This topic is locked
GMER wouldn't finish running - after about 2.5 hours scanning files it gave me a BSOD, so I tried again and got the same thing. I do have MBAM (supposedly clean) and OTL logs I can post though.
Malwarebytes' Anti-Malware 1.44
Database version: 3600
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/20/2010 9:58:28 PM
mbam-log-2010-01-20 (21-58-28).txt
Scan type: Quick Scan
Objects scanned: 128264
Time elapsed: 6 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL logfile created on: 1/22/2010 5:50:03 AM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.70 Gb Total Space | 66.20 Gb Free Space | 14.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOMSERVO
Current User Name: Andrew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/01/21 22:19:24 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/01/21 22:19:22 | 01,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/01/20 22:11:11 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
PRC - [2010/01/04 11:36:28 | 02,893,624 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2009/12/09 18:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/30 22:28:27 | 00,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/27 22:27:42 | 26,784,939 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/08/05 05:44:39 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/10 13:57:45 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/16 15:34:58 | 00,078,136 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozybackup.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 11:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/28 22:01:22 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2008/10/28 22:00:40 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2008/10/28 22:00:08 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2008/08/05 20:16:40 | 00,286,720 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 09:00:54 | 00,826,880 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2008/01/09 14:25:04 | 16,859,648 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007/07/16 20:45:24 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/07/16 20:45:14 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/07/16 20:45:12 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/07/01 03:00:00 | 00,970,752 | ---- | M] () -- C:\Program Files\Locate\Locate32.exe
PRC - [2004/12/04 01:06:14 | 00,106,496 | ---- | M] () -- C:\Program Files\M-Audio Uno\UnoInst.exe
========== Modules (SafeList) ==========
MOD - [2010/01/21 22:19:25 | 00,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/01/20 22:11:11 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (MSSQLSERVERS)
SRV - File not found [Disabled | Stopped] -- -- (GCALDaemon)
SRV - File not found [On_Demand | Stopped] -- -- (DOMWVKYPS)
SRV - [2010/01/21 22:19:24 | 00,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/05 05:44:39 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/10 13:57:45 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/05/20 13:18:28 | 00,297,472 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/03/16 15:34:58 | 00,078,136 | ---- | M] (Mozy, Inc.) [Auto | Running] -- C:\Program Files\MozyHome\mozybackup.exe -- (mozybackup)
SRV - [2009/01/29 19:19:29 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c982706bd6064a) Google Update Service (gupdate1c982706bd6064a)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/10/28 22:01:22 | 00,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2008/10/28 22:00:40 | 00,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2008/10/28 22:00:08 | 00,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2008/10/15 17:13:58 | 00,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/10/02 17:25:42 | 00,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2008/09/24 22:07:44 | 00,074,384 | ---- | M] (MicroVision Development, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (SureThing Labelflash service)
SRV - [2007/02/06 16:47:12 | 00,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/01/03 20:40:21 | 00,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/12/04 01:06:14 | 00,106,496 | ---- | M] () [Auto | Running] -- C:\Program Files\M-Audio Uno\UnoInst.exe -- (UnoInstallerService)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4071201
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4071201
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.keyboardr.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.7
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.5.2.14
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.8
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.4
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/11/03 19:33:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/06 22:27:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/06 22:27:53 | 00,000,000 | ---D | M]
[2009/05/28 19:19:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions
[2009/02/28 22:39:30 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/03/20 19:57:24 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2008/11/23 07:54:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions\{ee53ece0-255c-4cc6-8a7e-81a8b6e5ba2c}
[2008/09/10 21:03:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions\[email protected]
[2009/05/28 19:19:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Extensions\[email protected]
[2010/01/19 06:21:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions
[2010/01/17 08:26:12 | 00,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2009/12/06 17:00:23 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2009/06/04 21:42:46 | 00,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010/01/11 19:01:33 | 00,000,000 | ---D | M] (MeasureIt) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2009/12/06 17:00:24 | 00,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/01/11 19:01:29 | 00,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/11 19:02:15 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/06 17:00:16 | 00,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/01/17 08:26:14 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/01/11 19:02:38 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/11 19:01:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\[email protected]
[2008/10/31 21:45:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\FasterFox_Lite@BigRedBrent
[2010/01/11 19:01:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\[email protected]
[2010/01/11 19:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\[email protected]
[2010/01/11 19:02:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\extensions\[email protected]
[2008/07/10 23:12:02 | 00,002,452 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\searchplugins\definr-dictionary-search.xml
[2008/07/12 07:43:13 | 00,002,220 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\searchplugins\digsby.xml
[2010/01/07 09:32:11 | 00,001,984 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\searchplugins\mycroft-project.xml
[2010/01/07 09:32:12 | 00,006,405 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\searchplugins\nowtorrents.xml
[2009/12/06 15:16:12 | 00,000,961 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\searchplugins\shareminercom.xml
[2010/01/19 06:21:27 | 00,001,784 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\searchplugins\stmusic-search.xml
[2008/05/10 17:09:10 | 00,001,420 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\searchplugins\the-hype-machine.xml
[2010/01/07 09:32:11 | 00,001,846 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\searchplugins\the-pirate-bay.xml
[2010/01/07 09:32:11 | 00,002,216 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\searchplugins\usniff.xml
[2007/12/11 21:28:14 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\2dl3ragh.default\searchplugins\youtube-video-search.xml
[2010/01/19 06:21:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/03/05 12:50:38 | 00,390,472 | ---- | M] (Lala Media) -- C:\Program Files\Mozilla Firefox\plugins\nplalaDl.dll
[2005/12/05 21:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/03/09 18:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2008/06/19 17:53:24 | 00,000,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\conduit.xml
O1 HOSTS File: ([2010/01/21 22:17:10 | 00,374,577 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 12907 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [AirVideoServer] C:\Program Files\AirVideoServer\AirVideoServer.exe ()
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Andrew\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\Locate32 Autorun.lnk = C:\Program Files\Locate\Locate32.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clip with Sunrise XP - C:\Program Files\Sunrise XP\msie\clip.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 18:02:12 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55172488459452416)
========== Files/Folders - Created Within 14 Days ==========
[2010/01/22 03:18:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2010/01/21 22:19:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2010/01/21 22:19:29 | 00,171,552 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2010/01/21 22:19:29 | 00,133,064 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2010/01/21 22:19:29 | 00,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2010/01/21 22:19:29 | 00,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2010/01/21 22:10:19 | 40,603,920 | ---- | C] (COMODO) -- C:\Documents and Settings\Andrew\Desktop\CIS_Setup_3.13.125662.579_XP_Vista_x32.exe
[2010/01/20 22:13:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Desktop\gmer
[2010/01/20 22:11:28 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/20 22:11:11 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2010/01/20 22:10:54 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Andrew\Desktop\erunt_setup.exe
[2010/01/20 22:00:36 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\TFC.exe
[2010/01/19 21:17:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/19 21:15:59 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/19 20:44:11 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/19 20:44:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/19 20:44:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/19 20:44:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/19 20:42:19 | 00,000,000 | ---D | C] -- C:\ComboFix
[2010/01/19 18:12:15 | 11,748,680 | ---- | C] (ParetoLogic ) -- C:\Documents and Settings\Andrew\Desktop\Pareto_AV_Setup_RW.exe
[2010/01/17 08:28:29 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Andrew\Recent
[2010/01/15 18:07:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iTunesFolderWatch
[2010/01/11 06:42:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Andrew\Local Settings\Application Data\AjiReader
[2010/01/11 06:42:41 | 00,000,000 | ---D | C] -- C:\Program Files\Aji Reader Service
[2009/05/13 18:23:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/05/13 18:23:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/02/02 11:17:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/11/23 09:13:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/11/02 15:24:11 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/07/27 13:21:19 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Andrew\Application Data\pcouffin.sys
[2008/07/24 06:01:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/04/06 10:53:03 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/03/01 13:04:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/12/01 16:32:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2004/08/11 18:06:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
========== Files - Modified Within 14 Days ==========
[2010/01/22 05:44:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/22 05:44:26 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/22 05:33:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/22 05:32:00 | 00,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-25493563-1537101674-3878521831-1005UA.job
[2010/01/22 03:17:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/22 03:17:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/22 03:17:44 | 32,098,71360 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/22 03:16:41 | 10,747,904 | -H-- | M] () -- C:\Documents and Settings\Andrew\NTUSER.DAT
[2010/01/22 03:16:41 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Andrew\ntuser.ini
[2010/01/21 22:20:36 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2010/01/21 22:19:25 | 00,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2010/01/21 22:19:25 | 00,133,064 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2010/01/21 22:19:25 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2010/01/21 22:19:25 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2010/01/21 22:19:02 | 40,603,920 | ---- | M] (COMODO) -- C:\Documents and Settings\Andrew\Desktop\CIS_Setup_3.13.125662.579_XP_Vista_x32.exe
[2010/01/21 22:17:10 | 00,374,577 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/21 22:15:15 | 00,225,840 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\OpenDNS-Updater-2.2.exe
[2010/01/20 22:11:42 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/20 22:11:29 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\NTREGOPT.lnk
[2010/01/20 22:11:29 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\ERUNT.lnk
[2010/01/20 22:11:11 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\OTL.exe
[2010/01/20 22:11:08 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\gmer.zip
[2010/01/20 22:10:56 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Andrew\Desktop\erunt_setup.exe
[2010/01/20 22:00:36 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andrew\Desktop\TFC.exe
[2010/01/20 21:39:36 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\RootRepeal.zip
[2010/01/20 14:32:00 | 00,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-25493563-1537101674-3878521831-1005Core.job
[2010/01/20 08:02:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/20 07:36:56 | 00,004,294 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2010/01/20 07:36:56 | 00,001,676 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2010/01/19 20:54:47 | 00,000,251 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/19 20:41:46 | 03,829,816 | R--- | M] () -- C:\Documents and Settings\Andrew\Desktop\ComboFix.exe
[2010/01/19 18:12:35 | 11,748,680 | ---- | M] (ParetoLogic ) -- C:\Documents and Settings\Andrew\Desktop\Pareto_AV_Setup_RW.exe
[2010/01/18 19:37:17 | 00,196,264 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\aarp.jpg
[2010/01/18 19:37:17 | 00,001,503 | ---- | M] () -- C:\Documents and Settings\Andrew\.recently-used.xbel
[2010/01/18 19:36:49 | 00,850,840 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\Scan10006.TIF
[2010/01/17 08:29:06 | 00,035,976 | ---- | M] () -- C:\Documents and Settings\Andrew\My Documents\cc_20100117_082900.reg
[2010/01/17 08:18:48 | 00,000,162 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/01/17 08:05:56 | 00,666,247 | ---- | M] () -- C:\Documents and Settings\Andrew\Desktop\red-v2.0-setup.exe
[2010/01/17 01:00:01 | 00,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SyncBack Backup itunes stuff to usb.job
[2010/01/17 00:05:34 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\defrag.job
[2010/01/16 00:59:38 | 00,100,864 | ---- | M] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/15 18:07:44 | 00,002,485 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes Folder Watch (Manual).lnk
[2010/01/09 02:00:03 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
========== Files Created - No Company Name ==========
[2010/01/21 22:20:36 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2010/01/21 22:15:15 | 00,225,840 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\OpenDNS-Updater-2.2.exe
[2010/01/21 18:04:40 | 32,098,71360 | -HS- | C] () -- C:\hiberfil.sys
[2010/01/20 22:11:42 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/20 22:11:29 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\NTREGOPT.lnk
[2010/01/20 22:11:29 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\ERUNT.lnk
[2010/01/20 22:11:08 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\gmer.zip
[2010/01/20 21:39:36 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\RootRepeal.zip
[2010/01/19 20:44:11 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/19 20:44:10 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/19 20:44:10 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/19 20:44:10 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/19 20:44:10 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/18 19:37:17 | 00,001,503 | ---- | C] () -- C:\Documents and Settings\Andrew\.recently-used.xbel
[2010/01/18 19:37:16 | 00,196,264 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\aarp.jpg
[2010/01/18 19:33:05 | 00,850,840 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\Scan10006.TIF
[2010/01/17 08:29:03 | 00,035,976 | ---- | C] () -- C:\Documents and Settings\Andrew\My Documents\cc_20100117_082900.reg
[2010/01/17 08:05:56 | 00,666,247 | ---- | C] () -- C:\Documents and Settings\Andrew\Desktop\red-v2.0-setup.exe
[2010/01/15 18:06:15 | 00,002,485 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes Folder Watch (Manual).lnk
[2009/11/28 00:09:15 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/06/14 12:53:40 | 00,000,046 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DonationCoder_desktopcoral_InstallInfo.dat
[2009/03/16 20:19:04 | 00,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2008/10/28 08:43:53 | 00,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/09/20 19:13:39 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/09/11 20:34:02 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\fusioncache.dat
[2008/08/25 18:33:43 | 00,045,843 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2008/08/15 22:35:02 | 00,503,911 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\CRALBART_7930.ITArtworkFormatJPEG
[2008/08/15 22:35:02 | 00,045,727 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\CRALBART_5559.ITArtworkFormatJPEG
[2008/08/15 22:35:02 | 00,021,122 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\CRALBART_9614.ITArtworkFormatJPEG
[2008/08/15 22:35:01 | 00,039,916 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\CRALBART_106272.ITArtworkFormatJPEG
[2008/07/27 13:21:26 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\pcouffin.log
[2008/07/27 13:21:19 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\pcouffin.cat
[2008/07/27 13:21:19 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\pcouffin.inf
[2008/07/18 22:14:44 | 00,000,462 | ---- | C] () -- C:\WINDOWS\XEDIT.INI
[2008/07/18 22:14:00 | 00,000,058 | ---- | C] () -- C:\WINDOWS\IWDATA.INI
[2008/04/22 17:04:55 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/03/28 15:38:22 | 00,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2008/03/28 14:47:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/03/22 12:48:56 | 00,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2008/03/13 18:58:53 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/03/13 17:49:48 | 00,050,127 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/02/20 21:47:52 | 00,006,848 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\TimeSnapper.log
[2008/02/15 20:27:12 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/02/12 19:28:38 | 00,000,206 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\burnaware.ini
[2008/01/24 20:57:04 | 00,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/23 03:08:22 | 00,000,027 | ---- | C] () -- C:\WINDOWS\INTUIT.INI
[2008/01/17 18:27:06 | 00,000,046 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DonationCoder_dcupdater_InstallInfo.dat
[2008/01/16 12:33:41 | 00,000,046 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DonationCoder_findrunrobot_InstallInfo.dat
[2007/12/19 18:38:11 | 00,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/12/09 15:08:27 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2007/12/08 10:55:01 | 00,000,150 | ---- | C] () -- C:\Documents and Settings\Andrew\Application Data\wklnhst.dat
[2007/12/05 20:44:54 | 00,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2007/12/05 20:28:54 | 00,000,881 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/12/05 20:28:54 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2007/12/05 20:13:03 | 00,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/12/05 19:12:02 | 00,100,864 | ---- | C] () -- C:\Documents and Settings\Andrew\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/05 18:27:27 | 00,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/12/01 16:32:49 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/12/01 16:27:43 | 00,000,162 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/01 16:06:18 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007/12/01 16:05:09 | 00,001,119 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/10/02 05:50:14 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll
[2007/10/02 05:50:12 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll
[2007/03/05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/06 16:42:40 | 01,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2004/08/11 18:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
========== LOP Check ==========
[2008/03/04 22:04:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2009/02/12 21:53:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/08/25 20:19:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2008/12/21 22:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/03/28 09:17:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2009/11/28 00:08:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\doubleTwist Corporation
[2009/03/09 18:25:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HighAndes
[2008/03/28 14:02:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/01/26 19:22:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IMSI
[2010/01/15 18:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iTunesFolderWatch
[2008/06/04 04:25:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2009/12/30 20:10:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2008/05/04 12:13:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/11/01 12:03:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2008/11/08 08:09:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2008/01/24 21:00:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/03/28 21:36:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2009/06/07 10:19:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2007/12/01 16:29:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/05/19 19:10:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/10 22:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Filter
[2008/11/01 12:05:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoSpin
[2009/01/05 22:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WORDsearch
[2009/12/18 22:53:11 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0431FA92-08E5-47E9-950C-61AAE87BAD26}
[2009/12/18 22:16:22 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{152EF68B-16AC-49D3-A3E6-E39F7613A2D7}
[2009/09/10 19:21:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/09 09:18:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/18 22:11:55 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A397AF63-B3A1-40DF-AA85-5C5368304B60}
[2008/03/04 22:06:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Acoustica
[2008/02/13 21:52:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Amazon
[2009/02/24 13:24:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\AMPSoft
[2009/08/10 20:42:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Aptana
[2008/09/19 23:27:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Artweaver
[2008/11/16 15:19:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\AudioMoves
[2009/01/05 19:06:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Azureus
[2008/01/10 23:33:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Binary Fortress Software
[2009/09/20 20:12:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Bioshock
[2009/07/15 22:52:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Braid
[2008/02/13 22:57:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Brainwave
[2010/01/18 19:31:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Canon
[2009/03/28 09:17:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\CrashPlan
[2008/09/20 19:13:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\DAEMON Tools
[2009/02/19 22:09:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
[2008/11/23 16:47:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Desktop Sidebar
[2008/01/16 12:33:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\DonationCoder
[2010/01/22 05:45:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Dropbox
[2009/02/26 20:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Executor
[2008/11/15 22:37:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\ExportTool
[2008/10/17 20:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Flickr
[2009/12/31 17:29:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\foobar2000
[2008/03/16 05:23:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Fraunhofer
[2008/01/29 18:04:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\GreenPrint
[2010/01/18 19:37:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\gtk-2.0
[2009/12/28 19:25:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\HandBrake
[2009/03/09 18:25:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\HighAndes
[2008/03/28 14:01:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\HotSync
[2008/06/07 10:30:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\ImgBurn
[2009/01/26 19:22:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\IMSI
[2008/03/24 19:35:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\InfraRecorder
[2008/11/08 11:08:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\IrfanView
[2009/10/13 19:10:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\iSproggler
[2009/12/30 20:09:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\johnsadventures.com
[2007/12/24 12:30:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\KeePass
[2008/05/10 16:48:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Klok.AF6B2973D903BFAE0589C27890FE0146C233490A.1
[2009/06/20 16:33:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\KompoZer
[2009/10/08 16:24:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Lala Music Mover
[2007/12/28 22:28:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Launchy
[2008/03/28 14:10:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Leadertech
[2008/11/08 14:22:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Livestation
[2009/01/23 22:03:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Locate32
[2008/08/08 04:12:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\MiniLyrics
[2008/05/22 19:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Mobipocket
[2008/11/28 22:25:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\MusicIP
[2009/04/03 10:02:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\net.twitterlocal.onair.A589D10E991C524019173F7ADEB73C85B538C40C.1
[2008/02/20 22:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\NetMedia Providers
[2008/03/22 11:08:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Notepad++
[2008/01/25 23:38:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\OfficeUpdate12
[2008/12/06 09:44:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Opera
[2009/01/06 06:17:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Orbit
[2007/12/05 19:17:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Participatory Culture Foundation
[2009/04/16 19:23:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\PCF-VLC
[2009/01/17 23:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\PDF reDirect
[2008/02/20 22:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Publish Providers
[2009/11/02 20:05:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\REAPER
[2009/04/03 10:01:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\SecondLife
[2009/04/26 13:40:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Snowmint Creative Solutions LLC
[2008/03/28 21:25:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Songbird1
[2008/09/10 21:03:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Songbird2
[2008/02/20 22:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Sony
[2009/12/06 17:15:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\SoundSpectrum
[2008/11/23 07:54:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Spicebird
[2008/07/27 00:33:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Stellarium
[2008/11/02 16:10:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\SynthFont
[2008/01/10 18:17:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\SystemRequirementsLab
[2007/12/08 10:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Template
[2010/01/18 19:34:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\TeraCopy
[2010/01/16 23:43:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\TheLastRipper
[2009/02/28 13:15:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Thunderbird
[2008/02/20 21:47:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\TimeSnapper
[2009/04/27 20:56:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2009/10/20 05:15:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Unity
[2010/01/18 19:01:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\uTorrent
[2009/12/30 20:19:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Vso
[2009/03/08 19:52:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Windows Live Writer
[2008/04/06 10:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Windows Search
[2008/11/26 05:45:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\WinPatrol
[2008/07/27 15:58:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\XBMC
[2010/01/17 00:05:34 | 00,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\defrag.job
[2010/01/17 01:00:01 | 00,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\SyncBack Backup itunes stuff to usb.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2003/06/18 11:00:00 | 06,553,075 | ---- | M] () .cab file -- C:\Documents and Settings\Andrew\Desktop\cleanup\WINNT\Driver Cache\i386\sp4.cab:AGP440.sys
[2004/08/04 06:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/12 04:22:13 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/12 04:22:13 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2003/06/18 11:00:00 | 06,553,075 | ---- | M] () .cab file -- C:\Documents and Settings\Andrew\Desktop\cleanup\WINNT\Driver Cache\i386\sp4.cab:atapi.sys
[2004/08/04 06:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/12 04:22:13 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/12 04:22:13 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2006/08/28 03:02:10 | 00,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\i386\atapi.sys
[2006/08/27 22:02:10 | 00,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/08/27 22:02:10 | 00,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2006/08/27 22:02:10 | 00,095,872 | ---- | M] (Microsoft Corporation) MD5=40CAACE7F2E7668148A1D45CF91E1131 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2003/06/18 11:00:00 | 00,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\Documents and Settings\Andrew\Desktop\cleanup\WINNT\system32\drivers\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2003/06/18 11:00:00 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\Documents and Settings\Andrew\Desktop\cleanup\WINNT\$NtUninstallKB835732$\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/03/23 21:17:02 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=CEB85BFA135CBDDA10C89E5D31D95F9B -- C:\Documents and Settings\Andrew\Desktop\cleanup\WINNT\$NtUpdateRollupPackUninstall$\eventlog.dll
[2005/04/08 06:54:32 | 00,049,424 | ---- | M] (Microsoft Corporation) MD5=E7F03344AE103B02135C20112B557051 -- C:\Documents and Settings\Andrew\Desktop\cleanup\WINNT\system32\EVENTLOG.DLL
< MD5 for: IASTOR.SYS >
[2007/07/19 19:26:24 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\drivers\storage\R158515\iastor.sys
[2007/07/19 19:26:24 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\drivers\iastor.sys
< MD5 for: NETLOGON.DLL >
[2003/06/18 11:00:00 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\Documents and Settings\Andrew\Desktop\cleanup\WINNT\$NtUninstallKB835732$\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/03/23 21:17:02 | 00,371,472 | ---- | M] (Microsoft Corporation) MD5=21537BC1F1AB7667A3828B2344E6D4BA -- C:\Documents and Settings\Andrew\Desktop\cleanup\WINNT\$NtUpdateRollupPackUninstall$\netlogon.dll
[2004/08/04 06:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2005/04/08 06:54:32 | 00,366,864 | ---- | M] (Microsoft Corporation) MD5=BE8FC3C74AB5212CD4067E8973764AD6 -- C:\Documents and Settings\Andrew\Desktop\cleanup\WINNT\system32\NETLOGON.DLL
< MD5 for: SCECLI.DLL >
[2004/03/23 21:17:02 | 00,111,376 | ---- | M] (Microsoft Corporation) MD5=0B476C9305098B37BE70F0AC29E671E5 -- C:\Documents and Settings\Andrew\Desktop\cleanup\WINNT\$NtUpdateRollupPackUninstall$\scecli.dll
[2004/08/04 06:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2005/01/12 14:39:44 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=6FCCE1622E75C7DC46509F7EC4B314A3 -- C:\Documents and Settings\Andrew\Desktop\cleanup\WINNT\system32\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[2003/06/18 11:00:00 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\Documents and Settings\Andrew\Desktop\cleanup\WINNT\$NtUninstallKB835732$\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29C95C06
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
OTL Extras logfile created on: 1/22/2010 5:50:03 AM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\Andrew\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 462.70 Gb Total Space | 66.20 Gb Free Space | 14.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: TOMSERVO
Current User Name: Andrew
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [locate] -- C:\Program Files\Locate\Locate32.exe /p "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5720:TCP" = 5720:TCP:*:Enabled:Jumi Controller
"5720:UDP" = 5720:UDP:*:Enabled:Jumi Controller
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Andrew\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Soulseek-Test\slsk.exe" = C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe" = C:\Program Files\Microsoft Broadband Networking\MSBNUtil.exe:*:Enabled:Microsoft Broadband Network Utility -- (Microsoft Corporation)
"C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe" = C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe:*:Enabled:Microsoft Broadband Networking Tray -- (Microsoft Corporation)
"C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe" = C:\Program Files\Microsoft Broadband Networking\MSBNCfg.exe:*:Enabled:Microsoft Broadband Networking Setup -- (Microsoft Corporation)
"C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe" = C:\Program Files\Microsoft Broadband Networking\MSBNUpdate.exe:*:Enabled:Microsoft Broadband Networking Update -- (Microsoft Corporation)
"C:\Program Files\VMware\VMware Player\vmplayer.exe" = C:\Program Files\VMware\VMware Player\vmplayer.exe:*:Enabled:VMware Player -- (VMware, Inc.)
"C:\Program Files\VMware\VMware Player\vmware-authd.exe" = C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe" = C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe:*:Enabled:script-fu -- ()
"C:\Documents and Settings\Andrew\Desktop\cleanup\Program Files\Soulseek-Test\slsk.exe" = C:\Documents and Settings\Andrew\Desktop\cleanup\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\MusicBrainz Picard\picard.exe" = C:\Program Files\MusicBrainz Picard\picard.exe:*:Enabled:The next generation MusicBrainz tagger -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Java\jre1.6.0_05\launch4j-tmp\Stanza.exe" = C:\Program Files\Java\jre1.6.0_05\launch4j-tmp\Stanza.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\AirVideoServer\AirVideoServer.exe" = C:\Program Files\AirVideoServer\AirVideoServer.exe:*:Enabled:Air Video Server -- ()
"C:\Program Files\Aji Reader Service\ARService.exe" = C:\Program Files\Aji Reader Service\ARService.exe:*:Enabled:Aji Reader Service -- (Aji, LLC)
"C:\Program Files\RealVNC\VNC4\winvnc4.exe" = C:\Program Files\RealVNC\VNC4\winvnc4.exe:*:Enabled:VNC Server Free Edition for Win32 -- (RealVNC Ltd.)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0FE07D4D-12DB-4DCC-B054-625260228F65}" = Budget for Windows 4.5.3
"{12F4BE69-6614-41D3-BB3B-DF7F921DF2BB}" = Sony ACID XPress 5.0a
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = Canon CanoScan Toolbox 4.5
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1" = RescueTime 2.0.0
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = Series II MIDI
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3BE00B77-04AC-4DFF-BD95-BFF23CB29C27}" = iTunesFolderWatch
"{3F4D5B1E-C991-4B6E-A8C0-CC2C6C4B60C3}" = Lala Music Mover
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E6F51B-5D77-4463-A166-0C4307C40450}" = TurboCAD Symbols
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe Trial 5
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}" = Microsoft Baseline Security Analyzer 2.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79166E9D-4D2B-405A-B8F5-B43E0C795FF2}" = Local Cooling Setup
"{81B1E96C-AA1A-4BCD-9261-0389F1E2A2FA}" = e-Sword
"{82C810DE-D36C-6462-0220-5AD255DCFAFF}" = fontpicker
"{86B77B5A-B157-6386-37B0-DB2494DEEAFF}" = MozyHome Remote Backup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC15633-2327-43F4-BA85-B83FDB4B59BE}" = Microsoft Broadband Networking
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3D44AD8-D3C9-45E4-B861-3B653C6EF620}" = Rhapsody MP3 Download Manager
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}" = Timershot Powertoy for Windows XP
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B0DAA1BD-65E9-4D1B-BBB5-850021C4D17F}" = Native Instruments Compilation Vol. 2
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5688129-7595-4E5B-9990-CEF981A31264}" = SyncToy
"{B5EA8C2D-2F23-4087-8CFD-AA6FF8832831}" = TurboCAD Professional v12
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B99C1975-BBB8-4517-9824-272967B0C257}" = Budget for Windows 4.5.4
"{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}" = Google Gears
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DA2D4D11-1811-4A24-B719-BF9F048C6106}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ED0FB0C1-CD06-4C29-B903-8A91D4BF5B61}_is1" = NexusFile V (5.1.2.3550)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8E28912-A7B8-488C-B259-33F9014B9D09}" = Uno
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"{FF600C37-6328-4348-A67A-3F85D8039604}" = Native Instruments Kore Player
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Air Video Server" = Air Video Server 2.1.7
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AweVBank 98" = AweVBank 98
"burnatonce_is1" = burnatonce
"Cakewalk Music Creator 2003" = Cakewalk Music Creator 2003
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CCleaner" = CCleaner (remove only)
"CDisplay_is1" = CDisplay 1.8
"COMODO Internet Security" = COMODO Internet Security
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DAO 3.5" = DAO 3.5
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.3.1
"ERUNT_is1" = ERUNT 1.1j
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"EZTakes Download Manager 2.5.0.20070823.1600" = EZTakes Download Manager 2.5.0.20070823.1600
"FLAC" = FLAC 1.2.1b (remove only)
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"foobar2000" = foobar2000 v0.9.6.9
"Freecorder Toolbar3.02" = Freecorder Toolbar 3.02 Application
"Frohmage DX" = OhmForce Frohmage DX
"Handbrake" = Handbrake 0.9.4
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LastFM_is1" = Last.fm 1.5.4.24567
"Launchy_21344213_is1" = Launchy 2.1.2
"LMMS 0.4.5" = Linux MultiMedia Studio (LMMS)
"Locate" = Locate32
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MusicBrainz Picard" = MusicBrainz Picard 0.10
"Native Instruments Compilation Vol. 2" = Native Instruments Compilation Vol. 2
"Native Instruments Kore Player" = Native Instruments Kore Player
"Native Instruments Service Center" = Native Instruments Service Center
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"PeerGuardian_is1" = PeerGuardian 2.0
"Picasa 3" = Picasa 3
"Plaxo" = Plaxo Toolbar for Windows
"PROSet" = Intel® PRO Network Connections Drivers
"Q10" = Q10 Editor
"QcDrv" = Logitech® Camera Driver
"Quicken Basic 2000" = Quicken Basic 2000
"RealVNC_is1" = VNC Free Edition 4.1.3
"REAPER" = REAPER
"Revo Uninstaller" = Revo Uninstaller 1.85
"Secunia PSI (RC1)" = Secunia PSI (RC1)
"SequoiaView" = SequoiaView
"Soulseek2" = SoulSeek 157 NS 13e
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Stanza" = Stanza
"Stellarium_is1" = Stellarium 0.9.1
"Sunrise XP" = Sunrise XP 2.04
"SyncBack_is1" = SyncBack
"SystemRequirementsLab" = System Requirements Lab
"TeraCopy_is1" = TeraCopy 1.22
"Tweak UI 2.10" = Tweak UI
"UnityWebPlayer" = Unity Web Player
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 1.0.1
"VST Bridge_is1" = VST Bridge 1.1
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D025345-1033-4F35-A5CE-68CDCDE6CC03}" = Evernote
"6e5e148d16c304c5" = Moodagent
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 9/18/2009 6:30:24 AM | Computer Name = TOMSERVO | Source = Application Error | ID = 1000
Description = Faulting application Notepad++Portable.exe, version 0.0.0.0, faulting
module Notepad++Portable.exe, version 0.0.0.0, fault address 0x0000287d.
Error - 9/20/2009 1:54:41 PM | Computer Name = TOMSERVO | Source = Application Hang | ID = 1002
Description = Hanging application Evernote.exe, version 3.1.0.1212, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/20/2009 9:08:37 PM | Computer Name = TOMSERVO | Source = Application Error | ID = 1000
Description = Faulting application bioshock.exe, version 1.0.0.0, faulting module
bioshock.exe, version 1.0.0.0, fault address 0x00025fc7.
Error - 9/20/2009 9:13:02 PM | Computer Name = TOMSERVO | Source = Application Error | ID = 1000
Description = Faulting application bioshock.exe, version 1.0.0.0, faulting module
bioshock.exe, version 1.0.0.0, fault address 0x00025fc7.
Error - 9/21/2009 8:56:23 PM | Computer Name = TOMSERVO | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 9.0.0.70, faulting module
iglicd32.dll, version 6.14.10.4820, fault address 0x00021cad.
Error - 9/29/2009 7:06:20 PM | Computer Name = TOMSERVO | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 9.0.0.70, faulting module
quicktime.qts, version 7.64.17.73, fault address 0x00103834.
Error - 10/8/2009 6:59:31 AM | Computer Name = TOMSERVO | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 9.0.0.70, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/8/2009 7:01:58 AM | Computer Name = TOMSERVO | Source = Application Error | ID = 1000
Description = Faulting application pg2.exe, version 1.0.6.4, faulting module ntdll.dll,
version 5.1.2600.5755, fault address 0x0001b21a.
Error - 10/17/2009 6:32:12 PM | Computer Name = TOMSERVO | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 9.0.0.6604, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 10/24/2009 9:44:22 AM | Computer Name = TOMSERVO | Source = Application Error | ID = 1000
Description = Faulting application pg2.exe, version 1.0.6.4, faulting module ntdll.dll,
version 5.1.2600.5755, fault address 0x0001b21a.
[ System Events ]
Error - 1/21/2010 7:00:02 PM | Computer Name = TOMSERVO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD avgio avipbb Fips intelppm IPSec mozyFilter MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL
ssmdrv
Tcpip
WS2IFSL
Error - 1/21/2010 7:00:07 PM | Computer Name = TOMSERVO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 1/21/2010 7:00:15 PM | Computer Name = TOMSERVO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 1/21/2010 7:00:52 PM | Computer Name = TOMSERVO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 1/21/2010 7:03:38 PM | Computer Name = TOMSERVO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 1/21/2010 7:04:57 PM | Computer Name = TOMSERVO | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2
Error - 1/21/2010 10:31:09 PM | Computer Name = TOMSERVO | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2
Error - 1/21/2010 11:06:56 PM | Computer Name = TOMSERVO | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2
Error - 1/21/2010 11:23:15 PM | Computer Name = TOMSERVO | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2
Error - 1/22/2010 4:18:11 AM | Computer Name = TOMSERVO | Source = Service Control Manager | ID = 7000
Description = The helpsvc service failed to start due to the following error: %%2
< End of report >
Edited by anthom, 22 January 2010 - 03:16 PM.
added extra log
Sign In
Create Account
