Go Back   Cyber Tech Help Support Forums > Operating Systems > Older Windows Versions > Windows Vista

Notices

Windows Vista Problem solving for the Windows Vista Operating System. Please remember to state which edition of Vista you are using - Home Basic, Home Premium, Business, Ultimate etc. and whether you are using the 32-bit or 64-bit version if you know.

Reply
 
Topic Tools
  #31  
Old March 25th, 2009, 01:27 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
He has uninstalled the programs he was having problems with ERICK0110.

Well defrag is working ok from a command prompt. Exactly how are you trying to run it?
Reply With Quote
  #32  
Old March 25th, 2009, 01:30 AM
Facto Facto is offline
Senior Member
 
Join Date: Mar 2008
Posts: 103
I am going to "start" then selecting it from the options in my Program menu.....
Reply With Quote
  #33  
Old March 25th, 2009, 01:37 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Ok. Go to Start and type defrag in the StartSearch Box. Disk Defragmenter will appear at the top of the Menu. Rightclick on it and choose "Run as Administrator". Does it run now?
Reply With Quote
  #34  
Old March 25th, 2009, 01:41 AM
Facto Facto is offline
Senior Member
 
Join Date: Mar 2008
Posts: 103
Im afraid not AnnMarie...
Reply With Quote
  #35  
Old March 25th, 2009, 01:50 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Hmmm. Download the latest version of Combofix.exe from here and save it to your C folder (C:\ComboFix.exe).

Doubleclick on combofix.exe and the scan will start (go ahead and install the Recovery Console if you are asked to do so). When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

NB Please disable your antivirus program as it may interfere with ComboFix's routines.
Reply With Quote
  #36  
Old March 25th, 2009, 08:27 AM
Facto Facto is offline
Senior Member
 
Join Date: Mar 2008
Posts: 103
I tried to run combofix but it kept saying i have avg7.5 scanner running in the background and therefor i didnt proceed. I have run HJT again and i cannot see AVG anywhere.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:13:15, on 25/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Post Image to Blog - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\Program Files\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN (file missing)
O9 - Extra button: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: WH GBP Casino - {37236812-C1A2-4529-A9CE-CFE04E3DF08A} - http://www.williamhillcasino.com (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar...ackToolbar.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSC...ws-i586-jc.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/SCRABBLE/Images/armhelper.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

--
End of file - 6572 bytes
Reply With Quote
  #37  
Old March 25th, 2009, 08:35 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Go here and download and run the appropriate version of AVG Remover. Reboot after running the utility and see if you can run ComboFix now.
Reply With Quote
  #38  
Old March 25th, 2009, 05:12 PM
Facto Facto is offline
Senior Member
 
Join Date: Mar 2008
Posts: 103
Im afraid not AnnMarie. Its still saying that it is detecting AVG7.5.557 or something....
Reply With Quote
  #39  
Old March 25th, 2009, 10:45 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Ok, well boot into Safe Mode (restart your computer and tap F8 continuously as it restarts) and run it there.
Reply With Quote
  #40  
Old March 26th, 2009, 08:09 PM
Facto Facto is offline
Senior Member
 
Join Date: Mar 2008
Posts: 103
I reran the AVG remover in Safe Mode, rebooted the pc in safe mode and tried Combofix but it is still recognising AVG 7.5.557

No search i do in any user name or mode turns up anything relating to 7.5.557.
Reply With Quote
  #41  
Old March 27th, 2009, 12:28 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
No I wanted you to run ComboFix in Safe Mode. It may say that it recognises AVG but it will only be an obscure registry entry.
Reply With Quote
  #42  
Old March 27th, 2009, 08:06 AM
Facto Facto is offline
Senior Member
 
Join Date: Mar 2008
Posts: 103
ComboFix 09-03-23.01 - leedylan 2009-03-27 6:56:05.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.446.165 [GMT 0:00]
Running from: C:\ComboFix.exe
AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-26 19:31 --------- d-----w c:\programdata\Google Updater
2009-03-25 15:57 693,528 ----a-w C:\avgremover.exe
2009-03-25 07:03 2,934,667 ----a-r C:\ComboFix.exe
2009-03-24 20:02 --------- d-----w c:\programdata\Kontiki
2009-03-22 08:20 --------- d-----w c:\programdata\avg7
2009-03-22 08:19 --------- d-----w c:\users\leedylan\AppData\Roaming\AVG7
2009-03-22 08:19 --------- d-----w c:\users\Facto\AppData\Roaming\AVG7
2009-03-22 07:52 --------- d-----w c:\users\Twins\AppData\Roaming\Nokia
2009-03-22 07:47 --------- d-----w c:\users\Twins\AppData\Roaming\AVG7
2009-03-22 07:47 --------- d-----w c:\users\Twins\AppData\Roaming\ATI
2009-03-19 19:39 --------- dc----w c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-19 18:59 --------- d-----w c:\users\leedylan\AppData\Roaming\Azureus
2009-03-19 00:16 --------- d-----w c:\program files\My Faster PC
2009-03-16 03:08 --------- d-----w c:\programdata\Microsoft Help
2009-03-14 17:43 --------- d-----w c:\program files\Microsoft Silverlight
2008-06-15 22:16 6,054,320 ----a-w c:\users\leedylan\bitcomet_setup.exe
2008-06-15 20:23 18,878,872 ----a-w c:\users\leedylan\TomTomHOME2winlatest.exe
2008-05-27 00:08 6,919,576 ----a-w c:\users\leedylan\PokerStarsInstall.exe
2008-05-26 22:40 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-05-26 22:40 56 ---ha-w c:\programdata\ezsidmv.dat
2008-05-26 22:31 22,296,360 ----a-w c:\users\leedylan\SkypeSetup.exe
2008-04-20 19:11 1,771,601 ----a-w c:\users\leedylan\ComboFix.exe
2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2008-10-15 09:41 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
2008-10-15 09:41 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-15 09:41 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-20_20.28.38.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-06-11 19:22:46 248,632 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.P owerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Off ice.Interop.PowerPoint.dll
+ 2008-08-16 17:02:44 250,928 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.P owerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Off ice.Interop.PowerPoint.dll
- 2007-06-11 19:22:47 781,104 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.W ord\12.0.0.0__71e9bce111e9429c\Microsoft.Office.In terop.Word.dll
+ 2008-11-09 09:40:11 781,104 ----a-w c:\windows\assembly\GAC\Microsoft.Office.Interop.W ord\12.0.0.0__71e9bce111e9429c\Microsoft.Office.In terop.Word.dll
- 2007-06-11 19:23:56 118,112 ----a-w c:\windows\assembly\GAC_32\Microsoft.Office.InfoPa th.Client.Internal.Host.Interop\12.0.0.0__71e9bce1 11e9429c\Microsoft.Office.Infopath.Client.Internal .Host.Interop.dll
+ 2008-11-09 09:40:20 118,112 ----a-w c:\windows\assembly\GAC_32\Microsoft.Office.InfoPa th.Client.Internal.Host.Interop\12.0.0.0__71e9bce1 11e9429c\Microsoft.Office.Infopath.Client.Internal .Host.Interop.dll
- 2007-06-11 19:23:56 609,104 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.Info Path.Client.Internal.Host\12.0.0.0__71e9bce111e942 9c\Microsoft.Office.Infopath.Client.Internal.Host. dll
+ 2008-11-09 09:40:20 609,104 ----a-w c:\windows\assembly\GAC_MSIL\Microsoft.Office.Info Path.Client.Internal.Host\12.0.0.0__71e9bce111e942 9c\Microsoft.Office.Infopath.Client.Internal.Host. dll
- 2005-10-20 19:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 20:02:28 163,328 ----a-w c:\windows\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 07:00:00 73,728 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 08:00:00 89,504 ----a-w c:\windows\fdsv.exe
- 2000-08-31 07:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 08:00:00 80,412 ----a-w c:\windows\grep.exe
- 2007-12-07 23:45:46 51,200 ----a-w c:\windows\inf\infpub.dat
+ 2008-05-08 10:07:10 51,200 ----a-w c:\windows\inf\infpub.dat
- 2007-12-07 23:45:45 86,016 ----a-w c:\windows\inf\infstor.dat
+ 2008-05-08 10:07:10 86,016 ----a-w c:\windows\inf\infstor.dat
- 2007-12-07 23:45:45 86,016 ----a-w c:\windows\inf\infstrng.dat
+ 2008-05-08 10:07:09 86,016 ----a-w c:\windows\inf\infstrng.dat
+ 2006-10-26 19:55:38 138,024 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\IMPMAIL. DLL
+ 2006-10-27 14:04:08 497,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\MORPH9.D LL
+ 2006-10-27 14:18:36 1,658,152 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 19:32:42 604,000 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONBTTNIE .DLL
+ 2006-10-27 14:03:04 1,018,664 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTE. EXE
+ 2006-10-26 19:24:54 98,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONENOTEM .EXE
+ 2006-10-26 19:24:50 72,504 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONFILTER .DLL
+ 2006-10-26 19:24:58 1,165,112 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONLIBS.D LL
+ 2006-10-27 14:03:06 6,579,512 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\ONMAIN.D LL
+ 2006-10-27 14:16:36 46,864 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLRPC. DLL
+ 2006-10-27 14:04:06 465,200 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\POWERPNT .EXE
+ 2006-10-27 14:04:06 7,980,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPCORE.D LL
+ 2007-06-11 19:22:46 248,632 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PPTPIA.D LL
+ 2006-10-26 19:09:36 136,008 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PRTF9.DL L
+ 2006-10-27 14:04:06 624,456 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\PTXT9.DL L
+ 2006-10-27 14:23:04 347,432 ----a-r c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\WINWORD. EXE
+ 2002-12-11 19:38:52 929,280 ----a-r c:\windows\Installer\$PatchCache$\Managed\0D00C83EB86A81348A6A7F4D5B1BFDE0\9.0.2980\wmex.dll
+ 2008-08-07 16:24:04 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
+ 2008-08-07 16:24:04 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756 B57CAB4E6A8B.exe
+ 2008-08-07 16:24:04 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A75 6B57CAB4E6A8B.exe
+ 2008-08-07 16:24:04 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D 4ADEE5E.exe
+ 2008-08-07 16:24:04 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115 D4ADEE5E.exe
+ 2008-08-07 16:24:04 26,694 ----a-r c:\windows\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08 B232864A94D2864.exe
+ 2008-05-08 10:18:10 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\ARPPRODUCTICON.exe
+ 2008-05-08 10:18:10 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut1_2D21ECE38EC14315AE4E197 0FB3AF17A.exe
+ 2008-05-08 10:18:10 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut2_2D21ECE38EC14315AE4E197 0FB3AF17A.exe
+ 2008-05-08 10:18:10 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut4_2D21ECE38EC14315AE4E197 0FB3AF17A.exe
+ 2008-05-08 10:18:10 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut41_2D21ECE38EC14315AE4E19 70FB3AF17A.exe
+ 2008-05-08 10:18:10 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut410_2D21ECE38EC14315AE4E1 970FB3AF17A.exe
+ 2008-05-08 10:18:10 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut42_2D21ECE38EC14315AE4E19 70FB3AF17A.exe
+ 2008-05-08 10:18:10 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut43_2D21ECE38EC14315AE4E19 70FB3AF17A.exe
+ 2008-05-08 10:18:10 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut44_2D21ECE38EC14315AE4E19 70FB3AF17A.exe
+ 2008-05-08 10:18:10 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut45_2D21ECE38EC14315AE4E19 70FB3AF17A.exe
+ 2008-05-08 10:18:10 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut46_2D21ECE38EC14315AE4E19 70FB3AF17A.exe
+ 2008-05-08 10:18:10 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut47_2D21ECE38EC14315AE4E19 70FB3AF17A.exe
+ 2008-05-08 10:18:10 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut48_2D21ECE38EC14315AE4E19 70FB3AF17A.exe
+ 2008-05-08 10:18:10 45,056 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\NewShortcut49_2D21ECE38EC14315AE4E19 70FB3AF17A.exe
+ 2008-05-08 10:18:10 8,854 ----a-r c:\windows\Installer\{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}\UNINST_Uninstall_N_2D21ECE38EC14315A E4E1970FB3AF17A_1.exe
+ 2008-06-01 22:45:13 55,296 ----a-r c:\windows\Installer\{48B82226-75E3-4E90-92CC-D30F79EA6380}\Icon6D246661.exe
+ 2008-05-08 10:17:25 65,536 ----a-r c:\windows\Installer\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}\ARPPRODUCTICON.exe
+ 2008-05-08 10:17:25 65,536 ----a-r c:\windows\Installer\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}\NewShortcut2_4BDFD2CE632942E498019B3 D1F10D79B.exe
+ 2008-05-08 10:17:25 65,536 ----a-r c:\windows\Installer\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}\NewShortcut3_4BDFD2CE632942E498019B3 D1F10D79B.exe
- 2008-04-07 08:11:47 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-16 03:08:34 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-04-07 08:11:48 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-03-16 03:08:38 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-07 08:11:47 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-03-16 03:08:34 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-04-07 08:11:47 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-03-16 03:08:35 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-04-07 08:11:48 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-16 03:08:36 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-07 08:11:49 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-16 03:08:39 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-07 08:11:49 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-03-16 03:08:40 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-07 08:11:48 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-03-16 03:08:35 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-04-07 08:11:48 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-03-16 03:08:35 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-07 08:11:48 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-03-16 03:08:38 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-04-07 08:11:49 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-16 03:08:39 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-07 08:11:47 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-16 03:08:34 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-06-11 19:12:56 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-12-13 12:44:40 217,864 ----a-r c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-05-08 10:08:26 53,248 ----a-r c:\windows\Installer\{96E94E18-54D6-42C1-8FC4-24DACEDC3395}\ConnectionManager._B92F3B0BBF53469CB CC10EF40F27B950.exe
+ 2008-05-08 10:08:26 53,248 ----a-r c:\windows\Installer\{96E94E18-54D6-42C1-8FC4-24DACEDC3395}\GetConnected.exe_B92F3B0BBF53469CBCC 10EF40F27B950.exe
+ 2008-05-08 10:08:26 53,248 ----a-r c:\windows\Installer\{96E94E18-54D6-42C1-8FC4-24DACEDC3395}\NewShortcut1_B92F3B0BBF53469CBCC10EF 40F27B950.exe
+ 2008-11-02 12:33:59 6,950 ----a-r c:\windows\Installer\{A518D6D8-0A3F-4A91-B4B5-07AF2CDD6E57}\_6FEFF9B68218417F98F549.exe
+ 2008-05-08 10:14:42 287,934 ----a-r c:\windows\Installer\{A8C856AD-63CD-4613-AA29-E6C85607EA06}\ARPPRODUCTICON.exe
+ 2008-05-08 10:14:42 327,680 ----a-r c:\windows\Installer\{A8C856AD-63CD-4613-AA29-E6C85607EA06}\NSLauncher2_8C75ED63874746D18905B6C4 AF1D7A30.exe
+ 2008-05-08 10:14:42 327,680 ----a-r c:\windows\Installer\{A8C856AD-63CD-4613-AA29-E6C85607EA06}\UpdateManager1_8C75ED63874746D18905B 6C4AF1D7A30.exe
+ 2008-05-08 10:16:46 17,542 ----a-r c:\windows\Installer\{E94603CA-2996-4154-8EE2-A5FCD4BFB500}\ARPPRODUCTICON.exe
+ 2008-05-08 10:16:46 57,344 ----a-r c:\windows\Installer\{E94603CA-2996-4154-8EE2-A5FCD4BFB500}\NewShortcut1_84286F5379AD4EED8488EA5 F9B6C2260.exe
+ 2008-05-08 10:16:46 57,344 ----a-r c:\windows\Installer\{E94603CA-2996-4154-8EE2-A5FCD4BFB500}\NewShortcut2_84286F5379AD4EED8488EA5 F9B6C2260.exe
+ 2008-05-08 10:18:38 53,248 ----a-r c:\windows\Installer\{F4EE8763-EAA8-4BC1-8594-8501F5F00414}\OneTouchAccess.exe_798444D892B841D09 74FD036F183E4F6.exe
+ 2008-05-08 10:08:55 53,248 ----a-r c:\windows\Installer\{F779EC8D-6703-4C4A-817C-37B07898E647}\NewShortcut1_7E0E14B4308047F9BF74088 9375E0D12.exe
+ 2008-05-08 10:18:31 126,976 ----a-r c:\windows\Installer\{F89E5AD8-AE47-49B5-B9F9-C498791E6255}\MusicManager.exe_58E2399BE04F47D0938 CE6D57AD2B893.exe
+ 2008-05-08 10:15:07 53,248 ----a-r c:\windows\Installer\{FA25FAF6-3097-43C9-BBB2-A77CE8AF1881}\MultimediaPlayer.e_8AE366AE32CF4CE18 0FEA01AF94D63E8.exe
+ 2008-05-08 10:09:11 53,248 ----a-r c:\windows\Installer\{FD349381-D79C-4E5C-8980-015DFFB962D5}\ApplicationInstall_EA4C92A9D39C4B42B E70DAD133D61BC1.exe
- 2000-08-31 07:00:00 28,160 ----a-w c:\windows\Nircmd.exe
+ 2000-08-31 08:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 07:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 08:00:00 98,816 ----a-w c:\windows\sed.exe
- 2008-04-19 12:15:16 929,304 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat
+ 2009-03-22 08:22:36 1,158,280 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache3.0.0.0.dat
- 2008-04-20 18:47:15 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\usrclass.dat
+ 2009-02-08 13:28:59 262,144 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\usrclass.dat
- 2008-04-19 16:50:30 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-27 06:59:10 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2009-03-27 06:59:10 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat .LOG1
- 2008-04-20 19:14:25 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\usrclass.dat
+ 2009-02-08 13:34:27 262,144 ----a-w c:\windows\ServiceProfiles\NetworkService\AppData\ Local\Microsoft\Windows\usrclass.dat
Reply With Quote
  #43  
Old March 27th, 2009, 08:07 AM
Facto Facto is offline
Senior Member
 
Join Date: Mar 2008
Posts: 103
- 2008-04-19 16:56:49 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at
+ 2009-03-27 06:59:03 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.d at
- 2007-07-30 18:19:54 71,352 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler \WuSetupV.exe
+ 2008-10-16 14:08:00 70,416 ------w c:\windows\SoftwareDistribution\SelfUpdate\Handler \WuSetupV.exe
- 2000-08-31 07:00:00 161,792 ----a-w c:\windows\swreg.exe
+ 2000-08-31 08:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 07:00:00 136,704 ----a-w c:\windows\swsc.exe
+ 2000-08-31 08:00:00 136,704 ----a-w c:\windows\SWSC.exe
- 2000-08-31 07:00:00 212,480 ----a-w c:\windows\swxcacls.exe
+ 2000-08-31 08:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2008-03-19 18:23:20 114,688 ----a-w c:\windows\System32\Adobe\Director\np32dsw.dll
+ 2008-03-19 18:36:22 202,168 ----a-w c:\windows\System32\Adobe\Director\swdir.dll
+ 2008-03-19 18:36:40 67,000 ----a-w c:\windows\System32\Adobe\Director\SwDnld.exe
+ 2008-03-19 18:24:02 487,424 ----a-w c:\windows\System32\Adobe\Shockwave 11\Control.dll
+ 2008-03-19 17:46:26 1,798,144 ----a-w c:\windows\System32\Adobe\Shockwave 11\dirapi.dll
+ 2008-03-19 18:24:04 9,216 ----a-w c:\windows\System32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-03-19 17:36:14 754,688 ----a-w c:\windows\System32\Adobe\Shockwave 11\gi.dll
+ 2008-03-19 17:36:16 1,145,896 ----a-w c:\windows\System32\Adobe\Shockwave 11\gt.exe
+ 2008-03-19 17:36:14 52,288 ----a-w c:\windows\System32\Adobe\Shockwave 11\gtapi.dll
+ 2008-03-19 17:42:42 892,928 ----a-w c:\windows\System32\Adobe\Shockwave 11\iml32.dll
+ 2008-03-19 18:22:34 249,856 ----a-w c:\windows\System32\Adobe\Shockwave 11\Plugin.dll
+ 2008-03-19 18:25:36 442,368 ----a-w c:\windows\System32\Adobe\Shockwave 11\Proj.dll
+ 2008-03-19 18:36:06 439,736 ----a-w c:\windows\System32\Adobe\Shockwave 11\SwHelper_1100429.exe
+ 2008-03-19 18:26:20 110,592 ----a-w c:\windows\System32\Adobe\Shockwave 11\SwInit.exe
+ 2008-03-19 18:22:22 94,208 ----a-w c:\windows\System32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-03-19 17:36:14 50,808 ----a-w c:\windows\System32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 09:55:30 149,504 ----a-w c:\windows\System32\Adobe\Shockwave 11\UNWISE.EXE
- 2003-03-19 10:05:48 89,088 ----a-w c:\windows\System32\atl71.dll
+ 2006-07-11 17:07:30 89,600 ----a-w c:\windows\System32\atl71.dll
+ 2005-12-07 11:31:00 202,752 ----a-r c:\windows\System32\CddbCdda.dll
- 2008-04-20 19:09:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-03-26 21:55:31 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-04-20 19:09:38 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-26 21:55:31 573,440 --sha-w c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-17 15:29:12 20,040 ----a-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\IdentityCRL\production\ppcrlconfi g.dll
- 2008-04-20 19:09:38 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-26 21:55:31 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-20 19:15:52 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.da t
+ 2009-03-27 06:55:57 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.da t
+ 2008-11-30 09:21:41 410,976 ----a-w c:\windows\System32\deploytk.dll
+ 2007-06-28 10:44:58 137,216 ----a-w c:\windows\System32\drivers\nmwcd.sys
+ 2007-06-28 10:44:16 8,320 ----a-w c:\windows\System32\drivers\nmwcdc.sys
+ 2007-06-28 10:44:18 12,288 ----a-w c:\windows\System32\drivers\nmwcdcj.sys
+ 2007-06-28 10:44:18 12,288 ----a-w c:\windows\System32\drivers\nmwcdcm.sys
+ 2006-11-02 09:46:14 664,576 ----a-w c:\windows\System32\drivers\UMDF\WpdMtpDr.dll
+ 2006-11-02 09:04:23 39,936 ----a-w c:\windows\System32\drivers\WpdUsb.sys
+ 2007-06-28 10:44:58 137,216 ----a-w c:\windows\System32\DriverStore\FileRepository\nmw cd.inf_cfc4ae46\nmwcd.sys
+ 2007-06-28 10:44:14 90,624 ----a-w c:\windows\System32\DriverStore\FileRepository\nmw cd.inf_cfc4ae46\nmwcdcls.dll
+ 2007-06-28 10:44:14 163,840 ----a-w c:\windows\System32\DriverStore\FileRepository\nmw cd.inf_cfc4ae46\nmwcdcocls.dll
+ 2007-06-28 10:44:18 148,992 ----a-w c:\windows\System32\DriverStore\FileRepository\nmw cd.inf_cfc4ae46\nsesetup.dll
+ 2007-06-28 10:44:16 8,320 ----a-w c:\windows\System32\DriverStore\FileRepository\nmw cdc.inf_43a80017\nmwcdc.sys
+ 2007-06-28 10:44:18 12,288 ----a-w c:\windows\System32\DriverStore\FileRepository\nmw cdcj.inf_e01e548d\nmwcdcj.sys
+ 2007-06-28 10:44:18 12,288 ----a-w c:\windows\System32\DriverStore\FileRepository\nmw cdm2k.inf_eaa2acba\nmwcdcm.sys
- 2007-06-12 17:20:15 394,208 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2008-05-17 23:24:09 394,344 ----a-w c:\windows\System32\FNTCACHE.DAT
- 2006-12-20 11:58:18 135,168 ----a-w c:\windows\System32\java.exe
+ 2008-11-30 09:21:42 144,792 ----a-w c:\windows\System32\java.exe
- 2006-12-20 11:58:18 135,168 ----a-w c:\windows\System32\javaw.exe
+ 2008-11-30 09:21:42 144,792 ----a-w c:\windows\System32\javaw.exe
- 2006-12-20 11:58:18 139,264 ----a-w c:\windows\System32\javaws.exe
+ 2008-11-30 09:21:42 148,888 ----a-w c:\windows\System32\javaws.exe
+ 2008-03-25 02:32:44 218,496 ----a-r c:\windows\System32\Macromed\Flash\FlashUtil9f.exe
- 2007-06-10 20:20:20 48,238 ----a-w c:\windows\System32\Macromed\Flash\uninstall_activ eX.exe
+ 2008-09-12 07:50:18 74,649 ----a-w c:\windows\System32\Macromed\Flash\uninstall_activ eX.exe
- 2003-03-19 12:20:00 1,060,864 ----a-w c:\windows\System32\MFC71.dll
+ 2006-07-11 17:43:32 1,060,864 ----a-w c:\windows\System32\mfc71.dll
- 2003-03-18 21:12:00 1,047,552 ----a-w c:\windows\System32\mfc71u.dll
+ 2006-07-11 18:02:30 1,053,184 ----a-w c:\windows\System32\mfc71u.dll
- 2008-03-05 07:30:56 19,148,408 ----a-w c:\windows\System32\mrt.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w c:\windows\System32\mrt.exe
- 2003-03-19 11:14:52 499,712 ----a-w c:\windows\System32\msvcp71.dll
+ 2006-07-11 17:35:42 503,808 ----a-w c:\windows\System32\msvcp71.dll
- 2003-02-21 19:42:22 348,160 ----a-w c:\windows\System32\msvcr71.dll
+ 2006-07-11 17:35:38 348,160 ----a-w c:\windows\System32\msvcr71.dll
+ 2009-01-11 20:19:23 2,456 ----a-w c:\windows\System32\networklist\icons\{0F325231-D1E4-49E2-9301-104D420507A9}_24.bin
+ 2009-01-11 20:19:23 4,280 ----a-w c:\windows\System32\networklist\icons\{0F325231-D1E4-49E2-9301-104D420507A9}_32.bin
+ 2009-01-11 20:19:23 9,560 ----a-w c:\windows\System32\networklist\icons\{0F325231-D1E4-49E2-9301-104D420507A9}_48.bin
+ 2008-10-19 17:47:25 2,456 ----a-w c:\windows\System32\networklist\icons\{A0DC32B6-F534-4F12-AA56-A06CE26B39FD}_24.bin
+ 2008-10-19 17:47:25 4,280 ----a-w c:\windows\System32\networklist\icons\{A0DC32B6-F534-4F12-AA56-A06CE26B39FD}_32.bin
+ 2008-10-19 17:47:25 9,560 ----a-w c:\windows\System32\networklist\icons\{A0DC32B6-F534-4F12-AA56-A06CE26B39FD}_48.bin
+ 2008-06-23 12:59:02 2,456 ----a-w c:\windows\System32\networklist\icons\{A95E29F0-3FD5-4961-A9E6-2F7350384009}_24.bin
+ 2008-06-23 12:59:02 4,280 ----a-w c:\windows\System32\networklist\icons\{A95E29F0-3FD5-4961-A9E6-2F7350384009}_32.bin
+ 2008-06-23 12:59:02 9,560 ----a-w c:\windows\System32\networklist\icons\{A95E29F0-3FD5-4961-A9E6-2F7350384009}_48.bin
+ 2008-11-07 14:42:54 2,456 ----a-w c:\windows\System32\networklist\icons\{BB86870D-A0BF-4EB9-B88D-09FBE654E439}_24.bin
+ 2008-11-07 14:42:54 4,280 ----a-w c:\windows\System32\networklist\icons\{BB86870D-A0BF-4EB9-B88D-09FBE654E439}_32.bin
+ 2008-11-07 14:42:54 9,560 ----a-w c:\windows\System32\networklist\icons\{BB86870D-A0BF-4EB9-B88D-09FBE654E439}_48.bin
+ 2008-11-03 07:16:45 2,456 ----a-w c:\windows\System32\networklist\icons\{F1C5C910-2EA0-4011-9C3C-BDDC958220A1}_24.bin
+ 2008-11-03 07:16:45 4,280 ----a-w c:\windows\System32\networklist\icons\{F1C5C910-2EA0-4011-9C3C-BDDC958220A1}_32.bin
+ 2008-11-03 07:16:45 9,560 ----a-w c:\windows\System32\networklist\icons\{F1C5C910-2EA0-4011-9C3C-BDDC958220A1}_48.bin
+ 2009-01-11 13:48:01 2,456 ----a-w c:\windows\System32\networklist\icons\{F4577C0A-97C1-45C5-B300-8AA98C0BBADC}_24.bin
+ 2009-01-11 13:48:01 4,280 ----a-w c:\windows\System32\networklist\icons\{F4577C0A-97C1-45C5-B300-8AA98C0BBADC}_32.bin
+ 2009-01-11 13:48:01 9,560 ----a-w c:\windows\System32\networklist\icons\{F4577C0A-97C1-45C5-B300-8AA98C0BBADC}_48.bin
+ 2007-06-28 10:44:14 90,624 ----a-w c:\windows\System32\nmwcdcls.dll
+ 2007-06-28 10:44:14 163,840 ----a-w c:\windows\System32\nmwcdcocls.dll
+ 2007-06-28 10:44:18 148,992 ----a-w c:\windows\System32\nsesetup.dll
- 2008-04-08 10:54:46 113,060 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-22 22:50:23 113,060 ----a-w c:\windows\System32\perfc009.dat
- 2008-04-08 10:54:46 634,574 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-22 22:50:23 634,574 ----a-w c:\windows\System32\perfh009.dat
- 2008-04-19 17:03:26 5,767,168 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-03-25 20:43:08 5,767,168 ----a-w c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 09:45:39 31,744 ----a-w c:\windows\System32\swsc.exe
- 2008-04-19 16:57:47 10,186 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1418644755-1261851474-3168225958-1002_UserData.bin
+ 2009-03-26 19:32:26 14,000 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1418644755-1261851474-3168225958-1002_UserData.bin
- 2008-04-19 16:57:45 58,454 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2009-03-26 19:32:26 59,606 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2008-04-19 12:15:14 3,218 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-03-21 08:39:30 1,738 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-04-19 16:57:43 44,150 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-03-26 19:32:21 50,256 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
- 2008-04-20 16:47:10 230,650 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_S3.bin
+ 2009-03-27 03:00:37 260,490 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_S3.bin
- 2008-02-22 17:49:03 181,434 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_S4.bin
+ 2009-03-01 18:05:40 217,198 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_S4.bin
+ 2006-11-02 09:46:14 33,280 ----a-w c:\windows\System32\WpdConns.dll
+ 2006-11-02 09:46:14 151,552 ----a-w c:\windows\System32\WpdMtp.dll
+ 2006-11-02 09:46:14 60,416 ----a-w c:\windows\System32\WpdMtpUS.dll
- 2000-08-31 07:00:00 49,152 ----a-w c:\windows\VFind.exe
+ 2000-08-31 08:00:00 49,152 ----a-w c:\windows\VFIND.exe
- 2000-08-31 07:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 08:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-05-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-27 185896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKLM\~\startupfolder\C:^Users^leedylan^AppData^Roa ming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\leedylan\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
--a------ 2006-12-11 17:27 530552 c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 22:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-07-11 17:12 90112 c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 23:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 15:51 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2008-02-27 16:56 1032376 c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2007-09-07 13:44 3100672 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory Dispatcher v3]
--a------ 2007-04-20 13:42 503808 c:\windows\System32\spool\drivers\w32x86\3\fppdis3 a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 08:41 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2006-12-14 19:09 493688 c:\program files\TOSHIBA\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-30 09:21 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-18 11:13 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-10-27 12:50 815104 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-27 23:35 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 08:42 202088 c:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
--a------ 2006-12-15 17:11 577536 c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 2006-11-13 09:06 413696 c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
--a------ 2006-12-13 14:42 554640 c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSHIBA Volume Indicator]
--a------ 2006-12-13 09:33 94208 c:\program files\TOSHIBA\Utilities\VolControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
--a------ 2006-12-14 19:07 411768 c:\program files\TOSHIBA\Power Saver\TPwrMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-06-07 20:06 1006264 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2006-11-01 15:37 3772416 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
Reply With Quote
  #44  
Old March 27th, 2009, 08:08 AM
Facto Facto is offline
Senior Member
 
Join Date: Mar 2008
Posts: 103
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{2414C825-3C07-4022-8F8E-263C8E7DA0BC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B9CA18BA-DEFE-4047-9E2D-9AD1D8EBCD78}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B4547ACD-218B-4A07-9C9A-C6885005DADF}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D841EC41-2E5E-42E1-B9D9-026126E24FB1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{95FF6ED1-8295-454E-A97D-7901EF5CE650}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2BC0F0E8-8386-4F9F-8DDD-A2D4ECBB8A5C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A48FAB0E-8A4D-42DF-9FFC-69586629E2A6}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{B158747C-A695-40A3-8AF9-ECFBF8B1DB8C}c:\\program files\\william hill poker\\ua.exe"= UDP:c:\program files\william hill poker\ua.exe:UA Application
"UDP Query User{607FD1C2-3EA1-45E0-AB28-D66339A42E16}c:\\program files\\william hill poker\\ua.exe"= TCP:c:\program files\william hill poker\ua.exe:UA Application
"{8C471555-5C87-4B58-88C4-706CA4E12B44}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{47BE433E-88D6-434E-AC82-7F0665A2E093}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{65247414-CC85-421A-B33F-58909DEA2377}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{43EAE9D0-BC1D-436A-89DC-45BD64BDF749}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0C83B7E7-560F-4F5D-90A4-2C9738B3121E}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{53ED86DF-D679-4C05-A111-BDA6D4999FFD}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{DA072B71-2F61-48F4-9357-C2CA286038F5}"= UDP:c:\program files\Kontiki\KService.exeelivery Manager Service
"{5E879825-E0E5-4DD0-A417-4645821825A7}"= TCP:c:\program files\Kontiki\KService.exeelivery Manager Service
"TCP Query User{536A1E11-45ED-4CCB-907E-6DB1B1A45D23}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{D3873B32-7787-4828-8C6F-22CA7D28FB42}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\PPStream\\PPStream.exe"= c:\program files\PPStream\PPStream.exe:*:Enabled:PPStream


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{9bd9459c-f9a0-11dc-908f-001b2406dd74}]
\shell\AutoRun\command - D:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2007-12-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-03-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 21:27]

2008-06-01 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2008-01-09 03:08]
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)
MSConfigStartUp-BitComet - c:\program files\BitComet\BitComet.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SpywareBot - c:\program files\SpywareBot\SpywareBot.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-NDSTray - NDSTray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Post Image to Blog - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5003
IE: Tag This Image - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5002
IE: Transload Image to ImageShack - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5004
IE: Upload All Images to ImageShack - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5000
IE: Upload Image to ImageShack - c:\program files\ImageShackToolbar\ImageShackToolbar.dll/5001
IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 06:59:05
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2009-03-27 7:01:26
ComboFix-quarantined-files.txt 2009-03-27 07:01:24
ComboFix2.txt 2008-04-20 19:29:17

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 46,121,467,904 bytes free

424 --- E O F --- 2009-03-26 03:06:03
Reply With Quote
  #45  
Old March 28th, 2009, 12:04 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
CTH Subscriber
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,810
Looks like Norton has also been installed on this computer. Go here and run the online Norton Removal Utility. It should get rid of Norton traces. Reboot afterwards.

There are a few AVG folders showing that we can get rid of. Open notepad and copy and paste the text in the codebox below into it:

Code:
File::
C:\avgremover.exe

Folder::
c:\programdata\avg7
c:\users\leedylan\AppData\Roaming\AVG7
c:\users\Facto\AppData\Roaming\AVG7
c:\users\Twins\AppData\Roaming\AVG7
Go to File > Save As and save the file as CFScript.txt and set the location to your Desktop. Drag CFScript.txt and drop it into ComboFix.exe. See below:



ComboFix will run again. When the fix completes it will create a C:\ComboFix.txt log. Please post that log in your next reply.

It's now time to install Service Pack 1. There are a number of fixes included in this SP and there is no point in going any further until you have done this.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Ready to throw Laptop Into Wall thejoz Hardware 14 November 24th, 2011 04:02 PM
I am ready to Smash my PC!!! fline31 Malware Removal 17 May 22nd, 2008 05:36 AM
super smash bros melee on the computer? darkcelldx Gaming 4 October 26th, 2007 01:51 AM
Ready to Cry JazzmineRose Internet / Browsers 5 September 4th, 2003 08:01 PM
Network wont work- Ill smash my computer! bfinger Networking 13 February 1st, 2003 09:12 PM


All times are GMT +1. The time now is 12:39 AM.