here is the first virus total log for C:\Documents and Settings\Compaq_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\473eff2d-2cfa9514:
Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.08.04 Trojan-Downloader.Win32.FraudLoad!IK
AhnLab-V3 5.0.0.2 2009.08.03 -
AntiVir 7.9.0.240 2009.08.03 TR/Dldr.FraudLoad.wkob
Antiy-AVL 2.0.3.7 2009.08.04 Trojan/Win32.FraudLoad.gen
Authentium 5.1.2.4 2009.08.03 W32/Skintrim.1!Generic
Avast 4.8.1335.0 2009.08.04 Win32:Fraudo
AVG 8.5.0.406 2009.08.03 Crypt.FUI
BitDefender 7.2 2009.08.04 -
CAT-QuickHeal 10.00 2009.08.04 TrojanDownloader.FraudLoad.wk
ClamAV 0.94.1 2009.08.04 -
Comodo 1858 2009.08.04 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.08.04 -
eSafe 7.0.17.0 2009.08.03 Suspicious File
eTrust-Vet 31.6.6656 2009.08.04 -
F-Prot 4.4.4.56 2009.08.03 W32/Skintrim.1!Generic
F-Secure 8.0.14470.0 2009.08.04 Trojan-Downloader.Win32.FraudLoad.wkob
Fortinet 3.120.0.0 2009.08.03 W32/FakeAlert.DA!tr
GData 19 2009.08.04 Win32:Fraudo
Ikarus T3.1.1.64.0 2009.08.04 Trojan-Downloader.Win32.FraudLoad
Jiangmin 11.0.800 2009.08.03 TrojanDownloader.FraudLoad.glw
K7AntiVirus 7.10.809 2009.08.03 Trojan-Downloader.Win32.FraudLoad.wkob
Kaspersky 7.0.0.125 2009.08.04 Trojan-Downloader.Win32.FraudLoad.wkob
McAfee 5697 2009.08.03 FakeAlert-DA
McAfee+Artemis 5697 2009.08.03 FakeAlert-DA
McAfee-GW-Edition 6.8.5 2009.08.04 Heuristic.LooksLike.Trojan.Dldr.FraudLoad.B
Microsoft 1.4903 2009.08.03 VirTool:Win32/Obfuscator.DO
NOD32 4302 2009.08.03 a variant of Win32/Kryptik.UI
Norman 6.01.09 2009.08.03 -
nProtect 2009.1.8.0 2009.08.04 Trojan-Downloader/W32.FraudLoad.47107
Panda 10.0.0.14 2009.08.03 Trj/CI.A
PCTools 4.4.2.0 2009.08.03 -
Prevx 3.0 2009.08.04 -
Rising 21.41.02.00 2009.08.03 -
Sophos 4.44.0 2009.08.04 Mal/EncPk-IV
Sunbelt 3.2.1858.2 2009.08.04 Bulk Trojan
Symantec 1.4.4.12 2009.08.04 Packed.Generic.233
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.03 -
VBA32 3.12.10.9 2009.08.04 Trojan-Downloader.Win32.FraudLoad.wkob
ViRobot 2009.8.4.1866 2009.08.04 -
VirusBuster 4.6.5.0 2009.08.03 -
Additional information
File size: 47107 bytes
MD5...: 84d64b3da72ffb153cc7a3d072771496
SHA1..: b3858e21df68e70771220871929ec52210206ba6
SHA256: 529cd70a61bbc34c731eca84417f8cba143ac3eb763fc3189db660b303eed0c9
ssdeep: 768:KWaKqbonhwXrfGJlDNYqJivnLZx7tZimvjGdFZVFizXKP:Kh0hwj8BFMnLZZ
37GF3izXKP
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x4a6731cb (Wed Jul 22 15:35:39 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x209b 0x2400 7.51 0af8da49d329693feaf9b6bb8dd4fc1d
.rdata 0x4000 0x4f0 0x800 3.48 4f1ddbefd2c653929840e16ecce2a83b
.data 0x5000 0xb356 0x7400 7.87 8db5c488e0ac402f499c6acd4c91c618
.rsrc 0x11000 0x1050 0x1400 4.30 3cd15ae903bd264980e3659027a0c8ed
( 6 imports )
> USER32.DLL: DestroyIcon, GetSysColor, GetDlgItem, GetScrollInfo, SendDlgItemMessageW, GetWindowTextW
> KERNEL32.DLL: HeapAlloc, RaiseException, GetCommandLineA, GetLocalTime, VirtualProtect, GetDriveTypeW, WritePrivateProfileStringA, SetConsoleCP, GetCPInfo, GetStartupInfoA, GetOEMCP, ExitProcess, SetEvent, WriteFile, GetLastError, GetModuleHandleA, GetCurrentProcessId, GetProcAddress, GetVersionExA, EnterCriticalSection, SleepEx, LocalAlloc, UnhandledExceptionFilter, SetStdHandle, LoadResource, GetFileType, TlsSetValue, SetHandleCount, GetACP
> OLE32.DLL: CoInitializeEx
> ADVAPI32.DLL: CryptReleaseContext, RegEnumKeyExW
> MSVCRT.DLL: _adjust_fdiv, memset
> GDI32.DLL: SelectObject
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
For the other Virustotal scan:
Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.08.04 Win32.SuspectCrc!IK
AhnLab-V3 5.0.0.2 2009.08.03 Win-Trojan/Xema.variant
AntiVir 7.9.0.240 2009.08.03 TR/Crypt.ASPM.Gen
Antiy-AVL 2.0.3.7 2009.08.04 -
Authentium 5.1.2.4 2009.08.03 -
Avast 4.8.1335.0 2009.08.04 -
AVG 8.5.0.406 2009.08.03 BackDoor.Bifrose.BJC
BitDefender 7.2 2009.08.04 -
CAT-QuickHeal 10.00 2009.08.04 Trojan.Agent.ATV
ClamAV 0.94.1 2009.08.04 -
Comodo 1858 2009.08.04 UnclassifiedMalware
DrWeb 5.0.0.12182 2009.08.04 -
eSafe 7.0.17.0 2009.08.03 Win32.Backdoor.Bifro
eTrust-Vet 31.6.6656 2009.08.04 -
F-Prot 4.4.4.56 2009.08.03 -
F-Secure 8.0.14470.0 2009.08.04 -
Fortinet 3.120.0.0 2009.08.03 -
GData 19 2009.08.04 -
Ikarus T3.1.1.64.0 2009.08.04 Win32.SuspectCrc
Jiangmin 11.0.800 2009.08.03 -
K7AntiVirus 7.10.809 2009.08.03 Trojan.Win32.Malware.4
Kaspersky 7.0.0.125 2009.08.04 -
McAfee 5697 2009.08.03 -
McAfee+Artemis 5697 2009.08.03 -
McAfee-GW-Edition 6.8.5 2009.08.04 Trojan.Crypt.ASPM.Gen
Microsoft 1.4903 2009.08.03 -
NOD32 4302 2009.08.03 probably a variant of Win32/Bifrose
Norman 6.01.09 2009.08.03 W32/Bifrose.AUWE
nProtect 2009.1.8.0 2009.08.04 Trojan/W32.Agent.63040
Panda 10.0.0.14 2009.08.03 -
PCTools 4.4.2.0 2009.08.03 -
Prevx 3.0 2009.08.04 High Risk System Back Door
Rising 21.41.02.00 2009.08.03 -
Sophos 4.44.0 2009.08.04 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.08.04 -
Symantec 1.4.4.12 2009.08.04 Backdoor.Bifrose
TheHacker 6.3.4.3.375 2009.08.01 -
TrendMicro 8.950.0.1094 2009.08.03 BKDR_BIFROSE.CCM
VBA32 3.12.10.9 2009.08.04 -
ViRobot 2009.8.4.1866 2009.08.04 -
VirusBuster 4.6.5.0 2009.08.03 -
Additional information
File size: 63040 bytes
MD5...: fc0cc4ada483906fc264caac29bd7f3d
SHA1..: ab356fc90be73a523ecdd1dcc6516f219e5fcc96
SHA256: b7da78a7c800eb96de86229759649065da1f63be0844213e8a1634501a3907a7
ssdeep: 1536:WJIZa8eZuO6t7/rzrfEqDG7q9PubDY8x8c4afb:WJIZ0ZuOaPzrc77OWw8x
8c1
PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.1%)
Win16/32 Executable Delphi generic (9.3%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x5000 0x2800 7.97 e409b918c27ccd7214b3dfe7694e79e9
0x6000 0x1000 0x600 6.69 c56695558e2fc3a01a8187d08f378e40
0x7000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
0x8000 0x1000 0x200 0.44 33018c6e6cee12b8b65272e3c760b411
0x9000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
0xa000 0x1000 0x200 0.20 cff87d96024acb2a8c9873f5600f0d23
0xb000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0xc000 0x1000 0x400 4.90 c77d47bf8b474f7c4c5ad5aff408a575
.data 0xd000 0xc000 0xb800 7.70 4b06b0d146364b1f2df1b346c54634f3
.data 0x19000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
( 5 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> user32.dll: MessageBoxA
> user32.dll: ShowWindow
> shell32.dll: ShellExecuteA
> comdlg32.dll: GetOpenFileNameA
( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (Kaspersky): PE_Patch, ASProtect
packers (F-Prot): Aspack
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=7EED048B40351E05F6E900819B739B002FEA4818' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=7EED048B40351E05F6E900819B739B002FEA4818</a>
For the combo script:
ComboFix 09-08-02.03 - Compaq_Administrator 08/03/2009 1:16.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1214.575 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FILE ::
"c:\documents and settings\Compaq_Administrator\Desktop\Setup_1.exe"
"c:\program files\Mozilla Firefox\chrome\m3ffxtbr.jar"
"c:\program files\Netscape\Netscape Browser\chrome\m3ntstbr.jar"
"c:\program files\Netscape\Netscape Browser\plugins\NPMyWebS.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Compaq_Administrator\Desktop\Setup_1.exe
c:\program files\Mozilla Firefox\chrome\m3ffxtbr.jar
c:\program files\Netscape\Netscape Browser\chrome\m3ntstbr.jar
c:\program files\Netscape\Netscape Browser\plugins\NPMyWebS.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NWCWORKSTATION
-------\Service_NWCWorkstation
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.
2009-08-02 06:04 . 2009-08-02 06:04 -------- d-----w- c:\program files\ESET
2009-07-31 18:33 . 2009-03-30 15:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-31 18:33 . 2009-03-24 21:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-31 18:33 . 2009-02-13 17:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-31 18:33 . 2009-02-13 17:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-31 18:33 . 2009-07-31 18:33 -------- d-----w- c:\program files\Avira
2009-07-31 18:33 . 2009-07-31 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-30 16:25 . 2009-07-30 16:25 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\HP
2009-07-30 16:25 . 2009-07-30 16:25 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\IsolatedStorage
2009-07-30 16:24 . 2009-07-30 16:24 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\HP
2009-07-29 06:42 . 2009-07-29 06:43 -------- d-----w- C:\rsit
2009-07-28 10:46 . 2009-07-28 10:46 16 ----a-w- c:\windows\popcinfo.dat
2009-07-28 08:41 . 2009-07-28 08:41 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Wildtangent
2009-07-26 09:04 . 2009-07-26 09:05 16426552 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\installer\SetupImvu_update.exe
2009-07-26 05:05 . 2009-07-26 05:05 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-07-26 05:05 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 05:05 . 2009-07-26 05:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 05:05 . 2009-07-26 05:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-26 05:05 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 09:52 . 2009-07-25 09:52 -------- d-----w- c:\program files\Trend Micro
2009-07-23 03:32 . 2009-07-23 03:32 -------- d-----w- c:\documents and settings\Compaq_Administrator\dwhelper
2009-07-23 00:18 . 2009-05-06 19:23 372736 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\dovolokt.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-07-18 05:03 . 2009-07-31 22:06 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Temp
2009-07-16 21:02 . 2009-07-16 21:02 92192 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\IMVUupdater.exe
2009-07-16 21:02 . 2009-07-16 21:02 49920 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\IMVUClient.exe
2009-07-16 21:02 . 2009-07-16 21:02 18176 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\IMVUQualityAgent.exe
2009-07-16 21:00 . 2009-07-16 21:00 1245696 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\SceneWindow.dll
2009-07-16 21:00 . 2009-07-16 21:00 14848 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\MemoryHook.dll
2009-07-16 21:00 . 2009-07-16 21:00 289792 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\cal3d.dll
2009-07-16 21:00 . 2009-07-16 21:00 187392 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\boost_python.dll
2009-07-16 21:00 . 2009-07-16 21:00 27648 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\CallStack.dll
2009-07-16 21:00 . 2009-07-16 21:00 256000 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\audiere.dll
2009-07-13 10:15 . 2009-07-13 10:15 207872 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-07-13 10:15 . 2009-07-13 10:15 207872 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-07-13 10:15 . 2009-07-13 10:15 207872 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-07-13 10:15 . 2009-07-13 10:15 207872 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 06:15 . 2008-06-21 06:02 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\uTorrent
2009-07-31 16:55 . 2006-09-12 01:28 129544 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-31 10:54 . 2006-09-12 01:35 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-31 09:29 . 2008-01-12 01:11 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Family Lawyer
2009-07-31 09:23 . 2006-09-12 01:19 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-07-31 09:23 . 2006-09-12 01:19 -------- d-----w- c:\program files\Common Files\HP
2009-07-31 09:21 . 2006-09-12 01:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-31 04:10 . 2006-09-12 01:25 -------- d-----w- c:\program files\HP Games
2009-07-30 22:07 . 2006-09-12 01:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-30 20:53 . 2008-06-19 02:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-29 20:10 . 2008-07-13 19:49 -------- d-----w- c:\program files\MySpace
2009-07-29 06:29 . 2006-09-12 01:32 -------- d-----w- c:\program files\Microsoft Works
2009-07-28 08:41 . 2006-09-12 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-07-28 08:23 . 2007-12-24 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-28 07:30 . 2008-12-01 00:20 -------- d-----w- c:\program files\Acoustica Mixcraft 4
2009-07-26 10:03 . 2007-12-11 21:51 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\IMVU
2009-07-26 09:07 . 2008-09-17 04:30 82041 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\Uninstall.exe
2009-07-26 09:06 . 2008-09-17 04:30 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient
2009-07-17 10:49 . 2009-06-25 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-07-16 08:34 . 2008-09-11 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-13 10:26 . 2008-06-25 05:48 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-13 10:15 . 2008-06-25 05:48 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\SystemRequirementsLab
2009-07-03 06:16 . 2008-04-29 03:02 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\U3
2009-06-29 16:12 . 2004-08-10 04:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-10 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-26 07:26 . 2009-06-25 01:11 -------- d-----w- c:\program files\Electronic Arts
2009-06-25 01:48 . 2009-06-25 01:48 10134 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-25 01:48 . 2009-06-25 01:48 -------- d-----w- c:\program files\Microsoft WSE
2009-06-23 00:46 . 2009-06-23 00:46 290816 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-23 00:46 . 2009-06-23 00:46 290816 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-23 00:46 . 2009-06-23 00:46 290816 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-23 00:46 . 2009-06-23 00:46 290816 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-21 13:46 . 2009-07-02 03:09 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-16 14:55 . 2004-08-10 04:00 82432 ------w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-10 04:00 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-11 19:36 . 2009-06-11 19:36 3771296 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\ui\plugins\npswf32.dll
2009-06-10 17:32 . 2009-06-10 17:32 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-10 17:30 . 2007-08-28 06:00 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Yahoo!
2009-06-10 17:30 . 2007-08-28 05:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-06-10 13:28 . 2009-06-10 13:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 13:28 . 2009-06-10 13:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 13:28 . 2009-06-10 13:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 13:28 . 2009-06-10 13:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 13:28 . 2009-06-10 13:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 13:28 . 2009-06-10 13:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 13:28 . 2009-06-10 13:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 11:03 . 2009-06-10 11:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 11:03 . 2009-06-10 11:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 11:03 . 2009-06-10 11:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 11:03 . 2009-06-10 11:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 11:03 . 2006-09-12 01:14 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 11:03 . 2006-09-12 01:14 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 11:03 . 2006-09-12 01:14 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 11:03 . 2006-09-12 01:14 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 11:03 . 2006-09-12 01:14 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 11:03 . 2006-09-12 01:14 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 11:03 . 2006-09-12 01:14 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 00:53 . 2008-05-08 05:31 -------- d-----w- c:\program files\Mindscape
2009-06-10 00:31 . 2006-09-12 01:28 -------- d-----w- c:\program files\DISC
2009-06-09 23:28 . 2008-11-30 22:57 -------- d-----w- c:\program files\Antares Audio Technologies
2009-06-09 23:26 . 2007-12-24 22:41 -------- d-----w- c:\program files\Common Files\AOL
2009-06-08 23:45 . 2009-06-08 23:45 271929 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\pixomatic.dll
2009-06-08 23:43 . 2009-06-08 23:43 4608 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\w9xpopen.exe
2009-06-08 23:43 . 2009-06-08 23:43 348160 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\MSVCR71.dll
2009-06-08 23:43 . 2009-06-08 23:43 327680 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\pythoncom25.dll
2009-06-08 23:43 . 2009-06-08 23:43 2113536 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\python25.dll
2009-06-08 23:43 . 2009-06-08 23:43 102400 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\IMVUClient\pywintypes25.dll
2009-06-03 19:24 . 2004-08-10 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 18:41 . 2009-06-01 18:41 390664 -c----w- c:\documents and settings\Compaq_Administrator\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-16 18:14 . 2009-05-16 18:12 385 ----a-w- C:\temp.dat
2009-05-07 15:44 . 2004-08-10 04:00 344064 ------w- c:\windows\system32\localspl.dll
2009-07-15 20:30 . 2008-09-02 00:02 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-08-21 08:19 . 2007-08-29 05:43 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-07-31_18.04.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 07:19 . 2007-11-07 07:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2009-07-31 18:33 . 2009-05-11 15:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2009-08-02 03:36 . 2009-08-02 03:36 195584 c:\windows\Installer\732edef.msi
+ 2009-07-31 18:31 . 2009-07-31 18:31 228352 c:\windows\Installer\19dd9a.msi
+ 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-26 16:25 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-26 809864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-9-11 36903]
Event Planner Reminder Express.lnk - c:\windows\Installer\{E7875036-3CFC-4F0F-A470-8EADFFE43F6C}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2008-1-11 1718]
MySoftware NewsFlash.lnk - c:\program files\Common Files\MySoftware\Newsflsh.exe [2008-5-8 233472]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Lexmark X5400 Series\\lxdvmon.exe"=
"c:\\Program Files\\Lexmark X5400 Series\\lxdvamon.exe"=
"c:\\Program Files\\Lexmark X5400 Series\\FRun.exe"=
"c:\\WINDOWS\\system32\\lxdvcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvtime.exe"=
"c:\\Program Files\\Lexmark X5400 Series\\LXDVFax.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdvjswx.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\ROCKSTAR GAMES\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Documents and Settings\\Compaq_Administrator\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/31/2009 1:33 PM 108289]
R2 lxdv_device;lxdv_device;c:\windows\system32\lxdvcoms.exe -service --> c:\windows\system32\lxdvcoms.exe -service [?]
R2 lxdvCATSCustConnectService;lxdvCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdvserv.exe [5/12/2008 10:08 PM 98984]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 5:06 AM 21632]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/29/2007 12:43 AM 29744]
.
Contents of the 'Scheduled Tasks' folder
2009-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-226954093-2068110567-3936347852-1007Core.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 21:05]
2009-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-226954093-2068110567-3936347852-1007UA.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 21:05]
2009-08-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-02-26 16:25]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopuDefault_Search_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopmSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/def ... earch.htmluInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/keyword/%s
IE: &Search
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
hxxp://download.eset.com/special/eos/OnlineScanner.cabFF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\dovolokt.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://en-US.start2.mozilla.com/firefox ... S:officialFF - prefs.js: keyword.URL -
hxxp://supertoolbar.ask.com/redirect?cl ... e=en_US&q=FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-03 01:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2924)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\ehome\ehtray.exe
c:\windows\RTHDCPL.EXE
c:\windows\arpwrmsg.exe
c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\program files\Lexmark X5400 Series\lxdvmon.exe
c:\program files\Lexmark X5400 Series\lxdvamon.exe
c:\program files\HP\HP Software Update\hpwuSchd2.exe
c:\program files\PowerISO\PWRISOVM.EXE
c:\program files\Java\jre1.6.0_03\bin\jusched.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\windows\system32\lxdvcoms.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avgnt.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Chatango\Chatango.exe
c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
c:\program files\DAEMON Tools Lite\daemon.exe
c:\program files\Electronic Arts\EADM\Core.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-08-03 1:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-03 06:35
ComboFix2.txt 2009-07-31 18:15
Pre-Run: 26,103,701,504 bytes free
Post-Run: 26,874,601,472 bytes free
372 --- E O F --- 2009-08-02 03:36
For the RSIT:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Administrator at 2009-08-04 00:22:24
Microsoft Windows XP Professional Service Pack 2
System drive C: has 20 GB (14%) free of 144 GB
Total RAM: 1214 MB (9% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:54 AM, on 8/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdvserv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\lxdvcoms.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Chatango\Chatango.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\MySoftware\Newsflsh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\utorrent.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
c:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxdvmon.exe] "C:\Program Files\Lexmark X5400 Series\lxdvmon.exe"
O4 - HKLM\..\Run: [lxdvamon] "C:\Program Files\Lexmark X5400 Series\lxdvamon.exe"
O4 - HKLM\..\Run: [Lexmark X5400 Series Fax Server] "C:\Program Files\Lexmark X5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Chatango] C:\Program Files\Chatango\Chatango.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKUS\S-1-5-18\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [LabelMaker2.0] regsvr32 C:\Program Files\Common Files\MySoftware\regdll.dll /s (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Adobe Media Player.lnk = ?
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: Event Planner Reminder Express.lnk = ?
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\Newsflsh.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -
http://download.eset.com/special/eos/OnlineScanner.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdvCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe
O23 - Service: lxdv_device - - C:\WINDOWS\system32\lxdvcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 11618 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-226954093-2068110567-3936347852-1007Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-226954093-2068110567-3936347852-1007UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-18 370296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2006-09-11 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-02-26 809864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-03 463872]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-02-26 809864]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"ftutil2"=ftutil2.dll,SetWriteCacheMode []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856]
"MsgCenterExe"=C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe [2008-02-18 69632]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-18 185896]
"lxdvmon.exe"=C:\Program Files\Lexmark X5400 Series\lxdvmon.exe [2007-11-01 455336]
"lxdvamon"=C:\Program Files\Lexmark X5400 Series\lxdvamon.exe [2007-11-01 25256]
"Lexmark X5400 Series Fax Server"=C:\Program Files\Lexmark X5400 Series\fm3032.exe [2007-11-01 307880]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-06-16 167936]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-21 29744]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-28 221184]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-20 4670704]
"Chatango"=C:\Program Files\Chatango\Chatango.exe [2008-02-04 356352]
"Google Update"=C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 133104]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-11-03 3522296]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US
ee://aol/imApp []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
C:\Program Files\PeerGuardian2\pg2.exe []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
Event Planner Reminder Express.lnk - C:\WINDOWS\Installer\{E7875036-3CFC-4F0F-A470-8EADFFE43F6C}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe
MySoftware NewsFlash.lnk - C:\Program Files\Common Files\MySoftware\Newsflsh.exe
C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup
Adobe Media Player.lnk -
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Lexmark X5400 Series\lxdvmon.exe"="C:\Program Files\Lexmark X5400 Series\lxdvmon.exe:*:Enabled:Printer Device Monitor"
"C:\Program Files\Lexmark X5400 Series\lxdvamon.exe"="C:\Program Files\Lexmark X5400 Series\lxdvamon.exe:*:Enabled:Lexmark Device Monitor"
"C:\Program Files\Lexmark X5400 Series\FRun.exe"="C:\Program Files\Lexmark X5400 Series\FRun.exe:*:Enabled:Lexmark Productivity Studio"
"C:\WINDOWS\system32\lxdvcoms.exe"="C:\WINDOWS\system32\lxdvcoms.exe:*:Enabled:Lexmark Communications System"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvtime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvtime.exe:*:Enabled:Lexmark Connect Time Executable"
"C:\Program Files\Lexmark X5400 Series\LXDVFax.exe"="C:\Program Files\Lexmark X5400 Series\LXDVFax.exe:*:Enabled:Fax Solutions Software"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdvjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\ROCKSTAR GAMES\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\ROCKSTAR GAMES\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Documents and Settings\Compaq_Administrator\Desktop\utorrent.exe"="C:\Documents and Settings\Compaq_Administrator\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
======List of files/folders created in the last 3 months======
2009-08-03 01:37:02 ----D---- C:\WINDOWS\temp
2009-08-03 01:37:01 ----A---- C:\ComboFix.txt
2009-08-02 01:04:51 ----D---- C:\Program Files\ESET
2009-07-31 13:33:08 ----D---- C:\Program Files\Avira
2009-07-31 13:33:08 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-07-31 12:30:11 ----A---- C:\WINDOWS\SWREG.exe
2009-07-31 12:30:11 ----A---- C:\WINDOWS\PEV.exe
2009-07-31 12:30:11 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-31 12:30:10 ----A---- C:\WINDOWS\zip.exe
2009-07-31 12:30:10 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-31 12:30:10 ----A---- C:\WINDOWS\SWSC.exe
2009-07-31 12:30:10 ----A---- C:\WINDOWS\sed.exe
2009-07-31 12:30:10 ----A---- C:\WINDOWS\grep.exe
2009-07-31 12:30:03 ----D---- C:\WINDOWS\ERDNT
2009-07-31 12:29:55 ----D---- C:\Qoobox
2009-07-31 03:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB908250$
2009-07-30 11:25:09 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\HP
2009-07-29 01:42:43 ----D---- C:\rsit
2009-07-26 00:05:15 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2009-07-26 00:05:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-26 00:05:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-25 04:52:49 ----D---- C:\Program Files\Trend Micro
2009-07-16 03:29:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 03:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 03:09:08 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-01 22:09:00 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-07-01 22:07:29 ----D---- C:\NVIDIA
2009-06-24 20:59:55 ----D---- C:\ProgramData
2009-06-24 20:59:55 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-06-24 20:48:37 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-06-24 20:48:35 ----D---- C:\Program Files\Microsoft WSE
2009-06-24 20:46:21 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-06-24 20:45:44 ----D---- C:\WINDOWS\Logs
2009-06-24 20:11:01 ----D---- C:\Program Files\Electronic Arts
2009-06-10 12:32:47 ----A---- C:\WINDOWS\system32\devil.dll
2009-06-10 12:32:46 ----A---- C:\WINDOWS\system32\AVSredirect.dll
2009-06-10 12:32:46 ----A---- C:\WINDOWS\system32\avisynth.dll
2009-06-10 12:32:45 ----D---- C:\Program Files\AviSynth 2.5
2009-06-10 12:32:45 ----A---- C:\WINDOWS\system32\i420vfw.dll
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\nwiz.exe
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\nvwimg.dll
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\nvshell.dll
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\nvappbar.exe
2009-06-10 08:29:34 ----A---- C:\WINDOWS\system32\keystone.exe
2009-06-10 08:29:32 ----A---- C:\WINDOWS\system32\nview.dll
2009-06-10 08:29:30 ----A---- C:\WINDOWS\system32\nvcplui.exe
2009-06-10 08:29:20 ----A---- C:\WINDOWS\system32\nvwddi.dll
2009-06-10 08:29:12 ----A---- C:\WINDOWS\system32\nvwss.dll
2009-06-10 08:29:06 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2009-06-10 08:29:02 ----A---- C:\WINDOWS\system32\nvmobls.dll
2009-06-10 08:29:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2009-06-10 08:28:58 ----A---- C:\WINDOWS\system32\nvgames.dll
2009-06-10 08:28:52 ----A---- C:\WINDOWS\system32\nvdisps.dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-06-10 08:28:50 ----A---- C:\WINDOWS\system32\nvcolor.exe
2009-06-10 08:28:48 ----A---- C:\WINDOWS\system32\nvmccs.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-06-10 03:39:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 03:38:43 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 03:23:11 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 03:19:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-09 12:01:59 ----D---- C:\WINDOWS\system32\NtmsData
2009-05-16 13:09:32 ----D---- C:\AV_LOGS
2009-05-15 21:39:13 ----D---- C:\Program Files\Ask.com
2009-05-15 21:34:32 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\ManyCam
2009-05-15 21:34:30 ----D---- C:\Program Files\ManyCam 2.4
2009-05-15 21:20:53 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Webcammax
2009-05-14 20:55:22 ----D---- C:\WINDOWS\Minidump
2009-05-10 22:49:03 ----RA---- C:\WINDOWS\sel3110.exe
2009-05-10 22:49:03 ----RA---- C:\WINDOWS\CleanDev.exe
2009-05-10 22:49:02 ----RA---- C:\WINDOWS\vidcap32.exe
2009-05-10 22:49:02 ----RA---- C:\WINDOWS\ov519dib.dll
2009-05-10 22:49:02 ----RA---- C:\WINDOWS\OV519.txt
2009-05-10 22:49:01 ----RA---- C:\WINDOWS\ov519cap.exe
2009-05-10 22:49:01 ----RA---- C:\WINDOWS\amcap.exe
2009-05-10 22:48:58 ----RA---- C:\WINDOWS\system32\ov519ext.dll
2009-05-10 22:48:58 ----D---- C:\WINDOWS\OvtCam
2009-05-10 22:48:57 ----A---- C:\WINDOWS\system32\ov519usd.dll
2009-05-10 22:48:48 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-05-05 00:29:51 ----A---- C:\WINDOWS\ModemLog_LGE CDMA USB Modem #2.txt
======List of files/folders modified in the last 3 months======
2009-08-04 00:25:21 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\uTorrent
2009-08-04 00:22:19 ----D---- C:\WINDOWS\Prefetch
2009-08-03 21:03:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-03 04:29:10 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\IMVU
2009-08-03 02:14:49 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\IMVUClient
2009-08-03 01:38:39 ----D---- C:\Program Files\Mozilla Firefox
2009-08-03 01:37:40 ----D---- C:\WINDOWS
2009-08-03 01:37:03 ----D---- C:\WINDOWS\system32\drivers
2009-08-03 01:37:03 ----D---- C:\WINDOWS\system32
2009-08-03 01:27:12 ----A---- C:\WINDOWS\system.ini
2009-08-03 01:26:54 ----D---- C:\WINDOWS\Registration
2009-08-03 01:26:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-03 01:24:35 ----D---- C:\WINDOWS\system32\config
2009-08-03 01:21:28 ----D---- C:\WINDOWS\AppPatch
2009-08-03 01:21:27 ----D---- C:\Program Files\Common Files
2009-08-02 01:04:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-02 01:04:51 ----D---- C:\Program Files
2009-08-01 22:36:12 ----SHD---- C:\WINDOWS\Installer
2009-08-01 22:36:12 ----SHD---- C:\Config.Msi
2009-08-01 22:36:11 ----D---- C:\WINDOWS\WinSxS
2009-07-31 13:33:16 ----HD---- C:\WINDOWS\inf
2009-07-31 13:13:29 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-31 05:54:07 ----D---- C:\Program Files\Common Files\Adobe
2009-07-31 05:52:44 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Adobe
2009-07-31 05:52:05 ----D---- C:\Program Files\Adobe
2009-07-31 05:50:03 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-31 04:29:05 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Family Lawyer
2009-07-31 04:24:09 ----RSD---- C:\WINDOWS\assembly
2009-07-31 04:23:53 ----D---- C:\Program Files\Common Files\Sonic Shared
2009-07-31 04:23:50 ----RSD---- C:\WINDOWS\Fonts
2009-07-31 04:23:18 ----D---- C:\Program Files\Common Files\HP
2009-07-31 04:21:39 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-30 23:10:16 ----D---- C:\Program Files\HP Games
2009-07-30 17:07:28 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-30 17:05:45 ----AC---- C:\WINDOWS\WININIT.INI
2009-07-30 15:58:44 ----SD---- C:\WINDOWS\Tasks
2009-07-30 15:53:20 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-30 06:48:48 ----A---- C:\WINDOWS\imsins.BAK
2009-07-30 06:44:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-29 15:10:33 ----D---- C:\Program Files\MySpace
2009-07-29 03:01:37 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 03:01:37 ----D---- C:\Program Files\Internet Explorer
2009-07-29 03:01:24 ----D---- C:\WINDOWS\ie7updates
2009-07-29 01:29:27 ----D---- C:\Program Files\Microsoft Works
2009-07-29 01:29:27 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-29 01:29:25 ----D---- C:\Program Files\Microsoft Office
2009-07-29 00:40:52 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-28 03:41:09 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2009-07-28 03:23:32 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-07-28 02:30:04 ----D---- C:\Program Files\Acoustica Mixcraft 4
2009-07-25 20:34:39 ----D---- C:\Program Files\Online Services
2009-07-25 05:10:34 ----D---- C:\WINDOWS\system32\wbem
2009-07-23 00:28:31 ----A---- C:\WINDOWS\ModemLog_LGE CDMA USB Modem.txt
2009-07-22 22:52:26 ----A---- C:\WINDOWS\win.ini
2009-07-19 08:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 08:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-16 03:34:00 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-13 05:26:34 ----D---- C:\Program Files\SystemRequirementsLab
2009-07-13 05:15:11 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\SystemRequirementsLab
2009-07-07 10:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-03 01:16:52 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\U3
2009-07-01 23:19:47 ----D---- C:\WINDOWS\Help
2009-07-01 23:18:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-29 11:12:20 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-29 11:12:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-29 11:12:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\url.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\mstime.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\icardie.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\corpol.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-06-29 06:07:12 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-06-29 06:07:11 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 03:33:39 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-06-24 20:48:38 ----ASD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-24 20:46:31 ----D---- C:\WINDOWS\system32\DirectX
2009-06-16 09:55:16 ----N---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 09:55:16 ----N---- C:\WINDOWS\system32\fontsub.dll
2009-06-10 12:30:50 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Yahoo!
2009-06-10 12:30:50 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-06-10 06:03:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-06-09 19:53:12 ----D---- C:\Program Files\Mindscape
2009-06-09 19:51:45 ----D---- C:\WINDOWS\system
2009-06-09 19:31:42 ----D---- C:\Program Files\DISC
2009-06-09 18:49:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-09 18:28:44 ----D---- C:\Program Files\Antares Audio Technologies
2009-06-09 18:26:32 ----D---- C:\Program Files\Common Files\AOL
2009-06-09 17:57:06 ----D---- C:\WINDOWS\Cursors
2009-06-09 17:56:58 ----D---- C:\Program Files\Windows NT
2009-06-09 13:34:39 ----SHD---- C:\System Volume Information
2009-06-09 12:10:56 ----D---- C:\WINDOWS\repair
2009-06-03 14:24:03 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-30 18:19:53 ----SD---- C:\Documents and Settings\Compaq_Administrator\Application Data\Microsoft
2009-05-30 17:18:37 ----D---- C:\WINDOWS\SHELLNEW
2009-05-30 17:16:11 ----D---- C:\Program Files\PeerGuardian2
2009-05-30 17:13:43 ----D---- C:\Program Files\Maxis
2009-05-30 17:12:53 ----D---- C:\Program Files\ProVenture
2009-05-30 17:11:22 ----D---- C:\Program Files\Yahoo!
2009-05-26 08:47:03 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-05-12 03:41:58 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-10 22:49:00 ----D---- C:\WINDOWS\twain_32
2009-05-07 10:44:00 ----N---- C:\WINDOWS\system32\localspl.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-06-12 56108]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-09 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-09 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-09 55936]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-09 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 aaj0zjzz;aaj0zjzz; C:\WINDOWS\system32\drivers\aaj0zjzz.sys []
S3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
S3 ovt519;EyeToy; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-10-15 174530]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-23 12416]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbcm;USB Cable Modem 351000 NDIS Driver; C:\WINDOWS\system32\DRIVERS\usbcm.sys [2005-04-21 13335]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-23 19840]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-23 21632]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-09 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-09 20480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-09 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]
R2 lxdv_device;lxdv_device; C:\WINDOWS\system32\lxdvcoms.exe [2007-10-18 594600]
R2 lxdvCATSCustConnectService;lxdvCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe [2007-10-18 98984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-09 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-21 29744]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
by Anime Lady PIMP » August 3rd, 2009, 10:02 am 
