ComboFix 09-10-27.07 - Willium 31/10/2009 10:25.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.539 [GMT 0:00]
Running from: c:\documents and settings\Willium\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Willium\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
FILE ::
"c:\windows\win32k.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\win32k.sys
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.
2009-11-06 19:24 . 2009-11-06 19:24 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2009-11-06 18:27 . 2009-10-28 11:56 -------- d-----w- c:\program files\Gmask 1.70 English
2009-11-06 06:50 . 2009-11-06 06:50 -------- d-----w- c:\documents and settings\Willium\Application Data\Virgin Broadband
2009-11-06 06:50 . 2009-11-06 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Broadband
2009-11-05 16:48 . 2009-11-05 16:48 -------- d-----w- c:\documents and settings\Willium\Application Data\Unity
2009-11-05 16:43 . 2009-11-05 16:43 -------- d-----w- c:\documents and settings\Willium\Local Settings\Application Data\Unity
2009-11-05 16:43 . 2009-11-05 16:43 -------- d-----w- c:\program files\Unity
2009-11-05 16:30 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-11-05 16:28 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-31 09:25 . 2009-10-31 09:31 -------- d-----w- c:\documents and settings\Willium\Local Settings\Application Data\ApplicationHistory
2009-10-27 20:25 . 2009-10-27 20:25 -------- d-----w- c:\program files\Windows Live
2009-10-27 15:43 . 2009-10-27 15:43 120200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-27 15:39 . 2009-10-27 15:40 -------- d-----w- C:\94a3715beca94d1d71328d050a
2009-10-27 15:30 . 2009-10-27 15:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-27 15:17 . 2009-10-27 15:17 -------- d-----w- c:\documents and settings\Willium\Application Data\Windows Search
2009-10-27 15:13 . 2009-10-27 15:13 -------- d-----w- c:\documents and settings\Willium\Application Data\Windows Desktop Search
2009-10-27 15:12 . 2009-10-28 10:31 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-27 15:12 . 2009-10-27 15:12 -------- d-----w- c:\windows\system32\GroupPolicy
2009-10-27 15:12 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-10-27 15:12 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-10-27 15:12 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-10-27 15:10 . 2009-10-27 15:10 -------- d-----w- c:\windows\system32\URTTEMP
2009-10-27 14:51 . 2009-10-27 14:51 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-26 22:25 . 2009-10-26 22:25 -------- d-----w- c:\documents and settings\Willium\Local Settings\Application Data\AVG Security Toolbar
2009-10-26 22:23 . 2009-10-26 22:34 -------- d-----w- C:\$AVG
2009-10-26 22:22 . 2009-10-26 22:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-26 22:22 . 2009-10-27 14:46 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-26 22:22 . 2009-10-26 22:22 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-26 22:22 . 2009-10-31 09:31 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-26 22:22 . 2009-10-26 22:22 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-26 22:22 . 2009-10-27 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-26 22:22 . 2009-10-26 22:22 -------- d-----w- c:\program files\AVG
2009-10-26 22:22 . 2009-10-26 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-26 22:16 . 2009-10-26 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ZKS_COMPANY_NAME
2009-10-19 17:32 . 2009-10-23 08:32 -------- d-----w- c:\program files\Zax
2009-10-19 16:56 . 2009-10-19 16:56 -------- d-----w- c:\documents and settings\Willium\Application Data\Technology Lighthouse
2009-10-19 16:56 . 2009-10-19 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-19 16:55 . 2009-10-19 16:55 -------- d-----w- c:\program files\Technology Lighthouse
2009-10-19 07:32 . 2009-10-19 07:32 -------- d-----w- c:\documents and settings\Willium\Local Settings\Application Data\iMesh
2009-10-19 07:32 . 2009-10-19 07:32 -------- d-----w- c:\program files\iMesh Applications
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 16:32 . 2008-06-24 12:02 -------- d-----w- c:\program files\Java
2009-10-31 19:44 . 2009-07-27 19:39 -------- d-----w- c:\documents and settings\Willium\Application Data\Juce VST Host
2009-10-31 09:24 . 2008-06-10 12:51 -------- d-----w- c:\program files\Steam
2009-10-31 04:11 . 2008-10-12 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-27 18:53 . 2008-06-10 13:27 48504 -c--a-w- c:\documents and settings\Willium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-26 22:18 . 2008-06-10 13:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 22:18 . 2008-06-10 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ntl
2009-10-26 22:18 . 2008-06-10 13:00 -------- d-----w- c:\program files\Common Files\Command Software
2009-10-26 22:05 . 2008-06-10 14:09 230 ----a-w- c:\windows\freedom.backup.dat
2009-10-23 08:32 . 2008-08-22 16:46 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-10-23 08:32 . 2008-08-22 16:46 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-10-23 08:32 . 2008-08-22 16:46 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-10-22 18:19 . 2008-11-09 16:15 -------- d-----w- c:\program files\DOSBox-0.72
2009-10-19 14:11 . 2009-09-12 22:08 48 ----a-w- c:\windows\popcinfot.dat
2009-10-19 11:55 . 2008-06-19 18:05 -------- d-----w- c:\program files\NetAnts
2009-10-19 11:30 . 2008-11-07 00:10 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-19 11:30 . 2008-11-07 00:10 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-17 19:06 . 2008-10-24 20:14 -------- d-----w- c:\documents and settings\Willium\Application Data\uTorrent
2009-10-17 17:41 . 2009-03-11 00:33 -------- d-----w- c:\program files\Guitar Pro 5
2009-09-22 16:58 . 2009-05-13 18:06 -------- d-----w- c:\program files\Crayon Physics Deluxe
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 08:52 . 2009-09-08 08:52 -------- d-----w- c:\program files\Eidos Interactive
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:44 . 2004-08-04 12:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-02 15:17 . 2009-04-29 16:35 17 ----a-w- c:\windows\popcinfo.dat
.
(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
((((((((((((((((((((((((((((( SnapShot@2009-10-31_09.00.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-31 09:26 . 2009-10-31 09:26 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_d9c72dba\System.Drawing.Design.dll
+ 2009-10-31 09:25 . 2009-10-31 09:25 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4d925822\CustomMarshalers.dll
+ 2009-10-31 09:27 . 2009-10-31 09:27 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_fa35ee23\System.Drawing.dll
+ 2009-10-31 09:30 . 2009-10-31 09:30 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c2c63d59\System.Drawing.Design.dll
+ 2009-10-31 09:30 . 2009-10-31 09:30 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c4f9e307\CustomMarshalers.dll
+ 2009-10-31 09:29 . 2009-10-31 09:30 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_6fa592fa\System.dll
+ 2009-10-31 09:31 . 2009-10-31 09:31 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a8ac607b\System.Xml.dll
+ 2009-10-31 09:27 . 2009-10-31 09:27 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4fb5d162\System.Xml.dll
+ 2009-10-31 09:30 . 2009-10-31 09:30 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_34203fab\System.Windows.Forms.dll
+ 2009-10-31 09:26 . 2009-10-31 09:26 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_2fad6561\System.Windows.Forms.dll
+ 2009-10-31 09:31 . 2009-10-31 09:31 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_be8f186c\System.Drawing.dll
+ 2009-10-31 09:31 . 2009-10-31 09:31 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_cc6f41b4\System.Design.dll
+ 2009-10-31 09:27 . 2009-10-31 09:27 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_316f30db\System.Design.dll
+ 2009-10-31 09:31 . 2009-10-31 09:31 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8fd29a4e\mscorlib.dll
+ 2009-10-31 09:28 . 2009-10-31 09:28 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_79d73e13\mscorlib.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-18 12:27 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-23 68856]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-26 1217808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SideWinderTrayV4"="c:\progra~1\MICROS~2\GAMECO~1\common\swtrayv4.exe" [1999-05-12 20545]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-27 2010904]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Willium\Start Menu\Programs\[Accessories]\Startup\
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BN-WD54G Wireless Utility.lnk - c:\program files\BLUENEXT\BN-WD54G Wireless Utility\Installer\WINXP\BWCU.exe [2009-4-29 598016]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-26 22:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KService"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\multiwinia\\multiwinia.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\gish\\gish.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 4\\sammax104_drm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes exoddus demo\\Exoddus.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes oddysee demo\\AbeDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the wonderful end of the world\\main.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\geometry wars\\GeometryWars.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\eets\\Eets.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\gumboy crazy adventures\\GumboyCrazyAdventures.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\gumboy crazy features\\GumboyCrazyFeatures.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\flatout\\flatout.exe"=
"c:\\Program Files\\Steam\\steamapps\\lightsxout\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\flatout2\\FlatOut2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\lightsxout\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle deluxe\\Peggle.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle nights\\PeggleNights.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=
"c:\\Program Files\\Team17 Software Ltd\\Worms Forts Under Siege\\WF.exe"=
"c:\\Team17\\Worms2\\frontend.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\gumboy tournament demo\\GumboyTournament.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\full pipe\\Fullpipe.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"c:\\Program Files\\Games\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\lightsxout\\smashball\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=
"c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trine demo\\trine_launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blueberry garden demo\\BlueberryGarden.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Documents and Settings\\Willium\\Desktop\\Valve Lan Lite - School Edition\\hl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56928:TCP"= 56928:TCP:Pando Media Booster
"56928:UDP"= 56928:UDP:Pando Media Booster
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26/10/2009 10:22 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26/10/2009 10:22 PM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [26/10/2009 10:22 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [26/10/2009 10:22 PM 285392]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [21/03/2002 8:14 AM 21376]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-10-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-16 08:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download by NetAnts - c:\progra~1\NetAnts\NAGet.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &All by NetAnts - c:\progra~1\NetAnts\NAGetAll.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Willium\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Willium\Application Data\Mozilla\Firefox\Profiles\151xy818.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-31 10:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1708537768-630328440-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:13,3b,01,e9,a8,bb,5b,e8,6d,33,97,85,58,79,f8,67,86,f9,54,bf,33,
02,c2,64,55,dc,95,cd,b2,af,5d,99,4f,ae,16,03,c7,52,61,64,15,ec,63,40,8d,31,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
Completion time: 2009-10-31 10:41
ComboFix-quarantined-files.txt 2009-10-31 10:40
ComboFix2.txt 2009-10-31 09:19
Pre-Run: 10,023,567,360 bytes free
Post-Run: 10,002,956,288 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 4872611499F9101C7730491997511E01
OTL Extras logfile created on: 31/10/2009 10:44:31 AM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Willium\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.48 Mb Total Physical Memory | 551.30 Mb Available Physical Memory | 53.87% Memory free
2.40 Gb Paging File | 2.04 Gb Available in Paging File | 84.98% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 9.35 Gb Free Space | 8.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-FB1F72142A
Current User Name: Willium
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56928:TCP" = 56928:TCP:*:Enabled:Pando Media Booster
"56928:UDP" = 56928:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\Steam\steamapps\willium_bob_cole\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\willium_bob_cole\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\willium_bob_cole\garrysmod\hl2.exe" = C:\Program Files\Steam\steamapps\willium_bob_cole\garrysmod\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\willium_bob_cole\source sdk base\hl2.exe" = C:\Program Files\Steam\steamapps\willium_bob_cole\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Steam\steamapps\willium_bob_cole\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\steamapps\willium_bob_cole\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\common\multiwinia\multiwinia.exe" = C:\Program Files\Steam\steamapps\common\multiwinia\multiwinia.exe:*:Enabled:Multiwinia Demo -- (Introversion Software)
"C:\Program Files\Steam\steamapps\common\gish\gish.exe" = C:\Program Files\Steam\steamapps\common\gish\gish.exe:*:Enabled:Gish -- ()
"C:\Program Files\Steam\steamapps\common\sam and max episode 4\sammax104_drm.exe" = C:\Program Files\Steam\steamapps\common\sam and max episode 4\sammax104_drm.exe:*:Enabled:Sam and Max 104: Abe Lincoln Must Die -- ()
"C:\Program Files\Steam\steamapps\common\oddworld abes exoddus demo\Exoddus.exe" = C:\Program Files\Steam\steamapps\common\oddworld abes exoddus demo\Exoddus.exe:*:Enabled:Oddworld: Abe's Exoddus Demo -- (Oddworld Inhabitants, Inc.)
"C:\Program Files\Steam\steamapps\common\oddworld abes oddysee demo\AbeDemo.exe" = C:\Program Files\Steam\steamapps\common\oddworld abes oddysee demo\AbeDemo.exe:*:Enabled:Oddworld: Abe's Oddysee Demo -- (Oddworld Inhabitants, Inc.)
"C:\Program Files\Steam\steamapps\common\the wonderful end of the world\main.exe" = C:\Program Files\Steam\steamapps\common\the wonderful end of the world\main.exe:*:Enabled:The Wonderful End of the World -- ()
"C:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe" = C:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme -- ()
"C:\Program Files\Steam\steamapps\common\geometry wars\GeometryWars.exe" = C:\Program Files\Steam\steamapps\common\geometry wars\GeometryWars.exe:*:Enabled:Geometry Wars -- (Bizarre Creations Ltd.)
"C:\Program Files\Steam\steamapps\common\eets\Eets.exe" = C:\Program Files\Steam\steamapps\common\eets\Eets.exe:*:Enabled:Eets -- ()
"C:\Program Files\Steam\steamapps\common\gumboy crazy adventures\GumboyCrazyAdventures.exe" = C:\Program Files\Steam\steamapps\common\gumboy crazy adventures\GumboyCrazyAdventures.exe:*:Enabled:Gumboy Crazy Adventures -- ()
"C:\Program Files\Steam\steamapps\common\gumboy crazy features\GumboyCrazyFeatures.exe" = C:\Program Files\Steam\steamapps\common\gumboy crazy features\GumboyCrazyFeatures.exe:*:Enabled:Gumboy Crazy Features -- ()
"C:\Program Files\Steam\steamapps\common\flatout\flatout.exe" = C:\Program Files\Steam\steamapps\common\flatout\flatout.exe:*:Enabled:FlatOut -- ()
"C:\Program Files\Steam\steamapps\lightsxout\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\lightsxout\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\common\flatout2\FlatOut2.exe" = C:\Program Files\Steam\steamapps\common\flatout2\FlatOut2.exe:*:Enabled:FlatOut2 -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Steam\steamapps\lightsxout\source sdk base\hl2.exe" = C:\Program Files\Steam\steamapps\lightsxout\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\common\peggle deluxe\Peggle.exe" = C:\Program Files\Steam\steamapps\common\peggle deluxe\Peggle.exe:*:Enabled:Peggle Deluxe -- ()
"C:\Program Files\Steam\steamapps\common\peggle nights\PeggleNights.exe" = C:\Program Files\Steam\steamapps\common\peggle nights\PeggleNights.exe:*:Enabled:Peggle Nights -- ()
"C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe" = C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo -- ()
"C:\Program Files\Team17 Software Ltd\Worms Forts Under Siege\WF.exe" = C:\Program Files\Team17 Software Ltd\Worms Forts Under Siege\WF.exe:*:Enabled:WF -- ()
"C:\Team17\Worms2\frontend.exe" = C:\Team17\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend -- (Team17 Software Ltd)
"C:\Program Files\Steam\steamapps\common\gumboy tournament demo\GumboyTournament.exe" = C:\Program Files\Steam\steamapps\common\gumboy tournament demo\GumboyTournament.exe:*:Enabled:Gumboy Tournament Demo -- ()
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\full pipe\Fullpipe.exe" = C:\Program Files\Steam\steamapps\common\full pipe\Fullpipe.exe:*:Enabled:Full Pipe -- ()
"C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe" = C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants Vs Zombies -- ()
"C:\Program Files\Games\Microsoft Games\Age of Empires II\empires2.exe" = C:\Program Files\Games\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\lightsxout\smashball\hl2.exe" = C:\Program Files\Steam\steamapps\lightsxout\smashball\hl2.exe:*:Disabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe" = C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe:*:Enabled:Penumbra Overture -- ()
"C:\Program Files\Steam\steamapps\willium_bob_cole\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\willium_bob_cole\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\common\trine demo\trine_launcher.exe" = C:\Program Files\Steam\steamapps\common\trine demo\trine_launcher.exe:*:Enabled:Trine Demo -- ()
"C:\Program Files\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe" = C:\Program Files\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe:*:Enabled:Blueberry Garden Demo -- (Erik Svedäng)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)
"C:\Documents and Settings\Willium\Desktop\Valve Lan Lite - School Edition\hl.exe" = C:\Documents and Settings\Willium\Desktop\Valve Lan Lite - School Edition\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{17F17772-A234-4255-A5FE-C0C203A137F2}" = Anti-Spyware
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{19FDE9C5-2EC4-4898-92F4-128BD6F9D23A}" = Glasshouse
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22D56257-DE33-4C7D-817B-C2DE69FE953C}" = BOTS
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15
"{2B072A33-D445-46D5-9442-7B41F5171AAC}" = Guitar Hero Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52F6CC52-0957-4839-83AA-40FEE221063E}" = Teaching You Electric Guitar Skills
"{53BEA20C-4566-401D-8C02-EDEC5678218B}" = AS-Patch-Reset
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6C132D40-361B-11D4-81D4-00E029561B9E}" = Wacky Races
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = The Sims Unleashed
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81A78093-9FBB-44F1-8781-195F4CF0F8EC}" = Music Coach Player
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8CA53298-AB86-49C7-8040-D5E7BA2F703A}" = NVIDIA PhysX Particle Fluid Demo
"{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}" = Worms Forts Under Siege
"{930E3A6E-C479-4AB8-9060-65F44B0B8296}" = Enigmo Download
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}" = Prey
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B785CA1C-3EA0-4EFC-91BC-330EC34555BA}" = GhostMaster
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BA10AC78-E687-4523-8B93-540428FC256F}" = Fahrenheit
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3DED766-14AC-11D6-9934-0060080E9FBE}" = Kazoo Home Creative Studio
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4653572-FEF0-4B59-8E2D-BE21652A66B3}" = SpaMsiWrapper
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{DC4748C0-7D4D-11D4-A610-0090CC00AF7E}" = JILL
"{DE15F0C0-108D-11D4-AF73-0000E21444C5}" = ResidentEvil3
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3F38BFE-2DBB-4C16-A4DC-3A00CFE9163B}" = BN-WD54G Wireless Utility
"{EB3D2F14-C178-11D6-B49B-0020183A6529}" = eGames GOG Red
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"1000 Best Games" = 1000 Best Games
"31" = 31
"4oD" = 4oD
"AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disreg~5122E60D_is1" = AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AFE37E47-37E7-435a-A665-729806B98AEF_is1" = PTFB Pro 3.6.0.3
"ASIO4ALL" = ASIO4ALL
"AsUninst.exe" = Anvil Studio
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"Babyz" = Babyz
"BroadJump Client Foundation" = BroadJump Client Foundation
"Bryce" = Bryce 5.5c
"BUGS" = BUGS
"Bugs Bunny & Taz - Time Busters" = Bugs Bunny & Taz - Time Busters
"Casino-On-Net" = Casino-On-Net
"Castle Video Poker Special Edition" = Castle Video Poker Special Edition
"Chicken Run" = Chicken Run
"Chinese Checkers Special Edition" = Chinese Checkers Special Edition
"Cinergy Script Editor" = Cinergy Script Editor
"Civil War Generals II Demo" = Civil War Generals II Demo
"C-Media USB Sound" = SilverCrest Vibration Headset
"C-Media USB Sound Driver" = C-Media USB Sound Driver
"Coke Side of Life" = Coke Side of Life Screen Saver
"Crayon Physics Deluxe Demo_is1" = Crayon Physics Deluxe Demo - release 52
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"Crazy Drake Special Edition" = Crazy Drake Special Edition
"Crazy Puzzle Special Edition" = Crazy Puzzle Special Edition
"Creatures 3" = Creatures 3
"DarkSide_is1" = DarkSide 1.01.4
"DAZ|Studio" = DAZ|Studio 1.5.1.0
"DeleteProdRunControl_UK" = IBM ViaVoice Command and Control Runtime 5.3 - UK English
"Demonstar Special Edition" = Demonstar Special Edition
"Discover Painting for Kids Special Edition" = Discover Painting for Kids Special Edition
"Disney's Magic Artist Studio" = Disney's Magic Artist Studio
"Docking Station" = Docking Station
"Dream Pinball 3D Demo" = Dream Pinball 3D Demo
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2008-2009)
"Dungeon Keeper II" = Dungeon Keeper 2
"Dweebs Special Edition" = Dweebs Special Edition
"Extreme Bugs Special Edition" = Extreme Bugs Special Edition
"Fahrenheit_is1" = Fahrenheit
"Fishie Fishie_is1" = Fishie Fishie 1.0
"FL Studio 8" = FL Studio 8
"Galaxy Slots Special Edition" = Galaxy Slots Special Edition
"Garret Special Edition" = Garret Special Edition
"GCFScape_is1" = GCFScape 1.7.2
"Gmask 1.70 English" = Gmask 1.70 English
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Heart Of Darkness" = Heart Of Darkness
"Hot Wheels® Micro Racers" = Hot Wheels® Micro Racers
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"Indeo® software" = Indeo® software
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Jack Keane (Demo)" = Jack Keane (Demo)
"Jewel Jam Special Edition" = Jewel Jam Special Edition
"legacyqcam_10.00" = Logitech Legacy USB Camera Driver Package
"LEGO Rock Raiders" = LEGO Rock Raiders
"LEGOIsland" = LEGO Island
"Lemmings Revolution" = Lemmings Revolution
"Lords of Magic Special Edition Demo" = Lords of Magic Special Edition Demo
"Ludo Safari Special Edition" = Ludo Safari Special Edition
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Memory Match" = Memory Match
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Midtown Madness 2.0" = Microsoft Midtown Madness 2
"Mini Golf Master Special Edition" = Mini Golf Master Special Edition
"Monopoly Junior" = Monopoly Junior
"Moon Buggy" = Moon Buggy
"Moonshot" = Moonshot
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NarbacularDrop_is1" = Narbacular Drop version 1.4
"Natural Selection_is1" = Natural Selection 3.2
"Nebulae Fighter Special Edition" = Nebulae Fighter Special Edition
"NetAnts" = NetAnts
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PCCat" = PC Cat
"PCPup" = PC Pup
"Pharaoh" = Pharaoh
"Phun_is1" = Phun beta 4.22
"PitchWorks DX" = PitchWorks remove
"Playground Special Edition" = Playground Special Edition
"PoiZone" = PoiZone
"Poolster 1.1 (Shareware)" = Poolster 1.1 (Shareware)
"rayman2" = rayman2
"Rekkaturvat" = Truck Dismount (remove only)
"Roller Coaster Factory 3" = Roller Coaster Factory 3
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"SideWinder Game Pad Pro" = SideWinder Game Pad Pro
"Sierra Utilities" = Sierra Utilities
"Solitaire 25 Volume 3" = Solitaire 25 Volume 3
"Solitary Confinement" = Solitary Confinement
"SourceForts" = SourceForts
"Space Clash" = Space Clash
"Speedy Eggbert Special Edition" = Speedy Eggbert Special Edition
"ST4UNST #1" = 3dmaze
"ST4UNST #2" = AI Wars (The Insect Mind) v2.1a
"Star Miner Special Edition" = Star Miner Special Edition
"Steam App 1250" = Killing Floor
"Steam App 20560" = World of Zoo: Creature Creator Demo
"SystemRequirementsLab" = System Requirements Lab
"Tarzan Action Game" = Tarzan Action Game
"Teazle" = Teazle
"Toxic Biohazard" = Toxic Biohazard
"UnityWebPlayer" = Unity Web Player
"US Slots" = US Slots
"Virtools3DLifePlayer" = Virtools 3D Life Player
"Vodafone 804SS USB driver" = Vodafone 804SS USB driver Software
"Wendys Word Game Special Edition" = Wendys Word Game Special Edition
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word Search Mania" = Word Search Mania
"Worms2" = Worms2
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zax_is1" = Zax: The Alien Hunter
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 28/10/2009 10:01:48 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
137.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog
Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 28/10/2009 10:01:48 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
139.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog
Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 28/10/2009 10:01:48 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
139.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog
Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 28/10/2009 10:01:49 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
145.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog
Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 28/10/2009 10:01:49 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
145.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog
Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 28/10/2009 10:01:49 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
146.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog
Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 28/10/2009 10:01:49 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
146.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog
Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 28/10/2009 10:01:50 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
153.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog
Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 28/10/2009 10:01:50 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
153.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog
Details:
A
device attached to the system is not functioning. (0x8007001f)
Error - 28/10/2009 10:01:50 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
157.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog
Details:
A
device attached to the system is not functioning. (0x8007001f)
[ System Events ]
Error - 31/10/2009 5:21:34 AM | Computer Name = HOME-FB1F72142A | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 31/10/2009 6:07:45 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.
Error - 31/10/2009 6:08:00 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7034
Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has
done this 1 time(s).
Error - 31/10/2009 6:08:05 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.
Error - 31/10/2009 6:13:28 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.
Error - 31/10/2009 6:13:30 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 31/10/2009 6:14:14 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).
Error - 31/10/2009 6:24:59 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7034
Description = The BlueSoleil Hid Service service terminated unexpectedly. It has
done this 1 time(s).
Error - 31/10/2009 6:25:00 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.
Error - 31/10/2009 6:36:59 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.
< End of report >
OTL logfile created on: 31/10/2009 10:44:31 AM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Willium\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1023.48 Mb Total Physical Memory | 551.30 Mb Available Physical Memory | 53.87% Memory free
2.40 Gb Paging File | 2.04 Gb Available in Paging File | 84.98% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 9.35 Gb Free Space | 8.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: HOME-FB1F72142A
Current User Name: Willium
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Willium\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Command Software\dvpapi.exe (Authentium, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg9emc [Auto | Running]) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd [Auto | Running]) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (BlueSoleil Hid Service [Auto | Stopped]) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dvpapi [Auto | Running]) -- C:\Program Files\Common Files\Command Software\dvpapi.exe (Authentium, Inc.)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (KService [Disabled | Stopped]) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (LVPrcSrv [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (npggsvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (atksgt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\atksgt.sys ()
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BlueletAudio [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\blueletaudio.sys (IVT Corporation)
DRV - (BT [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys (IVT Corporation)
DRV - (Btcsrusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btcusb.sys (IVT Corporation)
DRV - (BTHidEnum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vbtenum.sys ()
DRV - (BTHidMgr [Boot | Running]) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (catchme [On_Demand | Running]) -- File not found
DRV - (cmudau [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\cmudaxu.sys (C-Media Inc)
DRV - (CSS DVP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\css-dvp.sys (Authentium, Inc.)
DRV - (DM9USB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dm9usb.sys (DAVICOM Semiconductor, Inc. )
DRV - (FilterService [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (GcKernel [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\GcKernel.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HIDSwvd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys (Microsoft Corporation)
DRV - (lirsgt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys ()
DRV - (lvpopflt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (lvselsus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvselsus.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (NPPTNT2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RT73 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rt73.sys (Ralink Technology, Corp.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ss_bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys (MCCI)
DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys (MCCI)
DRV - (ss_mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys (MCCI)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbcm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbcm.sys (Microsystems Corp)
DRV - (USBIO [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbio.sys (Thesycon GmbH, Germany)
DRV - (VComm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\VComm.sys (IVT Corporation)
DRV - (VcommMgr [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys (IVT Corporation)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Willium\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn...st/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://uk.msn.com/?ocid=iehpIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 F9 BE 72 B7 5E CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696
FF - prefs.js..extensions.enabledItems: avg@igeared:2.709.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/28 00:38:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/10/27 15:50:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/10/26 22:22:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/05 07:42:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/05 07:42:11 | 00,000,000 | ---D | M]
[2009/04/29 13:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\mozilla\Extensions
[2009/01/13 17:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/26 22:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\mozilla\Firefox\Profiles\151xy818.default\extensions
[2009/06/28 11:23:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\mozilla\Firefox\Profiles\151xy818.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/29 13:03:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\mozilla\Firefox\Profiles\151xy818.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}(2)
[2009/10/27 12:26:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/06 21:22:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/29 13:36:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/08/06 21:21:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/06 21:21:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/06 21:21:56 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/05/02 06:43:03 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2009/10/05 07:42:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/05 07:42:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/05 07:42:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/05 07:42:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/05 07:42:11 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/05 07:42:11 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/05 07:42:11 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/02 17:50:46 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/05/02 17:50:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/10/26 22:25:24 | 00,002,265 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/05/02 17:50:46 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/05/02 17:50:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/02 17:50:46 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/05/02 17:50:46 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/02 17:50:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/02 17:50:46 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SideWinderTrayV4] C:\Program Files\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by NetAnts - C:\Program Files\NetAnts\NaGet.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &All by NetAnts - C:\Program Files\NetAnts\NaGetAll.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Willium\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E}
http://dev.srtest.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}
http://musicmix.mess.../Medialogic.CAB (CMediaMix Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://www.update.mi...b?1213103626234 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8}
http://3dlifeplayer....l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380}
http://www.instantac...ad/iaplayer.cab (InstantAction Game Launcher)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}
http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:21:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ========== [6 C:\WINDOWS\System32\*.tmp files]
[10 C:\WINDOWS\*.tmp files]
[2009/10/26 22:22:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/26 22:22:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/19 16:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/06 06:50:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2009/10/26 22:16:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME
[2009/10/19 16:56:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Application Data\Technology Lighthouse
[2009/11/05 16:48:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Application Data\Unity
[2009/11/06 06:50:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Application Data\Virgin Broadband
[2009/10/27 15:13:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Application Data\Windows Desktop Search
[2009/10/27 15:17:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Application Data\Windows Search
[2009/10/31 09:25:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Local Settings\Application Data\ApplicationHistory
[2009/10/26 22:25:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Local Settings\Application Data\AVG Security Toolbar
[2009/10/19 07:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Local Settings\Application Data\iMesh
[2009/11/05 16:43:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Local Settings\Application Data\Unity
[2009/10/26 22:22:12 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/06 18:27:38 | 00,000,000 | ---D | C] -- C:\Program Files\Gmask 1.70 English
[2009/10/19 07:32:04 | 00,000,000 | ---D | C] -- C:\Program Files\iMesh Applications
[2009/10/19 16:55:38 | 00,000,000 | ---D | C] -- C:\Program Files\Technology Lighthouse
[2009/11/05 16:43:43 | 00,000,000 | ---D | C] -- C:\Program Files\Unity
[2009/10/27 15:12:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/10/27 20:25:32 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/10/27 14:51:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/10/19 17:32:10 | 00,000,000 | ---D | C] -- C:\Program Files\Zax
[2009/11/06 19:24:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP
[2009/11/06 18:35:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Desktop\b
[2009/11/06 13:11:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Desktop\steamappsss
[2009/11/05 16:32:18 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/05 16:32:18 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/05 16:32:18 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/05 16:30:51 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/11/05 16:30:48 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/11/05 16:28:04 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/10/31 10:41:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/31 10:17:47 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/31 10:14:28 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/31 08:28:02 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/31 08:28:02 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/31 08:28:02 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/31 08:28:02 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/31 08:27:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/31 08:21:33 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/30 12:25:26 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Willium\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/10/30 09:21:36 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Willium\Desktop\OTL.exe
[2009/10/29 20:33:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Desktop\Sorting Comp
[2009/10/29 19:16:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/10/28 10:52:12 | 14,653,4806 | ---- | C] (SourceForts Team) -- C:\Documents and Settings\Willium\Desktop\SF1941-Client.exe
[2009/10/27 15:39:29 | 00,000,000 | ---D | C] -- C:\94a3715beca94d1d71328d050a
[2009/10/27 15:12:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/10/27 15:12:10 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2009/10/27 15:12:10 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2009/10/27 15:12:10 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2009/10/27 15:10:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2009/10/27 09:11:40 | 01,146,184 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Willium\Desktop\wlsetup-web.exe
[2009/10/27 09:07:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/10/26 22:23:03 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/10/26 22:22:40 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/26 22:22:39 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/26 22:22:36 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/26 22:22:35 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/26 22:22:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/10/22 17:10:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Desktop\Valve Lan Lite - School Edition
[2009/10/22 17:07:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Desktop\college work
[2009/10/19 07:32:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\My Documents\iMesh
[2009/10/19 07:32:08 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actskn45.ocx
========== Files - Modified Within 30 Days ========== [6 C:\WINDOWS\System32\*.tmp files]
[10 C:\WINDOWS\*.tmp files]
[2009/11/06 19:33:47 | 02,639,034 | -H-- | M] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\IconCache.db
[2009/11/06 19:12:48 | 00,003,436 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/31 10:41:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/31 10:37:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/31 10:18:02 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/31 09:30:36 | 44,366,342 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/31 09:28:13 | 00,064,405 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/31 09:24:19 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/31 09:23:46 | 00,181,756 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/31 09:23:44 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/31 09:23:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/31 09:23:02 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/31 09:00:37 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/28 12:19:28 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Willium\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/10/28 12:15:00 | 03,440,512 | R--- | M] () -- C:\Documents and Settings\Willium\Desktop\ComboFix.exe
[2009/10/28 12:14:00 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\Win32kDiag(2).exe
[2009/10/28 11:56:08 | 00,366,211 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\Gmsk170E.exe
[2009/10/28 11:24:30 | 14,653,4806 | ---- | M] (SourceForts Team) -- C:\Documents and Settings\Willium\Desktop\SF1941-Client.exe
[2009/10/28 10:55:30 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/28 10:29:53 | 00,539,232 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/28 10:29:53 | 00,462,036 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/28 10:29:53 | 00,078,172 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/28 10:28:40 | 00,000,677 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\Shortcut to msmsgs.exe.lnk
[2009/10/27 20:13:32 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Willium\Desktop\OTL.exe
[2009/10/27 18:53:22 | 00,048,504 | ---- | M] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/27 15:51:10 | 00,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/27 15:13:31 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/27 15:12:55 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/10/27 14:46:26 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/27 09:11:41 | 01,146,184 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Willium\Desktop\wlsetup-web.exe
[2009/10/26 22:22:45 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/26 22:22:40 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/26 22:22:40 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/26 22:22:37 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/26 22:22:35 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/26 22:22:35 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/26 22:22:35 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/26 22:05:25 | 00,000,230 | ---- | M] () -- C:\WINDOWS\freedom.backup.dat
[2009/10/26 15:58:12 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/23 13:14:21 | 00,001,488 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\RESTART.lnk
[2009/10/23 08:32:16 | 00,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/10/23 08:32:16 | 00,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/10/23 08:32:16 | 00,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/10/20 06:22:04 | 03,415,397 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\Lemon Demon - The Ultimate Showdown of Ultimate Destiny.mp3
[2009/10/19 14:11:01 | 00,000,048 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/10/19 13:16:27 | 00,001,692 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\SHUTDOWN.lnk
[2009/10/19 11:30:33 | 00,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/10/19 11:30:33 | 00,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/10/17 17:41:56 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\Guitar Pro 5.lnk
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/02 11:01:58 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
========== Files - No Company Name ==========[2009/10/31 10:18:02 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/31 10:17:56 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/31 09:23:02 | 10,732,70784 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/31 08:28:02 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/31 08:28:02 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/31 08:28:02 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/31 08:28:02 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/31 08:28:02 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/30 12:25:22 | 03,440,512 | R--- | C] () -- C:\Documents and Settings\Willium\Desktop\ComboFix.exe
[2009/10/30 12:25:10 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\Win32kDiag(2).exe
[2009/10/28 11:56:03 | 00,366,211 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\Gmsk170E.exe
[2009/10/28 10:28:40 | 00,000,677 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\Shortcut to msmsgs.exe.lnk
[2009/10/27 15:12:55 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/10/26 22:22:45 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/26 22:22:40 | 44,366,342 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/26 22:22:40 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/26 22:22:35 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/26 22:22:35 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/26 22:22:35 | 00,064,405 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/23 13:08:06 | 00,001,488 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\RESTART.lnk
[2009/10/20 06:10:05 | 03,415,397 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\Lemon Demon - The Ultimate Showdown of Ultimate Destiny.mp3
[2009/10/19 07:35:55 | 00,001,692 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\SHUTDOWN.lnk
[2009/10/17 17:41:56 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\Guitar Pro 5.lnk
[2009/08/06 12:59:11 | 00,000,065 | ---- | C] () -- C:\WINDOWS\NARBACULARDROP.INI
[2009/05/03 22:28:30 | 00,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/29 13:32:01 | 00,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009/02/05 15:56:47 | 00,000,032 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\4612a3fd366405348c504a9b8fc9da7d_Willium
[2008/12/16 20:58:54 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/09 14:03:24 | 00,000,223 | ---- | C] () -- C:\WINDOWS\FUJIGOLF.INI
[2008/11/09 13:53:08 | 00,002,202 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/11/04 15:27:45 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/26 15:04:59 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll
[2008/09/11 17:58:58 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\VBCARDS.DLL
[2008/09/11 17:58:57 | 00,271,264 | ---- | C] () -- C:\WINDOWS\System32\VBRUN100.DLL
[2008/09/11 17:58:57 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/09/11 17:58:57 | 00,004,608 | ---- | C] () -- C:\WINDOWS\MTNEWS.DLL
[2008/09/11 17:58:57 | 00,000,038 | ---- | C] () -- C:\WINDOWS\BestGame.ini
[2008/09/03 18:30:48 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/09/03 18:30:48 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/08/24 16:28:59 | 00,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/08/24 15:06:32 | 00,000,437 | ---- | C] () -- C:\WINDOWS\pdhpro.ini
[2008/08/24 15:00:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/08/24 14:39:44 | 00,000,146 | ---- | C] () -- C:\WINDOWS\gsp_arcd.ini
[2008/08/24 14:39:43 | 00,271,264 | ---- | C] () -- C:\WINDOWS\VBRUN100.DLL
[2008/08/24 14:39:43 | 00,017,424 | ---- | C] () -- C:\WINDOWS\FH_BMP.DLL
[2008/08/23 16:03:21 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/08/23 16:03:20 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/08/22 16:59:00 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2008/08/22 16:46:35 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/08/22 16:46:35 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/08/22 16:46:35 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/08/22 12:30:50 | 00,000,049 | ---- | C] () -- C:\WINDOWS\dc_jill.INI
[2008/08/22 12:26:49 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/08/21 12:11:28 | 00,974,848 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/08/21 12:11:28 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008/08/21 12:11:28 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2008/08/09 14:00:58 | 00,000,059 | ---- | C] () -- C:\WINDOWS\Crazy.INI
[2008/07/26 11:11:37 | 02,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2008/07/25 18:56:06 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2008/07/25 14:07:24 | 00,000,470 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/07/24 19:08:39 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2008/07/24 19:08:39 | 00,012,500 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2008/07/24 18:49:38 | 00,311,296 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2008/07/24 18:49:37 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\drumpad.dll
[2008/07/24 18:49:23 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\animation.dll
[2008/07/24 18:45:17 | 00,001,857 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/07/24 18:41:57 | 00,189,952 | ---- | C] () -- C:\WINDOWS\Qcard32.dll
[2008/07/24 18:41:56 | 00,189,952 | ---- | C] () -- C:\WINDOWS\System32\Qcard32.dll
[2008/07/24 18:22:02 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/19 18:36:48 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
[2008/06/19 18:36:26 | 00,065,536 | R--- | C] () -- C:\WINDOWS\VMix.dll
[2008/06/19 18:36:26 | 00,005,690 | R--- | C] () -- C:\WINDOWS\Cmudau.ini
[2008/06/10 14:09:32 | 02,639,034 | -H-- | C] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\IconCache.db
[2008/06/10 13:27:11 | 00,048,504 | ---- | C] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/06/10 13:26:31 | 00,000,070 | ---- | C] () -- C:\WINDOWS\EB33ADEF.ini
[2008/06/10 13:10:23 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/06/10 12:53:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/06/10 12:36:06 | 00,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2008/06/10 12:36:06 | 00,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2008/06/10 12:36:06 | 00,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2008/06/10 12:36:06 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2008/06/10 12:36:05 | 00,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2008/06/10 12:28:21 | 00,000,062 | ---- | C] () -- C:\Documents and Settings\Willium\Application Data\desktop.ini
[2008/06/05 07:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/03 04:46:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/03 04:46:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/03 04:46:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/03 04:46:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/03 04:46:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/03 10:59:54 | 06,148,096 | ---- | C] () -- C:\WINDOWS\System32\dzcore.dll
[2006/12/05 15:07:16 | 00,032,256 | ---- | C] () -- C:\WINDOWS\System32\dzbryce6.dll
[2006/12/05 15:00:56 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\dzwrapper.dll
[2006/11/20 16:25:16 | 01,343,488 | ---- | C] () -- C:\WINDOWS\System32\daz-qsa.dll
[2006/11/20 16:25:02 | 04,984,832 | ---- | C] () -- C:\WINDOWS\System32\daz-qt-mt.dll
[2004/08/04 12:00:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(4).dll
[2004/08/04 12:00:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/04 12:00:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/04 12:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2004/08/04 12:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/08/04 12:00:00 | 00,003,436 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 12:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/06/06 01:01:58 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2000/03/29 00:58:40 | 00,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[2000/03/28 14:27:42 | 00,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll
========== LOP Check ========== [2009/10/26 22:22:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/28 16:24:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/11 15:21:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/07 17:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/10/27 15:03:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/26 22:22:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/24 19:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2008/10/14 18:27:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2009/05/07 09:32:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2008/11/21 13:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/04/29 13:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/04/29 12:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki(2)
[2009/05/06 12:28:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/03/20 11:04:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/04/29 12:48:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mevo
[2008/11/07 19:55:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/10/26 22:18:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ntl
[2009/05/02 06:44:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/05/13 09:33:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/11/23 17:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2009/10/19 16:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/06 06:50:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2009/10/26 22:16:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME
[2009/10/27 15:17:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Willium\Application Data
[2008/12/04 21:41:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Anvil Studio
[2008/07/10 14:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\BitTorrent
[2009/04/20 23:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Braid
[2009/05/21 06:53:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Broken Rules
[2008/10/16 14:26:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\CasinoOnNet
[2009/05/13 18:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Crayon Physics Deluxe
[2008/11/09 19:20:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\DNA
[2008/11/23 17:57:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Download Manager
[2008/08/23 15:00:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\dp3d
[2008/11/20 17:41:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\FileMaker
[2008/06/20 21:38:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\fretsonfire
[2008/12/10 21:17:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\GarageGames
[2008/11/17 21:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\GetRightToGo
[2009/06/30 19:10:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Glasshouse
[2008/10/16 23:01:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\IMVU
[2008/10/16 23:10:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\IMVUClient
[2009/10/31 19:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Juce VST Host
[2009/05/03 22:37:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Leadertech
[2009/04/29 13:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\LimeWire
[2009/06/11 21:28:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Lionhead Studios
[2008/07/25 14:02:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\LucasArts
[2008/06/10 13:26:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\ntl
[2008/06/30 15:47:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\OnReally
[2008/10/16 19:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\OpenOffice.org
[2008/08/23 15:15:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Pi Eye Games
[2009/02/05 15:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Plogue
[2008/10/05 16:16:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Willium\Application Data\SecuROM
[2009/04/21 00:21:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Slam Dunk Studios, LLC
[2009/01/30 16:55:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\SPORE
[2008/10/02 17:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\SPORE Creature Creator
[2008/10/09 19:00:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\SporeCreatureCreator
[2009/01/29 11:28:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\SystemRequirementsLab
[2009/10/19 16:56:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Technology Lighthouse
[2009/11/05 16:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Unity
[2009/10/17 19:06:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\uTorrent
[2009/04/29 13:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\vghd
[2009/11/06 06:50:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Virgin Broadband
[2009/10/27 15:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Windows Desktop Search
[2009/10/27 15:17:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Windows Search
[2004/08/04 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/31 09:23:44 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/10/31 10:41:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe >[2007/10/06 15:16:08 | 00,894,424 | ---- | M] () -- C:\bots.exe
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >[eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/04 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll
[6 C:\WINDOWS\system32\*.tmp files]
< %SYSTEMDRIVE%\scecli.dll /s /md5 >[scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/04 12:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\scecli.dll
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll
[6 C:\WINDOWS\system32\*.tmp files]
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >[netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/04 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll
[6 C:\WINDOWS\system32\*.tmp files]
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 >[logevent.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logevent.dll
[6 C:\WINDOWS\system32\*.tmp files]
< %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 >[atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/04 12:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 >[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\agp440.sys
[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >< End of report >
Logs as requested. and pasted this time ;P