Malwarebytes' Anti-Malware 1.36
Database version: 2014
Windows 5.1.2600 Service Pack 3
20/04/2009 15:24:19
mbam-log-2009-04-20 (15-24-19).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 185289
Time elapsed: 31 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
D:\Documents and Settings\James\Local Settings\Application Data\cp_setup_assist.exe (Trojan.Agent) -> Quarantined and deleted successfully.
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
C:\ [Fixed] - NTFS - (Total:30710 Mo/Free:1699 Mo)
D:\ [Fixed] - NTFS - (Total:121907 Mo/Free:1598 Mo)
E:\ [CD-Rom] (Total:7736 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
20/04/2009|16:53
----------------------\\ Processes..
--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
---------- C:\WINDOWS\RTHDCPL.EXE
---------- C:\WINDOWS\vVX1000.exe
---------- C:\Program Files\Microsoft IntelliType Pro\itype.exe
---------- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
---------- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
---------- C:\Program Files\iTunes\iTunesHelper.exe
---------- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
---------- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
---------- C:\PROGRA~1\AVG\AVG8\avgfws8.exe
---------- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
---------- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\PROGRA~1\AVG\AVG8\avgam.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
---------- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
---------- C:\WINDOWS\system32\slserv.exe
---------- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
---------- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\wltrysvc.exe
---------- C:\WINDOWS\System32\bcmwltry.exe
---------- C:\Program Files\iPod\bin\iPodService.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Windows Live\Contacts\wlcomm.exe
---------- D:\Documents and Settings\James\Desktop\Rooter.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe
----------------------\\ Search..
----------------------\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - 18/04/2009|13:15
2 - "C:\Rooter$\Rooter_2.txt" - 20/04/2009|15:30
3 - "C:\Rooter$\Rooter_3.txt" - 20/04/2009|16:54
----------------------\\ Scan completed at 16:54
OTListIt logfile created on: 20/04/2009 15:32:09 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = D:\Documents and Settings\James\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.48 Mb Total Physical Memory | 437.14 Mb Available Physical Memory | 42.71% Memory free
3.90 Gb Paging File | 3.41 Gb Available in Paging File | 87.47% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;D:\pagefile.sys 0 0;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 9.66 Gb Free Space | 32.21% Space Free | Partition Type: NTFS
Drive D: | 119.05 Gb Total Space | 13.54 Gb Free Space | 11.38% Space Free | Partition Type: NTFS
Drive E: | 7.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JAMES-PC
Current User Name: James
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\system32\savedump.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe (AVG)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe (AVG)
PRC - C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe (AVG)
PRC - C:\Program Files\AVG\AVG8\avgfws8.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe (AVG)
PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
PRC - C:\WINDOWS\system32\slserv.exe ( )
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wltrysvc.exe ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Broadcom Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - D:\Documents and Settings\James\Desktop\OTListIt2.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws8 [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgfws8.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgidsagent [Auto | Running]) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe (AVG)
SRV - (avgidswatcher [Auto | Running]) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe (AVG)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Capture Device Service [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Stopped]) -- File not found
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate Notice Ex [Auto | Stopped]) -- File not found
SRV - (LiveUpdate Notice Service [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (mscamsvc [Auto | Running]) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (MSSQL$CSSQL05 [Auto | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corp.)
SRV - (SLService [Auto | Running]) -- C:\WINDOWS\system32\slserv.exe ( )
SRV - (SQLBrowser [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (Symantec Core LC [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (WLTRYSVC [Auto | Running]) -- C:\WINDOWS\System32\wltrysvc.exe ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (acedrv11 [Auto | Running]) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Afc.sys (Arcsoft, Inc.)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (atksgt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\atksgt.sys ()
DRV - (avgfwdx [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgfwfd [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgidsdriver [On_Demand | Running]) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys (AVG Technologies )
DRV - (avgidserhr [Boot | Running]) -- C:\WINDOWS\System32\Drivers\AVGIDSErHr.sys (AVG Technologies )
DRV - (avgidsfilter [On_Demand | Running]) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys (AVG Technologies )
DRV - (avgidsshim [On_Demand | Running]) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (AVG Technologies )
DRV - (avgldx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgmfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgRkx86 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgtdix [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (BDA_Capture_225 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BDA_Capture_225.sys (WideViewer Electronics CO., LTD)
DRV - (BDA_Loader_225 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BDA_Loader_225.sys (WideView Technology Inc.)
DRV - (BUFADPT [System | Running]) -- C:\WINDOWS\system32\BUFADPT.SYS (BUFFALO INC.)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (fssfltr [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hcw95bda [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95rc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (imagedrv [Boot | Running]) -- C:\WINDOWS\System32\Drivers\imagedrv.sys (Ahead Software AG)
DRV - (imagesrv [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys (Ahead Software AG)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (lirsgt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys ()
DRV - (MaBtc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\MABTC.sys (Mobile Action Technology Inc.)
DRV - (MaBtPort [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\mabtport.sys (Mobile Action Technology Inc.)
DRV - (MaBtVad [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\MaBtVad.sys (Mobile Action Technology Inc.)
DRV - (MaVctrl [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\MaVc2K.sys (Mobile Action Technology Inc.)
DRV - (MDC8021X [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (MPE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\MPE.sys (Microsoft Corporation)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (Mtlmnt5 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys ( )
DRV - (Mtlstrm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys ( )
DRV - (NtMtlFax [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys ( )
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pcouffin [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RecAgent [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys (Smart Link)
DRV - (RTL8023 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (SDTHOOK [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SDTHOOK.sys (Panda Software)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfdrv01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sfsync04 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfvfs02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Slntamr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\slntamr.sys ( )
DRV - (SlNtHal [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Slnthal.sys ( )
DRV - (SlWdmSup [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys (Vireo Software)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symlcbrd [Auto | Running]) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tbhsd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (VX1000 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\VX1000.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 85 E7 24 9F BE C9 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/firefox"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {D6F05578-1D06-45DC-8937-E4EB408EE5B1}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [email protected]:2.2.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.4
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/10 14:27:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/02 01:22:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/04/17 02:18:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2009\FFTOOLBAR\
FF - HKLM\software\mozilla\mozilla firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/17 03:50:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\mozilla firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/17 03:50:47 | 00,000,000 | ---D | M]
[2008/12/05 22:45:29 | 00,000,000 | ---D | M] -- D:\Documents and Settings\James\Application Data\mozilla\Extensions
[2008/12/05 22:45:29 | 00,000,000 | ---D | M] -- D:\Documents and Settings\James\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/19 16:46:03 | 00,000,000 | ---D | M] -- D:\Documents and Settings\James\Application Data\mozilla\Firefox\Profiles\o316llmk.default\extensions
[2009/02/05 11:53:14 | 00,000,000 | ---D | M] -- D:\Documents and Settings\James\Application Data\mozilla\Firefox\Profiles\o316llmk.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009/03/30 10:53:27 | 00,000,000 | ---D | M] -- D:\Documents and Settings\James\Application Data\mozilla\Firefox\Profiles\o316llmk.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2009/03/25 18:51:27 | 00,000,000 | ---D | M] -- D:\Documents and Settings\James\Application Data\mozilla\Firefox\Profiles\o316llmk.default\extensions\[email protected]
[2008/12/18 05:09:45 | 00,000,000 | ---D | M] -- D:\Documents and Settings\James\Application Data\mozilla\Firefox\Profiles\o316llmk.default\extensions\[email protected]
[2009/04/20 14:30:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/17 03:50:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/07 00:49:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/10 14:27:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/01 20:15:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/19 14:47:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{D6F05578-1D06-45DC-8937-E4EB408EE5B1}
[2009/03/27 02:21:37 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/27 02:21:37 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/01/04 16:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 19:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 16:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 10:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 20:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 19:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 16:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
Hosts file not found
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" (AVG)
O4 - HKLM..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] "C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" /logon (CANON INC.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] "C:\WINDOWS\system32\HDAShCut.exe" (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE" (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\James\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108495
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 1041
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: 26 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} http://www.symantec....ta/nprdtinf.cab (AxProdInfoCtl Class)
O16 - DPF: {56762dec-6b0d-4ab4-a8ad-989993b5d08b} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase9563.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1172436209199 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8ffbe65d-2c9c-4669-84bd-5829dc0b603c} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} http://aolsvc.aol.co...sh.1.0.0.93.cab (CPlayFirstDinerDashControl Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4b45d27c-d07a-11dd-8889-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4b45d27c-d07a-11dd-8889-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4b45d27c-d07a-11dd-8889-806d6172696f}\Shell\AutoRun\command - "" = E:\AUTORUN\AUTORUN.EXE -- File not found
O33 - MountPoints2\{64b0b57e-d08e-11dd-888c-0011f518e762}\Shell - "" = AutoRun
O33 - MountPoints2\{64b0b57e-d08e-11dd-888c-0011f518e762}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{64b0b57e-d08e-11dd-888c-0011f518e762}\Shell\AutoRun\command - "" = I:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ==========
[12 C:\WINDOWS\*.tmp files]
[2009/04/20 14:46:37 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/20 14:46:37 | 00,000,581 | ---- | C] () -- D:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/20 14:46:35 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/20 14:46:34 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/20 14:45:57 | 00,000,674 | ---- | C] () -- D:\Documents and Settings\James\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/20 14:45:54 | 00,000,530 | ---- | C] () -- D:\DOCUME~1\James\Desktop\NTREGOPT.lnk
[2009/04/20 14:45:54 | 00,000,517 | ---- | C] () -- D:\DOCUME~1\James\Desktop\ERUNT.lnk
[2009/04/20 14:45:54 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/20 14:43:08 | 00,501,248 | ---- | C] (OldTimer Tools) -- D:\DOCUME~1\James\Desktop\OTListIt2.exe
[2009/04/20 14:43:04 | 00,267,612 | ---- | C] () -- D:\DOCUME~1\James\Desktop\Rooter.exe
[2009/04/20 14:42:52 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- D:\DOCUME~1\James\Desktop\mbam-setup.exe
[2009/04/20 14:42:40 | 00,021,504 | ---- | C] (Doug Knox) -- D:\DOCUME~1\James\Desktop\SysRestorePoint.exe
[2009/04/20 14:42:27 | 00,791,393 | ---- | C] (Lars Hederer ) -- D:\DOCUME~1\James\Desktop\erunt_setup.exe
[2009/04/18 22:32:06 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/04/18 14:04:39 | 00,000,000 | ---D | C] -- D:\DOCUME~1\James\My Documents\AdvancedReliableSoftware
[2009/04/18 13:14:43 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/17 21:27:57 | 00,089,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\8068ba40.sys
[2009/04/17 17:31:33 | 00,000,000 | ---D | C] -- C:\Program Files\THQ
[2009/04/17 14:11:53 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2009/04/17 07:09:28 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/04/17 04:39:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/04/17 04:35:03 | 00,000,000 | R--D | C] -- D:\DOCUME~1\ALLUSE~1\Documents\My Pictures
[2009/04/17 02:27:13 | 00,000,000 | ---D | C] -- D:\DOCUME~1\ALLUSE~1\Application Data\Bitdefender
[2009/04/17 02:20:44 | 00,000,000 | ---D | C] -- D:\DOCUME~1\ALLUSE~1\Application Data\Downloaded Installations
[2009/04/17 02:20:29 | 00,001,426 | ---- | C] () -- D:\DOCUME~1\ALLUSE~1\Desktop\AVG 8.5.lnk
[2009/04/17 02:20:28 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/17 02:20:28 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/04/17 02:20:28 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/17 02:20:23 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/17 02:20:22 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/04/17 02:20:19 | 35,259,101 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/17 02:20:19 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/04/17 02:20:19 | 00,434,673 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/17 02:20:19 | 00,005,677 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/17 02:20:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/04/17 02:19:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/04/17 02:18:44 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/04/17 02:18:44 | 00,029,208 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/04/17 02:07:36 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2009/04/17 01:49:19 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/04/17 01:33:28 | 00,005,632 | -HS- | C] () -- D:\DOCUME~1\James\Desktop\Thumbs.db
[2009/04/16 22:40:42 | 00,000,132 | ---- | C] () -- C:\httpdwl.dat
[2009/04/16 19:14:43 | 00,228,672 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys.bak
[2009/04/16 19:14:43 | 00,108,864 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys.bak
[2009/04/16 19:14:43 | 00,102,208 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\bdfndisf.sys.bak
[2009/04/16 19:14:43 | 00,082,568 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\BDVEDISK.sys.bak
[2009/04/16 18:58:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2009/04/16 18:58:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\logs
[2009/04/16 17:48:56 | 00,000,000 | ---D | C] -- D:\DOCUME~1\ALLUSE~1\Application Data\Symantec
[2009/04/16 16:12:07 | 00,000,000 | ---D | C] -- D:\DOCUME~1\ALLUSE~1\Application Data\PCSettings
[2009/04/16 16:12:03 | 00,000,000 | ---D | C] -- D:\DOCUME~1\ALLUSE~1\Application Data\Norton
[2009/04/16 16:10:34 | 00,000,000 | ---D | C] -- D:\DOCUME~1\ALLUSE~1\Application Data\NortonInstaller
[2009/04/12 02:52:48 | 00,000,155 | ---- | C] () -- C:\WINDOWS\System32\SelfDel.bat
[2009/04/12 02:08:04 | 00,109,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\5fd7894.sys
[2009/04/12 01:33:59 | 00,000,000 | R--D | C] -- D:\DOCUME~1\ALLUSE~1\Documents\My Videos
[2009/04/12 01:33:58 | 00,000,000 | ---D | C] -- D:\DOCUME~1\ALLUSE~1\Documents\Symantec
[2009/04/12 01:00:37 | 00,000,000 | ---D | C] -- D:\DOCUME~1\James\My Documents\Symantec
[2009/04/12 00:43:27 | 00,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2009/04/09 23:15:47 | 00,010,492 | ---- | C] () -- D:\DOCUME~1\James\Desktop\WeeMee_14088025_for_harveyj176.jpg.jpg
[2009/04/08 23:39:51 | 00,001,804 | ---- | C] () -- D:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/04/08 23:39:12 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/08 23:39:07 | 00,000,000 | ---D | C] -- D:\DOCUME~1\ALLUSE~1\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/08 23:39:07 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/07 23:26:12 | 00,000,568 | ---- | C] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/04/07 09:55:55 | 00,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2009/04/07 02:33:10 | 00,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/04/07 02:33:09 | 00,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/04/07 02:27:00 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/04/07 02:26:43 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/04/07 02:26:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2009/04/07 02:02:37 | 00,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2009/04/07 02:01:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2009/04/07 00:51:52 | 00,000,000 | R--D | C] -- D:\DOCUME~1\James\My Documents\LifeCam Files
[2009/04/07 00:49:57 | 00,000,000 | ---D | C] -- D:\Documents and Settings\James\Application Data\Skype
[2009/04/07 00:49:37 | 00,002,175 | ---- | C] () -- D:\DOCUME~1\ALLUSE~1\Desktop\Skype.lnk
[2009/04/07 00:49:33 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/04/07 00:49:21 | 00,000,000 | ---D | C] -- D:\DOCUME~1\ALLUSE~1\Application Data\Skype
[2009/04/06 22:30:35 | 00,092,024 | ---- | C] () -- D:\DOCUME~1\James\Desktop\Course Test 2 review 2009.pdf
[2009/04/06 21:46:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/05 23:02:29 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS.ORIGINAL
[2009/04/05 22:55:42 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/04/04 23:46:47 | 00,001,503 | ---- | C] () -- D:\DOCUME~1\ALLUSE~1\Desktop\Mozilla Firefox.lnk
[2009/04/02 16:57:49 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/04/02 14:36:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/03/28 17:16:26 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2009/03/28 17:00:24 | 03,932,043 | ---- | C] () -- D:\DOCUME~1\James\Desktop\Spectra.pdf
[2009/03/28 16:09:57 | 00,000,000 | -H-D | C] -- D:\DOCUME~1\ALLUSE~1\Application Data\CanonBJ
[2009/03/28 15:18:25 | 00,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2009/03/28 00:27:53 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/03/27 23:57:11 | 00,000,772 | ---- | C] () -- D:\DOCUME~1\James\Desktop\Revo Uninstaller.lnk
[2009/03/27 23:56:54 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/03/27 21:59:35 | 01,401,657 | ---- | C] () -- D:\DOCUME~1\ALLUSE~1\Documents\DS158.pdf
[2009/03/24 17:55:05 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/03/24 16:57:08 | 00,012,781 | ---- | C] () -- D:\DOCUME~1\ALLUSE~1\Documents\SEVIS Fee Reciept Sophie.pdf
[2009/03/24 16:47:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\FOXIT_PDF
[2009/03/22 14:52:45 | 00,792,484 | ---- | C] () -- D:\DOCUME~1\James\Desktop\Complete 2C32 manual 2009.pdf
[2009/03/22 13:59:56 | 00,000,684 | ---- | C] () -- D:\DOCUME~1\ALLUSE~1\Desktop\Foxit Reader.lnk
[2009/03/21 22:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/03/21 22:03:25 | 00,000,000 | ---D | C] -- D:\Documents and Settings\James\Application Data\Foxit
[2009/03/21 22:03:25 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2009/01/07 18:56:15 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctpmon.dll
[2009/01/07 18:56:15 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXCTFXPU.DLL
[2008/10/23 17:39:07 | 00,213,072 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2008/10/07 14:33:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/10/07 14:33:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/10/07 14:33:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/10/07 14:33:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/09/26 13:58:05 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/09/26 13:58:05 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/09/26 13:58:04 | 00,002,535 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2008/09/26 12:32:01 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/09/19 22:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/08/01 22:12:36 | 00,000,081 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2008/04/06 03:10:10 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/02/25 13:07:49 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008/02/25 13:07:49 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2008/02/25 13:07:49 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008/02/25 13:07:49 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/02/11 09:39:26 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2008/02/11 09:39:18 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2008/02/08 13:53:46 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/12/24 15:09:00 | 00,032,825 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2007/12/24 15:08:29 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2007/12/24 15:07:29 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2007/12/24 15:06:40 | 00,006,544 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2007/12/16 14:30:40 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2007/10/16 19:32:32 | 00,000,023 | ---- | C] () -- C:\WINDOWS\hdsconv.ini
[2007/10/06 12:16:37 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2007/09/20 11:27:16 | 03,190,784 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/09/20 11:27:16 | 00,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/09/20 11:27:16 | 00,662,016 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/09/20 11:27:16 | 00,511,488 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/09/20 11:27:16 | 00,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/09/20 11:27:16 | 00,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/09/20 11:27:16 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/09/20 11:27:16 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/09/20 11:27:16 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/09/20 11:27:16 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/09/20 11:27:16 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/09/20 11:27:16 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/09/20 11:27:16 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/09/20 11:27:16 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/09/20 11:27:16 | 00,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/09/20 11:27:16 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/09/20 11:27:16 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/09/20 11:27:16 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/09/20 11:27:16 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/09/20 11:27:16 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/08/30 13:56:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2007/08/19 19:50:36 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2007/07/27 14:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/05/27 16:16:55 | 00,000,049 | ---- | C] () -- C:\WINDOWS\bsm.ini
[2007/05/25 12:02:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2007/05/25 12:01:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI
[2007/05/25 12:01:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\AlbumExe.INI
[2007/05/25 12:01:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007/05/15 19:06:58 | 00,071,208 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/05/06 18:45:23 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/05/01 20:56:17 | 00,000,004 | ---- | C] () -- C:\WINDOWS\jknradee.sys
[2007/04/14 15:57:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/14 15:57:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/14 15:57:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/14 15:57:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/14 15:57:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/14 15:57:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/14 15:57:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/14 15:57:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/14 15:57:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/03/05 16:56:48 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/03/05 16:56:47 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/02/25 23:42:02 | 00,000,172 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/24 22:55:02 | 00,000,057 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/30 19:20:31 | 00,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/28 00:36:41 | 00,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2007/01/21 17:01:49 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/01/20 16:41:44 | 00,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/20 15:22:32 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007/01/20 12:38:57 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/20 12:27:42 | 00,475,136 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2007/01/20 12:27:42 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2007/01/20 12:27:42 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2007/01/20 12:27:42 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2007/01/11 14:20:00 | 00,026,097 | ---- | C] () -- C:\WINDOWS\UN800114.INI
[2006/07/14 20:27:34 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/05 19:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/10/21 16:28:56 | 00,005,968 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 18:13:32 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 17:38:23 | 00,000,755 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 17:38:18 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/07/13 05:49:00 | 00,003,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\BFAIFILT.SYS
[2004/05/28 03:43:00 | 00,003,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\AIFILT.SYS
[2004/03/30 08:15:02 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010205PNG.dll
[2004/03/30 08:15:01 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX015003JP2.dll
[2004/03/30 08:15:01 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010104Z.dll
[2003/05/23 11:08:52 | 00,107,008 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/05/23 11:08:52 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/09/01 16:31:59 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/03/17 01:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000079.DLL
[1980/01/01 01:00:00 | 01,301,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[1980/01/01 01:00:00 | 00,548,952 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[1980/01/01 01:00:00 | 00,221,736 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[1980/01/01 01:00:00 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[1980/01/01 01:00:00 | 00,167,384 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[1980/01/01 01:00:00 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[1980/01/01 01:00:00 | 00,086,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[1980/01/01 01:00:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
========== Files - Modified Within 30 Days ==========
[12 C:\WINDOWS\*.tmp files]
[2009/04/20 16:36:34 | 00,089,448 | ---- | M] () -- C:\WINDOWS\System32\drivers\8068ba40.sys
[2009/04/20 16:36:31 | 00,109,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\5fd7894.sys
[2009/04/20 16:27:58 | 35,259,101 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/20 16:27:58 | 00,005,677 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/20 15:29:22 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/20 15:27:55 | 00,200,333 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/20 15:27:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/20 15:26:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/20 15:26:53 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/20 15:06:46 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1EC6C772-2E31-499A-A278-775C57D92C76}.job
[2009/04/20 14:46:37 | 00,000,581 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/20 14:45:57 | 00,000,674 | ---- | M] () -- D:\Documents and Settings\James\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/04/20 14:45:54 | 00,000,530 | ---- | M] () -- D:\DOCUME~1\James\Desktop\NTREGOPT.lnk
[2009/04/20 14:45:54 | 00,000,517 | ---- | M] () -- D:\DOCUME~1\James\Desktop\ERUNT.lnk
[2009/04/20 14:43:40 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- D:\DOCUME~1\James\Desktop\mbam-setup.exe
[2009/04/20 14:43:25 | 00,267,612 | ---- | M] () -- D:\DOCUME~1\James\Desktop\Rooter.exe
[2009/04/20 14:43:24 | 00,501,248 | ---- | M] (OldTimer Tools) -- D:\DOCUME~1\James\Desktop\OTListIt2.exe
[2009/04/20 14:42:45 | 00,021,504 | ---- | M] (Doug Knox) -- D:\DOCUME~1\James\Desktop\SysRestorePoint.exe
[2009/04/20 14:42:44 | 00,791,393 | ---- | M] (Lars Hederer ) -- D:\DOCUME~1\James\Desktop\erunt_setup.exe
[2009/04/20 04:26:53 | 00,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/04/20 04:26:51 | 00,134,144 | ---- | M] () -- D:\DOCUME~1\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/18 00:27:34 | 00,434,673 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/04/17 23:07:07 | 00,002,175 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\Desktop\Skype.lnk
[2009/04/17 17:56:35 | 00,062,976 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2009/04/17 04:38:05 | 00,017,408 | -HS- | M] () -- C:\WINDOWS\System32\Thumbs.db
[2009/04/17 04:35:03 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/04/17 04:35:03 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/04/17 04:35:03 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/04/17 04:35:03 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/04/17 04:35:03 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/04/17 04:35:03 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/04/17 03:50:48 | 00,001,503 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\Desktop\Mozilla Firefox.lnk
[2009/04/17 02:25:02 | 00,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin
[2009/04/17 02:23:17 | 00,000,568 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
[2009/04/17 02:20:29 | 00,001,426 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\Desktop\AVG 8.5.lnk
[2009/04/17 02:20:28 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/04/17 02:20:28 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2009/04/17 02:20:28 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/04/17 02:20:23 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/04/17 02:20:22 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/04/17 02:20:19 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/04/17 02:18:44 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2009/04/17 02:18:44 | 00,029,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2009/04/17 01:49:19 | 00,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2009/04/17 01:33:28 | 00,005,632 | -HS- | M] () -- D:\DOCUME~1\James\Desktop\Thumbs.db
[2009/04/16 22:40:42 | 00,000,132 | ---- | M] () -- C:\httpdwl.dat
[2009/04/16 18:56:42 | 00,606,324 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 18:56:42 | 00,509,520 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/16 18:56:42 | 00,097,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 18:54:53 | 00,000,499 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/04/15 00:27:10 | 00,002,393 | ---- | M] () -- D:\DOCUME~1\James\Desktop\Word.lnk
[2009/04/12 02:52:48 | 00,000,155 | ---- | M] () -- C:\WINDOWS\System32\SelfDel.bat
[2009/04/12 01:32:32 | 00,000,694 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts.bak
[2009/04/09 23:15:51 | 00,010,492 | ---- | M] () -- D:\DOCUME~1\James\Desktop\WeeMee_14088025_for_harveyj176.jpg.jpg
[2009/04/08 23:39:51 | 00,001,804 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/04/08 23:14:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/07 10:18:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\FOXIT_PDF
[2009/04/07 10:01:50 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/04/07 02:33:10 | 00,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
[2009/04/07 02:33:09 | 00,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2009/04/07 01:34:40 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/04/06 22:30:45 | 00,092,024 | ---- | M] () -- D:\DOCUME~1\James\Desktop\Course Test 2 review 2009.pdf
[2009/04/06 21:57:44 | 00,000,076 | -HS- | M] () -- D:\DOCUME~1\James\My Documents\desktop.ini
[2009/04/06 21:52:14 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 01:22:30 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS
[2009/04/06 01:22:30 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2009/04/05 23:02:29 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS.ORIGINAL
[2009/04/02 13:44:36 | 01,706,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/02 01:26:26 | 00,122,984 | ---- | M] () -- D:\DOCUME~1\James\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/31 18:18:15 | 00,659,456 | ---- | M] () -- D:\DOCUME~1\James\My Documents\ir spec values.accdb
[2009/03/28 17:00:36 | 03,932,043 | ---- | M] () -- D:\DOCUME~1\James\Desktop\Spectra.pdf
[2009/03/27 23:57:11 | 00,000,772 | ---- | M] () -- D:\DOCUME~1\James\Desktop\Revo Uninstaller.lnk
[2009/03/27 21:59:36 | 01,401,657 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\Documents\DS158.pdf
[2009/03/24 16:57:08 | 00,012,781 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\Documents\SEVIS Fee Reciept Sophie.pdf
[2009/03/22 14:52:49 | 00,792,484 | ---- | M] () -- D:\DOCUME~1\James\Desktop\Complete 2C32 manual 2009.pdf
[2009/03/22 13:59:56 | 00,000,684 | ---- | M] () -- D:\DOCUME~1\ALLUSE~1\Desktop\Foxit Reader.lnk
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> D:\DOCUME~1\ALLUSE~1\Application Data\TEMP:5D10517E
@Alternate Data Stream - 88 bytes -> D:\DOCUME~1\James\My Documents\grstyles.stl:SummaryInformation
@Alternate Data Stream - 176 bytes -> D:\DOCUME~1\ALLUSE~1\Application Data\TEMP:89E253FE
@Alternate Data Stream - 120 bytes -> D:\DOCUME~1\ALLUSE~1\Application Data\TEMP:5C321E34
@Alternate Data Stream - 112 bytes -> D:\DOCUME~1\ALLUSE~1\Application Data\TEMP:B63300D1
@Alternate Data Stream - 108 bytes -> D:\DOCUME~1\ALLUSE~1\Application Data\TEMP:C5760A8B
@Alternate Data Stream - 106 bytes -> D:\DOCUME~1\ALLUSE~1\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> D:\DOCUME~1\ALLUSE~1\Application Data\TEMP:24051EFF
< End of report >
OTListIt Extras logfile created on: 20/04/2009 15:32:09 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = D:\Documents and Settings\James\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.48 Mb Total Physical Memory | 437.14 Mb Available Physical Memory | 42.71% Memory free
3.90 Gb Paging File | 3.41 Gb Available in Paging File | 87.47% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;D:\pagefile.sys 0 0;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.99 Gb Total Space | 9.66 Gb Free Space | 32.21% Space Free | Partition Type: NTFS
Drive D: | 119.05 Gb Total Space | 13.54 Gb Free Space | 11.38% Space Free | Partition Type: NTFS
Drive E: | 7.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: JAMES-PC
Current User Name: James
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service File not found
C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:Lexmark Communications System File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 File not found
C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\ChemDraw.exe:*:Enabled:ChemDraw Std 11.0 (CambridgeSoft Corp.)
C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008 File not found
C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts (Zhejiang University)
C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application File not found
C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver (www.sopcast.com)
C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager File not found
C:\Program Files\CambridgeSoft\ultra\ChemDraw\ChemDraw.exe:*:Enabled:ChemBioDraw Ultra 11.0.1 File not found
C:\Program Files\CambridgeSoft\ultra\Chem3D\Chem3D.exe:*:Enabled:ChemBio3D Ultra 11.0.1 File not found
C:\Program Files\CambridgeSoft\ultra\ChemFinder\ChemFinder.exe:*:Enabled:ChemFinder Std/Pro/Ultra 11.0.1 File not found
C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\Chem3D.exe:*:Enabled:ChemBio3D Ultra 11.0.1 (CambridgeSoft Corp.)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\Ubisoft\Ubisoft\Gearbox Software\Brothers in Arms - [bleep]'s Highway\Binaries\biahh.exe:*:Enabled:biahh File not found
D:\Documents and Settings\James\My Documents\Downloads\PC_Brothers In Arms - Hells Highway (eng)-.direct.play.-ToeD\Ubisoft\Gearbox Software\Brothers in Arms - [bleep]'s Highway\Binaries\biahh.exe:*:Enabled:biahh File not found
C:\Program Files\CambridgeSoft\ChemOffice\Chem3D\Chem3D.exe:*:Enabled:Chem3D Pro 11.0.1 (CambridgeSoft Corp.)
D:\Documents and Settings\James\My Documents\Downloads\ChemDraw.exe:*:Enabled:ChemDraw Ultra 10.0 File not found
C:\Program Files\CambridgeSoft\ChemOffice\ChemDraw\ChemDraw.exe:*:Enabled:ChemDraw Ultra 11.0 (CambridgeSoft Corp.)
C:\Program Files\CrossFire Commander 7.1\xfdlink.exe:*:Enabled:CrossFire DataLink File not found
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009 File not found
D:\Documents and Settings\James\My Documents\Downloads\PC_Far.Cry.2 -.direct.play.-ToeD\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry® 2 File not found
C:\Windows\system32\PnkBstrA.exe:*:Enabled:PnkBstrA File not found
C:\Windows\system32\PnkBstrB.exe:*:Enabled:PnkBstrB File not found
C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate File not found
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call (Microsoft Corporation)
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)
C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files! (Foxit Software Company)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe (Microsoft Corporation)
C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe (Microsoft Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{06c32ea0-4a22-4919-979a-8700715865b8}" = Microsoft LifeCam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{25724802-cc14-4b90-9f3b-3d6955ee27b1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 13
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (CSSQL05)
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5E971881-1924-48D1-9C16-AB7AD61FEFF3}" = CambridgeSoft ChemDraw Ultra 11.0
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7583d2f8-8e7d-40c5-9862-4d218006fb84}" = AVG Identity Protection
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{798B2322-89EB-4ADC-A6B2-21EAC108E252}" = CambridgeSoft ChemBioDraw Ultra 11.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CFAEC66-BA0E-4076-AAA5-2BE29153E6DF}" = Microsoft XML Parser
"{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}" = Macromedia Shockwave Player
"{863F58EF-467F-4BCC-A40B-D2304630DEA1}" = CambridgeSoft Activation Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90240409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Resource Kit
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7EEC93A-2A61-4B1E-B696-A264680A889D}" = MobileMe Control Panel
"{cb2f7edd-9d1f-43c1-90fc-4f52eae172a1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EFC1B35C-FFF2-41D8-A70A-CE6037F8040B}" = AGEIA PhysX v7.07.24
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F811E029-35C8-4742-933D-0EAEFB5958C9}" = BT Voyager Wireless Utility
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.3 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Foxit Toolbar
"avg8uninstall" = AVG 8.5
"Canon MP210 series User Registration" = Canon MP210 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"erunt_is1" = ERUNT 1.1j
"esetonlinescanner" = ESET Online Scanner
"Foxit Software" = Foxit PDF Suite
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{5E971881-1924-48D1-9C16-AB7AD61FEFF3}" = CambridgeSoft ChemDraw Ultra 11.0
"InstallShield_{798B2322-89EB-4ADC-A6B2-21EAC108E252}" = CambridgeSoft ChemBioDraw Ultra 11.0
"malwarebytes' anti-malware_is1" = Malwarebytes' Anti-Malware
"MDL Chime/Chime Pro for Internet Explorer" = MDL Chime/Chime Pro for Internet Explorer
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mozilla firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Revo Uninstaller" = Revo Uninstaller 1.80
"SLAMRMO" = Smart Link 56K Modem
"TV Player" = Veetle TV Player 0.9.14
"TVAnts 1.0" = TVAnts 1.0
"Veetle TV Player" = Veetle TV Player 0.9.14
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"windows media format runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20/04/2009 10:28:18 | Computer Name = JAMES-PC | Source = MSSQL$CSSQL05 | ID = 17058
Description = initerrlog: Could not open error log file 'C:\Program Files\Microsoft
SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG'. Operating system error = 5(error not found).
Error - 20/04/2009 10:28:18 | Computer Name = JAMES-PC | Source = MSSQL$CSSQL05 | ID = 17058
Description = initerrlog: Could not open error log file 'C:\Program Files\Microsoft
SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG'. Operating system error = 5(error not found).
Error - 20/04/2009 10:28:18 | Computer Name = JAMES-PC | Source = MSSQL$CSSQL05 | ID = 17058
Description = initerrlog: Could not open error log file 'C:\Program Files\Microsoft
SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG'. Operating system error = 5(error not found).
Error - 20/04/2009 10:28:18 | Computer Name = JAMES-PC | Source = MSSQL$CSSQL05 | ID = 17058
Description = initerrlog: Could not open error log file 'C:\Program Files\Microsoft
SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG'. Operating system error = 5(error not found).
Error - 20/04/2009 10:28:19 | Computer Name = JAMES-PC | Source = MSSQL$CSSQL05 | ID = 17058
Description = initerrlog: Could not open error log file 'C:\Program Files\Microsoft
SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG'. Operating system error = 5(error not found).
Error - 20/04/2009 10:28:19 | Computer Name = JAMES-PC | Source = MSSQL$CSSQL05 | ID = 17058
Description = initerrlog: Could not open error log file 'C:\Program Files\Microsoft
SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG'. Operating system error = 5(error not found).
Error - 20/04/2009 10:28:19 | Computer Name = JAMES-PC | Source = MSSQL$CSSQL05 | ID = 17058
Description = initerrlog: Could not open error log file 'C:\Program Files\Microsoft
SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG'. Operating system error = 5(error not found).
Error - 20/04/2009 10:28:20 | Computer Name = JAMES-PC | Source = MSSQL$CSSQL05 | ID = 17058
Description = initerrlog: Could not open error log file 'C:\Program Files\Microsoft
SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG'. Operating system error = 5(error not found).
Error - 20/04/2009 10:28:20 | Computer Name = JAMES-PC | Source = MSSQL$CSSQL05 | ID = 17058
Description = initerrlog: Could not open error log file 'C:\Program Files\Microsoft
SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG'. Operating system error = 5(error not found).
Error - 20/04/2009 10:29:20 | Computer Name = JAMES-PC | Source = MsiInstaller | ID = 11402
Description = Product: Windows Live Messenger -- Error 1402. Could not open key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32. System
error 5. Verify that you have sufficient access to that key, or contact your support
personnel.
[ OSession Events ]
Error - 13/07/2008 10:46:15 | Computer Name = JAMES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10522
seconds with 2820 seconds of active time. This session ended with a crash.
Error - 20/09/2008 20:10:48 | Computer Name = JAMES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 42812
seconds with 3480 seconds of active time. This session ended with a crash.
Error - 26/01/2009 18:19:37 | Computer Name = JAMES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 111379
seconds with 10320 seconds of active time. This session ended with a crash.
Error - 28/01/2009 19:46:30 | Computer Name = JAMES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9066
seconds with 2760 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 19/04/2009 09:47:51 | Computer Name = JAMES-PC | Source = Service Control Manager | ID = 7024
Description = The SQL Server (CSSQL05) service terminated with service-specific
error 17058 (0x42A2).
Error - 19/04/2009 23:25:22 | Computer Name = JAMES-PC | Source = sfsync04 | ID = 262145
Description =
Error - 20/04/2009 09:28:19 | Computer Name = JAMES-PC | Source = MaBtPort | ID = 393234
Description =
Error - 20/04/2009 09:29:04 | Computer Name = JAMES-PC | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2
Error - 20/04/2009 09:29:04 | Computer Name = JAMES-PC | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2
Error - 20/04/2009 09:29:04 | Computer Name = JAMES-PC | Source = Service Control Manager | ID = 7024
Description = The SQL Server (CSSQL05) service terminated with service-specific
error 17058 (0x42A2).
Error - 20/04/2009 10:27:26 | Computer Name = JAMES-PC | Source = MaBtPort | ID = 393234
Description =
Error - 20/04/2009 10:28:36 | Computer Name = JAMES-PC | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2
Error - 20/04/2009 10:28:36 | Computer Name = JAMES-PC | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2
Error - 20/04/2009 10:28:36 | Computer Name = JAMES-PC | Source = Service Control Manager | ID = 7024
Description = The SQL Server (CSSQL05) service terminated with service-specific
error 17058 (0x42A2).
< End of report >
Thanks
James