Explorer and connection tray crash on shutdown/restart

[blue4paper]

This thread is a bit of a follow-up from this one : http://www.techist.com/forums/f9/2-problems-230299/

Basically, I was trying to reinstall sp3 (because of complications and other problems I did a windows repair) and now everytime i install sp3 I lose my internet connections.

Also, upon shutdown/restart windows explorer, connection tray and sometimes the MCI handling window and Power meter crash on shutdown.

Mak213 suggested I make sure my computer is clean before trying to solve my sp3 problem.

I currently have no anti virus, the reason being, because I read on a MS article that an anti virus could be interfering with the installation of sp3 and decided to uninstall, but the same results ensued. I'll probably reinstall avast after writing this thread.

Anyways here are the combofix, hijack this and mbam logs.

Hijack this :

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Rosewill\Common\RaRegistry.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\AutoHotkey\AutoHotkey.exe
C:\Program Files\Launchy\Launchy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Name1\My Documents\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [WindowFX] C:\Program Files\Stardock\Object Desktop\WindowFX\\wfxload.exe
O4 - HKCU\..\Run: [AutoHotkey] C:\Documents and Settings\Name1\My Documents\AutoHotkey\AutoHotkey.ahk
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Rosewill Wireless Utility.lnk = C:\Program Files\Rosewill\Common\RaUI.exe
O8 - Extra context menu item: Download All By FlashGet3 - C:\Documents and Settings\Name1\Application Data\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download By FlashGet3 - C:\Documents and Settings\Name1\Application Data\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262044457593
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemoreeducation.com/bin/tol9inst.cab
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA72896B-5681-46DC-8CFD-FF6451A2E3AA}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Rosewill\Common\RaRegistry.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6455 bytes

Mbam log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4087

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/10/2010 2:17:36 PM
mbam-log-2010-05-10 (14-17-36).txt

Scan type: Quick scan
Objects scanned: 131118
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edit: Sorry but I didn't know any other way to upload my combofix log, it was 54.3 kb.

So I just uploaded it to megaupload.

http://www.megaupload.com/?d=QF9W7BN8

 

[Osiris]

Split the log up in separate posts if you can.

 

[blue4paper]

I'll try and split this up in to 4-5 parts

part 1:

ComboFix 10-05-10.02 - Name1 05/10/2010 13:30:31.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3454.2873 [GMT -7:00]
Running from: c:\documents and settings\Name1\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\advpack.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\corpol.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\dxtmsft.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\dxtrans.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\extmgr.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\html.iec
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\icardie.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\ie4uinit.exe
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\ieakeng.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\ieaksie.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\ieakui.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\ieapfltr.dat
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\ieapfltr.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\iedkcs32.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\ieencode.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\ieframe.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\ieframe.dll.mui
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\iepeers.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\iernonce.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\iertutil.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\ieudinit.exe
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\iexplore.exe
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\inetcpl.cpl
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\jsproxy.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\msfeeds.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\msfeedsbs.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\mshtml.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\mshtmled.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\msrating.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\mstime.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\occache.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\pngfilt.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\url.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\urlmon.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\webcheck.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3GDR\wininet.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\advpack.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\corpol.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\dxtmsft.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\dxtrans.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\extmgr.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\html.iec
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\icardie.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\ie4uinit.exe
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\ieakeng.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\ieaksie.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\ieakui.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\ieapfltr.dat
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\ieapfltr.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\iedkcs32.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\ieencode.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\ieframe.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\ieframe.dll.mui
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\iepeers.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\iernonce.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\iertutil.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\ieudinit.exe
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\iexplore.exe
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\inetcpl.cpl
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\jsproxy.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\msfeeds.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\msfeedsbs.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\mshtml.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\mshtmled.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\msrating.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\mstime.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\occache.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\pngfilt.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\url.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\urlmon.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\webcheck.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\SP3QFE\wininet.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\update\spcustom.dll
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\update\update.exe
c:\docume~1\Name1\LOCALS~1\Temp\IE738E.tmp\update\updspapi.dll

 

[blue4paper]

Part 2

c:\documents and settings\Name1\Application Data\BITS
c:\documents and settings\Name1\Application Data\BITS\BITS.ini
c:\documents and settings\Name1\Application Data\BITS\DHTTable.dat
c:\documents and settings\Name1\Application Data\BITS\ProxyList.ini
c:\documents and settings\Name1\Application Data\BITS\UPnP.ini
c:\documents and settings\Name1\Application Data\FlashGetBHO
c:\documents and settings\Name1\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\Name1\Application Data\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\Name1\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\Name1\Application Data\FlashGetBHO\GetUrl.htm
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\advpack.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\corpol.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\dxtmsft.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\dxtrans.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\extmgr.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\html.iec
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\icardie.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\ie4uinit.exe
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\ieakeng.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\ieaksie.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\ieakui.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\ieapfltr.dat
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\ieapfltr.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\iedkcs32.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\ieencode.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\ieframe.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\ieframe.dll.mui
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\iepeers.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\iernonce.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\iertutil.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\ieudinit.exe
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\iexplore.exe
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\inetcpl.cpl
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\jsproxy.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\msfeeds.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\msfeedsbs.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\mshtml.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\mshtmled.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\msrating.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\mstime.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\occache.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\pngfilt.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\url.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\urlmon.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\webcheck.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3GDR\wininet.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\advpack.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\corpol.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\dxtmsft.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\dxtrans.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\extmgr.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\html.iec
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\icardie.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\ie4uinit.exe
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\ieakeng.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\ieaksie.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\ieakui.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\ieapfltr.dat
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\ieapfltr.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\iedkcs32.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\ieencode.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\ieframe.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\ieframe.dll.mui
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\iepeers.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\iernonce.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\iertutil.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\ieudinit.exe
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\iexplore.exe
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\inetcpl.cpl
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\jsproxy.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\msfeeds.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\msfeedsbs.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\mshtml.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\mshtmled.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\msrating.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\mstime.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\occache.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\pngfilt.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\url.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\urlmon.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\webcheck.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\SP3QFE\wininet.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\update\spcustom.dll
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\update\update.exe
c:\documents and settings\Name1\Local Settings\Temp\IE738E.tmp\update\updspapi.dll
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\clients.met.bak
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\server_met.old
c:\program files\FlashGet Network\FlashGet 3\config\upload.met
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\1.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\2.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\3.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\btn1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\btn2.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\cig.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\cig1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_-50-50-20k_.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_2_2.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_43253355.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_4325355.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_chongwulianliankan.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon01.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon03.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_icon04.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_KeHuDuanZiYuanZhongXinTuiJianTuMoBan_1.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_KeHuDuanZiYuanZhongXinTuiJianTuMoBan111.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_KuaiChe107x73.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_WuBiaoTi-6.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\dian.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_new_1262834439.zip
c:\program files\FlashGet Network\FlashGet 3\dat\directui\down.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\game.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\game.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\game1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gameall.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\gametop.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\ico01.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\ico02.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\line.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\movie.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\movie1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\new_rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newgame.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\newmovie.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p1.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p2.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p3.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p4.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p5.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p6.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p7.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\p8.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\pic_bg.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\preview.gif
c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg

 

[blue4paper]

Part 3:

c:\program files\FlashGet Network\FlashGet 3\dat\directui\reom.jpg1
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\soft_zhan.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\tab.gif
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\domain_url_list_en.zip
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_classic.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\fg.ico
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\FGResDetector.conf
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe
c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\license.txt
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\p2pcore.dll
c:\program files\FlashGet Network\FlashGet 3\p2score.dll
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\skin\blue\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\statusbar_ad_bk.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\statusbar_ad_bk_long.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\Thumbs.db
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\blue\image\vssver2.scc
c:\program files\FlashGet Network\FlashGet 3\skin\blue\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\blue\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\topmain.png
c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\windows\explorer(2).exe
c:\windows\explorer(3).exe
c:\windows\explorer.backup
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\linkinfo(3).dll
c:\windows\system32\secustat.dat
c:\windows\system32\Thumbs.db
c:\windows\system32\usp10(2).dll
c:\windows\system32\usp10(3).dll

.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))

 

[blue4paper]

Part 4:

.

2010-05-10 18:52 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-05-10 18:51 . 2004-08-04 12:00 53760 -c--a-w- c:\windows\system32\dllcache\pintlcsd.dll
2010-05-10 18:50 . 2004-08-04 12:00 9728 -c--a-w- c:\windows\system32\dllcache\change.exe
2010-05-10 18:48 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-05-10 17:57 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-05-10 17:57 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-05-10 17:57 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-05-10 17:57 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-05-10 17:23 . 2010-05-10 17:23 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-10 17:22 . 2010-05-10 17:22 -------- d-----w- C:\8836771b83f65cd6d9
2010-05-10 03:26 . 2010-05-10 03:26 -------- d-----w- c:\program files\MagicDisc
2010-05-10 03:26 . 2009-02-25 01:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-05-10 03:11 . 2010-05-10 03:11 290816 ----a-w- c:\documents and settings\Name1\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-05-10 03:11 . 2010-05-10 03:11 290816 ----a-w- c:\documents and settings\Name1\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-05-10 03:11 . 2010-05-10 03:11 290816 ----a-w- c:\documents and settings\Name1\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-05-10 03:11 . 2010-05-10 03:11 290816 ----a-w- c:\documents and settings\Name1\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-05-10 03:10 . 2010-05-10 03:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-10 03:05 . 2009-08-14 17:20 757852 ----a-w- c:\windows\system32\Scutum.dll
2010-05-10 03:05 . 2009-07-21 17:50 180224 ----a-w- c:\windows\system32\W32N55.dll
2010-05-10 03:05 . 2009-05-11 18:45 147456 ----a-w- c:\windows\system32\DiagFunc.dll
2010-05-10 03:05 . 2009-04-21 22:31 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys
2010-05-10 03:05 . 2008-12-30 23:55 143459 ----a-w- c:\windows\system32\RalinkGina.dll
2010-05-10 03:05 . 2008-09-10 22:55 200704 ----a-w- c:\windows\system32\ssleay32.dll
2010-05-10 03:05 . 2008-09-10 22:55 1085440 ----a-w- c:\windows\system32\libeay32.dll
2010-05-10 03:04 . 2009-09-06 00:54 1069824 ----a-w- c:\windows\system32\drivers\rt2860.sys
2010-05-10 03:04 . 2009-09-06 00:53 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-05-10 03:04 . 2010-05-10 03:04 -------- d-----w- c:\program files\Rosewill
2010-05-10 03:04 . 2010-05-10 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosewill Driver
2010-05-10 03:04 . 2009-09-06 00:54 1069824 ----a-w- c:\documents and settings\All Users\Application Data\Rosewill Driver\Wireless Network 11N PCI adapter RNX-N300\Driver\rt2860.sys
2010-05-10 03:04 . 2009-09-06 00:53 221184 ----a-w- c:\documents and settings\All Users\Application Data\Rosewill Driver\Wireless Network 11N PCI adapter RNX-N300\Driver\RaCoInst.dll
2010-05-10 03:04 . 2009-09-06 00:53 13931 ----a-w- c:\windows\system32\RaCoInst.dat
2010-05-10 03:04 . 2009-07-14 01:47 323648 ----a-w- c:\documents and settings\All Users\Application Data\Rosewill Driver\Wireless Network 11N PCI adapter RNX-N300\Driver\difxapi7.dll
2010-05-10 03:04 . 2008-08-06 23:31 528384 ----a-w- c:\documents and settings\All Users\Application Data\Rosewill Driver\Wireless Network 11N PCI adapter RNX-N300\Driver\RaInst.exe
2010-05-10 03:04 . 2007-05-17 18:17 192512 ----a-w- c:\documents and settings\All Users\Application Data\Rosewill Driver\Wireless Network 11N PCI adapter RNX-N300\Driver\CoInstaller.dll
2010-05-10 03:04 . 2006-11-02 14:21 319456 ----a-w- c:\documents and settings\All Users\Application Data\Rosewill Driver\Wireless Network 11N PCI adapter RNX-N300\Driver\difxapi.dll
2010-05-10 03:04 . 2010-05-10 03:04 -------- d-----w- c:\documents and settings\Name1\Application Data\InstallShield
2010-05-10 01:39 . 2010-05-10 01:39 -------- d-----w- C:\3dbc1240d88f24647b066fb058dd
2010-05-09 23:17 . 2010-05-09 23:17 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2010-05-09 03:17 . 2010-05-09 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosewill Driver(2)
2010-05-09 02:41 . 2010-05-09 02:41 -------- d-----w- c:\program files\Microsoft Games
2010-05-08 16:30 . 2010-05-08 16:30 -------- d-----w- c:\program files\MSXML 6.0
2010-05-08 04:21 . 2010-05-08 04:21 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Google
2010-05-07 06:26 . 2010-04-27 05:10 1718912 ----a-w- c:\windows\system32\BootMan.exe
2010-05-07 06:26 . 2010-02-23 18:51 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-05-07 06:26 . 2010-02-23 18:51 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-05-07 06:26 . 2010-02-23 18:51 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-05-07 06:26 . 2010-02-23 18:51 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-05-07 06:26 . 2010-05-07 06:26 -------- d-----w- c:\program files\EASEUS
2010-04-30 02:16 . 2010-04-30 17:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-25 23:25 . 2010-04-25 23:25 -------- d-----w- C:\ERDNT
2010-04-24 17:44 . 2010-04-24 17:44 -------- d-----w- c:\documents and settings\Name1\Application Data\Greenshot
2010-04-22 21:01 . 2010-04-22 21:33 -------- d-----w- c:\program files\GraphCalc
2010-04-15 04:06 . 2010-04-07 22:28 253952 ----a-w- c:\documents and settings\Name1\Application Data\Mozilla\Firefox\Profiles\yg8ge1se.profile2\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
2010-04-12 21:54 . 2010-04-12 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-04-12 03:38 . 2008-02-22 11:30 334792 ----a-w- c:\windows\system32\_AxShlEx.dll
2010-04-12 03:37 . 2010-04-12 03:37 -------- d-----w- c:\program files\Alcohol Soft
2010-04-12 03:24 . 2010-04-12 21:49 -------- d-----w- c:\program files\SlySoft
2010-04-11 19:38 . 2010-04-11 19:38 -------- d-----w- c:\program files\MSXML 4.0
2010-04-11 03:33 . 2010-05-10 06:05 -------- d-----w- c:\documents and settings\Name1\Local Settings\Application Data\LogMeIn Hamachi
2010-04-11 03:32 . 2010-04-11 03:32 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-04-11 03:10 . 2010-04-11 03:10 -------- d-----w- c:\program files\MagicISO

.

 

[blue4paper]

Part 5:

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 20:38 . 2009-12-28 23:28 17488 ----a-w- c:\windows\gdrv.sys
2010-05-10 19:38 . 2010-05-10 19:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-10 19:38 . 2010-01-03 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-05-10 18:47 . 2009-12-28 22:02 24788 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-10 03:11 . 2010-01-16 00:15 -------- d-----w- c:\program files\SystemRequirementsLab
2010-05-10 03:11 . 2010-01-16 00:15 -------- d-----w- c:\documents and settings\Name1\Application Data\SystemRequirementsLab
2010-05-10 03:04 . 2009-12-28 22:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-10 02:12 . 2010-02-11 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-09 23:26 . 2010-01-15 19:21 -------- d-----w- c:\documents and settings\Name1\Application Data\foobar2000
2010-05-09 23:25 . 2010-02-05 18:47 -------- d-----w- c:\documents and settings\Name1\Application Data\vlc
2010-05-09 21:49 . 2010-04-02 23:04 -------- d-----w- c:\program files\HooTech
2010-05-08 15:38 . 2010-02-11 06:53 -------- d-----w- c:\program files\Keyword Elite
2010-05-08 15:28 . 2009-12-28 23:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-08 04:41 . 2010-02-04 20:02 -------- d-----w- c:\program files\Sun
2010-05-08 02:13 . 2009-12-29 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-06 20:40 . 2010-01-13 20:38 -------- d-----w- c:\documents and settings\Name1\Application Data\Skype
2010-05-06 20:08 . 2010-01-13 20:54 -------- d-----w- c:\documents and settings\Name1\Application Data\skypePM
2010-05-06 19:44 . 2009-12-29 02:47 -------- d-----w- c:\documents and settings\Name1\Application Data\.purple
2010-05-05 02:55 . 2009-12-28 23:42 -------- d-----w- c:\documents and settings\Name1\Application Data\uTorrent
2010-04-29 22:39 . 2009-12-28 23:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-12-28 23:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 17:48 . 2009-12-28 23:42 -------- d-----w- c:\program files\uTorrent
2010-04-25 23:15 . 2010-02-17 05:48 -------- d-----w- c:\program files\TeamViewer
2010-04-25 21:00 . 2010-01-17 00:52 -------- d-----w- c:\documents and settings\Name1\Application Data\Dropbox
2010-04-16 20:38 . 2009-12-30 07:27 -------- d-----w- c:\program files\Paint.NET
2010-04-16 02:21 . 2010-02-26 01:08 -------- d-----w- c:\program files\Garena
2010-04-12 21:54 . 2010-01-13 00:42 -------- d-----w- c:\program files\Emerge Desktop
2010-04-11 04:16 . 2009-12-28 22:16 81224 ----a-w- c:\documents and settings\Name1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-11 03:35 . 2010-01-14 01:38 -------- d-----w- c:\program files\Trillian
2010-04-08 00:14 . 2009-12-29 04:41 -------- d-----w- c:\program files\CCleaner
2010-04-08 00:11 . 2010-01-02 08:47 -------- d-----w- c:\program files\REAPER
2010-04-07 08:23 . 2010-04-07 06:07 -------- d-----w- c:\program files\PCPitstop
2010-04-05 07:09 . 2010-01-05 03:28 -------- d-----w- c:\documents and settings\Name1\Application Data\Audacity
2010-04-04 05:55 . 2009-12-29 02:24 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-04-04 05:55 . 2009-12-28 23:33 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-04-04 02:23 . 2010-04-04 02:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-04-04 02:23 . 2010-04-04 02:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-04-04 02:23 . 2010-04-04 02:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-04-04 02:23 . 2010-04-04 02:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-04 02:23 . 2010-04-04 02:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-04-04 02:22 . 2010-04-04 02:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-04-03 22:55 . 2010-05-08 04:30 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 22:55 . 2010-05-08 04:30 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-04-03 22:55 . 2010-05-08 04:30 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-04-03 22:55 . 2010-05-08 04:30 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-04-03 22:55 . 2010-05-08 04:30 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-03 22:55 . 2010-05-08 04:30 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55 . 2010-05-08 04:30 227944 ----a-w- c:\windows\system32\nvcodins.dll
2010-04-03 22:55 . 2010-05-08 04:30 227944 ----a-w- c:\windows\system32\nvcod.dll
2010-04-03 22:55 . 2010-05-08 04:30 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-03 22:55 . 2010-05-08 04:30 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55 . 2010-05-08 04:30 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-03 22:55 . 2010-05-08 04:30 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-02 23:04 . 2010-04-02 23:04 -------- d-----w- c:\documents and settings\Name1\Application Data\HTNetMeter
2010-04-02 20:10 . 2009-12-31 03:24 -------- d-----w- c:\documents and settings\Name1\Application Data\gtk-2.0
2010-04-02 18:25 . 2010-01-11 22:29 -------- d-----w- c:\program files\Notepad++
2010-04-02 18:25 . 2010-01-11 22:29 -------- d-----w- c:\documents and settings\Name1\Application Data\Notepad++
2010-04-02 02:28 . 2009-12-29 00:40 -------- d-----w- c:\program files\Fraps
2010-03-31 19:17 . 2010-03-31 19:17 426704 ----a-w- c:\windows\system32\uc_wepic_launching.dll
2010-03-27 07:48 . 2010-03-27 07:48 -------- d-----w- c:\program files\NirSoft
2010-03-27 01:21 . 2009-12-28 23:14 5883936 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-03-27 01:01 . 2009-12-28 23:14 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-03-27 01:01 . 2009-12-28 23:14 358944 ----a-w- c:\windows\vncutil.exe
2010-03-27 01:01 . 2009-12-28 23:14 1833504 ----a-w- c:\windows\SkyTel.exe
2010-03-27 01:01 . 2009-12-28 23:14 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-03-27 01:01 . 2009-12-28 23:14 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-03-27 01:01 . 2009-12-28 23:14 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-03-27 01:01 . 2009-12-28 23:14 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-03-27 01:01 . 2009-12-28 23:14 19522592 ----a-w- c:\windows\RTHDCPL.EXE
2010-03-27 01:01 . 2009-12-28 23:14 2177568 ----a-w- c:\windows\MicCal.exe
2010-03-27 01:01 . 2009-12-28 23:14 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-03-27 01:01 . 2009-12-28 23:14 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-03-24 00:05 . 2009-12-28 23:42 -------- d-----w- c:\program files\Opera
2010-03-23 00:48 . 2010-03-23 00:48 -------- d-----w- c:\program files\MSECache
2010-03-23 00:46 . 2009-12-29 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-22 21:22 . 2009-12-28 23:14 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-03-22 17:36 . 2010-01-18 19:26 -------- d-----w- c:\documents and settings\Name1\Application Data\dvdcss
2010-03-12 03:51 . 2010-03-11 22:55 -------- d-----w- c:\documents and settings\Name1\Application Data\FileZilla
2010-03-10 05:21 . 2004-08-04 12:00 1023488 ----a-w- c:\windows\system32\browseui(2).dll
2010-02-26 06:12 . 2004-08-04 12:00 474112 ----a-w- c:\windows\system32\shlwapi(4).dll
2010-02-26 06:12 . 2004-08-04 12:00 474112 ----a-w- c:\windows\system32\shlwapi(3).dll
2010-02-26 01:21 . 2010-01-15 19:14 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-23 04:26 . 2010-02-23 04:26 147456 ----a-w- c:\windows\system32\uc_neosteam_launching.dll
2010-02-11 08:01 . 2010-02-10 20:49 4 ----a-w- C:\results.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

 

[blue4paper]

Part 6 (final part, sorry but it was a big file)

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowFX"="c:\program files\Stardock\Object Desktop\WindowFX\\wfxload.exe" [2006-06-07 820912]
"AutoHotkey"="c:\documents and settings\Name1\My Documents\AutoHotkey\AutoHotkey.ahk" [2010-02-10 1686]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-27 19522592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2010-2-1 286720]
Rosewill Wireless Utility.lnk - c:\program files\Rosewill\Common\RaUI.exe [2010-5-9 1572864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=vmcmidiport.dll
"midi2"=vmcmidiport.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 UsbSync;UsbSync;c:\windows\system32\drivers\UsbSync.sys [12/28/2009 3:17 PM 13056]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/01/21 21:36];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 8:40 PM 87536]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [12/28/2009 4:10 PM 68136]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 11:19 AM 50704]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [5/9/2010 8:05 PM 19072]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/4/2004 5:00 AM 5120]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2/7/2010 7:17 PM 41120]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [12/28/2009 4:16 PM 44032]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [5/9/2010 8:04 PM 1069824]
R3 UsbButton;UsbButton;c:\windows\system32\drivers\UsbButton.sys [12/28/2009 3:17 PM 16384]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/15/2010 12:14 PM 691696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/28/2009 4:14 PM 1691480]
S3 AODDriver;AODDriver;c:\program files\Gigabyte\ET6\i386\AODDriver.sys [2/23/2009 1:16 AM 7168]
S3 cpuz130;cpuz130;\??\c:\docume~1\Name1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Name1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [1/15/2010 5:58 PM 23456]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [5/6/2010 11:26 PM 13192]
S3 etdrv;etdrv;c:\windows\etdrv.sys [12/28/2009 4:32 PM 17488]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [5/6/2010 11:26 PM 8456]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Name1\LOCALS~1\Temp\WPIF4.tmp --> c:\docume~1\Name1\LOCALS~1\Temp\WPIF4.tmp [?]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/28/2009 4:43 PM 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11/9/2009 10:12 AM 25088]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [12/17/2009 4:02 PM 99152]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 23:43]

2010-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 23:43]
.
.
------- Supplementary Scan -------
.
IE: Download All By FlashGet3 - c:\documents and settings\Name1\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\documents and settings\Name1\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
TCP: {EA72896B-5681-46DC-8CFD-FF6451A2E3AA} = 192.168.1.254
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\documents and settings\Name1\Application Data\Mozilla\Firefox\Profiles\yg8ge1se.profile2\
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: c:\documents and settings\Name1\Application Data\Mozilla\Firefox\Profiles\yg8ge1se.profile2\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-CursorFX Plus - c:\documents and settings\All Users\Application Data\{86309521-B982-4930-BEE5-E248EAAA84A7}\CursorFX_setup.exe
AddRemove-FlashGet 3.3 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-Winamp Detect - c:\program files\Winamp Detect\UninstWaDetect.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Name1\LOCALS~1\Temp\WPIF4.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-350281380-233495102-1455855570-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\vmcmidiport.dll

- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\vmcmidiport.dll

- - - - - - - > 'explorer.exe'(2952)
c:\windows\system32\vmcmidiport.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Rosewill\Common\RaRegistry.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\AutoHotkey\AutoHotkey.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Completion time: 2010-05-10 13:43:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-10 20:43

Pre-Run: 269,976,592,384 bytes free
Post-Run: 269,863,141,376 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - C9F99E12F6FEE964566DFE242A8AA21B

 

[Osiris]

Combofix deleted a lot of files which is good.

Go to start, run, type in msconfig and press enter. Then go to the startup tab and click disable all, then recheck your antivirus and click apply, and thn ok but dont restart yet.

Now disable system restore.

Then run ccleaner and make sure to check all the boxes then run it, then run the registry cleaner.

Then run Cleanup!

Then reboot and run the programs in the following order: combofix, malwarebytes, hijackthis and post all their logs once again.

 

[blue4paper]

Alright here are the logs:

(I'll put combofix last, but I still ran them in the right order)

Mbam:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4087

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

5/11/2010 9:20:39 AM
mbam-log-2010-05-11 (09-20-39).txt

Scan type: Quick scan
Objects scanned: 130348
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:23:11 AM, on 5/11/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Rosewill\Common\RaRegistry.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Name1\My Documents\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: Download All By FlashGet3 - C:\Documents and Settings\Name1\Application Data\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download By FlashGet3 - C:\Documents and Settings\Name1\Application Data\FlashGetBHO\GetUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262044457593
O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemoreeducation.com/bin/tol9inst.cab
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA72896B-5681-46DC-8CFD-FF6451A2E3AA}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\Rosewill\Common\RaRegistry.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5873 bytes

Combofix Part 1:

ComboFix 10-05-10.02 - Name1 05/11/2010 9:05.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3454.3031 [GMT -7:00]
Running from: c:\documents and settings\Name1\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-11 15:54 . 2010-05-11 15:54 -------- d-----w- c:\program files\CleanUp!
2010-05-11 08:21 . 2010-05-11 08:21 -------- d-----w- C:\Diskeeper
2010-05-11 07:37 . 2010-05-11 07:37 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-11 00:46 . 2010-05-11 00:46 -------- d-----w- c:\windows\Performance
2010-05-11 00:46 . 2010-05-11 00:46 -------- d-----w- c:\documents and settings\Name1\Local Settings\Application Data\Microsoft Corporation
2010-05-10 19:38 . 2010-05-10 19:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-10 18:51 . 2004-08-04 12:00 53760 -c--a-w- c:\windows\system32\dllcache\pintlcsd.dll
2010-05-10 18:50 . 2004-08-04 12:00 9728 -c--a-w- c:\windows\system32\dllcache\change.exe
2010-05-10 18:48 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-05-10 17:57 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-05-10 17:57 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-05-10 17:57 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-05-10 17:57 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-05-10 17:22 . 2010-05-10 17:22 -------- d-----w- C:\8836771b83f65cd6d9
2010-05-10 03:26 . 2010-05-10 03:26 -------- d-----w- c:\program files\MagicDisc
2010-05-10 03:26 . 2009-02-25 01:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2010-05-10 03:11 . 2010-05-10 03:11 290816 ----a-w- c:\documents and settings\Name1\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2010-05-10 03:11 . 2010-05-10 03:11 290816 ----a-w- c:\documents and settings\Name1\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2010-05-10 03:11 . 2010-05-10 03:11 290816 ----a-w- c:\documents and settings\Name1\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2010-05-10 03:11 . 2010-05-10 03:11 290816 ----a-w- c:\documents and settings\Name1\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2010-05-10 03:10 . 2010-05-10 03:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-10 03:05 . 2009-08-14 17:20 757852 ----a-w- c:\windows\system32\Scutum.dll
2010-05-10 03:05 . 2009-07-21 17:50 180224 ----a-w- c:\windows\system32\W32N55.dll
2010-05-10 03:05 . 2009-05-11 18:45 147456 ----a-w- c:\windows\system32\DiagFunc.dll
2010-05-10 03:05 . 2009-04-21 22:31 19072 ----a-w- c:\windows\system32\drivers\Scutum50.sys
2010-05-10 03:05 . 2008-12-30 23:55 143459 ----a-w- c:\windows\system32\RalinkGina.dll
2010-05-10 03:05 . 2008-09-10 22:55 200704 ----a-w- c:\windows\system32\ssleay32.dll
2010-05-10 03:05 . 2008-09-10 22:55 1085440 ----a-w- c:\windows\system32\libeay32.dll
2010-05-10 03:04 . 2009-09-06 00:54 1069824 ----a-w- c:\windows\system32\drivers\rt2860.sys
2010-05-10 03:04 . 2009-09-06 00:53 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-05-10 03:04 . 2010-05-10 03:04 -------- d-----w- c:\program files\Rosewill
2010-05-10 03:04 . 2010-05-10 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosewill Driver
2010-05-10 03:04 . 2009-09-06 00:54 1069824 ----a-w- c:\documents and settings\All Users\Application Data\Rosewill Driver\Wireless Network 11N PCI adapter RNX-N300\Driver\rt2860.sys
2010-05-10 03:04 . 2009-09-06 00:53 221184 ----a-w- c:\documents and settings\All Users\Application Data\Rosewill Driver\Wireless Network 11N PCI adapter RNX-N300\Driver\RaCoInst.dll
2010-05-10 03:04 . 2009-09-06 00:53 13931 ----a-w- c:\windows\system32\RaCoInst.dat
2010-05-10 03:04 . 2009-07-14 01:47 323648 ----a-w- c:\documents and settings\All Users\Application Data\Rosewill Driver\Wireless Network 11N PCI adapter RNX-N300\Driver\difxapi7.dll
2010-05-10 03:04 . 2008-08-06 23:31 528384 ----a-w- c:\documents and settings\All Users\Application Data\Rosewill Driver\Wireless Network 11N PCI adapter RNX-N300\Driver\RaInst.exe
2010-05-10 03:04 . 2007-05-17 18:17 192512 ----a-w- c:\documents and settings\All Users\Application Data\Rosewill Driver\Wireless Network 11N PCI adapter RNX-N300\Driver\CoInstaller.dll
2010-05-10 03:04 . 2006-11-02 14:21 319456 ----a-w- c:\documents and settings\All Users\Application Data\Rosewill Driver\Wireless Network 11N PCI adapter RNX-N300\Driver\difxapi.dll
2010-05-10 03:04 . 2010-05-10 03:04 -------- d-----w- c:\documents and settings\Name1\Application Data\InstallShield
2010-05-10 01:39 . 2010-05-10 01:39 -------- d-----w- C:\3dbc1240d88f24647b066fb058dd
2010-05-09 23:17 . 2010-05-09 23:17 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY\IETldCache
2010-05-09 03:17 . 2010-05-09 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosewill Driver(2)
2010-05-09 02:41 . 2010-05-09 02:41 -------- d-----w- c:\program files\Microsoft Games
2010-05-08 16:30 . 2010-05-08 16:30 -------- d-----w- c:\program files\MSXML 6.0
2010-05-08 04:21 . 2010-05-08 04:21 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Google
2010-05-07 06:26 . 2010-04-27 05:10 1718912 ----a-w- c:\windows\system32\BootMan.exe
2010-05-07 06:26 . 2010-02-23 18:51 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-05-07 06:26 . 2010-02-23 18:51 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-05-07 06:26 . 2010-02-23 18:51 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-05-07 06:26 . 2010-02-23 18:51 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-05-07 06:26 . 2010-05-07 06:26 -------- d-----w- c:\program files\EASEUS
2010-04-30 02:16 . 2010-04-30 17:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-25 23:25 . 2010-04-25 23:25 -------- d-----w- C:\ERDNT
2010-04-24 17:44 . 2010-04-24 17:44 -------- d-----w- c:\documents and settings\Name1\Application Data\Greenshot
2010-04-22 21:01 . 2010-04-22 21:33 -------- d-----w- c:\program files\GraphCalc
2010-04-15 04:06 . 2010-04-07 22:28 253952 ----a-w- c:\documents and settings\Name1\Application Data\Mozilla\Firefox\Profiles\yg8ge1se.profile2\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
2010-04-12 21:54 . 2010-04-12 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2010-04-12 03:38 . 2008-02-22 11:30 334792 ----a-w- c:\windows\system32\_AxShlEx.dll
2010-04-12 03:37 . 2010-04-12 03:37 -------- d-----w- c:\program files\Alcohol Soft
2010-04-12 03:24 . 2010-04-12 21:49 -------- d-----w- c:\program files\SlySoft
2010-04-11 19:38 . 2010-04-11 19:38 -------- d-----w- c:\program files\MSXML 4.0