TheTechGuide Forum

General Category => Tech Clinic => Topic started by: jannetie on June 07, 2011, 05:25:43 AM

Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 07, 2011, 05:25:43 AM
Got a notice of low resources, a while later AVG Pro shut down. Started a reboot, at the same time AVG screen popped up saying it had caught something and was removing it. Saw the blue bar moving across the AVG box, but too fast to read anything. On reboot, only three icons loaded in system tray, Ad-Aware, Internet Connection, Speaker icon.

AVG still seems to run scheduled scans, but no malware turns up. I can't open programs from shortcuts, get Application Not Found box. Trying to open from C:\Program Files, I get the dialogue box asking what I want to open a program with. Can open some this way; others will open if I have a file saved, such as Word, Publisher, Photoshop. Can't open System Restore. Have opened other programs using the Browse bar on the dialogue box. Can't access most things in Control Panel either. Rundll32.exe seems to be missing. Also, I think the file removed when I tried the reboot and AVG popped up was LDA.exe. That's what AVG history shows me was sent to vault on14 May 2011: It says Malware-unknown - C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\LDA.exe. The delay in contacting you was because I was away several times since then with no access to my computer (dinosaur tower, Windows XP Media Center SP3). Also have Spyware Blaster and Spybot Search and Destroy running.

Running one of the free diagnostics shows a number of viruses/trojans/malware, but I'm not touching the registry on my own. Have tried downloading an MP3 as a test, but it goes to a temp folder (temporary internet folder doesn't show up anywhere either - have unhidden files/folders, etc.). Geez, infections all over the place - first the hemlock woolly adelgids on a half dozen of our trees, something going on with the oaks,  then my computer - sheesh!

Here's what I get from Hijack This; not sure if everything that should be there IS there:
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:45:24 AM, on 6/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\AGI\core\3.1\AGCoreService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Amazon\MP3 Downloader\AmazonMP3Downloader.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/m.spatafore/index.html (http://"http://www.geocities.com/m.spatafore/index.html")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://"http://go.microsoft.com/fwlink/?LinkId=69157")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://"http://go.microsoft.com/fwlink/?LinkId=54896")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop (http://"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://"http://go.microsoft.com/fwlink/?LinkId=54896")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://"http://go.microsoft.com/fwlink/?LinkId=69157")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: agcore.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: agcore.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: FlpLauncher Class - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 5 Suite\FpLaunch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MP3 Rocket Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\bak\NBJ.exe"
O4 - HKCU\..\Run: [EPSON Stylus C120 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCA.EXE /FU "C:\WINDOWS\TEMP\E_S2A3.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -update activex
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (http://"http://*.trymedia.com") (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (http://"http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab")
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab (http://"http://www.ipix.com/download/ipixx.cab")
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (http://"https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB")
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (http://"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab")
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab (http://"http://community.webshots.com/html/atx/wsaxcontrol.cab")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (http://"http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab")
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (http://"http://www.linkedin.com/cab/LinkedInContactFinderControl.cab")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eaglewings-eyrie.spaces.live.com//PhotoUpload/MsnPUpld.cab (http://"http://eaglewings-eyrie.spaces.live.com//PhotoUpload/MsnPUpld.cab")
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (http://"http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab")
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (http://"http://upload.facebook.com/controls/FacebookPhotoUploader3.cab")
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (http://"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146553036628 (http://"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146553036628")
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (http://"https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab")
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB (http://"http://community.webshots.com/html/WSPhotoUploader.CAB")
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (http://"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (http://"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab")
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab (http://"http://ax.emsisoft.com/asquared.cab")
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (http://"http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab")
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AG Core Services (AGCoreService) - AG Interactive - C:\Program Files\AGI\core\3.1\AGCoreService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c93368a590c2f5) (gupdate1c93368a590c2f5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 16994 bytes
 
Thanks!

Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 07, 2011, 07:07:56 PM
If you haven't used any program to empty your temporary files, DO NOT use any as we may lose some files we need

Download [color="#FF0000"]OTL.exe[/color] (http://"http://oldtimer.geekstogo.com/OTL.exe")[/url] by OldTimer to your Desktop.
In addition:
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Note: The log can also be found on your Desktop entitled SystemLook.txt
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 08, 2011, 06:25:31 AM
[quote name='guestolo' timestamp='1307491676' post='479733']
If you haven't used any program to empty your temporary files, DO NOT use any as we may lose some files we need

Download [color="#ff0000"]OTL.exe[/color] (http://"http://oldtimer.geekstogo.com/OTL.exe")[/url] by OldTimer to your Desktop.
In addition:
Please download [color="red"]SystemLook[/color] from one of the links below and save it to your Desktop.
[color="blue"]Download Mirror #1[/color] (http://"http://jpshortstuff.247fixes.com/SystemLook.exe")
[color="blue"]Download Mirror #2[/color] (http://"http://images.malwareremoval.com/jpshortstuff/SystemLook.exe")[/b]
Note: The log can also be found on your Desktop entitled SystemLook.txt
[/quote]

Tried OTL twice, nothing pops up, nothing shows anywhere. Had to run it using Compaq_Administ since programs won't open on their own. Will try Admin to see if that works. If that fails, will try to run instead of download.  No point in trying to run SystemLook, I can see by the icon I'm going to get "What program do you want to use to run this app" or whatever it asks. GRRRR!!

The only thing I've run to clean computer has been CCleanter. My browser is set to delete history when it closes. A Temp files folder is in Windows, but contains very little. Once unhidden it shows it has about 2 GB of content, but nothing is evident.
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 08, 2011, 07:53:54 AM
[quote name='guestolo' timestamp='1307491676' post='479733']
If you haven't used any program to empty your temporary files, DO NOT use any as we may lose some files we need

Download [color="#ff0000"]OTL.exe[/color] (http://"http://oldtimer.geekstogo.com/OTL.exe")[/url] by OldTimer to your Desktop.
In addition:
Please download [color="red"]SystemLook[/color] from one of the links below and save it to your Desktop.
[color="blue"]Download Mirror #1[/color] (http://"http://jpshortstuff.247fixes.com/SystemLook.exe")
[color="blue"]Download Mirror #2[/color] (http://"http://images.malwareremoval.com/jpshortstuff/SystemLook.exe")[/b]
Note: The log can also be found on your Desktop entitled SystemLook.txt
[/quote]

After checking the OldTimer page for OTL.exe and seeing the recommended settings and scan, finally got the OTL and EXTRA files; getting SystemLook.exe to run is a different story, wish me luck. Here are the OTL results:

OTL logfile created on: 6/8/2011 8:27:59 AM - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.48 Mb Total Physical Memory | 348.48 Mb Available Physical Memory | 36.36% Memory free
2.26 Gb Paging File | 1.43 Gb Available in Paging File | 63.32% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 67.24 Gb Free Space | 37.71% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.00 Gb Free Space | 12.51% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-55E5F9E3D2 | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgscanx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AGI\core\3.1\AGCoreService.exe (AG Interactive)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TabHook.dll (Wacom Technology, Corp.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8675ab0.dll ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AGCoreService) -- C:\Program Files\AGI\core\3.1\AGCoreService.exe (AG Interactive)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (InCDsrvR) InCD Helper (read only) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (PenClass) -- C:\WINDOWS\System32\Drivers\PenClass.sys (Wacom Technology Corporation)
DRV - (ATMhelpr) -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie (http://"http://www.google.com/ie")
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com (http://"http://www.google.com")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 (http://"http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/m.spatafore/index.html (http://"http://www.geocities.com/m.spatafore/index.html")
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Webshots\3.1.5.7613\Firefox [2009/07/09 15:25:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 22:36:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/25 14:03:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/02/20 18:56:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/02/20 18:56:03 | 000,000,000 | ---D | M]
 
[2009/03/06 08:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2009/03/06 08:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\[email protected]
 
O1 HOSTS File: ([2010/01/06 21:05:34 | 000,372,715 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 www.007guard.com (http://"http://www.007guard.com")
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com (http://"http://www.008k.com")
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com (http://"http://www.00hq.com")
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com (http://"http://www.032439.com")
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com (http://"http://www.100888290cs.com")
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com (http://"http://www.100sexlinks.com")
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com (http://"http://www.10sek.com")
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com (http://"http://www.123topsearch.com")
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com (http://"http://www.132.com")
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net (http://"http://www.136136.net")
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com (http://"http://www.163ns.com")
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 12848 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 5 Suite\FpLaunch.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} -  File not found
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Webshots Toolbar) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  File not found
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Webshots Toolbar) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [PCDrProfiler]  File not found
O4 - HKLM..\Run: [SunJavaUpdateSched]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus C120 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\bak\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Webshots Photo Search - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: //@mail.mar@/ (http://"") ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@/ (http://"") ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: utorrent.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (http://"http://office.microsoft.com/templates/ieawsdc.cab") (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (http://"http://www.apple.com/qtactivex/qtplugin.cab") (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (http://"http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab") (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (http://"http://www.ipix.com/download/ipixx.cab") (iPIX ActiveX Control)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (http://"https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB") (Hewlett-Packard Online Support Services)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (http://"http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab") (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (http://"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab") (Symantec AntiVirus scanner)
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} http://community.webshots.com/html/atx/wsaxcontrol.cab (http://"http://community.webshots.com/html/atx/wsaxcontrol.cab") (Webshots Multiple Media Uploader - Container)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (http://"http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab") (SentinelProxy Class)
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab (http://"http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab") (SentinelProxy Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (http://"http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab") (DLM Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (http://"http://www.linkedin.com/cab/LinkedInContactFinderControl.cab") (LinkedIn ContactFinderControl)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://eaglewings-eyrie.spaces.live.com//PhotoUpload/MsnPUpld.cab (http://"http://eaglewings-eyrie.spaces.live.com//PhotoUpload/MsnPUpld.cab") (MSN Photo Upload Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (http://"http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab") (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (http://"http://upload.facebook.com/controls/FacebookPhotoUploader3.cab") (Facebook Photo Uploader 4 Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (http://"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab") (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146553036628 (http://"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146553036628") (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (http://"https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab") (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (http://"http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab") (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (http://"http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab") (Reg Error: Key error.)
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} http://community.webshots.com/html/WSPhotoUploader.CAB (http://"http://community.webshots.com/html/WSPhotoUploader.CAB") (Webshots Photo Uploader)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (http://"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx") (Get_ActiveX Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (http://"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab") (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (http://"http://ax.emsisoft.com/asquared.cab") (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (http://"http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab") (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (http://"http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab") (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (http://"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab") (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (http://"http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab") (Facebook Photo Uploader 4)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (http://"file://C:\WINDOWS\Java\classes\xmldso.cab") (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -  File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/28 13:41:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 06:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{2463e53b-e8e7-11de-8726-000c41242708}\Shell - "" = AutoRun
O33 - MountPoints2\{2463e53b-e8e7-11de-8726-000c41242708}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2463e53b-e8e7-11de-8726-000c41242708}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{561d839c-3df5-11de-86a8-000c41242708}\Shell - "" = AutoRun
O33 - MountPoints2\{561d839c-3df5-11de-86a8-000c41242708}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{561d839c-3df5-11de-86a8-000c41242708}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\lda.exe" -a "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\lda.exe" -a "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/06/08 08:22:47 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/04 03:43:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2011/05/27 05:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/27 05:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\HiJackThis
[2011/05/27 05:44:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.exe
[2011/05/27 01:35:36 | 003,194,296 | ---- | C] (Javacool Software LLC                                       ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\spywareblastersetup44.exe
[2011/05/27 01:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\ADOBE PS CS3 AND 4
[2011/05/27 01:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\JANICE STUFF  FROM DESKTOP
[2011/05/21 01:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/21 01:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/21 01:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/06/08 08:23:14 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
[2011/06/08 08:22:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/08 08:18:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/08 08:02:04 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/08 08:01:11 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/08 07:07:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/08 06:20:43 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SystemLook.exe
[2011/06/08 06:11:48 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3256EB39-0743-422A-887B-7F74D01AD364}.job
[2011/06/08 05:56:42 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/08 05:56:14 | 000,000,317 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2011/06/08 05:55:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/08 05:55:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/08 05:55:28 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/08 00:36:21 | 000,022,016 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/07 22:16:56 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/07 21:48:31 | 117,528,362 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/07 02:49:48 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Compaq_Administrator\Desktop\HijackThis.exe
[2011/06/07 02:49:05 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HiJackThis.msi
[2011/06/04 15:59:59 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2011/06/03 21:59:31 | 000,654,320 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/06/03 13:04:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/28 04:58:54 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Webshots.lnk
[2011/05/27 01:35:44 | 003,194,296 | ---- | M] (Javacool Software LLC                                       ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\spywareblastersetup44.exe
[2011/05/21 01:58:05 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/14 21:24:51 | 000,001,224 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/14 21:24:51 | 000,001,224 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/06/08 06:20:43 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SystemLook.exe
[2011/05/27 05:44:31 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\HiJackThis.msi
[2011/05/21 01:58:05 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/14 21:24:34 | 000,001,224 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/14 21:24:33 | 000,001,224 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/01/13 15:53:51 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
[2010/12/15 14:22:04 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/12/15 14:41:19 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/12/15 14:41:19 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/12/15 14:41:19 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/12/15 14:41:18 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/12/15 12:22:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVSDVDPlayer.m3u
[2009/08/13 20:35:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2009/08/10 18:21:53 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/08/10 18:21:53 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/08/10 18:21:53 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/04/20 22:39:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV700SERIES.ini
[2009/04/11 17:25:09 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PRF_MI_B.INI
[2009/04/11 17:21:28 | 000,000,313 | ---- | C] () -- C:\WINDOWS\PRF_MI.INI
[2008/12/10 17:10:24 | 000,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL
[2008/12/10 17:10:24 | 000,004,528 | ---- | C] () -- C:\WINDOWS\SETBROWS.EXE
[2008/12/10 17:10:23 | 000,009,136 | ---- | C] () -- C:\WINDOWS\INETWH16.DLL
[2008/08/01 16:56:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/08/01 16:56:28 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/08/01 16:56:28 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/08/01 16:56:28 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/08/01 16:56:28 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/08/01 16:56:28 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/08/01 16:56:28 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/08/01 16:56:28 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/08/01 16:56:28 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/08/01 16:56:28 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/08/01 16:56:28 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/08/01 16:56:28 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/08/01 16:56:28 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/08/01 16:56:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/08/01 16:56:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/08/01 16:56:28 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/08/01 16:55:20 | 000,000,077 | ---- | C] () -- C:\WINDOWS\EPSC120.ini
[2008/07/13 03:06:33 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ScratchRemoval.dll
[2008/04/18 18:51:02 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/03/16 00:20:30 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\PnIC.dll
[2008/03/16 00:20:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\gm_dll1.dll
[2007/11/11 20:34:36 | 000,022,016 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 03:03:23 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/25 13:57:06 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/24 00:49:55 | 000,000,839 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/08/10 23:45:13 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/10 03:30:58 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\GetInst32.dll
[2007/06/21 13:01:18 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2007/05/28 02:59:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/05/19 23:41:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/04 13:14:24 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/01/23 17:12:16 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini
[2006/11/20 02:15:26 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/09/23 04:39:57 | 000,000,020 | ---- | C] () -- C:\WINDOWS\HPPREC~1.INI
[2006/09/23 04:28:17 | 000,274,948 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2006/08/03 16:42:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/05/18 18:32:58 | 000,068,939 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2006/05/18 18:32:58 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2006/05/17 22:06:09 | 000,000,317 | ---- | C] () -- C:\WINDOWS\System32\wacom.dat
[2006/05/17 22:06:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2006/05/17 22:06:06 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[2006/05/17 22:05:02 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2006/05/17 22:05:02 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2006/05/02 00:04:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2006/04/24 02:51:03 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/04/24 02:32:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/04/24 02:31:41 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/24 02:30:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/31 00:57:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
[2006/03/30 17:11:39 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2006/03/11 23:35:17 | 000,248,832 | ---- | C] () -- C:\WINDOWS\System32\ECircles.dll
[2006/03/11 23:35:17 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
[2006/03/02 15:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/02/27 09:25:38 | 000,000,177 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/02/27 07:06:59 | 000,021,348 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\W77X4
[2006/02/26 05:05:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2006/02/26 02:12:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/02/26 02:11:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/02/26 02:09:15 | 000,000,118 | ---- | C] () -- C:\WINDOWS\A11U.INI
[2006/02/24 22:37:16 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/02/24 22:26:45 | 000,151,552 | ---- | C] () -- C:\WINDOWS\UNUSBDRV.EXE
[2006/02/23 22:00:39 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\venlx32n.dll
[2006/02/23 16:32:08 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/02/23 16:28:46 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006/02/23 16:28:45 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/02/23 05:13:13 | 000,005,186 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2006/02/23 05:04:09 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2006/02/23 05:04:09 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006/02/23 05:04:09 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2006/02/23 05:04:09 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2006/02/23 05:04:04 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/02/23 05:04:04 | 000,048,640 | ---- | C] () -- C:\WINDOWS\catalogSubInstaller.exe
[2006/02/23 01:32:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/02/21 22:01:05 | 000,000,143 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2005/11/11 17:57:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/11 17:36:25 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/11 17:32:20 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2005/11/11 17:31:25 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/11 17:31:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/11 17:28:57 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/11 17:26:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/11 17:22:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/11 17:22:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/11 17:22:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/11 17:22:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/11 17:22:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/11 17:22:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/11 17:17:29 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/11 17:16:33 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/11/11 17:16:33 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/11 17:11:36 | 000,072,082 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2005/11/11 17:10:40 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/11 17:06:21 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/11/11 16:55:07 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/11 16:48:53 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/11 16:48:53 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/11 16:48:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/11/11 06:43:28 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2005/11/11 06:43:24 | 000,887,296 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 03:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/07/02 09:36:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/02 09:34:10 | 003,154,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/02 09:28:10 | 000,443,582 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/07/02 09:28:10 | 000,072,738 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/28 13:41:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/28 13:36:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/27 01:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/08 13:38:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2002/07/26 15:09:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2002/07/22 17:57:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2001/08/23 19:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 19:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 04:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
 
========== LOP Check ==========
 
[2009/07/09 15:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2011/05/25 14:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/01/07 01:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/17 20:14:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/07 01:44:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/02/18 17:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2008/05/04 22:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/12/16 05:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fKpCf06308
[2011/05/25 12:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/02/26 02:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft
[2008/01/11 17:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2008/05/16 02:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redfield
[2006/03/25 18:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/01/28 01:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMSI
[2011/05/27 01:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/08/18 14:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2011/02/20 19:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/09 17:59:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2009/08/07 14:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/09 15:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AGI
[2009/09/01 17:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Amazon
[2008/04/18 12:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Anthropics
[2011/01/07 01:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVG10
[2010/12/08 02:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVG9
[2010/11/24 01:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent
[2005/11/11 17:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Digital Interactive Systems Corporation
[2006/02/23 03:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\EBookSys
[2009/04/21 04:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\EPSON
[2008/08/21 19:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Flickr
[2007/09/14 15:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\fltk.org
[2009/12/15 14:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\GetRightToGo
[2009/01/05 11:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Inkscape
[2008/10/31 01:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\InterVideo
[2010/09/27 14:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Lasersoft Imaging
[2009/04/21 00:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leader Technologies
[2006/02/23 23:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech
[2011/06/06 03:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\LimeWire
[2011/02/06 16:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MP3Rocket
[2007/12/16 18:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MSNInstaller
[2006/08/25 16:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Musicmatch
[2006/02/26 02:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\NewSoft
[2009/09/03 02:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Opera
[2008/10/19 22:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Skinux
[2007/03/23 23:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Smith Micro
[2009/07/09 15:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Temp
[2006/03/31 12:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Template
[2007/09/05 10:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\uk.co.planetside
[2007/07/03 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Uniblue
[2006/02/25 07:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Webshots
[2008/04/18 18:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
[2011/06/08 07:07:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/06/08 08:01:11 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/06/08 06:11:48 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3256EB39-0743-422A-887B-7F74D01AD364}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\fft.rar:SummaryInformation
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D6E5D55
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

OTL Extras logfile created on: 6/8/2011 8:27:59 AM - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.48 Mb Total Physical Memory | 348.48 Mb Available Physical Memory | 36.36% Memory free
2.26 Gb Paging File | 1.43 Gb Available in Paging File | 63.32% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 67.24 Gb Free Space | 37.71% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.00 Gb Free Space | 12.51% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-55E5F9E3D2 | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 08, 2011, 08:17:09 AM
SystemLook file:

SystemLook 04.09.10 by jpshortstuff
Log created at 08:57 on 08/06/2011 by Compaq_Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "Rundll32.exe"
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe ------- 33280 bytes [20:36 28/07/2008] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6
C:\WINDOWS\system32\rundll32.exe --a---- 33280 bytes [12:00 10/08/2004] [00:12 14/04/2008] 037B1E7798960E0420003D05BB577EE6

-= EOF =-

Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 09, 2011, 07:20:10 PM
Sorry for the delay, I want you to run a specific tool, but it doesn't play well with AVG, unfortuneately, uninstalling AVG till we are done might be a possibility
Is that a problem??
Do you know the procedure to uninstall and reinstall the paid version?
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 09, 2011, 08:58:17 PM
[quote name='guestolo' timestamp='1307665210' post='479748']
Sorry for the delay, I want you to run a specific tool, but it doesn't play well with AVG, unfortuneately, uninstalling AVG till we are done might be a possibility
Is that a problem??
Do you know the procedure to uninstall and reinstall the paid version?
[/quote]

No problem; thanks for your reply! I have the CD for AVG Pro, so uninstall then re-install, and just do the updates I'm guessing. I doubt I can access it through Control Panel though. I can try to uninstall from the program itself.
Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 09, 2011, 10:04:00 PM
Can you do the following please, if you get stuck on a step, post back, we'll try alternatives

Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot

Window's Defender
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Reboot the computer afterwards, back in Windows
Try Uninstalling AVG, if you have problems
Run the AVG removal tool found here
http://www.avg.com/us-en/utilities

Ensure to reboot after removal, back in Windows
Download ComboFix from the following location

[color="#0000FF"]Link 1[/color] (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")
Save it ONLY to your Desktop

      --------------------------------------------------------------------



[color="#2e8b57"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 10, 2011, 06:10:44 AM
[quote name='guestolo' timestamp='1307675040' post='479750']
Can you do the following please, if you get stuck on a step, post back, we'll try alternatives

Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection. You can enable it after you're clean.
To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted
Close Spybot

Window's Defender
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Reboot the computer afterwards, back in Windows
Try Uninstalling AVG, if you have problems
Run the AVG removal tool found here
http://www.avg.com/us-en/utilities (http://"http://www.avg.com/us-en/utilities")

Ensure to reboot after removal, back in Windows
Download ComboFix from the following location

[color="#0000ff"]Link 1[/color] (http://"http://download.bleepingcomputer.com/sUBs/ComboFix.exe")
Save it ONLY to your Desktop

      --------------------------------------------------------------------

[color="#2e8b57"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please
[/quote]


Well, nothing works. I can't open Spybot SD to disable TeaTimer. It appears Windows Defender is already turned off. Can't uninstall AVG either with the program or with the downloadable tool; I get the "Open With" box no matter what I try. Spybot won't open at all; AVG just opens to security screen telling me everything is operating properly. I'm not sure if I can disable AVG, but that might not be enough anyway. Is it possible to shut AVG and TeaTimer off safely using Task Manager Processes?? I'm pretty much stuck regarding what to do next.
Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 10, 2011, 08:53:09 AM
try the following
nload and save to desktop FixNCR.reg (http://"http://download.bleepingcomputer.com/reg/FixNCR.reg")
Double click on FixNCR.reg and allow to add/merge to the registry at the prompt

then try and carry on with the previous instructions
You may have to reboot the computer for it to take effect
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 10, 2011, 12:00:46 PM
[quote name='guestolo' timestamp='1307713989' post='479752']
try the following
nload and save to desktop FixNCR.reg (http://"http://download.bleepingcomputer.com/reg/FixNCR.reg")
Double click on FixNCR.reg and allow to add/merge to the registry at the prompt

then try and carry on with the previous instructions
You may have to reboot the computer for it to take effect
[/quote]


FixNCR.reg worked like a charm; thanks. TeaTimer turned off and AVD uninstalled. But must go out for a little while. Will run ComboFix when I get back. Thank you.
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 10, 2011, 08:50:04 PM
[quote name='guestolo' timestamp='1307713989' post='479752']
try the following
nload and save to desktop FixNCR.reg (http://"http://download.bleepingcomputer.com/reg/FixNCR.reg")
Double click on FixNCR.reg and allow to add/merge to the registry at the prompt

then try and carry on with the previous instructions
You may have to reboot the computer for it to take effect
[/quote]


FixNCR.reg fixed the problems of my not being able to open other programs also, e.g. Word.
Here is the ComboFix log:

ComboFix 11-06-10.09 - Compaq_Administrator 06/10/2011  20:46:58.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.958.377 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Compaq_Administrator\gm_dll1.dll
c:\documents and settings\Compaq_Administrator\Local Settings\Temp\IadHide5.dll
c:\documents and settings\Compaq_Administrator\My Documents\NOTEPAD_UNUSUAL MESSAGE FROM SYS 32 FOLDER.txt
c:\documents and settings\Compaq_Administrator\PnIC.dll
c:\documents and settings\Compaq_Administrator\Templates\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
c:\documents and settings\Compaq_Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\program files\WinBudget
c:\program files\WinBudget\bin\matrix.dat
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\encapi32.dll
c:\windows\system32\regobj.dll
c:\windows\system32\system
D:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2011-05-11 to 2011-06-11  )))))))))))))))))))))))))))))))
.
.
2011-06-07 09:44 . 2011-06-07 09:44 388096 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-27 09:46 . 2011-05-27 09:46 -------- d-----w- c:\program files\Trend Micro
2011-05-21 05:56 . 2011-05-21 05:56 -------- d-----w- c:\program files\iPod
2011-05-21 05:56 . 2011-05-21 05:57 -------- d-----w- c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
[-] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
.
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2004-08-10 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys
.
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\kbdclass.sys
.
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
[-] 2004-08-10 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys
.
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys
[-] 2004-08-11 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2004-08-10 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\I386\NTFS.SYS
.
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2004-08-10 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2004-08-10 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2004-08-10 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-10 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
.
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2004-08-10 12:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll
[-] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2004-08-10 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe
[-] 2004-08-10 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2004-08-10 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
.
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2004-08-10 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-11 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-11 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2004-08-10 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-10 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2004-08-10 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 11:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2005-07-26 11:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-10 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2004-08-10 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll
.
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2004-08-10 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2004-08-10 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2004-08-10 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll
.
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2004-08-11 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2004-08-11 . 98EC447E00229AFD88D5161A25D065DA . 343040 . . [7.0.2600.2180] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll
[-] 2004-08-10 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2004-08-10 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2002-08-29 . 886A6C3C185AAEDECD00477F72279B07 . 323072 . . [7.0.2600.1106] . . c:\windows\system32\PhotoImpression Slideshow\msvcrt.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2004-08-10 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2004-08-10 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2004-08-10 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2004-08-10 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[-] 2004-08-10 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2004-08-10 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
.
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-10 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2004-08-10 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2004-08-10 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2help.dll
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2004-08-10 . 9BEACB911CA61E5881102188AB7FB431 . 19968 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2help.dll
.
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2004-08-10 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-11 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
[-] 2004-08-10 . 783AFC80383C176B22DBF8333343992D . 146432 . . [5.1.2600.2180] . . c:\windows\I386\REGEDIT.EXE
.
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
[-] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ole32.dll
[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll
[-] 2005-07-26 . AB8231D13692AC5088EB9C226B0C0576 . 1285120 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\ole32.dll
[-] 2004-08-10 . 4FE9D9FA62D020E35E0AC6D1AEEB96F0 . 1281536 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB902400$\ole32.dll
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\ServicePackFiles\i386\usp10.dll
[-] 2004-08-10 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2004-08-10 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2004-08-10 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2004-08-10 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
.
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2004-08-10 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll
.
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2004-08-10 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\bak\ctfmon.exe
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2004-08-10 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2004-08-10 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2004-08-10 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2005-03-10 . C29A5286E64D97385178452D5F307B98 . 295424 . . [5.1.2600.2627] . . c:\windows\$NtServicePackUninstall$\termsrv.dll
.
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2004-08-10 . 765B30C776A1780B46B479FE614F707C . 344064 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2004-08-10 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll
.
[-] 2004-08-10 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
[-] 2004-08-04 13:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[-] 2004-08-10 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-10 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2004-08-10 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll
.
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-08-04 09:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-08-04 09:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-10 12:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2004-08-10 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll
[-] 2004-08-10 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2004-08-10 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2004-08-10 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\ddraw.dll
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2004-08-10 . 7ED462F353B3D915A418A689FA881F96 . 266240 . . [5.03.2600.2180] . . c:\windows\$NtServicePackUninstall$\ddraw.dll
.
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\olepro32.dll
[-] 2008-04-14 00:12 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2004-08-10 12:00 . B48D3193DD1474DCBCC32BF4779AC698 . 83456 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\perfctrs.dll
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2004-08-10 . 96492C721C6EA517E2BFD5381FEF55E3 . 39936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\version.dll
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2004-08-10 . D38408967BE738D0C1B47005BCE8CEEB . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\version.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2004-08-10 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\w32time.dll
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2004-08-10 . 2B281958F5D0CF99ED626E3EF39D5C8D . 174592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wiaservc.dll
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2006-12-19 . D9F097AA3B97034D3358A01B43E635B2 . 333824 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
[-] 2006-12-19 . B6763F8534AC547CF1AF98AFDFF2EDC8 . 333824 . . [5.1.2600.3051] . . c:\windows\$NtServicePackUninstall$\wiaservc.dll
[-] 2004-08-10 . D9F6C4F6B1E188ADAFC42B561D9BC2E6 . 333312 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB927802$\wiaservc.dll
.
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\midimap.dll
[-] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2004-08-10 . 3B4702155BB2AE9DC00C06A68834BDFA . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rasadhlp.dll
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2006-06-26 . B5D08C96B2DADAF5171FB69E341B272B . 7680 . . [5.1.2600.2938] . . c:\windows\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
[-] 2006-06-26 . 5F098BD2AE6B03044B085DECFFDF91EC . 8192 . . [5.1.2600.2938] . . c:\windows\$NtServicePackUninstall$\rasadhlp.dll
[-] 2004-08-10 . 4CAEC028C1E21C75E17877D4522D3DB4 . 8192 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB920683$\rasadhlp.dll
.
(((((((((((((((((((((((((((((((((((((((((((((   AWF   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agcore.AGUtils]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 03:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\bak\NBJ.exe" [2005-04-14 1957888]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-16 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"="" [N/A]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [N/A]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"MFARestart"="c:\documents and settings\All Users\Application Data\MFAData\pack\avgrunasx.exe" [N/A]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\3.1.5.7613\Launcher.exe [2009-7-9 157000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-23 113664]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-2-23 113664]
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2005-11-11 36903]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-9-26 135680]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickScan (OpticFilm 7200).lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickScan (OpticFilm 7200).lnk
backup=c:\windows\pss\QuickScan (OpticFilm 7200).lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickScan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickScan.lnk
backup=c:\windows\pss\QuickScan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express Calendar Checker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express Calendar Checker.lnk
backup=c:\windows\pss\Ulead Photo Express Calendar Checker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Screen Saver Control.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\Screen Saver Control.lnk
backup=c:\windows\pss\Screen Saver Control.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 04:06 2321600 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
2005-08-03 07:19 77312 ----a-w- c:\windows\arpwrmsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-04-17 18:14 98616 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2006-04-22 03:28 1073152 ----a-w- c:\program files\DISC\DISCover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
2005-09-27 07:42 61440 ----a-w- c:\program files\DISC\DISCUpdateMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2007-10-28 14:11 915920 ------w- c:\program files\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 05:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTCM Client]
2009-03-02 23:01 1583808 ----a-w- c:\program files\LTCM Client\ltcmClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-16 03:22 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USSShReg]
1997-11-23 09:16 20992 ------w- c:\progra~1\ULEADS~1\ULEADP~1.2\SSaver\USSSHREG.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\CCleaner\\ccleaner.exe"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1036:TCP"= 1036:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/14/2009 7:01 AM 64288]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2/27/2006 9:26 AM 4064]
R2 AGCoreService;AG Core Services;c:\program files\AGI\core\3.1\AGCoreService.exe [7/9/2009 3:25 PM 20480]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/10/2004 8:00 AM 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/6/2010 1:28 PM 1378040]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/11/2010 7:02 AM 15264]
S2 gupdate1c93368a590c2f5;Google Update Service (gupdate1c93368a590c2f5);c:\program files\Google\Update\GoogleUpdate.exe [10/21/2008 6:34 AM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 .ntsrsacp;.ntsrsacp;
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/21/2008 6:34 AM 133104]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ    Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 11:04]
.
2011-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-06-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-16 01:01]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-21 14:00]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-10-21 14:00]
.
2011-06-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 03:44]
.
2011-06-10 c:\windows\Tasks\User_Feed_Synchronization-{3256EB39-0743-422A-887B-7F74D01AD364}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.geocities.com/m.spatafore/index.html
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Webshots Photo Search - c:\program files\Webshots\3.1.5.7613\WSToolbar4IE.dll/MENUSEARCH.HTM
Trusted Zone: utorrent.com\www
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab (http://"file://c:\windows\Java\classes\xmldso.cab")
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{02696AD5-FF96-454b-9E00-81DA8B79B678} - (no file)
AddRemove-05E21449-3BA3-42BF-BBDA-95205F4EA40A - c:\program files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe
AddRemove-3330A279-CC39-4A17-AE19-DA464B26AD9A - c:\program files\WildTangent\Apps\GameChannel\Games\3330A279-CC39-4A17-AE19-DA464B26AD9A\Uninstall.exe
AddRemove-3B3B73D1-DC4A-4780-B0E4-E823D08B3397 - c:\program files\WildTangent\Apps\GameChannel\Games\3B3B73D1-DC4A-4780-B0E4-E823D08B3397\Uninstall.exe
AddRemove-5AF1DD17-7B06-45EF-8592-2E524E458BAB - c:\program files\WildTangent\Apps\GameChannel\Games\5AF1DD17-7B06-45EF-8592-2E524E458BAB\Uninstall.exe
AddRemove-997DD523-B925-4C73-970B-C201E8F781AD - c:\program files\WildTangent\Apps\GameChannel\Games\997DD523-B925-4C73-970B-C201E8F781AD\Uninstall.exe
AddRemove-Compaq Game Console - c:\program files\WildTangent\Apps\hpuninstall.exe
AddRemove-E1A0F769-A43A-4DDB-9F73-12791E453557 - c:\program files\WildTangent\Apps\GameChannel\Games\E1A0F769-A43A-4DDB-9F73-12791E453557\Uninstall.exe
AddRemove-ServiWin - c:\windows\zipinst.exe
AddRemove-MiraScanV3.40 - c:\windows\Twain_32\Mira3_40\Uninst.isu
.
Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 11, 2011, 11:49:34 AM
Can I have you run a few more tools and post some extra logs

Please do the following:
1. Download Security Check by screen317 from here (http://"http://screen317.spywareinfoforum.org/SecurityCheck.exe") or here (http://"http://screen317.changelog.fr/SecurityCheck.exe").2. 3. can you reopen OTL.exe, run a Quick Scan and post the new report that opens when done

4. Download and save to Desktop [color="#0000FF"]ESET Online Scanner[/color] (http://"http://download.eset.com/special/eos/esetsmartinstaller_enu.exe")[/url]
Double click on esetsmartinstaller_enu.exe
Put a tick in "Yes, I accept the Terms of Use" then click START

Eset will download components
When done click START again

Downloading of Virus signature database will begin
Depending on your connection speed, this can take awhile
When complete the scan will start
This scan can take some time, so be patient

Once the scan is completed, you may close the window
   
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt    
Copy and paste that log as a reply to this topic

Keep me informed how things are running please
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 11, 2011, 04:02:18 PM
[quote name='guestolo' timestamp='1307810974' post='479757']
Can I have you run a few more tools and post some extra logs

Please do the following:
1. Download Security Check by screen317 from here (http://"http://screen317.spywareinfoforum.org/SecurityCheck.exe") or here (http://"http://screen317.changelog.fr/SecurityCheck.exe").2. 3. can you reopen OTL.exe, run a Quick Scan and post the new report that opens when done

4. Download and save to Desktop [color="#0000ff"]ESET Online Scanner[/color] (http://"http://download.eset.com/special/eos/esetsmartinstaller_enu.exe")[/url]
Double click on esetsmartinstaller_enu.exe
Put a tick in "Yes, I accept the Terms of Use" then click START

Eset will download components
When done click START again

Downloading of Virus signature database will begin
Depending on your connection speed, this can take awhile
When complete the scan will start
This scan can take some time, so be patient

Once the scan is completed, you may close the window
   
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt    
Copy and paste that log as a reply to this topic

Keep me informed how things are running please
[/quote]


Having another problem now; had to reinstall AVG, since I needed to be online, and lost my internet connection. Am working from my partner's computer. As soon as I figure out how to reconnect (it's a cable connection), I'll do the additional scans. Or do I need to uninstall AVG again to do these tests? From the little research I've done, even uninstalling AVG hasn't solved the problem of the internet connection for lots of people. Weird, since installing it the first time never caused a problem that I can remember. As far as I can tell, we might have to contact our service provider (Time-Warner Cable) to get reconnected. The AVG scan this am did pick up a couple viruses, even though I was unable to do the updates or enable the firewall. The computer is off for the time being. I'll try downloading the programs mentioned above to this comptuer, saving them to CD, and opening them on my computer. Thanks for all your help so far!

N.B. I see you want another scan of OTL, so I'll be uninstalling AVG again..
Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 11, 2011, 06:15:34 PM
Quote
had to reinstall AVG, since I needed to be online, and lost my internet connection.

Did you lose internet connection After installing AVG?
If yes, then uninstall AVG again, reboot
Run the AVG removal tool I linked to earlier, reboot
Does that get you back online?
If yes, run the tools I mentioned in my previous post please

NOTE: It was ComboFix that has a conflict with AVG
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 11, 2011, 07:58:19 PM
[quote name='guestolo' timestamp='1307834134' post='479759']
Did you lose internet connection After installing AVG?
If yes, then uninstall AVG again, reboot
Run the AVG removal tool I linked to earlier, reboot
Does that get you back online?
If yes, run the tools I mentioned in my previous post please

NOTE: It was ComboFix that has a conflict with AVG
[/quote]

Right, ComboFix, my mistake. Yes, lost the connection after I reinstalled AVG. Will follow your directions and see what happens. Thanks.
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 11, 2011, 10:13:25 PM
[quote name='guestolo' timestamp='1307834134' post='479759']
Did you lose internet connection After installing AVG?
If yes, then uninstall AVG again, reboot
Run the AVG removal tool I linked to earlier, reboot
Does that get you back online?
If yes, run the tools I mentioned in my previous post please

NOTE: It was ComboFix that has a conflict with AVG
[/quote]


Back online, thanks for the AVG removal tool tip. Running the additional tests now.
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 11, 2011, 11:26:22 PM
[quote name='guestolo' timestamp='1307810974' post='479757']
Can I have you run a few more tools and post some extra logs

Please do the following:
1. Download Security Check by screen317 from here (http://"http://screen317.spywareinfoforum.org/SecurityCheck.exe") or here (http://"http://screen317.changelog.fr/SecurityCheck.exe").2. 3. can you reopen OTL.exe, run a Quick Scan and post the new report that opens when done

4. Download and save to Desktop [color="#0000ff"]ESET Online Scanner[/color] (http://"http://download.eset.com/special/eos/esetsmartinstaller_enu.exe")[/url]
Double click on esetsmartinstaller_enu.exe
Put a tick in "Yes, I accept the Terms of Use" then click START

Eset will download components
When done click START again

Downloading of Virus signature database will begin
Depending on your connection speed, this can take awhile
When complete the scan will start
This scan can take some time, so be patient

Once the scan is completed, you may close the window
   
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt    
Copy and paste that log as a reply to this topic

Keep me informed how things are running please
[/quote]


SECURITY CHECK LOG:

 Results of screen317's Security Check version 0.99.7  
 Windows XP Service Pack 3  
 Internet Explorer 8  
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled!  
 Antivirus up to date!  
```````````````````````````````
Anti-malware/Other Utilities Check:
 Ad-Aware
 Malwarebytes' Anti-Malware    
 CCleaner    
 Java(TM) 6 Update 20  
 Out of date Java installed!
 Adobe Flash Player 10.0.45.2  
Adobe Reader 8.1.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:  
objlist.exe by Laurent
 Ad-Aware AAWService.exe
 Ad-Aware AAWTray.exe
``````````End of Log````````````
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 11, 2011, 11:55:19 PM
[quote name='guestolo' timestamp='1307810974' post='479757']
Can I have you run a few more tools and post some extra logs

Please do the following:
2. Keep me informed how things are running please
[/quote]


2011/06/12 00:49:27.0437 2916 TDSS rootkit removing tool 2.5.4.0 Jun  7 2011 17:31:48
2011/06/12 00:49:27.0750 2916 ================================================================================
2011/06/12 00:49:27.0750 2916 SystemInfo:
2011/06/12 00:49:27.0750 2916
2011/06/12 00:49:27.0750 2916 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/12 00:49:27.0750 2916 Product type: Workstation
2011/06/12 00:49:27.0750 2916 ComputerName: YOUR-55E5F9E3D2
2011/06/12 00:49:27.0750 2916 UserName: Compaq_Administrator
2011/06/12 00:49:27.0750 2916 Windows directory: C:\WINDOWS
2011/06/12 00:49:27.0750 2916 System windows directory: C:\WINDOWS
2011/06/12 00:49:27.0750 2916 Processor architecture: Intel x86
2011/06/12 00:49:27.0750 2916 Number of processors: 1
2011/06/12 00:49:27.0750 2916 Page size: 0x1000
2011/06/12 00:49:27.0750 2916 Boot type: Normal boot
2011/06/12 00:49:27.0750 2916 ================================================================================
2011/06/12 00:49:29.0203 2916 Initialize success
2011/06/12 00:49:34.0140 0520 ================================================================================
2011/06/12 00:49:34.0140 0520 Scan started
2011/06/12 00:49:34.0140 0520 Mode: Manual;
2011/06/12 00:49:34.0140 0520 ================================================================================
2011/06/12 00:49:36.0593 0520 ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/12 00:49:36.0671 0520 ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/12 00:49:37.0031 0520 aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/12 00:49:37.0125 0520 Afc             (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/06/12 00:49:37.0171 0520 AFD             (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/12 00:49:37.0250 0520 AgereSoftModem  (b7d2103eb2ecb765b2b7106bad089ab1) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/06/12 00:49:38.0031 0520 ALCXWDM         (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/06/12 00:49:40.0031 0520 AmdK8           (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/06/12 00:49:40.0171 0520 AN983           (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
2011/06/12 00:49:40.0281 0520 aracpi          (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
2011/06/12 00:49:40.0359 0520 arhidfltr       (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
2011/06/12 00:49:40.0421 0520 arkbcfltr       (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
2011/06/12 00:49:40.0453 0520 armoucfltr      (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
2011/06/12 00:49:40.0546 0520 Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/12 00:49:40.0625 0520 ARPolicy        (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
2011/06/12 00:49:40.0859 0520 Aspi32          (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\aspi32.sys
2011/06/12 00:49:40.0968 0520 AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/12 00:49:41.0031 0520 atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/12 00:49:41.0437 0520 ati2mtag        (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/12 00:49:42.0093 0520 Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/12 00:49:42.0156 0520 ATMhelpr        (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys
2011/06/12 00:49:42.0250 0520 audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/12 00:49:42.0343 0520 Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/12 00:49:42.0546 0520 cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/12 00:49:42.0640 0520 Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/12 00:49:42.0718 0520 Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/12 00:49:42.0812 0520 Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/12 00:49:43.0171 0520 CO_Mon          (6be1d6403727bdd8a2b2568dbe6bfb8b) C:\WINDOWS\system32\Drivers\CO_Mon.sys
2011/06/12 00:49:43.0578 0520 Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/12 00:49:43.0656 0520 dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/12 00:49:44.0250 0520 dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/12 00:49:44.0281 0520 dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/12 00:49:44.0343 0520 DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/12 00:49:44.0453 0520 drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/12 00:49:44.0546 0520 Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/12 00:49:44.0625 0520 fasttx2k        (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
2011/06/12 00:49:44.0703 0520 Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/12 00:49:44.0734 0520 Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/12 00:49:44.0875 0520 Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/12 00:49:44.0968 0520 FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/12 00:49:45.0046 0520 fssfltr         (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/06/12 00:49:45.0125 0520 Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/12 00:49:45.0218 0520 Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/12 00:49:45.0375 0520 GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/12 00:49:45.0453 0520 giveio          (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/06/12 00:49:46.0281 0520 Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/12 00:49:46.0453 0520 HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/12 00:49:46.0578 0520 HPZid412        (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/12 00:49:46.0671 0520 HPZipr12        (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/12 00:49:46.0718 0520 HPZius12        (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/12 00:49:46.0812 0520 HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/12 00:49:46.0984 0520 i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/12 00:49:47.0109 0520 Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/12 00:49:47.0187 0520 InCDfs          (580904d6cdb481bb72fee15aa575b5bd) C:\WINDOWS\system32\drivers\InCDfs.sys
2011/06/12 00:49:47.0250 0520 InCDPass        (37b31b5741674525bba5c1659b132418) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2011/06/12 00:49:47.0328 0520 InCDrec         (a2f6306e5e12b9f78cca5485b312fcbd) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/06/12 00:49:47.0390 0520 incdrm          (084f6c2e3e2be980242984b74279bfb6) C:\WINDOWS\system32\drivers\incdrm.sys
2011/06/12 00:49:47.0500 0520 IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/12 00:49:47.0578 0520 intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/12 00:49:47.0656 0520 Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/12 00:49:47.0765 0520 IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/12 00:49:47.0859 0520 IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/12 00:49:47.0937 0520 IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/12 00:49:48.0062 0520 IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/12 00:49:48.0171 0520 IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/12 00:49:48.0218 0520 isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/12 00:49:48.0296 0520 Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/12 00:49:48.0359 0520 kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/12 00:49:48.0453 0520 kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/12 00:49:48.0546 0520 KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/12 00:49:48.0781 0520 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/06/12 00:49:48.0921 0520 Lbd             (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/06/12 00:49:49.0109 0520 MHNDRV          (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/06/12 00:49:49.0187 0520 mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/12 00:49:49.0281 0520 Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/12 00:49:49.0359 0520 Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/12 00:49:49.0531 0520 mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/12 00:49:49.0640 0520 MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/12 00:49:50.0281 0520 MREMPR5         (2bc9e43f55de8c30fc817ed56d0ee907) C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
2011/06/12 00:49:50.0390 0520 MRENDIS5        (594b9d8194e3f4ecbf0325bd10bbeb05) C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
2011/06/12 00:49:50.0531 0520 MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/12 00:49:50.0640 0520 MRxSmb          (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/12 00:49:50.0750 0520 Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/12 00:49:50.0812 0520 MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/12 00:49:50.0875 0520 MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/12 00:49:50.0953 0520 MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/12 00:49:51.0015 0520 mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/12 00:49:51.0031 0520 Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/12 00:49:51.0156 0520 NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/12 00:49:51.0203 0520 NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/12 00:49:51.0250 0520 Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/12 00:49:51.0328 0520 NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/12 00:49:51.0406 0520 NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/12 00:49:51.0468 0520 NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/12 00:49:51.0515 0520 NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/12 00:49:51.0609 0520 NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/12 00:49:51.0671 0520 Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/12 00:49:51.0796 0520 Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/12 00:49:52.0140 0520 Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/12 00:49:52.0187 0520 NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/12 00:49:52.0265 0520 NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/12 00:49:52.0328 0520 ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/12 00:49:52.0390 0520 Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/12 00:49:52.0437 0520 PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/12 00:49:52.0515 0520 ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/12 00:49:52.0578 0520 PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/12 00:49:52.0671 0520 PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/12 00:49:52.0765 0520 Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/12 00:49:53.0046 0520 PenClass        (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\Drivers\PenClass.sys
2011/06/12 00:49:53.0187 0520 Point32         (273afc65fabf97326aa78ffe38b1e071) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/06/12 00:49:53.0250 0520 PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/12 00:49:53.0312 0520 Processor       (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/12 00:49:53.0390 0520 Ps2             (0e2eb30605ca6ed2509d59af6a7362b4) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/06/12 00:49:53.0421 0520 PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/12 00:49:53.0484 0520 Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/12 00:49:53.0546 0520 PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/12 00:49:53.0796 0520 RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/12 00:49:53.0875 0520 Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/12 00:49:53.0921 0520 RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/12 00:49:53.0968 0520 Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/12 00:49:54.0031 0520 Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/12 00:49:54.0078 0520 RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/12 00:49:54.0125 0520 rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/12 00:49:54.0203 0520 RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/12 00:49:54.0281 0520 redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/12 00:49:54.0390 0520 RTL8023xp       (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2011/06/12 00:49:54.0484 0520 rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/12 00:49:54.0687 0520 Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/12 00:49:54.0796 0520 Serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/12 00:49:54.0859 0520 Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/12 00:49:54.0921 0520 Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/06/12 00:49:55.0156 0520 splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/12 00:49:55.0218 0520 sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/12 00:49:55.0312 0520 Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/12 00:49:55.0640 0520 swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/12 00:49:55.0703 0520 swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/12 00:49:55.0906 0520 sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/12 00:49:56.0031 0520 Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/12 00:49:56.0109 0520 TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/12 00:49:56.0187 0520 TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/12 00:49:56.0250 0520 TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/12 00:49:56.0390 0520 Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/12 00:49:56.0500 0520 Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/12 00:49:56.0609 0520 usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/12 00:49:56.0656 0520 usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/12 00:49:56.0703 0520 usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/12 00:49:56.0750 0520 usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/12 00:49:56.0828 0520 usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/12 00:49:56.0890 0520 usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/12 00:49:56.0953 0520 USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/12 00:49:57.0000 0520 usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/12 00:49:57.0093 0520 VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/12 00:49:57.0171 0520 ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/12 00:49:57.0203 0520 VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/12 00:49:57.0390 0520 Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/12 00:49:57.0500 0520 wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/12 00:49:57.0671 0520 WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/12 00:49:57.0750 0520 WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/12 00:49:57.0828 0520 MBR (0x1B8)     (0ac6d996bce152aed9600e6d6b797e2e) \Device\Harddisk0\DR0
2011/06/12 00:49:57.0875 0520 ================================================================================
2011/06/12 00:49:57.0875 0520 Scan finished
2011/06/12 00:49:57.0875 0520 ================================================================================
2011/06/12 00:49:57.0890 1048 Detected object count: 0
2011/06/12 00:49:57.0890 1048 Actual detected object count: 0
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 12, 2011, 12:20:46 AM
[quote name='guestolo' timestamp='1307810974' post='479757']
Can I have you run a few more tools and post some extra logs

Please do the following:

3. can you reopen OTL.exe, run a Quick Scan and post the new report that opens when done

Keep me informed how things are running please
[/quote]


OTL logfile created on: 6/12/2011 1:06:04 AM - Run 2
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.48 Mb Total Physical Memory | 372.66 Mb Available Physical Memory | 38.88% Memory free
2.26 Gb Paging File | 1.71 Gb Available in Paging File | 75.67% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 66.56 Gb Free Space | 37.33% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.00 Gb Free Space | 12.51% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-55E5F9E3D2 | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\AGI\core\3.1\AGCoreService.exe (AG Interactive)
PRC - C:\Program Files\Webshots\3.1.5.7613\Webshots.scr (Webshots.com)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Documents and Settings\Compaq_Administrator\Local Settings\temp\IadHide5.dll (BackWeb)
MOD - C:\WINDOWS\system32\TabHook.dll (Wacom Technology, Corp.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8675ab0.dll ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AGCoreService) -- C:\Program Files\AGI\core\3.1\AGCoreService.exe (AG Interactive)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (InCDsrvR) InCD Helper (read only) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (PenClass) -- C:\WINDOWS\System32\Drivers\PenClass.sys (Wacom Technology Corporation)
DRV - (ATMhelpr) -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 (http://"http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/m.spatafore/index.html (http://"http://www.geocities.com/m.spatafore/index.html")
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Webshots\3.1.5.7613\Firefox [2009/07/09 15:25:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 22:36:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/25 14:03:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/02/20 18:56:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/02/20 18:56:03 | 000,000,000 | ---D | M]
 
[2009/03/06 08:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2009/03/06 08:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\[email protected]
 
O1 HOSTS File: ([2011/06/10 21:04:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 5 Suite\FpLaunch.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Webshots Toolbar) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O3 - HKLM\..\Toolbar: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Webshots Toolbar) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O3 - HKCU\..\Toolbar\WebBrowser: (MP3 Rocket Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [PCDrProfiler]  File not found
O4 - HKLM..\Run: [SunJavaUpdateSched]  File not found
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\bak\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Webshots Photo Search - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: //@mail.mar@/ (http://"") ([]msn in Local intranet)
O15 - HKCU\..Trusted Domains: //@signup.mar@/ (http://"") ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: utorrent.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (http://"http://office.microsoft.com/templates/ieawsdc.cab") (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (http://"http://www.apple.com/qtactivex/qtplugin.cab") (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (http://"http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab") (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (http://"http://www.ipix.com/download/ipixx.cab") (iPIX ActiveX Control)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (http://"https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB") (Hewlett-Packard Online Support Services)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (http://"http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab") (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (http://"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab") (Symantec AntiVirus scanner)
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} http://community.webshots.com/html/atx/wsaxcontrol.cab (http://"http://community.webshots.com/html/atx/wsaxcontrol.cab") (Webshots Multiple Media Uploader - Container)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (http://"http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab") (SentinelProxy Class)
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab (http://"http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab") (SentinelProxy Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (http://"http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab") (DLM Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (http://"http://www.linkedin.com/cab/LinkedInContactFinderControl.cab") (LinkedIn ContactFinderControl)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://eaglewings-eyrie.spaces.live.com//PhotoUpload/MsnPUpld.cab (http://"http://eaglewings-eyrie.spaces.live.com//PhotoUpload/MsnPUpld.cab") (MSN Photo Upload Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (http://"http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab") (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (http://"http://upload.facebook.com/controls/FacebookPhotoUploader3.cab") (Facebook Photo Uploader 4 Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (http://"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab") (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146553036628 (http://"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146553036628") (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (http://"https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab") (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (http://"http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab") (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (http://"http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab") (Reg Error: Key error.)
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} http://community.webshots.com/html/WSPhotoUploader.CAB (http://"http://community.webshots.com/html/WSPhotoUploader.CAB") (Webshots Photo Uploader)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (http://"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx") (Get_ActiveX Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (http://"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab") (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (http://"http://ax.emsisoft.com/asquared.cab") (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (http://"http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab") (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (http://"http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab") (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (http://"http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab") (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (http://"http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab") (Facebook Photo Uploader 4)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (http://"file://C:\WINDOWS\Java\classes\xmldso.cab") (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/28 13:41:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/06/11 23:41:36 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Compaq_Administrator\Desktop\esetsmartinstaller_enu.exe
[2011/06/11 21:17:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/10 20:39:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/10 20:28:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/10 20:28:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/10 20:28:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/10 20:28:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/10 20:27:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/10 20:26:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/10 07:13:20 | 004,119,104 | R--- | C] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2011/06/09 22:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\COMPUTER FIX STUFF JUNE 2011
[2011/06/08 08:22:47 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/07 17:32:48 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Administrator\Desktop\TDSSKiller.exe
[2011/06/04 03:43:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2011/05/27 05:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/27 05:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\HiJackThis
[2011/05/27 01:35:36 | 003,194,296 | ---- | C] (Javacool Software LLC                                       ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\spywareblastersetup44.exe
[2011/05/27 01:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\ADOBE PS CS3 AND 4
[2011/05/27 01:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\JANICE STUFF  FROM DESKTOP
[2011/05/21 01:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/21 01:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/21 01:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/06/12 01:05:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/12 01:04:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/12 01:04:12 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/12 01:04:05 | 000,000,317 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2011/06/12 01:03:55 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/12 01:03:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/12 01:03:44 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/12 01:02:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/12 01:01:01 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/06/12 00:51:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/11 23:41:43 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Compaq_Administrator\Desktop\esetsmartinstaller_enu.exe
[2011/06/11 23:40:25 | 001,305,136 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.zip
[2011/06/11 23:39:05 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SecurityCheck.exe
[2011/06/11 21:33:42 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3256EB39-0743-422A-887B-7F74D01AD364}.job
[2011/06/11 00:39:22 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Webshots.lnk
[2011/06/10 21:04:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/10 20:39:23 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/10 20:28:20 | 004,119,104 | R--- | M] (Swearware) -- C:\Documents and Settings\Compaq_Administrator\Desktop\ComboFix.exe
[2011/06/10 06:38:17 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
[2011/06/09 05:38:34 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2011/06/08 08:22:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/08 00:36:21 | 000,022,016 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Compaq_Administrator\Desktop\TDSSKiller.exe
[2011/06/03 13:04:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/27 01:35:44 | 003,194,296 | ---- | M] (Javacool Software LLC                                       ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\spywareblastersetup44.exe
[2011/05/21 01:58:05 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/14 21:24:51 | 000,001,224 | -HS- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/14 21:24:51 | 000,001,224 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/06/11 23:40:21 | 001,305,136 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.zip
[2011/06/11 23:39:02 | 000,879,028 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SecurityCheck.exe
[2011/06/10 20:28:58 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/10 20:28:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/10 20:28:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/10 20:28:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/10 20:28:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/21 01:58:05 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/05/14 21:24:34 | 000,001,224 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/14 21:24:33 | 000,001,224 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/01/13 15:53:51 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
[2010/12/15 14:22:04 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/12/15 14:41:19 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/12/15 14:41:19 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/12/15 14:41:19 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/12/15 14:41:18 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/12/15 12:22:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVSDVDPlayer.m3u
[2009/08/13 20:35:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2009/08/10 18:21:53 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/08/10 18:21:53 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/08/10 18:21:53 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/04/20 22:39:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV700SERIES.ini
[2009/04/11 17:25:09 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PRF_MI_B.INI
[2009/04/11 17:21:28 | 000,000,313 | ---- | C] () -- C:\WINDOWS\PRF_MI.INI
[2008/12/10 17:10:24 | 000,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL
[2008/12/10 17:10:24 | 000,004,528 | ---- | C] () -- C:\WINDOWS\SETBROWS.EXE
[2008/12/10 17:10:23 | 000,009,136 | ---- | C] () -- C:\WINDOWS\INETWH16.DLL
[2008/08/01 16:56:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/08/01 16:56:28 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/08/01 16:56:28 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/08/01 16:56:28 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/08/01 16:56:28 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/08/01 16:56:28 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/08/01 16:56:28 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/08/01 16:56:28 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/08/01 16:56:28 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/08/01 16:56:28 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/08/01 16:56:28 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/08/01 16:56:28 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/08/01 16:56:28 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/08/01 16:56:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/08/01 16:56:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/08/01 16:56:28 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/08/01 16:55:20 | 000,000,077 | ---- | C] () -- C:\WINDOWS\EPSC120.ini
[2008/07/13 03:06:33 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ScratchRemoval.dll
[2008/04/18 18:51:02 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/03/16 00:20:30 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\PnIC.dll
[2008/03/16 00:20:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\gm_dll1.dll
[2007/11/11 20:34:36 | 000,022,016 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 03:03:23 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/25 13:57:06 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/24 00:49:55 | 000,000,839 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/08/10 23:45:13 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/10 03:30:58 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\GetInst32.dll
[2007/06/21 13:01:18 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2007/05/28 02:59:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/05/19 23:41:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/04 13:14:24 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/01/23 17:12:16 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini
[2006/11/20 02:15:26 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/09/23 04:39:57 | 000,000,020 | ---- | C] () -- C:\WINDOWS\HPPREC~1.INI
[2006/09/23 04:28:17 | 000,274,948 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2006/08/03 16:42:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/05/18 18:32:58 | 000,068,939 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2006/05/18 18:32:58 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2006/05/17 22:06:09 | 000,000,317 | ---- | C] () -- C:\WINDOWS\System32\wacom.dat
[2006/05/17 22:06:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2006/05/17 22:06:06 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[2006/05/17 22:05:02 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2006/05/17 22:05:02 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2006/05/02 00:04:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2006/04/24 02:51:03 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/04/24 02:32:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/04/24 02:31:41 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/24 02:30:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/31 00:57:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
[2006/03/30 17:11:39 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2006/03/11 23:35:17 | 000,248,832 | ---- | C] () -- C:\WINDOWS\System32\ECircles.dll
[2006/03/11 23:35:17 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
[2006/03/02 15:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/02/27 09:25:38 | 000,000,177 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/02/27 07:06:59 | 000,021,348 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\W77X4
[2006/02/26 05:05:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2006/02/26 02:12:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/02/26 02:11:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/02/26 02:09:15 | 000,000,118 | ---- | C] () -- C:\WINDOWS\A11U.INI
[2006/02/24 22:37:16 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/02/24 22:26:45 | 000,151,552 | ---- | C] () -- C:\WINDOWS\UNUSBDRV.EXE
[2006/02/23 22:00:39 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\venlx32n.dll
[2006/02/23 16:32:08 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/02/23 16:28:46 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006/02/23 16:28:45 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/02/23 05:13:13 | 000,005,186 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2006/02/23 05:04:09 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2006/02/23 05:04:09 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006/02/23 05:04:09 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2006/02/23 05:04:09 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2006/02/23 05:04:04 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/02/23 05:04:04 | 000,048,640 | ---- | C] () -- C:\WINDOWS\catalogSubInstaller.exe
[2006/02/23 01:32:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/02/21 22:01:05 | 000,000,143 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2005/11/11 17:57:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/11 17:36:25 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/11 17:32:20 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2005/11/11 17:31:25 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/11 17:31:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/11 17:28:57 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/11 17:26:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/11 17:22:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/11 17:22:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/11 17:22:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/11 17:22:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/11 17:22:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/11 17:22:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/11 17:17:29 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/11 17:16:33 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/11/11 17:16:33 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/11 17:11:36 | 000,072,082 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2005/11/11 17:10:40 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/11 17:06:21 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/11/11 16:55:07 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/11 16:48:53 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/11 16:48:53 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/11 16:48:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/11/11 06:43:28 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2005/11/11 06:43:24 | 000,887,296 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 03:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/07/02 09:36:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/02 09:34:10 | 003,154,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/02 09:28:10 | 000,443,582 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/07/02 09:28:10 | 000,072,738 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/28 13:41:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/28 13:36:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/27 01:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/08 13:38:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2002/07/26 15:09:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2002/07/22 17:57:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2001/08/23 19:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 19:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2009/07/09 15:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2011/01/07 01:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/17 20:14:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/07 01:44:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/02/18 17:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2008/05/04 22:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/12/16 05:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fKpCf06308
[2011/05/25 12:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/02/26 02:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft
[2008/01/11 17:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2008/05/16 02:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redfield
[2006/03/25 18:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/01/28 01:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMSI
[2011/05/27 01:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/08/18 14:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2011/02/20 19:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/09 17:59:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2009/08/07 14:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/09 15:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AGI
[2009/09/01 17:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Amazon
[2008/04/18 12:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Anthropics
[2011/01/07 01:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVG10
[2010/12/08 02:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVG9
[2010/11/24 01:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent
[2005/11/11 17:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Digital Interactive Systems Corporation
[2006/02/23 03:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\EBookSys
[2009/04/21 04:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\EPSON
[2008/08/21 19:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Flickr
[2007/09/14 15:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\fltk.org
[2009/12/15 14:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\GetRightToGo
[2009/01/05 11:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Inkscape
[2008/10/31 01:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\InterVideo
[2010/09/27 14:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Lasersoft Imaging
[2009/04/21 00:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leader Technologies
[2006/02/23 23:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech
[2011/06/06 03:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\LimeWire
[2011/02/06 16:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MP3Rocket
[2007/12/16 18:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MSNInstaller
[2006/08/25 16:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Musicmatch
[2006/02/26 02:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\NewSoft
[2009/09/03 02:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Opera
[2008/10/19 22:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Skinux
[2007/03/23 23:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Smith Micro
[2009/07/09 15:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Temp
[2006/03/31 12:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Template
[2007/09/05 10:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\uk.co.planetside
[2007/07/03 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Uniblue
[2006/02/25 07:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Webshots
[2008/04/18 18:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
[2011/06/12 01:05:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/06/12 01:01:01 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2011/06/11 21:33:42 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3256EB39-0743-422A-887B-7F74D01AD364}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\fft.rar:SummaryInformation
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D6E5D55
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 12, 2011, 03:21:34 AM
[quote name='guestolo' timestamp='1307810974' post='479757']
Can I have you run a few more tools and post some extra logs

Please do the following:

4. Download and save to Desktop [color="#0000ff"]ESET Online Scanner[/color] (http://"http://download.eset.com/special/eos/esetsmartinstaller_enu.exe")[/url]
Double click on esetsmartinstaller_enu.exe
Put a tick in "Yes, I accept the Terms of Use" then click START

Eset will download components
When done click START again

Downloading of Virus signature database will begin
Depending on your connection speed, this can take awhile
When complete the scan will start
This scan can take some time, so be patient

Once the scan is completed, you may close the window
   
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt    
Copy and paste that log as a reply to this topic

Keep me informed how things are running please
[/quote]


ESETSmartInstaller@High ("ESETSmartInstaller@High") as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=faa2e5b58929d34abcb1d34ea82b13e7
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-12 08:11:42
# local_time=2011-06-12 04:11:42 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 445145 445145 0 0
# compatibility_mode=768 16777215 100 0 99785171 99785171 0 0
# compatibility_mode=1026 16777214 0 2 43939355 43939355 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=320134
# found=4
# cleaned=4
# scan_time=9940
D:\I386\Apps\APP15894\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
D:\I386\Apps\APP15894\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
D:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP814\A0143480.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
D:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP814\A0143481.exe a variant of Win32/Toolbar.MyWebSearch application (deleted - quarantined) 00000000000000000000000000000000 C
Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 12, 2011, 08:37:24 AM
Looking good, are you experiencing any problems now?

Have you reinstalled AVG again? If not, can you hold off till we do a bit of cleaning of the tools we used

Since you have Malwarebytes AntiMalware installed
Can you Open it, Check for Updates
After updating, run a Quick Scan
If anything is found, can remove all selected
Reboot if required
Post the log from the scan please

In addition:
Download aswMBR.exe (http://"http://public.avast.com/~gmerek/aswMBR.exe") ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan.
On completion of the scan click save log, save it to your desktop and post in your next reply.
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 12, 2011, 07:54:33 PM
[quote name='guestolo' timestamp='1307885844' post='479771']
Looking good, are you experiencing any problems now?

Have you reinstalled AVG again? If not, can you hold off till we do a bit of cleaning of the tools we used

Since you have Malwarebytes AntiMalware installed
Can you Open it, Check for Updates
After updating, run a Quick Scan
If anything is found, can remove all selected
Reboot if required
Post the log from the scan please

In addition:
Download aswMBR.exe (http://"http://public.avast.com/~gmerek/aswMBR.exe") ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan.
On completion of the scan click save log, save it to your desktop and post in your next reply.
[/quote]


No, not experiencing any problems, thanks. Haven't reinstalled AVG; was waiting until you gave the go-ahead. And even then I think I'll try the download rather than the CD reinstall. Will run the MBAM andaswMBR now. Again, thanks for your help!
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 13, 2011, 01:32:04 AM
[quote name='guestolo' timestamp='1307885844' post='479771']
Looking good, are you experiencing any problems now?

Have you reinstalled AVG again? If not, can you hold off till we do a bit of cleaning of the tools we used

Since you have Malwarebytes AntiMalware installed
Can you Open it, Check for Updates
After updating, run a Quick Scan
If anything is found, can remove all selected
Reboot if required
Post the log from the scan please

In addition:
Download aswMBR.exe (http://"http://public.avast.com/~gmerek/aswMBR.exe") ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan.
On completion of the scan click save log, save it to your desktop and post in your next reply.
[/quote]


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org (http://"http://www.malwarebytes.org")

Database version: 6845

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/13/2011 2:26:33 AM
mbam-log-2011-06-13 (02-26-21).txt

Scan type: Full scan (C:\|)
Objects scanned: 457077
Time elapsed: 2 hour(s), 22 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\SAIX.InstallerCaller (Adware.180Solutions) -> No action taken.
HKEY_CLASSES_ROOT\SAIX.InstallerCaller.1 (Adware.180Solutions) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 13, 2011, 01:39:20 AM
[quote name='guestolo' timestamp='1307885844' post='479771']
Looking good, are you experiencing any problems now?

Have you reinstalled AVG again? If not, can you hold off till we do a bit of cleaning of the tools we used

In addition:
Download aswMBR.exe (http://"http://public.avast.com/~gmerek/aswMBR.exe") ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan.
On completion of the scan click save log, save it to your desktop and post in your next reply.
[/quote]


aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-13 02:36:10
-----------------------------
02:36:10.624    OS Version: Windows 5.1.2600 Service Pack 3
02:36:10.624    Number of processors: 1 586 0x2F02
02:36:10.624    ComputerName: YOUR-55E5F9E3D2  UserName:
02:36:13.203    Initialize success
02:36:31.734    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
02:36:31.734    Disk 0 Vendor: ST3200826AS 3.03 Size: 190782MB BusType: 3
02:36:33.765    Disk 0 MBR read successfully
02:36:33.765    Disk 0 MBR scan
02:36:33.765    Disk 0 unknown MBR code
02:36:35.765    Disk 0 scanning sectors +390716865
02:36:35.781    Disk 0 scanning C:\WINDOWS\system32\drivers
02:36:41.031    Service scanning
02:36:42.265    Disk 0 trace - called modules:
02:36:42.265    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
02:36:42.265    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86183ab8]
02:36:42.265    3 CLASSPNP.SYS[f75f0fd7] -> nt!IofCallDriver -> \Device\00000068[0x8618df18]
02:36:42.265    5 ACPI.sys[f7487620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86150d98]
02:36:42.265    Scan finished successfully
02:37:20.343    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat"
02:37:20.343    The log file has been saved successfully to "C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.txt"


 

Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 14, 2011, 09:40:37 PM
Sorry for the delay, can you do the next steps please

Go to START>>RUN>>copy/paste the following command and hit OK

[color="#0000FF"]ComboFix /uninstall[/color]
This will uninstall ComboFix and it's components

Afterwards:
Let's get some of your software updated, and remove a possible unwanted
If you didn't purposely install Ask Toolbar
Close down all browser windows and uninstall it from Add and REmove Programs
You can also uninstall "Eset Online Scanner"

Remain in Add/Remove
Keep your browsers closed and remove the following outdated and insecure software
Adobe Reader 8.1.2
Java™ 6 Update 20

Next:
To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe (http://"http://download.macromedia.com/pub/flashplayer/current/uninstall_flash_player.exe")
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger).
3. Double-click on the file you've downloaded to uninstall Flash.
We'll update it in a bit

Double  click on OTL.exe and Run it
On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition: Can you update your software

Java: Go to the following link and download and install the latest version of JAVA>>Version 6 Update 26
UNTICK any options for installing any toolbars or Security scans if available
http://www.java.com/en/download/index.jsp

Adobe Reader:
Go to the following link
http://get.adobe.com/reader/otherversions/


UNTICK the option to also install McAfee Security Scan and/or Google toolbar or similiar if available
Select your operating system, language, and then I would opt to choose Adobe Reader version 9.4
Download and save to desktop the installer for the latest version of A. Reader
Double click on the installer to install
After successfully installing, you can delete the installer on desktop
Can you open Adobe Reader and click on HELP>>CHECK FOR UPDATES and install any update if found to ensure you are right up to date

Adobe Flash:
Go to the following link
http://get.adobe.com/flashplayer/otherversions/

Choose operating system and version
Note: Do this procedure twice and get both
"Flash player for IE" then "Flash player for other browsers"
Save the installers to desktop
Untick the selections for 'Google toolbar' or 'McAfee Security Scan' if it is an option
Close browser windows, then install both
install_flash_player_ax.exe and install_flash_player.exe


NOTE: I see the installer for SpywareBlaster 4.4 in your log
If you haven't installed it yet, just hold tight, we'll install it properly
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 15, 2011, 03:44:28 AM
[quote name='guestolo' timestamp='1308105637' post='479787']
Sorry for the delay, can you do the next steps please

Double  click on OTL.exe and Run itOn startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

NOTE: I see the installer for SpywareBlaster 4.4 in your log
If you haven't installed it yet, just hold tight, we'll install it properly
[/quote]


[color="#0000ff"]Still have to install latest versions of abovementioned software.  There was no ASK TOOLBAR in Add/Remove programs. Computer froze on shutdown, hope it didn't screw things up; shut it down via power strip. Booted up normally, had OTL prompt screen, created log.
OTL log below:
[/color]
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trymedia.com\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\utorrent.com\www\ deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Desktop\TDSSKiller.exe moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
File C:\Documents and Settings\Compaq_Administrator\Desktop\esetsmartinstaller_enu.exe not found.
C:\Documents and Settings\Compaq_Administrator\Desktop\tdsskiller.zip moved successfully.
C:\Documents and Settings\Compaq_Administrator\Desktop\SecurityCheck.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"AntiVirusOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2\ deleted successfully.
========== FILES ==========
c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk moved successfully.
File\Folder c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Compaq_Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Compaq_Administrator
->Temp folder emptied: 13047767 bytes
->Temporary Internet Files folder emptied: 3499735 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 22674 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes
 
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 112094 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 776704 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 4914193 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17228 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1040 bytes
 
Total Files Cleaned = 22.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Compaq_Administrator
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.23.0 log created on 06152011_034649

Files\Folders moved on Reboot...
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\IadHide5.dll moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_7f0.dat not found!

Registry entries deleted on Reboot...


Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 15, 2011, 05:12:06 AM
[quote name='guestolo' timestamp='1308105637' post='479787']
Sorry for the delay, can you do the next steps please

Go to START>>RUN>>copy/paste the following command and hit OK

In addition: Can you update your software

Java: Go to the following link and download and install the latest version of JAVA>>Version 6 Update 26
UNTICK any options for installing any toolbars or Security scans if available
http://www.java.com/...nload/index.jsp (http://"http://www.java.com/en/download/index.jsp")

Adobe Reader:
Go to the following link
http://get.adobe.com.../otherversions/ (http://"http://get.adobe.com/reader/otherversions/")


UNTICK the option to also install McAfee Security Scan and/or Google toolbar or similiar if available
Select your operating system, language, and then I would opt to choose Adobe Reader version 9.4
Download and save to desktop the installer for the latest version of A. Reader
Double click on the installer to install
After successfully installing, you can delete the installer on desktop
Can you open Adobe Reader and click on HELP>>CHECK FOR UPDATES and install any update if found to ensure you are right up to date

Adobe Flash:
Go to the following link
http://get.adobe.com.../otherversions/ (http://"http://get.adobe.com/flashplayer/otherversions/")

Choose operating system and version
Note: Do this procedure twice and get both
"Flash player for IE" then "Flash player for other browsers"
Save the installers to desktop
Untick the selections for 'Google toolbar' or 'McAfee Security Scan' if it is an option
Close browser windows, then install both
install_flash_player_ax.exe and install_flash_player.exe


NOTE: I see the installer for SpywareBlaster 4.4 in your log
If you haven't installed it yet, just hold tight, we'll install it properly
[/quote]


Java installed with no problems. Using IE, neither Adobe Reader nor Adobe Flash would install; I got the yellow bar saying Adobe wants to install "Adobe DLM" from Adobe Systems and at the same time, got a pop-up from IE saying IE has encountered a problem and needs to close. Gave up after the third try. I don't really need Adobe Reader since I can use my partner's computer for any pdf files I might need to open - that's a rare occurrence for me. I used Opera to install Flash for both IE and for other browsers. Holding off on Spyware Blaster as per your request. Thanks..
Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 15, 2011, 11:52:21 PM
Can you go ahead and install AVG and let me know how things are then running please
You may have to ensure you register it before it runs properly????
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 16, 2011, 04:22:40 AM
[quote name='guestolo' timestamp='1308199941' post='479793']
Can you go ahead and install AVG and let me know how things are then running please
You may have to ensure you register it before it runs properly????
[/quote]


AVG installed and registered, but seems to be making computer run incredibly slowly - much more slowly than it ran when AVG was installed earlier. On the up side, I'm still connected to the Internet. I'll probably look for an anti-virus program that doesn't use so many resources. With the machine running like this, I'm sure Photoshop will encounter problems and shut down more often than in the past; can't take a chance with that and losing work that will have to be done again.
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 16, 2011, 10:09:06 PM
[quote name='guestolo' timestamp='1308199941' post='479793']
Can you go ahead and install AVG and let me know how things are then running please
You may have to ensure you register it before it runs properly????
[/quote]


Must be away for at least four days, will be back Sunday night or Monday. Thanks so much for all your help so far. I'll have access to a computer to read/answer any posts, but won't be able to do anything on my own computer.
Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 18, 2011, 04:44:51 PM
When you get back to the computer
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 21, 2011, 03:33:24 AM
[quote name='guestolo' timestamp='1308433491' post='479810']
When you get back to the computer
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
[/quote]


Sorry for the delay; thanks for your patience.

HIJACK THIS_UNINSTALL LIST:
3D Starfield Screensaver, Version 1.2
abrViewer.NET v2
Ad-Aware
Ad-Aware
Adobe Acrobat 4.0
Adobe ActiveShare 1.2
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe Media Player
Adobe PDF Library Files CS4
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe SVG Viewer
Adobe Type Manager 4.0
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AdobeColorCommonSetRGB
AGEIA PhysX v2.4.4
Agere Systems PCI-SV92PP Soft Modem
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.12
ApoMap
Apophysis
Apophysis 2.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ArcSoft Software Suite
Ask Toolbar
ATI Control Panel
ATI Display Driver
AVG 2011
AVG 2011
AVG 2011
Bonjour
CCleaner
Chalkaholic Plugin v 1.0
Compaq Connections (remove only)
Compaq Multimedia Keyboard Software
Critical Update for Windows Media Player 11 (KB959772)
Deep Space Screen Saver
Defraggler
DISCover
DriverGuide Toolkit
Easy Internet Sign-up
EPSON Copy Utility 3
EPSON Perf V700-V750 Guide
EPSON Printer Software
EPSON Scan
Eraser 5.85
Family Tree Maker
Filter Forge Freepack 1 - Metals 1.012
Filter Forge Freepack 2 - Photo Effects 1.012
Filter Forge Freepack 3 - Frames 1.012
Fireplace Screensaver
Fireworks
Flickr Uploadr 3.0.5
FlipAlbum 5.5 Suite
Focus Magic
GdiplusUpgrade
GML Matting 0.2
Google Earth
Google Gears
Google SketchUp 6
Google SketchUp 6
Google Update Helper
Google Updater
Haali Media Splitter
HexDump plug-in for Ad-Aware SE
High Definition Audio Driver Package - KB888111
HiJackThis
Holiday Lights 5.4
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP DigitalMedia Archive
HP Driver Diagnostics
Image Analyzer
imeem Download Manager
Inkscape 0.46
Intel(R) Integrated Performance Primitives RTI 4.0
InterVideo WinDVD Player
IrfanView (remove only)
iTunes
Java(TM) 6 Update 26
Junk Mail filter update
Kazoo Player
LimeWire 5.2.13
LSP Explorer plug-in for Ad-Aware SE
LTCM Client
Malwarebytes' Anti-Malware version 1.51.0.1200
Master Index for Pedigree Resource File
MathPlayer
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office Outlook Connector
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft Works 4.5
mIRC
MSN
MSN Encarta Plus Support Files
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Neat Image v5 Demo (with plug-in)
Nero Suite
Netscape Browser (remove only)
Opera 10.60
OpticFilm 7200
Otto
Paint.NET v3.31
PC-Doctor 5 for Windows
PDF Settings CS4
Pedigree Resource File
Polaroid Dust and Scratch Removal v1.0.0.15.2e
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
Raindrops
RealPlayer
Recuva
Rhapsody Player Engine
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SilverFast Ai/Ai-Studio Documentation 6.5.0
SilverFast Ai/AiStudio Movie Documentation 6.5.0
SilverFast SE CD Documentation 6.2.0
SilverFast SE Documentation 6.4.0
SilverFast UScan 6.6.0r6
SilverFast UScan-SE
SilverFast UScan-SE TWAIN
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
SpywareBlaster 4.3
SSC Service Utility v4.30
Storm
StuffIt 11
Thredgeholder Plugin v 1.0
Tweak-SE plug-in for Ad-Aware SE
Ulead ArtTexture.Plugin 1.0
Ulead FantasyWarp.Plugin 1.0
Ulead Particle.Plugin 1.0
Ulead Photo Express 3.0
Ulead PhotoImpact 4.2
Uninstall DreamSuite Bonus
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Verizon Online Help and Support
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.4
VueScan
Wacom Tablet Driver
Webshots Desktop
Webshots Toolbar for Firefox
Webshots Toolbar for IE
WinAce Archiver
Windows Defender
Windows Driver Package - Product Image  (05/02/2002 1.0.1.1)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
WinZip
Xpose Plugin v 1.0
Yahoo! Music Jukebox

 

Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 22, 2011, 10:09:49 PM
How is the machine behaving now?
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 23, 2011, 02:39:52 AM
[quote name='guestolo' timestamp='1308798589' post='479827']
How is the machine behaving now?
[/quote]


Little quirks, but nothing I can't handle.

Well, one thing that keeps occurring is I get a pop-up box saying "the software you are installing for this hardware: Non Plug and Play drivers has not passed Windows Logo testing to verify its compatibility with Windows XP". It seems to happen while AVG is scanning, and I think an update might be occurring at the same time. Then a message says: "Computer must be restarted in order to finish the updating process (AVG cannot update important services while the system is using them)". While this is going on, MS security informs me AVG firewall isn't working. I open AVG, it says nothing is activated. This was happening a number of times a day. But, the last time this happened, both MS & AVG showed everything was working properly (except for ID protection).

It wasn't completing a scan since that message kept popping up. Until I got back from NJ/PA I had it set to hold off running a scan until Monday, and ran defrag while I was away. Unfortunately, my partner wasn't able to tell me exactly what the result was; I didn't use MS, used Defraggler instead, works faster than MS; he said it was the same amount fragmented as it was before the defrag started although it had finished. Then he also got the same popup saying "the software you are installing...." etc, and rebooted the computer.

AVG loaded, but he didn't run a scan. This is the first I've been on, so haven't run an AVG scan yet myself. I think there might be some kind of conflict with AVG now, maybe having to do with its being reinstalled from the CD; it was set to scan Wednesday morning at 6AM and it did start, but I don't think it completed the scan. I have to reboot much more often than before - four or five times a day in fact, where I could leave the computer up and running for days at a time. Other applications (Word for instance) stop responding. I haven't tried Photoshop yet.

I haven't uninstalled AVG yet, wanted to look into the MS firewall on XP to see if it was up to date in protection, since the system is so outdated. Then I thought I'd try Avast free for as long as I have this computer; hoping to get a new one by the end of the year. Until I can see AVG completing a scan I won't know if it is working properly, and until I uninstall it I won't know if it's AVG that's causing the other problems. Oh, and I uninstalled AdAware also, since I wasn't using it regularly since I'd gotten AVG Pro. That hasn't seemed to make a difference. Other than that and its running more slowly than before and windows closing on me, it'll just have to do til I get a new machine. (Just hoping nothing else sneaked in while I wasn't looking...)

Thanks for your help!
Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 25, 2011, 10:56:43 AM
Let's take another look please
Open OTL.exe, put a tick in "Scan all Users"
Then run a Scan, post the new log that opens when it's done please

Edit>>I see you have CCleaner
Can you open it, click on TOOLS> Under the UNINSTALL option,
do you see "ASK TOOLBAR" under Programs to Remove?
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 25, 2011, 12:35:21 PM
[quote name='guestolo' timestamp='1309017403' post='479839']
Let's take another look please
Open OTL.exe, put a tick in "Scan all Users"
Then run a Scan, post the new log that opens when it's done please

Edit>>I see you have CCleaner
Can you open it, click on TOOLS> Under the UNINSTALL option,
do you see "ASK TOOLBAR" under Programs to Remove?
[/quote]


OTL logfile created on: 6/25/2011 1:29:11 PM - Run 4
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.48 Mb Total Physical Memory | 142.25 Mb Available Physical Memory | 14.84% Memory free
2.26 Gb Paging File | 1.51 Gb Available in Paging File | 66.64% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 61.93 Gb Free Space | 34.73% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.01 Gb Free Space | 12.64% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-55E5F9E3D2 | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AGI\core\3.1\AGCoreService.exe (AG Interactive)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TabHook.dll (Wacom Technology, Corp.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AGCoreService) -- C:\Program Files\AGI\core\3.1\AGCoreService.exe (AG Interactive)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (InCDsrvR) InCD Helper (read only) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (PenClass) -- C:\WINDOWS\System32\Drivers\PenClass.sys (Wacom Technology Corporation)
DRV - (ATMhelpr) -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop (http://"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop")
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop (http://"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop")
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop (http://"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop")
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop (http://"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop")
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 (http://"http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8")
IE - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/m.spatafore/index.html (http://"http://www.geocities.com/m.spatafore/index.html")
IE - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Webshots\3.1.5.7613\Firefox [2009/07/09 15:25:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 22:36:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 10:01:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/02/20 18:56:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/02/20 18:56:03 | 000,000,000 | ---D | M]
 
[2009/03/06 08:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2009/03/06 08:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\[email protected]
 
O1 HOSTS File: ([2011/06/10 21:04:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 5 Suite\FpLaunch.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Webshots Toolbar) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\..\Toolbar\WebBrowser: (Webshots Toolbar) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O3 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PCDrProfiler]  File not found
O4 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\bak\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Webshots Photo Search - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\..Trusted Domains: //@mail.mar@/ (http://"") ([]msn in Local intranet)
O15 - HKU\S-1-5-21-2478948820-2115640341-1568800108-1008\..Trusted Domains: //@signup.mar@/ (http://"") ([]msn in My Computer)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (http://"http://office.microsoft.com/templates/ieawsdc.cab") (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (http://"http://www.apple.com/qtactivex/qtplugin.cab") (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (http://"http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab") (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (http://"http://www.ipix.com/download/ipixx.cab") (iPIX ActiveX Control)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (http://"https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB") (Hewlett-Packard Online Support Services)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (http://"http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab") (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (http://"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab") (Symantec AntiVirus scanner)
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} http://community.webshots.com/html/atx/wsaxcontrol.cab (http://"http://community.webshots.com/html/atx/wsaxcontrol.cab") (Webshots Multiple Media Uploader - Container)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (http://"http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab") (SentinelProxy Class)
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab (http://"http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab") (SentinelProxy Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (http://"http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab") (DLM Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (http://"http://www.linkedin.com/cab/LinkedInContactFinderControl.cab") (LinkedIn ContactFinderControl)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://eaglewings-eyrie.spaces.live.com//PhotoUpload/MsnPUpld.cab (http://"http://eaglewings-eyrie.spaces.live.com//PhotoUpload/MsnPUpld.cab") (MSN Photo Upload Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (http://"http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab") (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (http://"http://upload.facebook.com/controls/FacebookPhotoUploader3.cab") (Facebook Photo Uploader 4 Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (http://"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab") (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146553036628 (http://"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146553036628") (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (http://"https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab") (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (http://"http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab") (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (http://"http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab") (Reg Error: Key error.)
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} http://community.webshots.com/html/WSPhotoUploader.CAB (http://"http://community.webshots.com/html/WSPhotoUploader.CAB") (Webshots Photo Uploader)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (http://"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx") (Get_ActiveX Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (http://"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab") (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (http://"http://ax.emsisoft.com/asquared.cab") (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (http://"http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab") (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (http://"http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab") (Java Plug-in 1.6.0_26)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (http://"http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab") (Facebook Photo Uploader 4)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (http://"file://C:\WINDOWS\Java\classes\xmldso.cab") (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/28 13:41:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/06/24 13:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/24 13:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/24 13:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/24 13:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/16 02:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/06/16 02:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/06/16 02:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/16 02:48:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/06/15 05:57:06 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/15 05:56:31 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/15 05:55:09 | 003,082,400 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Compaq_Administrator\Desktop\install_flash_player.exe
[2011/06/15 05:54:32 | 003,120,288 | ---- | C] (Adobe Systems, Inc.) -- C:\Documents and Settings\Compaq_Administrator\Desktop\install_flash_player_ax.exe
[2011/06/15 04:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/15 04:58:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/15 04:58:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/15 04:58:15 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/15 04:58:15 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/15 03:46:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/15 01:22:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/06/14 07:10:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ulead.dat
[2011/06/12 20:55:59 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.exe
[2011/06/11 21:17:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/10 20:39:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/10 20:27:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/09 22:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\COMPUTER FIX STUFF JUNE 2011
[2011/06/08 08:22:47 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/04 03:43:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2011/05/27 05:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/27 05:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\HiJackThis
[2011/05/27 01:35:36 | 003,194,296 | ---- | C] (Javacool Software LLC                                       ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\spywareblastersetup44.exe
[2011/05/27 01:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\ADOBE PS CS3 AND 4
[2011/05/27 01:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\JANICE STUFF  FROM DESKTOP
[2 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/06/25 13:26:56 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
[2011/06/25 13:02:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/25 12:51:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/25 12:17:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/25 12:16:28 | 000,000,317 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2011/06/25 12:15:41 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/25 12:15:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/25 12:15:29 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/25 11:05:24 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3256EB39-0743-422A-887B-7F74D01AD364}.job
[2011/06/25 09:51:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/25 07:01:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/06/25 05:45:14 | 119,825,460 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/24 13:23:58 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/24 13:21:58 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/24 10:01:05 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/22 13:43:34 | 000,655,146 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/06/16 23:31:48 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/06/15 16:40:38 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2011/06/15 07:42:50 | 000,443,582 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 07:42:50 | 000,072,738 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/15 07:33:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/15 05:57:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/15 05:55:09 | 003,082,400 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Compaq_Administrator\Desktop\install_flash_player.exe
[2011/06/15 05:54:32 | 003,120,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Compaq_Administrator\Desktop\install_flash_player_ax.exe
[2011/06/15 04:57:58 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/06/15 04:57:58 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/06/15 04:57:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/06/15 04:57:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/06/15 04:57:58 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/06/14 11:16:38 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2011/06/14 07:10:09 | 000,000,078 | -H-- | M] () -- C:\WINDOWS\Xwdupv.ns
[2011/06/14 07:10:08 | 000,005,124 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2011/06/13 02:37:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2011/06/12 20:56:01 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.exe
[2011/06/11 00:39:22 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Webshots.lnk
[2011/06/10 21:04:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/10 20:39:23 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/08 08:22:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/08 00:36:21 | 000,022,016 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 18:19:48 | 005,964,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/27 01:35:44 | 003,194,296 | ---- | M] (Javacool Software LLC                                       ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\spywareblastersetup44.exe
[2 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/06/25 05:45:14 | 119,825,460 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/24 13:23:58 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/24 13:21:58 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/22 13:43:34 | 000,655,146 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/06/16 02:50:54 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/15 07:27:34 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/06/14 11:16:38 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2011/06/13 02:37:20 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2011/05/14 21:24:34 | 000,001,224 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/05/14 21:24:33 | 000,001,224 | -HS- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5
[2011/01/13 15:53:51 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
[2009/12/15 14:41:19 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/12/15 14:41:19 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/12/15 14:41:19 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/12/15 14:41:18 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/12/15 12:22:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVSDVDPlayer.m3u
[2009/08/13 20:35:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2009/08/10 18:21:53 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/08/10 18:21:53 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/08/10 18:21:53 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/04/20 22:39:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV700SERIES.ini
[2009/04/11 17:25:09 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PRF_MI_B.INI
[2009/04/11 17:21:28 | 000,000,313 | ---- | C] () -- C:\WINDOWS\PRF_MI.INI
[2008/12/10 17:10:24 | 000,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL
[2008/12/10 17:10:24 | 000,004,528 | ---- | C] () -- C:\WINDOWS\SETBROWS.EXE
[2008/12/10 17:10:23 | 000,009,136 | ---- | C] () -- C:\WINDOWS\INETWH16.DLL
[2008/08/01 16:56:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/08/01 16:56:28 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/08/01 16:56:28 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/08/01 16:56:28 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/08/01 16:56:28 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/08/01 16:56:28 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/08/01 16:56:28 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/08/01 16:56:28 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/08/01 16:56:28 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/08/01 16:56:28 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/08/01 16:56:28 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/08/01 16:56:28 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/08/01 16:56:28 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/08/01 16:56:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/08/01 16:56:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/08/01 16:56:28 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/08/01 16:55:20 | 000,000,077 | ---- | C] () -- C:\WINDOWS\EPSC120.ini
[2008/07/13 03:06:33 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ScratchRemoval.dll
[2008/04/18 18:51:02 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/03/16 00:20:30 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\PnIC.dll
[2008/03/16 00:20:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\gm_dll1.dll
[2007/11/11 20:34:36 | 000,022,016 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 03:03:23 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/25 13:57:06 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/24 00:49:55 | 000,000,839 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/08/10 23:45:13 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/10 03:30:58 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\GetInst32.dll
[2007/06/21 13:01:18 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2007/05/28 02:59:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/05/19 23:41:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/04 13:14:24 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/01/23 17:12:16 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini
[2006/11/20 02:15:26 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/09/23 04:39:57 | 000,000,020 | ---- | C] () -- C:\WINDOWS\HPPREC~1.INI
[2006/09/23 04:28:17 | 000,274,948 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2006/08/03 16:42:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/05/18 18:32:58 | 000,068,939 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2006/05/18 18:32:58 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2006/05/17 22:06:09 | 000,000,317 | ---- | C] () -- C:\WINDOWS\System32\wacom.dat
[2006/05/17 22:06:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2006/05/17 22:06:06 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[2006/05/17 22:05:02 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2006/05/17 22:05:02 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2006/05/02 00:04:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2006/04/24 02:51:03 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/04/24 02:32:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/04/24 02:31:41 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/24 02:30:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/31 00:57:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
[2006/03/30 17:11:39 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2006/03/11 23:35:17 | 000,248,832 | ---- | C] () -- C:\WINDOWS\System32\ECircles.dll
[2006/03/11 23:35:17 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
[2006/03/02 15:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/02/27 09:25:38 | 000,000,177 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/02/27 07:06:59 | 000,021,348 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\W77X4
[2006/02/26 05:05:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2006/02/26 02:12:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/02/26 02:11:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/02/26 02:09:15 | 000,000,118 | ---- | C] () -- C:\WINDOWS\A11U.INI
[2006/02/24 22:37:16 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/02/24 22:26:45 | 000,151,552 | ---- | C] () -- C:\WINDOWS\UNUSBDRV.EXE
[2006/02/23 22:00:39 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\venlx32n.dll
[2006/02/23 16:32:08 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/02/23 16:28:46 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006/02/23 16:28:45 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/02/23 05:13:13 | 000,005,124 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2006/02/23 05:04:09 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2006/02/23 05:04:09 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006/02/23 05:04:09 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2006/02/23 05:04:09 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2006/02/23 05:04:04 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/02/23 05:04:04 | 000,048,640 | ---- | C] () -- C:\WINDOWS\catalogSubInstaller.exe
[2006/02/23 01:32:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/02/21 22:01:05 | 000,000,143 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2005/11/11 17:57:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/11 17:36:25 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/11 17:32:20 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2005/11/11 17:31:25 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/11 17:31:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/11 17:28:57 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/11 17:26:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/11 17:22:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/11 17:22:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/11 17:22:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/11 17:22:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/11 17:22:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/11 17:22:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/11 17:17:29 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/11 17:16:33 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/11/11 17:16:33 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/11 17:11:36 | 000,072,082 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2005/11/11 17:10:40 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/11 17:06:21 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/11/11 16:55:07 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/11 16:48:53 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/11 16:48:53 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/11 16:48:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/11/11 06:43:28 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2005/11/11 06:43:24 | 000,887,296 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 03:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/07/02 09:36:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/02 09:34:10 | 003,154,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/02 09:28:10 | 000,443,582 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/07/02 09:28:10 | 000,072,738 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/28 13:41:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/28 13:36:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/27 01:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/08 13:38:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2002/07/26 15:09:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2002/07/22 17:57:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2001/08/23 19:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 19:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\fft.rar:SummaryInformation
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D6E5D55
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 25, 2011, 02:16:34 PM
Sorry, I added the following edit to my last reply

Quote
>I see you have CCleaner
Can you open it, click on TOOLS> Under the UNINSTALL option,
do you see "ASK TOOLBAR" under Programs to Remove?

In addition, I see remnants of AdAware, you definately uninstalled it correct?
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 25, 2011, 08:54:36 PM
[quote name='guestolo' timestamp='1309029394' post='479845']
Sorry, I added the following edit to my last reply



In addition, I see remnants of AdAware, you definately uninstalled it correct?
[/quote]


I saw the Ask Toolbar addition, and uninstalled that using CCleaner - didn't see it before since I was looking for "Ask", not MP3 - GRRR! lol. I uninstalled AdAware using Add/Remove Software from Control Panel. There are probably remnants in the registry - a guess on my part, but it wouldn't be a surprise. (I'd love to know this much about computers and registry etc...)
Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 26, 2011, 12:47:35 PM
Right click on [color="#0000FF"]THIS LINK (http://"http://www.mvps.org/winhelp2002/DelDomains.inf")[/color] and save the file to your desktop. Next, right-click on the downloaded file (DelDomains.inf) and select “Install.” The package will remove all Internet Explorer restricted sites, enhanced security configuration zones and trusted sites.
Note: you will not see any onscreen action.
You can deleted deldomains.inf afterwards

Your copy of SpywareBlaster is outdated
Can you open it please, under the main menu
"Disable All Protections"
Afterwards, close it and uninstall it from Add/Remove programs
We'll update it in a bit

Since you removed Ad-Aware, if the next entries are in Add/Remove, you can uninstall them also
HexDump plug-in for Ad-Aware SE
Tweak-SE plug-in for Ad-Aware SE
LSP Explorer plug-in for Ad-Aware SE

Double  click on OTL.exe and Run it
On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder



Run the installer for SpywareBlaster 4.4 from your desktop
Enable all Protection"
IMPORTANT>>"Check for updates every couple of weeks or so"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection[/list]

I would like you to run Malwarebytes again, follow my instructions closely
Last time I asked you to run a Quick Scan, you ran the Full scan instead, you can save much time'
only running the Quick for now
Run Malwarebytes Anti-Malware, when it opensExtra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

One more log please:
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Note: The log can also be found on your Desktop entitled SystemLook.txt

In addition: You said the following earlier
Quote
neither Adobe Reader nor Adobe Flash would install; I got the yellow bar saying Adobe wants to install "Adobe DLM" from Adobe Systems and at the same time, got a pop-up from IE saying IE has encountered a problem and needs to close.
It would be nice if we could resolve that issue
Can you go back to post #26
Try the installations again, if it won't work with IE, can you try downloading/installing using Opera or Netscape please
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 26, 2011, 11:25:21 PM
[quote name='guestolo' timestamp='1309110455' post='479847']
Right click on [color="#0000ff"]THIS LINK (http://"http://www.mvps.org/winhelp2002/DelDomains.inf")[/color] and save the file to your desktop. Next, right-click on the downloaded file (DelDomains.inf) and select "Install." The package will remove all Internet Explorer restricted sites, enhanced security configuration zones and trusted sites.
Note: you will not see any onscreen action.
You can deleted deldomains.inf afterwards

[color="#0000ff"]DONE

[/color]Your copy of SpywareBlaster is outdated
Can you open it please, under the main menu
"Disable All Protections"
Afterwards, close it and uninstall it from Add/Remove programs
We'll update it in a bit

[color="#0000ff"]UNINSTALLED
[/color]
Since you removed Ad-Aware, if the next entries are in Add/Remove, you can uninstall them also
HexDump plug-in for Ad-Aware SE
Tweak-SE plug-in for Ad-Aware SE
LSP Explorer plug-in for Ad-Aware SE

[color="#0000ff"]DONE[/color]

Double  click on OTL.exe and Run itOn startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder


All processes killed
========== OTL ==========
C:\ComboFix folder moved successfully.
C:\Documents and Settings\All Users\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 moved successfully.
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 moved successfully.
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Compaq_Administrator\Desktop\aswMBR.exe moved successfully.
File\Folder c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk not found.
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Compaq_Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Compaq_Administrator
->Flash cache emptied: 6989 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Compaq_Administrator
->Temp folder emptied: 84098567 bytes
->Temporary Internet Files folder emptied: 11161278 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 7471621 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 239028 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 41650971 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 101975 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 94777097 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4293787544 bytes
 
Total Files Cleaned = 4,323.00 mb
 
 
OTL by OldTimer - Version 3.2.23.0 log created on 06272011_000006

Files\Folders moved on Reboot...
C:\Documents and Settings\Compaq_Administrator\Local Settings\Temporary Internet Files\Content.IE5\HZ2C7Z2F\index[1].htm moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_664.dat not found!

Registry entries deleted on Reboot...

[color="#0000ff"]CONTINUING INSTRUCTIONS...[/color]

Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 27, 2011, 12:27:39 AM
[quote name='guestolo' timestamp='1309110455' post='479847']
Right click on [color="#0000ff"]THIS LINK (http://"http://www.mvps.org/winhelp2002/DelDomains.inf")[/color] and save the file to your desktop. Next, right-click on the downloaded file (DelDomains.inf) and select "Install." The package will remove all Internet Explorer restricted sites, enhanced security configuration zones and trusted sites.
Note: you will not see any onscreen action.
You can deleted deldomains.inf afterwards


I would like you to run Malwarebytes again, follow my instructions closely
Last time I asked you to run a Quick Scan, you ran the Full scan instead, you can save much time'
only running the Quick for now
Run Malwarebytes Anti-Malware, when it opensExtra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

[color="#0000ff"]There was nothing to remove:

[color="#000000"]Malwarebytes' Anti-Malware 1.51.0.1200
[/color][color="#000000"]www.malwarebytes.org[/color] (http://"http://www.malwarebytes.org")[/color]

[color="#000000"]Database version: 6957[/color]

[color="#000000"]Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702[/color]

[color="#000000"]6/27/2011 12:49:51 AM
mbam-log-2011-06-27 (00-49-51).txt[/color]

[color="#000000"]Scan type: Quick scan
Objects scanned: 180867
Time elapsed: 9 minute(s), 53 second(s)[/color]

[color="#000000"]Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0[/color]

[color="#000000"]Memory Processes Infected:
(No malicious items detected)[/color]

[color="#000000"]Memory Modules Infected:
(No malicious items detected)[/color]

[color="#000000"]Registry Keys Infected:
(No malicious items detected)[/color]

[color="#000000"]Registry Values Infected:
(No malicious items detected)[/color]

[color="#000000"]Registry Data Items Infected:
(No malicious items detected)[/color]

[color="#000000"]Folders Infected:
(No malicious items detected)[/color]

[color="#000000"]Files Infected:
(No malicious items detected)


[/color][color="#0000ff"]Continuing with SystemLook
[/color]

Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 27, 2011, 01:18:45 AM
[quote name='guestolo' timestamp='1309110455' post='479847']
Right click on [color="#0000ff"]THIS LINK (http://"http://www.mvps.org/winhelp2002/DelDomains.inf")[/color] and save the file to your desktop. Next, right-click on the downloaded file (DelDomains.inf) and select "Install." The package will remove all Internet Explorer restricted sites, enhanced security configuration zones and trusted sites.

One more log please:
Please download [color="red"]SystemLook[/color] from one of the links below and save it to your Desktop.
[color="blue"]Download Mirror #1[/color] (http://"http://jpshortstuff.247fixes.com/SystemLook.exe")
[color="blue"]Download Mirror #2[/color] (http://"http://images.malwareremoval.com/jpshortstuff/SystemLook.exe")[/b]
Note: The log can also be found on your Desktop entitled SystemLook.txt


SystemLook 04.09.10 by jpshortstuff
Log created at 01:31 on 27/06/2011 by Compaq_Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for ".ntsrsacp "
No files found.

Searching for "ntsrsacp"
No files found.

-= EOF =-

In addition: You said the following earlier:
Quote

neither Adobe Reader nor Adobe Flash would install; I got the yellow bar saying Adobe wants to install "Adobe DLM" from Adobe Systems and at the same time, got a pop-up from IE saying IE has encountered a problem and needs to close.

[color="#0000ff"]I did get Flash installed; held off on Adobe Reader since I rarely use it, but can install it now I think.
[/color]
It would be nice if we could resolve that issue
Can you go back to post #26
Try the installations again, if it won't work with IE, can you try downloading/installing using Opera or Netscape please
[/quote]




Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 27, 2011, 02:01:34 AM
[quote name='guestolo' timestamp='1309110455' post='479847']

In addition: You said the following earlier

Quote
neither Adobe Reader nor Adobe Flash would install; I got the yellow bar saying Adobe wants to install "Adobe DLM" from Adobe Systems and at the same time, got a pop-up from IE saying IE has encountered a problem and needs to close.

It would be nice if we could resolve that issue
Can you go back to post #26
Try the installations again, if it won't work with IE, can you try downloading/installing using Opera or Netscape please
[/quote]


[color="#0000ff"]ALL INSTALLED[/color]

Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 27, 2011, 09:28:58 PM
Open OTL.exe, run a quick scan, post the log that opens
Things look good, but please keep me informed how things are now running
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 28, 2011, 04:42:08 AM
[quote name='guestolo' timestamp='1309228138' post='479878']
Open OTL.exe, run a quick scan, post the log that opens
Things look good, but please keep me informed how things are now running
[/quote]


[color="#0000ff"]No problems opening programs or missing files, but computer is running slowly, moreso than before all this happened around 14 May. I still think it's AVG, since there was a big difference once you had me uninstall, then it seemed to run more slowly than before once I reinstalled, but since it's paid for I hate to uninstall it. And it does its job well.

[color="#000000"]OTL logfile created on: 6/28/2011 5:28:54 AM - Run 5
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.48 Mb Total Physical Memory | 188.97 Mb Available Physical Memory | 19.72% Memory free
2.26 Gb Paging File | 1.54 Gb Available in Paging File | 68.26% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 64.93 Gb Free Space | 36.42% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.01 Gb Free Space | 12.64% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-55E5F9E3D2 | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AGI\core\3.1\AGCoreService.exe (AG Interactive)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TabHook.dll (Wacom Technology, Corp.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll ()
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AGCoreService) -- C:\Program Files\AGI\core\3.1\AGCoreService.exe (AG Interactive)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (InCDsrvR) InCD Helper (read only) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (PenClass) -- C:\WINDOWS\System32\Drivers\PenClass.sys (Wacom Technology Corporation)
DRV - (ATMhelpr) -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [/color][color="#000000"]http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8[/color] (http://"http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8")
[color="#000000"]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [/color][color="#000000"]http://www.geocities.com/m.spatafore/index.html[/color] (http://"http://www.geocities.com/m.spatafore/index.html")
[color="#000000"]IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Webshots\3.1.5.7613\Firefox [2009/07/09 15:25:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 22:36:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 10:01:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/02/20 18:56:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/06/27 02:55:47 | 000,000,000 | ---D | M]
 
[2009/03/06 08:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2009/03/06 08:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\[email protected]
 
O1 HOSTS File: ([2011/06/10 21:04:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 5 Suite\FpLaunch.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Webshots Toolbar) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Webshots Toolbar) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PCDrProfiler]  File not found
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\bak\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Webshots Photo Search - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [/color][color="#000000"]http://office.microsoft.com/templates/ieawsdc.cab[/color] (http://"http://office.microsoft.com/templates/ieawsdc.cab")[color="#000000"] (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [/color][color="#000000"]http://www.apple.com/qtactivex/qtplugin.cab[/color] (http://"http://www.apple.com/qtactivex/qtplugin.cab")[color="#000000"] (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [/color][color="#000000"]http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab[/color] (http://"http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab")[color="#000000"] (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} [/color][color="#000000"]http://www.ipix.com/download/ipixx.cab[/color] (http://"http://www.ipix.com/download/ipixx.cab")[color="#000000"] (iPIX ActiveX Control)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} [/color][color="#000000"]https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB[/color] (http://"https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB")[color="#000000"] (Hewlett-Packard Online Support Services)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [/color][color="#000000"]http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab[/color] (http://"http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab")[color="#000000"] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} [/color][color="#000000"]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/color] (http://"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab")[color="#000000"] (Symantec AntiVirus scanner)
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} [/color][color="#000000"]http://community.webshots.com/html/atx/wsaxcontrol.cab[/color] (http://"http://community.webshots.com/html/atx/wsaxcontrol.cab")[color="#000000"] (Webshots Multiple Media Uploader - Container)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} [/color][color="#000000"]http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab[/color] (http://"http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab")[color="#000000"] (SentinelProxy Class)
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} [/color][color="#000000"]http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab[/color] (http://"http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab")[color="#000000"] (SentinelProxy Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [/color][color="#000000"]http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab[/color] (http://"http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab")[color="#000000"] (DLM Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} [/color][color="#000000"]http://www.linkedin.com/cab/LinkedInContactFinderControl.cab[/color] (http://"http://www.linkedin.com/cab/LinkedInContactFinderControl.cab")[color="#000000"] (LinkedIn ContactFinderControl)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [/color][color="#000000"]http://eaglewings-eyrie.spaces.live.com//PhotoUpload/MsnPUpld.cab[/color] (http://"http://eaglewings-eyrie.spaces.live.com//PhotoUpload/MsnPUpld.cab")[color="#000000"] (MSN Photo Upload Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} [/color][color="#000000"]http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab[/color] (http://"http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab")[color="#000000"] (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [/color][color="#000000"]http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[/color] (http://"http://upload.facebook.com/controls/FacebookPhotoUploader3.cab")[color="#000000"] (Facebook Photo Uploader 4 Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} [/color][color="#000000"]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/color] (http://"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab")[color="#000000"] (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [/color][color="#000000"]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146553036628[/color] (http://"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146553036628")[color="#000000"] (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [/color][color="#000000"]https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[/color] (http://"https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab")[color="#000000"] (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [/color][color="#000000"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/color] (http://"http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab")[color="#000000"] (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [/color][color="#000000"]http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab[/color] (http://"http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab")[color="#000000"] (Reg Error: Key error.)
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} [/color][color="#000000"]http://community.webshots.com/html/WSPhotoUploader.CAB[/color] (http://"http://community.webshots.com/html/WSPhotoUploader.CAB")[color="#000000"] (Webshots Photo Uploader)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} [/color][color="#000000"]https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx[/color] (http://"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx")[color="#000000"] (Get_ActiveX Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [/color][color="#000000"]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/color] (http://"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab")[color="#000000"] (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [/color][color="#000000"]http://ax.emsisoft.com/asquared.cab[/color] (http://"http://ax.emsisoft.com/asquared.cab")[color="#000000"] (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [/color][color="#000000"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/color] (http://"http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab")[color="#000000"] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [/color][color="#000000"]http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab[/color] (http://"http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab")[color="#000000"] (Java Plug-in 1.6.0_26)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} [/color][color="#000000"]http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab[/color] (http://"http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab")[color="#000000"] (Facebook Photo Uploader 4)
O16 - DPF: Microsoft XML Parser for Java [/color][color="#000000"]file://C:\WINDOWS\Java\classes\xmldso.cab[/color] (http://"file://C:\WINDOWS\Java\classes\xmldso.cab")[/color][color="#000000"] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/28 13:41:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/06/28 05:25:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2011/06/27 02:52:32 | 027,634,824 | ---- | C] (                                   ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\AdbeRdr940_en_US.exe
[2011/06/27 02:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/27 00:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/06/24 13:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/24 13:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/24 13:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/24 13:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/16 02:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/06/16 02:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/06/16 02:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/16 02:48:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/06/15 03:46:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/14 07:10:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ulead.dat
[2011/06/11 21:17:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/10 20:39:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/10 20:27:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/09 22:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\COMPUTER FIX STUFF JUNE 2011
[2011/06/08 08:22:47 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/06/28 05:21:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/28 05:20:47 | 000,000,317 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2011/06/28 05:20:19 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/28 05:19:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/28 05:19:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 05:19:30 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/28 05:03:27 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/28 05:02:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/28 04:52:26 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3256EB39-0743-422A-887B-7F74D01AD364}.job
[2011/06/28 04:41:47 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
[2011/06/27 21:44:37 | 120,201,870 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/27 17:29:16 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2011/06/27 13:43:30 | 000,213,128 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/06/27 13:43:16 | 000,655,467 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/06/27 02:55:49 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/27 02:52:36 | 027,634,824 | ---- | M] (                                   ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\AdbeRdr940_en_US.exe
[2011/06/27 01:30:29 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SystemLook.exe
[2011/06/27 00:32:22 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SpywareBlaster.lnk
[2011/06/24 13:23:58 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/24 13:21:58 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/24 10:01:05 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/16 23:31:48 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/06/15 07:42:50 | 000,443,582 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 07:42:50 | 000,072,738 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/14 11:16:38 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2011/06/14 07:10:09 | 000,000,078 | -H-- | M] () -- C:\WINDOWS\Xwdupv.ns
[2011/06/14 07:10:08 | 000,005,124 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2011/06/13 02:37:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2011/06/11 00:39:22 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Webshots.lnk
[2011/06/10 21:04:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/10 20:39:23 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/08 08:22:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/08 00:36:21 | 000,022,016 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/06/27 21:44:37 | 120,201,870 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/06/27 13:43:29 | 000,213,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/06/27 13:43:16 | 000,655,467 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavifw.avm
[2011/06/27 02:55:48 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/27 02:55:48 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/27 01:30:28 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SystemLook.exe
[2011/06/27 00:32:22 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SpywareBlaster.lnk
[2011/06/24 13:23:58 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/24 13:21:58 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/16 02:50:54 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/06/14 11:16:38 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2011/06/13 02:37:20 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2011/01/13 15:53:51 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
[2009/12/15 14:41:19 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/12/15 14:41:19 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/12/15 14:41:19 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/12/15 14:41:18 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/12/15 12:22:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVSDVDPlayer.m3u
[2009/08/13 20:35:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2009/08/10 18:21:53 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/08/10 18:21:53 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/08/10 18:21:53 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/04/20 22:39:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV700SERIES.ini
[2009/04/11 17:25:09 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PRF_MI_B.INI
[2009/04/11 17:21:28 | 000,000,313 | ---- | C] () -- C:\WINDOWS\PRF_MI.INI
[2008/12/10 17:10:24 | 000,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL
[2008/12/10 17:10:24 | 000,004,528 | ---- | C] () -- C:\WINDOWS\SETBROWS.EXE
[2008/12/10 17:10:23 | 000,009,136 | ---- | C] () -- C:\WINDOWS\INETWH16.DLL
[2008/08/01 16:56:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/08/01 16:56:28 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/08/01 16:56:28 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/08/01 16:56:28 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/08/01 16:56:28 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/08/01 16:56:28 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/08/01 16:56:28 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/08/01 16:56:28 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/08/01 16:56:28 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/08/01 16:56:28 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/08/01 16:56:28 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/08/01 16:56:28 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/08/01 16:56:28 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/08/01 16:56:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/08/01 16:56:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/08/01 16:56:28 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/08/01 16:55:20 | 000,000,077 | ---- | C] () -- C:\WINDOWS\EPSC120.ini
[2008/07/13 03:06:33 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ScratchRemoval.dll
[2008/04/18 18:51:02 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/03/16 00:20:30 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\PnIC.dll
[2008/03/16 00:20:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\gm_dll1.dll
[2007/11/11 20:34:36 | 000,022,016 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 03:03:23 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/25 13:57:06 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/24 00:49:55 | 000,000,839 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/08/10 23:45:13 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/10 03:30:58 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\GetInst32.dll
[2007/06/21 13:01:18 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2007/05/28 02:59:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/05/19 23:41:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/04 13:14:24 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/01/23 17:12:16 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini
[2006/11/20 02:15:26 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/09/23 04:39:57 | 000,000,020 | ---- | C] () -- C:\WINDOWS\HPPREC~1.INI
[2006/09/23 04:28:17 | 000,274,948 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2006/08/03 16:42:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/05/18 18:32:58 | 000,068,939 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2006/05/18 18:32:58 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2006/05/17 22:06:09 | 000,000,317 | ---- | C] () -- C:\WINDOWS\System32\wacom.dat
[2006/05/17 22:06:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2006/05/17 22:06:06 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[2006/05/17 22:05:02 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2006/05/17 22:05:02 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2006/05/02 00:04:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2006/04/24 02:51:03 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/04/24 02:32:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/04/24 02:31:41 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/24 02:30:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/31 00:57:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
[2006/03/30 17:11:39 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2006/03/11 23:35:17 | 000,248,832 | ---- | C] () -- C:\WINDOWS\System32\ECircles.dll
[2006/03/11 23:35:17 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
[2006/03/02 15:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/02/27 09:25:38 | 000,000,177 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/02/27 07:06:59 | 000,021,348 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\W77X4
[2006/02/26 05:05:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2006/02/26 02:12:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/02/26 02:11:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/02/26 02:09:15 | 000,000,118 | ---- | C] () -- C:\WINDOWS\A11U.INI
[2006/02/24 22:37:16 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/02/24 22:26:45 | 000,151,552 | ---- | C] () -- C:\WINDOWS\UNUSBDRV.EXE
[2006/02/23 22:00:39 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\venlx32n.dll
[2006/02/23 16:32:08 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/02/23 16:28:46 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006/02/23 16:28:45 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/02/23 05:13:13 | 000,005,124 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2006/02/23 05:04:09 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2006/02/23 05:04:09 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006/02/23 05:04:09 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2006/02/23 05:04:09 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2006/02/23 05:04:04 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/02/23 05:04:04 | 000,048,640 | ---- | C] () -- C:\WINDOWS\catalogSubInstaller.exe
[2006/02/23 01:32:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/02/21 22:01:05 | 000,000,143 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2005/11/11 17:57:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/11 17:36:25 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/11 17:32:20 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2005/11/11 17:31:25 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/11 17:31:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/11 17:28:57 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/11 17:26:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/11 17:22:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/11 17:22:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/11 17:22:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/11 17:22:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/11 17:22:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/11 17:22:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/11 17:17:29 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/11 17:16:33 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/11/11 17:16:33 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/11 17:11:36 | 000,072,082 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2005/11/11 17:10:40 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/11 17:06:21 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/11/11 16:55:07 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/11 16:48:53 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/11 16:48:53 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/11 16:48:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/11/11 06:43:28 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2005/11/11 06:43:24 | 000,887,296 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 03:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/07/02 09:36:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/02 09:34:10 | 003,154,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/02 09:28:10 | 000,443,582 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/07/02 09:28:10 | 000,072,738 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/28 13:41:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/28 13:36:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/27 01:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/08 13:38:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2002/07/26 15:09:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2002/07/22 17:57:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2001/08/23 19:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 19:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2009/07/09 15:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2011/06/16 02:53:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/06/22 09:04:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/01/07 01:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/17 20:14:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/07 01:44:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/02/18 17:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2008/05/04 22:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/12/16 05:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fKpCf06308
[2011/06/16 03:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/02/26 02:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft
[2008/01/11 17:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2008/05/16 02:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redfield
[2006/03/25 18:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/01/28 01:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMSI
[2011/06/27 00:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/08/18 14:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2011/02/20 19:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/07 14:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/09 15:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AGI
[2009/09/01 17:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Amazon
[2008/04/18 12:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Anthropics
[2011/01/07 01:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVG10
[2010/12/08 02:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVG9
[2010/11/24 01:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent
[2005/11/11 17:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Digital Interactive Systems Corporation
[2006/02/23 03:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\EBookSys
[2009/04/21 04:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\EPSON
[2008/08/21 19:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Flickr
[2007/09/14 15:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\fltk.org
[2009/12/15 14:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\GetRightToGo
[2009/01/05 11:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Inkscape
[2008/10/31 01:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\InterVideo
[2010/09/27 14:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Lasersoft Imaging
[2009/04/21 00:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leader Technologies
[2006/02/23 23:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech
[2011/06/06 03:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\LimeWire
[2011/02/06 16:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MP3Rocket
[2007/12/16 18:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MSNInstaller
[2006/08/25 16:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Musicmatch
[2006/02/26 02:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\NewSoft
[2009/09/03 02:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Opera
[2008/10/19 22:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Skinux
[2007/03/23 23:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Smith Micro
[2009/07/09 15:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Temp
[2006/03/31 12:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Template
[2007/09/05 10:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\uk.co.planetside
[2007/07/03 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Uniblue
[2006/02/25 07:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Webshots
[2008/04/18 18:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
[2011/06/28 04:52:26 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3256EB39-0743-422A-887B-7F74D01AD364}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\fft.rar:SummaryInformation
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D6E5D55[/color]

[color="#000000"]< End of report >
[/color]

Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 29, 2011, 10:58:19 PM
Try uninstalling AVG, reboot the computer
Again, run the uninstaller for AVG
Reboot the computer, how is the computer then running?
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 30, 2011, 03:57:28 PM
[quote name='guestolo' timestamp='1309406299' post='479894']
Try uninstalling AVG, reboot the computer
Again, run the uninstaller for AVG
Reboot the computer, how is the computer then running?
[/quote]


AVG uninstalled, but computer hung at the end, had to shut down via power strip. Turned it back on, AVG uninstaller popped up etc., program uninstalled. Computer funning SO much faster, even social websites, webshots, etc - links work more quickly, mail isn't stuck in molasses waiting to open, Photoshop opened quickly, worked well - at least for the short time used to test it. So it seems to be AVG hogging resources and slowing things down.
Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 30, 2011, 04:24:51 PM
If you missed this step
Can you ensure that you also run the uninstaller for AVG from here
http://www.avg.com/us-en/utilities
Reboot after removal

Back in Windows
Ensure that Windows Firewall is enabled
Go into Windows Control panel, open the Firewall and ensure it's on

For testing, or you may want to keep this
Can you download and install the Free version of Avast antiVirus from here
http://www.avast.com/free-antivirus-download
Just choose the Free version, it's quite good
After you click Download, choose No thanks, I want free protection
Save the installer to desktop, run it and follow the prompts
After is finished installing and updating
Can you reboot the computer

Run a Quick Scan with OTL.exe again and post the new log, make sure we don't see any leftovers of AVG
Let me know how the computer is running with Avast installed please
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on June 30, 2011, 10:27:15 PM
[quote name='guestolo' timestamp='1309469091' post='479904']
If you missed this step
Can you ensure that you also run the uninstaller for AVG from here
http://www.avg.com/us-en/utilities (http://"http://www.avg.com/us-en/utilities")
Reboot after removal

Back in Windows
Ensure that Windows Firewall is enabled
Go into Windows Control panel, open the Firewall and ensure it's on

For testing, or you may want to keep this
Can you download and install the Free version of Avast antiVirus from here
http://www.avast.com...ivirus-download (http://"http://www.avast.com/free-antivirus-download")
Just choose the Free version, it's quite good
After you click Download, choose No thanks, I want free protection
Save the installer to desktop, run it and follow the prompts
After is finished installing and updating
Can you reboot the computer

Run a Quick Scan with OTL.exe again and post the new log, make sure we don't see any leftovers of AVG
Let me know how the computer is running with Avast installed please
[/quote]


Did use the tool to remove AVG, but did it again anyway. Had already enabled Windows Firewall, thanks; checked through Control Panel to be certain, it's enabled. With Avast, there's still a lag, but computer is nowhere near as slow as with AVG. Here's the OTL quick scan log:

OTL logfile created on: 6/30/2011 11:11:30 PM - Run 6
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Documents and Settings\Compaq_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
958.48 Mb Total Physical Memory | 502.96 Mb Available Physical Memory | 52.47% Memory free
2.26 Gb Paging File | 1.91 Gb Available in Paging File | 84.42% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 64.64 Gb Free Space | 36.25% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 1.01 Gb Free Space | 12.64% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-55E5F9E3D2 | User Name: Compaq_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AGI\core\3.1\AGCoreService.exe (AG Interactive)
PRC - C:\Program Files\Webshots\3.1.5.7613\Webshots.scr (Webshots.com)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\WINDOWS\arservice.exe (Microsoft)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TabHook.dll (Wacom Technology, Corp.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll ()
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AGCoreService) -- C:\Program Files\AGI\core\3.1\AGCoreService.exe (AG Interactive)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Stuffit Archive Name Service) -- C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe (Smith Micro Software, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)
SRV - (InCDsrvR) InCD Helper (read only) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (InCDsrv) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (CO_Mon) -- C:\WINDOWS\system32\drivers\CO_Mon.sys ()
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Nero AG)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
DRV - (fasttx2k) -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys (Promise Technology, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (PenClass) -- C:\WINDOWS\System32\Drivers\PenClass.sys (Wacom Technology Corporation)
DRV - (ATMhelpr) -- C:\WINDOWS\System32\drivers\ATMHELPR.SYS (Adobe Systems Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 (http://"http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8")
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/m.spatafore/index.html (http://"http://www.geocities.com/m.spatafore/index.html")
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Webshots\3.1.5.7613\Firefox [2009/07/09 15:25:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 22:36:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/24 10:01:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Components: C:\Program Files\Netscape\Netscape Browser\Components [2011/02/20 18:56:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Browser 8.0.3.4\Extensions\\Plugins: C:\Program Files\Netscape\Netscape Browser\Plugins [2011/06/27 02:55:47 | 000,000,000 | ---D | M]
 
[2009/03/06 08:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions
[2009/03/06 08:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Administrator\Application Data\Mozilla\Extensions\[email protected]
 
O1 HOSTS File: ([2011/06/10 21:04:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipAlbum 5 Suite\FpLaunch.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Webshots Toolbar) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Webshots Toolbar) - {C17590D2-ECB4-4B15-8820-F58798DCC118} - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PCDrProfiler]  File not found
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\bak\NBJ.exe (Ahead Software AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\3.1.5.7613\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Webshots Photo Search - C:\Program Files\Webshots\3.1.5.7613\WSToolbar4IE.dll (Webshots.com)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (http://"http://office.microsoft.com/templates/ieawsdc.cab") (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (http://"http://www.apple.com/qtactivex/qtplugin.cab") (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (http://"http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab") (Facebook Photo Uploader 5 Control)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (http://"http://www.ipix.com/download/ipixx.cab") (iPIX ActiveX Control)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (http://"https://h20278.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB") (Hewlett-Packard Online Support Services)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (http://"http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab") (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (http://"http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab") (Symantec AntiVirus scanner)
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} http://community.webshots.com/html/atx/wsaxcontrol.cab (http://"http://community.webshots.com/html/atx/wsaxcontrol.cab") (Webshots Multiple Media Uploader - Container)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab (http://"http://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab") (SentinelProxy Class)
O16 - DPF: {428A9DEF-F057-402B-9F2D-A5887F4544ED} http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab (http://"http://download.microsoft.com/download/f/0/2/f02b515c-7076-4cee-bc08-fd6fea594578/VirtualEarth3D.cab") (SentinelProxy Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (http://"http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab") (DLM Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (http://"http://www.linkedin.com/cab/LinkedInContactFinderControl.cab") (LinkedIn ContactFinderControl)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://eaglewings-eyrie.spaces.live.com//PhotoUpload/MsnPUpld.cab (http://"http://eaglewings-eyrie.spaces.live.com//PhotoUpload/MsnPUpld.cab") (MSN Photo Upload Tool)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (http://"http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab") (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (http://"http://upload.facebook.com/controls/FacebookPhotoUploader3.cab") (Facebook Photo Uploader 4 Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (http://"http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab") (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146553036628 (http://"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146553036628") (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (http://"https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab") (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (http://"http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab") (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (http://"http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab") (Reg Error: Key error.)
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} http://community.webshots.com/html/WSPhotoUploader.CAB (http://"http://community.webshots.com/html/WSPhotoUploader.CAB") (Webshots Photo Uploader)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx (http://"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx") (Get_ActiveX Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab (http://"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab") (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (http://"http://ax.emsisoft.com/asquared.cab") (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (http://"http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab") (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (http://"http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab") (Java Plug-in 1.6.0_26)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (http://"http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab") (Facebook Photo Uploader 4)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (http://"file://C:\WINDOWS\Java\classes\xmldso.cab") (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/28 13:41:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/06/30 22:24:32 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/30 22:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/30 22:24:31 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/30 22:24:29 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/30 22:24:29 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/30 22:24:28 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/30 22:24:28 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/30 22:24:28 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/30 22:24:27 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/30 22:24:14 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/30 22:24:14 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/30 22:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/30 22:24:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/28 05:25:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Administrator\Recent
[2011/06/27 02:52:32 | 027,634,824 | ---- | C] (                                   ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\AdbeRdr940_en_US.exe
[2011/06/27 02:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/27 00:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/06/24 13:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/24 13:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/24 13:20:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/24 13:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/15 03:46:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/14 07:10:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ulead.dat
[2011/06/11 21:17:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/10 20:39:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/10 20:27:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/09 22:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Administrator\Desktop\COMPUTER FIX STUFF JUNE 2011
[2011/06/08 08:22:47 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/06/30 23:08:39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/30 23:07:49 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/30 23:07:45 | 000,000,317 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2011/06/30 23:07:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/30 23:07:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/30 23:07:01 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/30 23:03:15 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2011/06/30 23:02:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/30 22:49:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/30 22:24:32 | 000,001,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/30 22:24:28 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/30 22:04:14 | 058,064,040 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\setup_av_free.exe
[2011/06/30 12:02:32 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3256EB39-0743-422A-887B-7F74D01AD364}.job
[2011/06/30 09:41:31 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
[2011/06/29 09:02:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/27 02:55:49 | 000,001,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/27 02:52:36 | 027,634,824 | ---- | M] (                                   ) -- C:\Documents and Settings\Compaq_Administrator\Desktop\AdbeRdr940_en_US.exe
[2011/06/27 01:30:29 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SystemLook.exe
[2011/06/27 00:32:22 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SpywareBlaster.lnk
[2011/06/24 13:21:58 | 000,001,550 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/16 23:31:48 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/06/15 07:42:50 | 000,443,582 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 07:42:50 | 000,072,738 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/14 11:16:38 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2011/06/14 07:10:09 | 000,000,078 | -H-- | M] () -- C:\WINDOWS\Xwdupv.ns
[2011/06/14 07:10:08 | 000,005,124 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2011/06/13 02:37:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2011/06/11 00:39:22 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\Webshots.lnk
[2011/06/10 21:04:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/10 20:39:23 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/08 08:22:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Administrator\Desktop\OTL.exe
[2011/06/08 00:36:21 | 000,022,016 | -H-- | M] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/06/30 22:24:32 | 000,001,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/06/30 22:04:04 | 058,064,040 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\setup_av_free.exe
[2011/06/27 02:55:48 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/06/27 02:55:48 | 000,001,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/27 01:30:28 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SystemLook.exe
[2011/06/27 00:32:22 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\SpywareBlaster.lnk
[2011/06/24 13:23:58 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/24 13:21:58 | 000,001,550 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/06/14 11:16:38 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon Cloud Player.lnk
[2011/06/13 02:37:20 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Desktop\MBR.dat
[2011/01/13 15:53:51 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\prvlcl.dat
[2009/12/15 14:41:19 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/12/15 14:41:19 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/12/15 14:41:19 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/12/15 14:41:18 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/12/15 12:22:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVSDVDPlayer.m3u
[2009/08/13 20:35:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2009/08/10 18:21:53 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/08/10 18:21:53 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/08/10 18:21:53 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/04/20 22:39:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV700SERIES.ini
[2009/04/11 17:25:09 | 000,000,323 | ---- | C] () -- C:\WINDOWS\PRF_MI_B.INI
[2009/04/11 17:21:28 | 000,000,313 | ---- | C] () -- C:\WINDOWS\PRF_MI.INI
[2008/12/10 17:10:24 | 000,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL
[2008/12/10 17:10:24 | 000,004,528 | ---- | C] () -- C:\WINDOWS\SETBROWS.EXE
[2008/12/10 17:10:23 | 000,009,136 | ---- | C] () -- C:\WINDOWS\INETWH16.DLL
[2008/08/01 16:56:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/08/01 16:56:28 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2008/08/01 16:56:28 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2008/08/01 16:56:28 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2008/08/01 16:56:28 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2008/08/01 16:56:28 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2008/08/01 16:56:28 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2008/08/01 16:56:28 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2008/08/01 16:56:28 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2008/08/01 16:56:28 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2008/08/01 16:56:28 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2008/08/01 16:56:28 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2008/08/01 16:56:28 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2008/08/01 16:56:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2008/08/01 16:56:28 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2008/08/01 16:56:28 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2008/08/01 16:55:20 | 000,000,077 | ---- | C] () -- C:\WINDOWS\EPSC120.ini
[2008/07/13 03:06:33 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ScratchRemoval.dll
[2008/04/18 18:51:02 | 000,096,577 | ---- | C] () -- C:\WINDOWS\hpqins16.dat
[2008/03/16 00:20:30 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\PnIC.dll
[2008/03/16 00:20:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\gm_dll1.dll
[2007/11/11 20:34:36 | 000,022,016 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 03:03:23 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007/09/25 13:57:06 | 000,000,125 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/24 00:49:55 | 000,000,839 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/08/10 23:45:13 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/07/10 03:30:58 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\GetInst32.dll
[2007/06/21 13:01:18 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2007/05/28 02:59:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2007/05/19 23:41:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/04 13:14:24 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/01/23 17:12:16 | 000,005,515 | ---- | C] () -- C:\WINDOWS\fmachine.ini
[2006/11/20 02:15:26 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/09/23 04:39:57 | 000,000,020 | ---- | C] () -- C:\WINDOWS\HPPREC~1.INI
[2006/09/23 04:28:17 | 000,274,948 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2006/08/03 16:42:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/06/12 15:43:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/05/18 18:32:58 | 000,068,939 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2006/05/18 18:32:58 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2006/05/17 22:06:09 | 000,000,317 | ---- | C] () -- C:\WINDOWS\System32\wacom.dat
[2006/05/17 22:06:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2006/05/17 22:06:06 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[2006/05/17 22:05:02 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2006/05/17 22:05:02 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2006/05/02 00:04:45 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2006/04/24 02:51:03 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/04/24 02:32:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2006/04/24 02:31:41 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/24 02:30:00 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/03/31 00:57:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Administrator\Application Data\wklnhst.dat
[2006/03/30 17:11:39 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2006/03/11 23:35:17 | 000,248,832 | ---- | C] () -- C:\WINDOWS\System32\ECircles.dll
[2006/03/11 23:35:17 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\SoyWeb.dll
[2006/03/02 15:31:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/02/27 09:25:38 | 000,000,177 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006/02/27 07:06:59 | 000,021,348 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\W77X4
[2006/02/26 05:05:40 | 000,000,068 | ---- | C] () -- C:\WINDOWS\PRESTOPM.INI
[2006/02/26 02:12:29 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2006/02/26 02:11:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2006/02/26 02:09:15 | 000,000,118 | ---- | C] () -- C:\WINDOWS\A11U.INI
[2006/02/24 22:37:16 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/02/24 22:26:45 | 000,151,552 | ---- | C] () -- C:\WINDOWS\UNUSBDRV.EXE
[2006/02/23 22:00:39 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\venlx32n.dll
[2006/02/23 16:32:08 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2006/02/23 16:28:46 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2006/02/23 16:28:45 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/02/23 05:13:13 | 000,005,124 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2006/02/23 05:04:09 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2006/02/23 05:04:09 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006/02/23 05:04:09 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2006/02/23 05:04:09 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2006/02/23 05:04:04 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/02/23 05:04:04 | 000,048,640 | ---- | C] () -- C:\WINDOWS\catalogSubInstaller.exe
[2006/02/23 01:32:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/02/21 22:01:05 | 000,000,143 | -H-- | C] () -- C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
[2005/11/11 17:57:17 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/11 17:36:25 | 000,022,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2005/11/11 17:32:20 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2005/11/11 17:31:25 | 000,012,989 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/11/11 17:31:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/11/11 17:28:57 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/11/11 17:26:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/11 17:22:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/11/11 17:22:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/11/11 17:22:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/11/11 17:22:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/11/11 17:22:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/11/11 17:22:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/11/11 17:17:29 | 000,000,157 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/11/11 17:16:33 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2005/11/11 17:16:33 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2005/11/11 17:11:36 | 000,072,082 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2005/11/11 17:10:40 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/11/11 17:06:21 | 000,104,361 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/11/11 16:55:07 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/11/11 16:48:53 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/11/11 16:48:53 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/11/11 16:48:35 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/11/11 06:43:28 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2005/11/11 06:43:24 | 000,887,296 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 03:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2005/07/02 09:36:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/02 09:34:10 | 003,154,856 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/07/02 09:28:10 | 000,443,582 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/07/02 09:28:10 | 000,072,738 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/28 13:41:00 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/28 13:36:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 22:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/27 01:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/08 13:38:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2002/07/26 15:09:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2002/07/22 17:57:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2001/08/23 19:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 19:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2009/07/09 15:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2011/06/30 22:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/01/07 01:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/17 20:14:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/07 01:44:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2007/02/18 17:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2008/05/04 22:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/12/16 05:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fKpCf06308
[2011/06/16 03:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/02/26 02:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Newsoft
[2008/01/11 17:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2008/05/16 02:21:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redfield
[2006/03/25 18:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/01/28 01:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMSI
[2011/06/27 00:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/08/18 14:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2011/02/20 19:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/07 14:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/07/09 15:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AGI
[2009/09/01 17:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Amazon
[2008/04/18 12:59:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Anthropics
[2010/12/08 02:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\AVG9
[2010/11/24 01:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\BitTorrent
[2005/11/11 17:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Digital Interactive Systems Corporation
[2006/02/23 03:27:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\EBookSys
[2009/04/21 04:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\EPSON
[2008/08/21 19:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Flickr
[2007/09/14 15:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\fltk.org
[2009/12/15 14:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\GetRightToGo
[2009/01/05 11:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Inkscape
[2008/10/31 01:16:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\InterVideo
[2010/09/27 14:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Lasersoft Imaging
[2009/04/21 00:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leader Technologies
[2006/02/23 23:18:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Leadertech
[2011/06/06 03:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\LimeWire
[2011/02/06 16:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MP3Rocket
[2007/12/16 18:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\MSNInstaller
[2006/08/25 16:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Musicmatch
[2006/02/26 02:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\NewSoft
[2009/09/03 02:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Opera
[2008/10/19 22:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Skinux
[2007/03/23 23:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Smith Micro
[2009/07/09 15:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Temp
[2006/03/31 12:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Template
[2007/09/05 10:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\uk.co.planetside
[2007/07/03 19:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Uniblue
[2006/02/25 07:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\Webshots
[2008/04/18 18:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Administrator\Application Data\WinBatch
[2011/06/30 12:02:32 | 000,000,452 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3256EB39-0743-422A-887B-7F74D01AD364}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Compaq_Administrator\Desktop\fft.rar:SummaryInformation
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D6E5D55

< End of report >


Title: Missing rundll32.exe and other annoyances
Post by: guestolo on June 30, 2011, 11:23:18 PM
You look as if you have enough RAM, so that shouldn't be a problem
There could be a conflict with Avast and Windows Defender
Why not try the following
Double  click on OTL.exe and Run it
Try accessing your Add and Remove programs and uninstall Windows Defender
Reboot the computer afterwards
Back in Windows

Let's ensure that your harddisk is free of errors
# Double-click My Computer, and then right-click on your C: drive
# Click Properties, and then click Tools.
# Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
Select both options

Click Yes to schedule the disk check, and then restart your computer to start the disk check.
This can take awhile
After it's done, your computer will start normally, keep me informed how things are doing please

In addition, can you let me know if you have an HP printer installed to this computer?
Look in Printer and Faxes in Control Panel
Any Printers found that are no longer used?
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on July 01, 2011, 04:31:29 AM
[quote name='guestolo' timestamp='1309494198' post='479907']
You look as if you have enough RAM, so that shouldn't be a problem
There could be a conflict with Avast and Windows Defender
Why not try the following
Double  click on OTL.exe and Run itTry accessing your Add and Remove programs and uninstall Windows Defender
Reboot the computer afterwards
Back in Windows

Let's ensure that your harddisk is free of errors
# Double-click My Computer, and then right-click on your C: drive
# Click Properties, and then click Tools.
# Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
Select both options

Click Yes to schedule the disk check, and then restart your computer to start the disk check.
This can take awhile
After it's done, your computer will start normally, keep me informed how things are doing please

In addition, can you let me know if you have an HP printer installed to this computer?
Look in Printer and Faxes in Control Panel
Any Printers found that are no longer used?
[/quote]

All utilities run. There is no HP printer installed, but Compaq and HP merged before I purchased this machine (2005-2006), so I used to get pop-ups from HP; I don't remember if I disabled the pop-ups but must have since I haven't gotten them in quite some time.

I have duplicates of an Epson Stylus C120 (Copy 1), and also as Epson Stylus C120 Series 0. It's a printer I don't use often, so not sure which is the version used although I think it's the (Copy 1). I don't use the Generic Post Script Printer or the Progeny PDF printer. The Fax and Microsoft XPS Document writer I think came preinstalled, never used.

The computer seems to be running smoothly.
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on July 01, 2011, 10:12:16 PM
The one thing I haven't tried is connecting my external hard drive to test it.
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on July 03, 2011, 10:59:27 PM
No problems with external hard drive being recognized, or transferring files.
Title: Missing rundll32.exe and other annoyances
Post by: guestolo on July 06, 2011, 11:17:12 PM
Sorry for the delay, the wife and I were on a small holiday, just got back to town
Can you Open OTL.exe and choose the CLEANUP option

Let it run, and reboot when prompted
Let me know one last time how things are running please
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on July 07, 2011, 11:44:13 AM
[quote name='guestolo' timestamp='1310012232' post='479939']
Sorry for the delay, the wife and I were on a small holiday, just got back to town
Can you Open OTL.exe and choose the CLEANUP option

Let it run, and reboot when prompted
Let me know one last time how things are running please
[/quote]


No problem; hope you had a nice mini-vacation.

Computer seems to be running fine now, except for programs shutting down unexpectedly, although I think that's probably the app, not the computer.
Title: Missing rundll32.exe and other annoyances
Post by: guestolo on July 07, 2011, 02:20:36 PM
Quote
except for programs shutting down unexpectedly, although I think that's probably the app, not the computer.

What do you mean by that?
Which programs, all of them? Any error messages involved?
Title: Missing rundll32.exe and other annoyances
Post by: jannetie on July 08, 2011, 01:00:23 PM
[quote name='guestolo' timestamp='1310066436' post='479946']
What do you mean by that?
Which programs, all of them? Any error messages involved?
[/quote]


Photoshop and Word shut down sometimes, Word freezes up occasionally (it hasn't happened since your fixes). With Photoshop (and earlier with Word) I'll get a pop-up saying an error has occurred and PS must close - it started happening 4 or 5 months ago and I thought I brought it on by having too many large images open at once, since it was just after I got a new camera that takes higher res photos. Since then, it happens occasionally so I save work often so as not to lose too much. An odd thing happens with Word in that when I open a new (blank) document, it opens up with the last one I had open before the computer went screwy. Not a prob, I just clear the text and go from there. I've tried changing the settings (new doc, blank template etc), but it always reverts back to that same document on opening.

I use PS CS3 Extended and MS Word 2000; Office 2000 is no longer supported by MS I think; I haven't tried using Publisher for any length of time, but it opens and I've worked in it briefly just as a test. But PS shut down quite unexpectedly a few days ago, not long after I rebooted the computer, so I'm guessing resources weren't too low. I rebooted, opened up PS again it and stayed open with no problems during the time I was using it, and is still open right now and hasn't been a problem since early this AM when I used it last. I haven't worked in it since then.

I'm hesitant about uninstalling/re-installing PS in case I can't get it to work. A friend loaded it onto my computer for me several years ago. I'd like to find an unused version with key at a reduced price, but haven't seen anything for sale (as Adobe sometimes offers older versions of programs for highly reduced prices) except on ebay, and I don't trust ebay to sell a good version with a legitimate key or registration number for any software. More recent versions of PS don't work well (way too slow) on my machine; I've tried CS4 from Adobe in trial mode. CS5 needs more power than I have available, so I never tried the month-long free trial for that one. And now they're up one more generation to PS CS5a or something like that. PS sells for more than I make in SS in a month, and in this economy people wanting photos restored has pretty much dried up - I get a half dozen good jobs a year if I'm lucky. But, I still use PS for my own artwork, so don't want to lose it.