 12:00 . 2008-06-20 10:45 360320 c:\windows\system32\drivers\tcpip.sys

+ 2004-08-04 12:00 . 2009-12-31 16:14 352640 c:\windows\system32\drivers\srv.sys

+ 2005-06-23 11:06 . 2005-04-12 19:08 247296 c:\windows\system32\drivers\sisgrp.sys

+ 2004-08-04 12:00 . 2008-05-08 12:28 202752 c:\windows\system32\drivers\rmcast.sys

+ 2005-06-23 11:09 . 2004-08-04 07:15 145792 c:\windows\system32\drivers\portcls.sys

- 2005-06-23 11:09 . 2004-08-04 13:15 145792 c:\windows\system32\drivers\portcls.sys

+ 2004-08-04 11:00 . 2010-02-24 12:31 454016 c:\windows\system32\drivers\mrxsmb.sys

+ 2010-03-26 05:30 . 2010-03-26 05:30 151216 c:\windows\system32\drivers\MpFilter.sys

- 2004-08-04 18:00 . 2004-08-04 13:15 140928 c:\windows\system32\drivers\ks.sys

+ 2004-08-04 18:00 . 2004-08-04 07:15 140928 c:\windows\system32\drivers\ks.sys

+ 2004-08-04 12:00 . 2006-02-21 03:01 128896 c:\windows\system32\drivers\fltmgr.sys

+ 2004-08-04 12:00 . 2008-08-14 09:51 138368 c:\windows\system32\drivers\afd.sys

+ 2004-08-04 12:00 . 2008-06-20 17:41 148992 c:\windows\system32\dnsapi.dll

+ 2004-08-04 12:00 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe

+ 2004-08-04 11:00 . 2009-07-13 18:08 286720 c:\windows\system32\dllcache\wmpdxm.dll

+ 2004-08-04 12:00 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe

+ 2004-08-04 12:00 . 2009-02-09 10:20 453120 c:\windows\system32\dllcache\wmiprvsd.dll

+ 2004-08-04 11:00 . 2007-10-28 01:40 227328 c:\windows\system32\dllcache\wmasf.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 132096 c:\windows\system32\dllcache\wkssvc.dll

+ 2004-08-04 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll

+ 2004-08-04 12:00 . 2009-12-24 07:05 177664 c:\windows\system32\dllcache\wintrust.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 662016 c:\windows\system32\dllcache\wininet.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 351232 c:\windows\system32\dllcache\winhttp.dll

+ 2004-08-04 12:00 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll

+ 2004-08-04 12:00 . 2010-03-10 08:02 417792 c:\windows\system32\dllcache\vbscript.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 417792 c:\windows\system32\dllcache\vbscript.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 624640 c:\windows\system32\dllcache\urlmon.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 153088 c:\windows\system32\dllcache\triedit.dll

+ 2004-08-04 12:00 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll

+ 2004-08-04 12:00 . 2010-02-11 12:01 226880 c:\windows\system32\dllcache\tcpip6.sys

+ 2004-08-04 12:00 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\tcpip.sys

+ 2004-08-04 12:00 . 2009-10-16 06:51 119808 c:\windows\system32\dllcache\t2embed.dll

+ 2004-08-04 12:00 . 2009-08-26 08:16 247326 c:\windows\system32\dllcache\strmdll.dll

+ 2004-08-04 12:00 . 2009-12-31 16:14 352640 c:\windows\system32\dllcache\srv.sys

+ 2005-06-23 11:06 . 2005-04-12 19:08 247296 c:\windows\system32\dllcache\sisgrp.sys

+ 2004-08-04 11:00 . 2010-04-16 15:36 474112 c:\windows\system32\dllcache\shlwapi.dll

+ 2004-08-04 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\dllcache\services.exe

+ 2004-08-04 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll

+ 2004-08-04 12:00 . 2009-02-09 10:20 399360 c:\windows\system32\dllcache\rpcss.dll

+ 2004-08-04 12:00 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll

+ 2004-08-04 12:00 . 2008-05-08 12:28 202752 c:\windows\system32\dllcache\rmcast.sys

+ 2004-08-04 12:00 . 2009-10-12 13:54 112128 c:\windows\system32\dllcache\rastls.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 112128 c:\windows\system32\dllcache\rastls.dll

+ 2005-06-23 11:09 . 2004-08-04 07:15 145792 c:\windows\system32\dllcache\portcls.sys

- 2005-06-23 11:09 . 2004-08-04 13:15 145792 c:\windows\system32\dllcache\portcls.sys

+ 2004-08-04 12:00 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 283648 c:\windows\system32\dllcache\pdh.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 266752 c:\windows\system32\dllcache\oakley.dll

+ 2004-08-04 12:00 . 2009-10-13 10:53 266752 c:\windows\system32\dllcache\oakley.dll

+ 2004-08-04 18:00 . 2009-02-09 10:20 714752 c:\windows\system32\dllcache\ntdll.dll

+ 2004-08-04 12:00 . 2008-10-15 16:57 332800 c:\windows\system32\dllcache\netapi32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 245248 c:\windows\system32\dllcache\mswsock.dll

+ 2004-08-04 12:00 . 2008-06-20 17:41 245248 c:\windows\system32\dllcache\mswsock.dll

+ 2004-08-04 12:00 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll

+ 2004-08-04 12:00 . 2009-09-11 14:33 133632 c:\windows\system32\dllcache\msv1_0.dll

+ 2004-08-04 12:00 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 532480 c:\windows\system32\dllcache\mstime.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 146432 c:\windows\system32\dllcache\msrating.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 146432 c:\windows\system32\dllcache\msrating.dll

+ 2004-08-04 12:00 . 2009-12-16 12:58 343040 c:\windows\system32\dllcache\mspaint.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 343040 c:\windows\system32\dllcache\mspaint.exe

+ 2004-08-04 12:00 . 2010-04-16 15:36 449024 c:\windows\system32\dllcache\mshtmled.dll

+ 2004-08-04 12:00 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll

+ 2004-08-04 12:00 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll

+ 2004-08-04 12:00 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll

+ 2004-08-04 12:00 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 331776 c:\windows\system32\dllcache\msadce.dll

+ 2010-11-20 01:12 . 2010-02-24 12:31 454016 c:\windows\system32\dllcache\mrxsmb.sys

+ 2004-08-04 11:00 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll

+ 2004-08-04 12:00 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll

- 2004-08-04 18:00 . 2004-08-04 13:15 140928 c:\windows\system32\dllcache\ks.sys

+ 2004-08-04 18:00 . 2004-08-04 07:15 140928 c:\windows\system32\dllcache\ks.sys

+ 2004-08-04 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll

+ 2004-08-04 12:00 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll

+ 2004-08-04 12:00 . 2009-08-21 09:46 450560 c:\windows\system32\dllcache\jscript.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 450560 c:\windows\system32\dllcache\jscript.dll

+ 2004-08-04 12:00 . 2010-01-29 15:08 683520 c:\windows\system32\dllcache\inetcomm.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 251392 c:\windows\system32\dllcache\iepeers.dll

+ 2004-08-04 12:00 . 2010-06-14 14:30 743936 c:\windows\system32\dllcache\helpsvc.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 743936 c:\windows\system32\dllcache\helpsvc.exe

+ 2004-08-04 12:00 . 2008-10-23 13:01 283648 c:\windows\system32\dllcache\gdi32.dll

+ 2004-08-04 12:00 . 2006-02-21 03:01 128896 c:\windows\system32\dllcache\fltmgr.sys

+ 2004-08-04 12:00 . 2009-02-09 10:20 473088 c:\windows\system32\dllcache\fastprox.dll

+ 2004-08-04 12:00 . 2008-07-07 20:32 253952 c:\windows\system32\dllcache\es.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 205312 c:\windows\system32\dllcache\dxtrans.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 357888 c:\windows\system32\dllcache\dxtmsft.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 357888 c:\windows\system32\dllcache\dxtmsft.dll

+ 2004-08-04 12:00 . 2008-06-20 17:41 148992 c:\windows\system32\dllcache\dnsapi.dll

- 2004-08-04 11:00 . 2005-01-28 00:13 151040 c:\windows\system32\dllcache\cdfview.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 151040 c:\windows\system32\dllcache\cdfview.dll

+ 2010-11-20 01:10 . 2008-06-13 13:10 272128 c:\windows\system32\dllcache\bthport.sys

- 2004-08-04 12:00 . 2004-08-04 12:00 285696 c:\windows\system32\dllcache\atmfd.dll

+ 2004-08-04 12:00 . 2010-04-20 05:51 285696 c:\windows\system32\dllcache\atmfd.dll

+ 2004-08-04 12:00 . 2008-08-14 09:51 138368 c:\windows\system32\dllcache\afd.sys

+ 2004-08-04 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\dllcache\advapi32.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 616960 c:\windows\system32\dllcache\advapi32.dll

+ 2004-08-04 12:00 . 2009-11-21 16:36 470528 c:\windows\system32\dllcache\aclayers.dll

+ 2004-08-04 12:00 . 2010-02-12 04:47 100864 c:\windows\system32\dllcache\6to4svc.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 151040 c:\windows\system32\cdfview.dll

- 2004-08-04 11:00 . 2005-01-28 00:13 151040 c:\windows\system32\cdfview.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 285696 c:\windows\system32\atmfd.dll

+ 2004-08-04 12:00 . 2010-04-20 05:51 285696 c:\windows\system32\atmfd.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 616960 c:\windows\system32\advapi32.dll

+ 2004-08-04 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll

+ 2004-08-04 12:00 . 2010-02-12 04:47 100864 c:\windows\system32\6to4svc.dll

+ 2004-08-04 12:00 . 2010-06-14 14:30 743936 c:\windows\pchealth\helpctr\binaries\helpsvc.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 743936 c:\windows\pchealth\helpctr\binaries\HelpSvc.exe

- 2004-07-15 14:33 . 2004-07-15 14:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

+ 2010-03-31 22:51 . 2010-03-31 22:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll

+ 2010-03-31 22:49 . 2010-03-31 22:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2004-07-15 14:25 . 2004-07-15 14:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll

- 2004-07-15 15:49 . 2004-07-15 15:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2010-03-31 23:32 . 2010-03-31 23:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll

+ 2010-11-20 19:02 . 2010-11-20 19:02 272384 c:\windows\Installer\a555d.msi

+ 2010-11-20 19:02 . 2010-11-20 19:02 264192 c:\windows\Installer\a5557.msi

+ 2010-11-20 19:01 . 2010-11-20 19:01 301056 c:\windows\Installer\a5551.msi

+ 2010-11-20 17:14 . 2010-11-20 17:14 432640 c:\windows\Installer\39676.msi

+ 2010-11-20 17:14 . 2010-11-20 17:14 429568 c:\windows\Installer\3966b.msi

+ 2010-11-20 17:38 . 2010-11-20 17:38 240640 c:\windows\Installer\1606a7.msi

+ 2010-11-20 17:35 . 2010-11-20 17:35 228352 c:\windows\Installer\1606a1.msi

+ 2005-06-23 11:04 . 2010-02-24 12:31 454016 c:\windows\Driver Cache\i386\mrxsmb.sys

+ 2004-08-04 12:00 . 2009-11-21 16:36 470528 c:\windows\AppPatch\aclayers.dll

+ 2010-11-20 17:22 . 2009-05-26 09:01 382840 c:\windows\$NtUninstallKB980232$\updspapi.dll

+ 2010-11-20 17:22 . 2009-05-26 09:01 755576 c:\windows\$NtUninstallKB980232$\update.exe

+ 2010-11-20 17:22 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB980232$\spuninst.exe

+ 2010-04-14 04:15 . 2005-01-19 11:26 451584 c:\windows\$NtUninstallKB980232$\mrxsmb.sys

+ 2010-11-20 17:23 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB980218$\updspapi.dll

+ 2010-11-20 17:23 . 2009-05-26 11:40 755576 c:\windows\$NtUninstallKB980218$\update.exe

+ 2010-11-20 17:23 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB980218$\spuninst.exe

+ 2010-11-20 17:22 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB980195$\updspapi.dll

+ 2010-11-20 17:22 . 2008-07-08 13:02 755576 c:\windows\$NtUninstallKB980195$\update.exe

+ 2010-11-20 17:22 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB980195$\spuninst.exe

+ 2010-11-20 17:22 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979683$\updspapi.dll

+ 2010-11-20 17:22 . 2009-05-26 11:40 755576 c:\windows\$NtUninstallKB979683$\update.exe

+ 2010-11-20 17:22 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB979683$\spuninst.exe

+ 2010-11-20 17:18 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979559$\updspapi.dll

+ 2010-11-20 17:18 . 2009-05-26 11:40 755576 c:\windows\$NtUninstallKB979559$\update.exe

+ 2010-11-20 17:18 . 2009-05-26 09:01 231288 c:\windows\$NtUninstallKB979559$\spuninst.exe

+ 2010-11-20 17:16 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB979309$\updspapi.dll

+ 2010-11-20 17:16 . 2009-05-26 11:40 755576 c:\windows\$NtUninstallKB979309$\update.exe

+ 2010-11-20 17:16 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB979309$\spuninst.exe

- 2010-06-10 03:20 . 2007-07-28 06:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll

+ 2010-06-10 03:20 . 2007-07-28 07:11 382840 c:\windows\$NtUninstallKB978695_WM9$\spuninst\updspapi.dll

- 2010-06-10 03:20 . 2007-07-28 06:11 231288 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe

+ 2010-06-10 03:20 . 2007-07-28 07:11 231288 c:\windows\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe

+ 2010-11-20 17:18 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978601$\updspapi.dll

+ 2010-11-20 17:18 . 2009-05-26 11:40 755576 c:\windows\$NtUninstallKB978601$\update.exe

+ 2010-11-20 17:18 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB978601$\spuninst.exe

+ 2010-11-20 17:16 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978542$\updspapi.dll

+ 2010-11-20 17:16 . 2009-05-26 11:40 755576 c:\windows\$NtUninstallKB978542$\update.exe

+ 2010-11-20 17:16 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978542$\spuninst.exe

+ 2010-05-13 03:02 . 2004-08-04 12:00 678400 c:\windows\$NtUninstallKB978542$\inetcomm.dll

+ 2010-11-20 17:20 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB978338$\updspapi.dll

+ 2010-11-20 17:20 . 2009-05-26 11:40 755576 c:\windows\$NtUninstallKB978338$\update.exe

+ 2010-11-20 17:20 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB978338$\spuninst.exe

+ 2010-11-20 17:18 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB977816$\updspapi.dll

+ 2010-11-20 17:18 . 2009-05-26 11:40 755576 c:\windows\$NtUninstallKB977816$\update.exe

+ 2010-11-20 17:18 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB977816$\spuninst.exe

+ 2010-11-20 17:15 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB975562$\updspapi.dll

+ 2010-11-20 17:15 . 2009-05-26 11:40 755576 c:\windows\$NtUninstallKB975562$\update.exe

+ 2010-11-20 17:15 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB975562$\spuninst.exe

- 2010-10-21 02:55 . 2008-04-14 12:42 214528 c:\windows\$NtUninstallKB923561$\wordpad.exe

+ 2010-10-21 02:55 . 2004-08-04 12:00 214528 c:\windows\$NtUninstallKB923561$\wordpad.exe

+ 2010-11-20 17:14 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB923561$\updspapi.dll

+ 2010-11-20 17:14 . 2008-11-15 17:18 755576 c:\windows\$NtUninstallKB923561$\update.exe

+ 2010-11-20 17:14 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB923561$\spuninst.exe

+ 2010-11-20 17:21 . 2010-02-23 02:53 382840 c:\windows\$NtUninstallKB2229593$\updspapi.dll

+ 2010-11-20 17:21 . 2009-05-26 11:40 755576 c:\windows\$NtUninstallKB2229593$\update.exe

- 2010-10-21 02:53 . 2010-02-23 02:53 382840 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll

+ 2010-10-21 02:53 . 2010-02-23 03:53 382840 c:\windows\$NtUninstallKB2229593$\spuninst\updspapi.dll

+ 2010-11-20 17:21 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB2229593$\spuninst.exe

+ 2010-10-21 02:53 . 2004-08-04 12:00 743936 c:\windows\$NtUninstallKB2229593$\helpsvc.exe

- 2008-12-11 19:07 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB956802\update\updspapi.dll

+ 2008-12-11 19:07 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB956802\update\updspapi.dll

+ 2008-12-11 19:07 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB956802\update\update.exe

- 2008-12-11 19:07 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB956802\update\update.exe

- 2008-11-23 07:22 . 2008-07-09 20:08 382840 c:\windows\$hf_mig$\KB955069\update\updspapi.dll

+ 2008-11-23 07:22 . 2008-07-09 21:08 382840 c:\windows\$hf_mig$\KB955069\update\updspapi.dll

- 2010-07-14 20:22 . 2010-02-23 02:53 382840 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll

+ 2010-07-14 20:22 . 2010-02-23 03:53 382840 c:\windows\$hf_mig$\KB2229593\update\updspapi.dll

+ 2010-11-20 01:12 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll

+ 2008-07-29 16:05 . 2008-07-29 16:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll

+ 2008-07-29 16:05 . 2008-07-29 16:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll

+ 2009-07-21 08:03 . 2009-07-21 08:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll

+ 2008-10-01 00:42 . 2008-10-01 00:42 1286152 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll

+ 2004-08-04 11:00 . 2010-04-03 11:33 2365288 c:\windows\system32\WMVCore.dll

+ 2004-08-04 11:00 . 2009-07-13 18:08 5537792 c:\windows\system32\wmp.dll

+ 2004-08-04 12:00 . 2010-05-02 05:56 1850880 c:\windows\system32\win32k.sys

+ 2005-06-23 11:06 . 2005-04-12 19:40 1869609 c:\windows\system32\sisgl.dll

+ 2004-08-04 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\shell32.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 1506304 c:\windows\system32\shdocvw.dll

+ 2010-11-20 17:17 . 2004-10-01 17:24 2279424 c:\windows\system32\ReinstallBackups\0006\DriverFiles\ALCXWDM.SYS

+ 2010-11-20 17:18 . 2005-01-05 00:45 1864937 c:\windows\system32\ReinstallBackups\0002\DriverFiles\sisgl.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 1435648 c:\windows\system32\query.dll

+ 2004-08-04 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\query.dll

+ 2004-08-04 12:00 . 2010-02-05 18:40 1291264 c:\windows\system32\quartz.dll

+ 2004-08-04 12:00 . 2010-02-16 13:19 2181376 c:\windows\system32\ntoskrnl.exe

+ 2004-08-04 18:00 . 2010-02-16 12:39 2058368 c:\windows\system32\ntkrnlpa.exe

+ 2009-07-21 08:05 . 2009-07-21 08:05 1348432 c:\windows\system32\msxml4.dll

+ 2004-08-04 12:00 . 2009-07-31 04:57 1172480 c:\windows\system32\msxml3.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 3065344 c:\windows\system32\mshtml.dll

+ 2010-08-24 17:31 . 2010-08-24 17:31 1581136 c:\windows\system32\LkmdfCoInst.dll

+ 2005-06-23 11:09 . 2005-04-20 19:00 2317696 c:\windows\system32\drivers\ALCXWDM.SYS

+ 2004-08-04 11:00 . 2010-04-03 11:33 2365288 c:\windows\system32\dllcache\WMVCore.dll

+ 2004-08-04 11:00 . 2009-07-13 18:08 5537792 c:\windows\system32\dllcache\wmp.dll

+ 2004-08-04 12:00 . 2010-05-02 05:56 1850880 c:\windows\system32\dllcache\win32k.sys

+ 2004-08-04 12:00 . 2008-07-03 13:16 8454656 c:\windows\system32\dllcache\shell32.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 1506304 c:\windows\system32\dllcache\shdocvw.dll

+ 2004-08-04 12:00 . 2009-07-17 16:27 1435648 c:\windows\system32\dllcache\query.dll

- 2004-08-04 12:00 . 2004-08-04 12:00 1435648 c:\windows\system32\dllcache\query.dll

+ 2004-08-04 12:00 . 2010-02-05 18:40 1291264 c:\windows\system32\dllcache\quartz.dll

+ 2010-11-20 01:11 . 2010-02-16 13:19 2181376 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2010-11-20 01:11 . 2010-02-16 12:39 2016768 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2010-11-20 01:11 . 2010-02-16 12:39 2058368 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2010-11-20 01:11 . 2010-02-16 13:17 2137088 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2004-08-04 12:00 . 2009-07-31 04:57 1172480 c:\windows\system32\dllcache\msxml3.dll

+ 2004-08-04 12:00 . 2010-01-29 15:08 1315840 c:\windows\system32\dllcache\msoe.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 3065344 c:\windows\system32\dllcache\mshtml.dll

+ 2004-08-04 12:00 . 2009-10-23 14:27 3555328 c:\windows\system32\dllcache\moviemk.exe

- 2004-08-04 12:00 . 2004-08-04 12:00 3555328 c:\windows\system32\dllcache\moviemk.exe

+ 2004-08-04 12:00 . 2010-04-16 15:36 1054208 c:\windows\system32\dllcache\danim.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 1023488 c:\windows\system32\dllcache\browseui.dll

+ 2004-08-04 12:00 . 2010-04-16 15:36 1054208 c:\windows\system32\danim.dll

+ 2004-08-04 11:00 . 2010-04-16 15:36 1023488 c:\windows\system32\browseui.dll

+ 2010-04-01 19:42 . 2010-04-01 19:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll

+ 2010-04-01 19:42 . 2010-04-01 19:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll

+ 2010-03-31 22:50 . 2010-03-31 22:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll

+ 2010-03-31 22:50 . 2010-03-31 22:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll

+ 2010-04-01 19:42 . 2010-04-01 19:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll

+ 2005-06-23 10:56 . 2006-08-21 23:57 1077321 c:\windows\Help\SBSI\Training\orun32.exe

+ 2010-11-20 17:22 . 2010-11-20 17:22 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll

+ 2010-11-20 17:22 . 2010-11-20 17:22 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll

+ 2010-04-14 04:16 . 2009-02-06 17:24 2180480 c:\windows\$NtUninstallKB979683$\ntoskrnl.exe

+ 2010-04-14 04:16 . 2009-02-06 16:49 2015744 c:\windows\$NtUninstallKB979683$\ntkrpamp.exe

- 2010-04-14 04:16 . 2009-12-08 18:19 2015744 c:\windows\$NtUninstallKB979683$\ntkrpamp.exe

+ 2010-04-14 04:16 . 2009-02-06 16:49 2057728 c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe

- 2010-04-14 04:16 . 2009-12-08 18:19 2057728 c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe

+ 2010-04-14 04:16 . 2009-02-06 17:22 2136064 c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe

- 2010-04-14 04:16 . 2009-12-08 18:53 2136064 c:\windows\$NtUninstallKB979683$\ntkrnlmp.exe

+ 2010-06-10 03:51 . 2004-08-04 12:00 1835904 c:\windows\$NtUninstallKB979559$\win32k.sys

+ 2010-06-10 03:20 . 2008-06-10 19:57 2364472 c:\windows\$NtUninstallKB978695_WM9$\wmvcore.dll

+ 2010-05-13 03:02 . 2004-08-04 12:00 1311232 c:\windows\$NtUninstallKB978542$\msoe.dll

+ 2010-06-10 03:20 . 2004-08-04 12:00 1287680 c:\windows\$NtUninstallKB975562$\quartz.dll

- 2010-04-03 02:29 . 2010-04-03 02:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp

+ 2010-04-03 03:29 . 2010-04-03 03:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp

+ 2010-04-02 20:30 . 2010-04-02 20:30 17456640 c:\windows\Installer\39690.msp

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim"="c:\program files\AIM\aim.exe" [2010-10-12 4258136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSPower"="SiSPower.dll" [2005-01-04 49152]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-23 180269]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

c:\documents and settings\Compaq_Owner.YOUR-F78BF48CE2\Start Menu\Programs\Startup\

Compaq Organize.lnk - c:\program files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2005-6-23 36864]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\

Logitech . Product Registration.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

SpySubtract.lnk - c:\program files\InterMute\SpySubtract\sslaunch.exe [2005-6-23 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [11/20/2010 9:35 AM 10448]

.

Contents of the 'Scheduled Tasks' folder

2010-11-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-08 01:26]

2010-11-19 c:\windows\Tasks\Easy Internet Sign-up.job

- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-04 01:04]

2010-11-23 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 05:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\dsyukx7r.default\

FF - prefs.js: browser.startup.homepage - swagbucks.com

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-22 16:34

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(440)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'explorer.exe'(408)

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\catchme.dll

.

Completion time: 2010-11-22 16:35:55

ComboFix-quarantined-files.txt 2010-11-23 00:35

ComboFix2.txt 2010-11-20 02:04

ComboFix3.txt 2010-11-05 02:25

ComboFix4.txt 2010-10-30 03:25

ComboFix5.txt 2010-11-23 00:26

Pre-Run: 148,899,221,504 bytes free

Post-Run: 148,877,942,784 bytes free

- - End Of File - - 1D9DB3A5201B2FBC2DA0FF945149ACD7

Share this post


Link to post
Share on other sites

Do you still get the redbook.sys error message when attempting to start in normal mode?

Share this post


Link to post
Share on other sites

Meaning that normal mode works now or that you just get a BSOD without any filename?

Share this post


Link to post
Share on other sites

Please tap F8 on startup and see if you have an option "enable VGA mode" (or something alike, including VGA). If so, select that option and let me know what happens.

Share this post


Link to post
Share on other sites

At the F8 menu, do you have an option: Windows Domain controllers only (or something alike)? Try that if it is there and let me know what happens.

Share this post


Link to post
Share on other sites

Please look in c:\_otl\moved files\<date>\c\windows\system32\drivers and let me know what is in there.

If there is a file in there (should be something like: <filename>.tmp), upload it to http://www.virustotal.com and post me the results.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.