c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\amipro.sam
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\excel.xls
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\excel4.xls
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\lotus.wk4
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\powerpnt.ppt
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\presenta.shw
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\quattro.wb2
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\sndrec.wav
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\winword.doc
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\winword2.doc
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\wordpfct.wpd
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Templates\wordpfct.wpg
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\UserData
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\UserData\21ODCLKX\oWindowsUpdate[1].xml
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\UserData\index.dat
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\WINDOWS
c:\documents and settings\LocalService\Application Data\Webroot
c:\documents and settings\LocalService\IETldCache
c:\documents and settings\LocalService\IETldCache\index.dat
c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
c:\documents and settings\LocalService\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\AcroFnt07.lst
c:\documents and settings\LocalService\Local Settings\Application Data\Adobe\Color\ACECache4.lst
c:\documents and settings\LocalService\Local Settings\Application Data\Google
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML
c:\documents and settings\LocalService\Local Settings\desktop.ini
c:\documents and settings\LocalService\ntuser.ini
c:\documents and settings\NetworkService\IETldCache
c:\documents and settings\NetworkService\IETldCache\index.dat
c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
c:\documents and settings\NetworkService\Local Settings\Application Data\Google
c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD
c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML
c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft
c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft\ddoctorv2\HP_Administrator\state\databags\SubAgent.subagent.History.xml
c:\documents and settings\NetworkService\Local Settings\desktop.ini
c:\documents and settings\NetworkService\ntuser.ini
c:\program files\WildTangent
c:\program files\WildTangent\Apps\GameChannel\Games\038D56DF-B15D-47F7-959F-59FA1FBB63FC\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\049D60AF-B425-4F8A-BD66-9D8C1B519D59\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\0814ADC6-5B36-4144-A8EA-439C36B1BB11\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\0AA27562-3C4E-4860-8742-7ADEBE2EFC43\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\0C20CAB1-F8BC-4AC1-A796-535B005C1B83\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\0C20CAB1-F8BC-4AC1-A796-535B005C1B83\settings.dat
c:\program files\WildTangent\Apps\GameChannel\Games\0C84A7C5-2762-4932-96BF-44A77202DCC3\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\1FFA88DF-0AC3-4D9E-9139-5FF98813C12C\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\3320769C-062B-4670-BD6B-AA4B3D0E9903\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\3D61540E-C88C-4358-B6A1-DC26648F2A3D\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\413773DA-62DE-4C4C-A0F9-10EFB9317DE5\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\47D5A62B-1B41-4DB1-8267-ADA434FA782B\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\538B9061-0C77-4FB2-903F-EC42A1FF5DD8\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\55275778-F7D9-4BA0-95F4-DEFD71ADDFD9\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\581538B9-2ED3-45E2-96CB-22AD8F811D2A\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\5DAA9E44-1B31-41CD-88A8-228EDED6E36E\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\758619C0-7C97-42BB-B1E9-775F72FDAD1E\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\901E0096-B2AC-469E-A99E-2725A39C0B47\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\90EA5584-4290-407B-B8F2-D6E6D65A4796\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\9844050E-4CA4-4901-A53D-A5D14C63789B\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\A09026AE-8F16-4929-B4E6-1825535844DB\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\B2AA88B1-4920-462B-9F7C-019782B3C4DB\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\B3FF79F4-CDA8-4845-A7C0-9CE017719F36\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\B7217206-A362-446B-A0F7-A2622B82F821\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\BA42B721-D70B-4412-ABA6-057B5823FDE9\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\E44A47AF-C94B-4E3F-81A0-979FBA9DAC57\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\E59F75D0-A38B-40F4-ABA2-CA35A7735473\def.dat
c:\program files\WildTangent\Apps\GameChannel\Games\F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E\def.dat
c:\program files\WildTangent\Apps\icon.ico
c:\windows\system32\config\systemprofile\Application Data\desktop.ini
c:\windows\system32\config\systemprofile\Application Data\Intuit
c:\windows\system32\config\systemprofile\Application Data\Symantec
c:\windows\system32\config\systemprofile\Local Settings\desktop.ini
c:\windows\system32\config\systemprofile\WINDOWS
c:\documents and settings\All Users\Application Data\avg9 . . . . failed to delete
c:\documents and settings\All Users\Application Data\avg9\Chjw\cm-0-p.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\avg9\Chjw\cm-1-p.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\avg9\Chjw\cm-2-i.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\avg9\Chjw\cm-2-p.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\avg9\emc\Log\emc.log . . . . failed to delete
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft . . . . failed to delete
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat . . . . failed to delete
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG . . . . failed to delete
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft . . . . failed to delete
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat . . . . failed to delete
c:\documents and settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG . . . . failed to delete
c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft . . . . failed to delete
c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat . . . . failed to delete
c:\documents and settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 )))))))))))))))))))))))))))))))
.
2010-01-24 22:04 . 2010-01-24 22:04 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\IObit
2010-01-24 22:04 . 2010-01-24 22:04 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\IETldCache
2010-01-24 22:04 . 2010-01-24 22:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-24 22:04 . 2010-01-24 22:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-24 09:30 . 2010-01-24 09:35 5281792 ----a-w- c:\windows\system32\logonuix.exe
2010-01-24 08:47 . 2010-01-24 08:48 -------- d-----w- c:\program files\TheSage
2010-01-24 08:46 . 2010-01-24 08:46 -------- d-----w- c:\program files\Stardock
2010-01-24 00:19 . 2010-01-24 00:22 -------- d-----w- c:\program files\Startup Optimizer
2010-01-23 08:59 . 2010-01-23 08:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-23 08:44 . 2010-01-23 08:50 -------- d-----w- c:\program files\Trend Micro
2010-01-23 06:10 . 2010-01-23 06:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-23 06:08 . 2010-01-23 06:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-23 05:58 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-23 05:58 . 2010-01-23 06:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-23 05:58 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-23 05:35 . 2010-01-23 05:35 -------- d-----w- c:\windows\system32\scripting
2010-01-23 05:35 . 2010-01-23 05:35 -------- d-----w- c:\windows\system32\en
2010-01-23 05:35 . 2010-01-23 05:35 -------- d-----w- c:\windows\system32\bits
2010-01-23 05:09 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2010-01-23 05:09 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2010-01-23 05:09 . 2008-04-14 00:12 712704 ------w- c:\windows\system32\windowscodecs.dll
2010-01-23 05:09 . 2008-04-14 00:12 346112 ------w- c:\windows\system32\windowscodecsext.dll
2010-01-23 05:09 . 2004-08-04 03:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2010-01-23 05:09 . 2004-08-04 03:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-01-23 05:07 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2010-01-23 05:06 . 2008-04-14 00:11 516768 ------w- c:\windows\system32\ativvaxx.dll
2010-01-23 04:14 . 2010-01-23 04:14 -------- d-----w- C:\$AVG
2010-01-23 04:13 . 2010-01-23 04:13 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-23 04:13 . 2010-01-23 04:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-23 04:13 . 2010-01-23 04:13 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-23 04:13 . 2010-01-24 22:03 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-23 04:13 . 2010-01-23 04:13 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-23 04:13 . 2010-01-24 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-23 03:19 . 2009-12-21 19:14 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-23 03:19 . 2009-12-21 19:14 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-23 03:19 . 2009-12-21 19:14 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-23 03:19 . 2009-12-21 19:14 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-23 03:19 . 2009-12-21 19:14 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-01-23 03:19 . 2009-12-21 19:14 11070464 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-01-23 03:19 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-23 03:11 . 2001-08-17 21:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-23 03:11 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-23 03:11 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-23 03:11 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-01-23 03:11 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-01-23 02:30 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-01-23 02:30 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-01-23 02:29 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-23 02:28 . 2009-08-04 15:13 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-23 02:28 . 2009-08-04 14:20 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-23 02:28 . 2009-08-04 14:20 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-23 02:26 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-01-23 02:24 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2010-01-23 02:24 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-01-23 02:24 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-23 02:24 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-01-23 02:24 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2010-01-23 02:24 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-23 02:24 . 2009-06-25 08:25 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-01-23 02:24 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-01-23 02:24 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-01-23 02:23 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-23 02:23 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-01-23 02:23 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2010-01-23 02:22 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-23 02:22 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-01-23 02:21 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-01-23 01:43 . 2010-01-23 09:12 -------- d-sh--r- c:\windows\system32\dllcache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 09:47 . 2006-02-11 01:12 -------- d-----w- c:\program files\Google
2010-01-24 02:12 . 2007-04-01 21:12 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-01-24 01:33 . 2009-12-01 23:01 -------- d-----w- c:\program files\IObit
2010-01-23 09:07 . 2006-02-11 00:13 -------- d-----w- c:\program files\Java
2010-01-23 09:00 . 2010-01-23 09:00 503808 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2251b952-n\msvcp71.dll
2010-01-23 09:00 . 2010-01-23 09:00 499712 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2251b952-n\jmc.dll
2010-01-23 09:00 . 2010-01-23 09:00 348160 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2251b952-n\msvcr71.dll
2010-01-23 09:00 . 2010-01-23 09:00 61440 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4f776f72-n\decora-sse.dll
2010-01-23 09:00 . 2010-01-23 09:00 12800 ----a-w- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4f776f72-n\decora-d3d.dll
2010-01-23 09:00 . 2006-02-11 00:13 -------- d-----w- c:\program files\Common Files\Java
2010-01-23 05:42 . 2005-08-31 04:01 92463 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-23 04:35 . 2006-02-11 01:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-23 04:13 . 2009-04-28 17:48 -------- d-----w- c:\program files\AVG
2010-01-23 03:56 . 2006-02-11 00:46 -------- d-----w- c:\program files\Sonic
2010-01-23 03:55 . 2006-02-11 00:59 -------- d-----w- c:\program files\Quicken
2010-01-23 03:52 . 2006-02-11 00:46 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-23 03:51 . 2006-02-11 00:58 -------- d-----w- c:\program files\muvee Technologies
2010-01-23 03:51 . 2006-02-11 00:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 03:44 . 2006-02-11 00:08 -------- d-----w- c:\program files\GemMaster
2010-01-23 01:36 . 2006-02-11 00:33 112942 ----a-w- c:\windows\hpoins07.dat
2010-01-23 01:30 . 2010-01-23 01:30 1903 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ER900AA-ABA a1430n_YC_0Pavi_QCNH607_E62NAemMPA1_48_
INAGAMI_SASUSTek Computer INC._V1.01_B3.01_T060209_WXP2_L409_M121
5_J250_7AMD_8Athlon 64 X2 Dual Core_92_#060408_N_Z11C10620_G10DE0241.MRK
2009-12-21 19:14 . 2004-08-10 04:00 916480 ------w- c:\windows\system32\wininet.dll
2009-11-21 15:51 . 2004-08-10 04:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-01-06 2335952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-24 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-23 15969280]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-23 2033432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuix.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-23 04:13 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"ehTray"=c:\windows\ehome\ehtray.exe
"nwiz"=nwiz.exe /install
"HPHUPD08"=c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"DMAScheduler"=c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/22/2010 10:13 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/22/2010 10:13 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1/22/2010 10:13 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/22/2010 10:13 PM 285392]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/24/2010 3:46 AM 135664]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2010-01-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-01-24 09:46]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 09:46]
2010-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-24 09:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-24 16:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2868)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ARPWRMSG.EXE
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2010-01-24 16:09:12 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-24 22:09
ComboFix2.txt 2010-01-24 05:53
Pre-Run: 217,341,521,920 bytes free
Post-Run: 216,685,215,744 bytes free
- - End Of File - - 4928370C65D20398FB0DBAA9BC4ED121
