Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32/Heur virus [Solved]


  • This topic is locked This topic is locked

#1
Willium_Bob_Cole

Willium_Bob_Cole

    Member

  • Member
  • PipPip
  • 46 posts
hey there, my pc recently started locking up in every possible way, internet slowed down, messenger wouldnt log in, startup progs wouldnt startup, it was very much heading down the path of permabluescreen, i really would like to do a formatting and clean installing of XP, however I no longer have the disk.

anyways, i have since gotten it back to pretty much working order, mostly by getting ri dof NTL netgaurd security, it never failed me before but now i think it is pants lol, and instead am running AVG free version. it has scanned and cleaned a few harmful files and i am satisfied that they are removed for good, however, it repeatedly finds the win32/Heur virus and it's associated trojans.

I have found other threads relating to this issue, but they all ask for registry and scan logs, which is all very specific, so I thought it's best to post from new rather than try and apply something to me which may not necessarily work.

I know you're going to ask a lot of logs from me, but i have fallen into the habit of not saving logs, so could you, when giving me an instruction, maybe tell me which part of which program i use to access and save my logs so as to upload them here?

I thank you in advance

WBC
:)
  • 0

Advertisements


#2
Willium_Bob_Cole

Willium_Bob_Cole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Umm I know we're told not to bump but this is more of an update/cry for help, and may a voice a small note of urgency...

My computer has again been getting worse, I don't thinks it's going to hold out much longer, nothing loads up in the task tray thing (by the clock) and I rarely can get the start menu to open, the Internet is not connected for some reason, I can only open firefox from the desktop shortcut (which is confirming that I can't connect to the Internet) and likewise I can only open AVG from the desktop, and three times I've tried scanning my pc and each time it's basically crashed on file 265, called dvpapi.exe and only once has it got further but crashed after about 5% of scanning anyway!!

I'm getting a brand new pc next month but I'm giving this one to my friend, he is doing an IT course and he kinda needs a pc so it makes sense to give it to him, but not in this state. Is there anyway I could clean EVERYTHING, start as if new???
Please help!!!!
Thank youuu...
  • 0

#3
Willium_Bob_Cole

Willium_Bob_Cole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Ok I've ended the task dvpapi in task manager then ended the scan (which I could only do in task manager also due to the nature of it locking up), and now it stops on 335, C:\WINDOWS\Temp\logishrd\LVPrclnj01.dll
there was a process matching this name which I ended and tried again but it's still doing it.
I don't want to go deleteing files willy billy because I have no idea what does what, I don't wanna mess with files I've never hear of and don't know the impact/importance of them...
  • 0

#4
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

  • 0

#5
Willium_Bob_Cole

Willium_Bob_Cole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi, thanks for replying, and I realise that you probably wanted me to have ran OTL initially buuuut I'm all in a muddling panic over this so do forgive me...

as I have said, I do not have internet access on my computer for whatever reason, however I can use my landlady's computer (as i am doing), which is all fine and well, using memory stick to transfer files for upload (thoroughly scanning each one every time i connect it), just a little bit more tedious (my PC is at the end of the garden in the summerhouse...)

So okay, I have saved the OTL.exe to my memory stick, gone down to my comp and saved OTL to my desktop, i was in safe mode because it was the only way i could scan with AVG without processes messing it up, but it is gonna take forever so i will do that overnight... but yer, i tried running OTL whilst in safe mode, clicked min output as you said, and started the scan. It then just closed, and i looked to see if the two files you wanted where in the location of otl, but nothing. now when i try and run otl, it says i do not have the appropriate permissions or something similar, so i have right clicked>run as> and tried administrator... but turns out i don't know my built in administrator account's password, I think the guy who built my PC changed it from the default and I have no contact with him whatsoever (I cant even remember his name, it was about 3 or 4 years ago) so I cant retrieve it...

arrgh what do I doooo?? :)

although I do appreciate every minute you guys spare and I really hope you can help me get this back in order, thank you
  • 0

#6
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Please download Win32Diag from one of the links below and save it to your Desktop.

Link 1
Link 2
Link 3

  • Double-click on Win32Diag.exe to run it. If you are using Windows Vista, please right-click and select Run As Administrator
  • A black command prompt window shall appear.
  • It will now begin to scan. This may take a while, please be paitent until the scan is complete.
  • Once it's done, in the black screen it will say "Finished! Press any key to exit.... Press any key to exit.
  • A log file called Win32KDiag.txt will be created on your desktop.
  • Please copy and paste the contents of that log file here in your next reply please.

  • 0

#7
Willium_Bob_Cole

Willium_Bob_Cole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Here is the log you asked for from Win32kDiag:

Running from: C:\Documents and Settings\Willium\Desktop\Sorting Comp\Win32kDiag.exe

Log file at : C:\Documents and Settings\Willium\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10A.tmp\ZAP10A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15A.tmp\ZAP15A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP165.tmp\ZAP165.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\18555481990E8AB4CBB63FB4F26006C0\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}\{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\ERRORREP

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\solcache\solcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 12:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[2] 2004-08-04 12:00:00 55808 C:\WINDOWS\system32\eventlog(3).dll (Microsoft Corporation)

[1] 2008-04-14 00:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-14 00:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\Temp\56e04342-43f5-4a5a-8e17-bc01052a1b5d\56e04342-43f5-4a5a-8e17-bc01052a1b5d

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\History\Results\Results

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\ntlStandardInstall_1-8-0\ntlStandardInstall_1-8-0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\RtSigs\Data\Data

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\_ISTMP2.DIR\_ISTMP2.DIR

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\_ISTMP4.DIR\_ISTMP4.DIR

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\_isTmp_{8675309}\_isTmp_{8675309}

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Temp\~ef87a1\~ef87a1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0

Mount point destination : \Device\__max++>\^



Finished!
  • 0

#8
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

  • 0

#9
Willium_Bob_Cole

Willium_Bob_Cole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Ok will do, but only problem is I my pc will not connect to the Internet, could I get a direct download of recovery console so that I may transfer and install it manually?
Thanks
  • 0

#10
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image


  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
  • 0

Advertisements


#11
Willium_Bob_Cole

Willium_Bob_Cole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Firstly, WOO. I can start Jim (as I have now nicknamed my PC...) in normal windows mode and stuff loads up! as in the icons and everything. AND it has connected to the internet. So hopefully I can now post the logs and stuff from here instead from now on.

The new log (I hope) for OTL should be attatched, forgive me if it's the wrong one, and also, I have attatched the log file for ComboFix. I had to load combofix twice, but don't worry, it didnt actually do anything the first time, I dragged the windows recovery installer onto combo fix and let it load up and then accepted all things etc. and then it said it needed to restart the machine so i did, and then I ran combofix without dragging recovery installer this time as I assumed it was done from before, yet it said it wasnt installed but at the time i didnt have internet still so i had no choice but to continue, it was just ok ok ok lol, also, it told me AVG was running and to end it, but i checked task manager and nothing even relating to AVG was running, I was in safe mode so there few processes to look through anyway, so I felt confident that it was safe. and so far so good...

what next guys?
:) fankyoo

Running from: C:\Documents and Settings\Willium\desktop\win32kdiag(2).exe

Log file at : C:\Documents and Settings\Willium\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\addins\addins

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10A.tmp\ZAP10A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10A.tmp\ZAP10A.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15A.tmp\ZAP15A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15A.tmp\ZAP15A.tmp

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP165.tmp\ZAP165.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP165.tmp\ZAP165.tmp

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d1\d1

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d2\d2

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d3\d3

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d4\d4

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d5\d5

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d6\d6

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d7\d7

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\CSC\d8\d8

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\18555481990E8AB4CBB63FB4F26006C0\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\18555481990E8AB4CBB63FB4F26006C0\1.0.0\1.0.0

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Found mount point : C:\WINDOWS\Installer\{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}\{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}\{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Found mount point : C:\WINDOWS\pchealth\ERRORREP\ERRORREP

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\ERRORREP

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\0dd0244816ffb4b094c1caba4c3b1178\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5cfa09586faf6d9470f0c817d855bb6b\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\6913c676e5d33978934caa46c49fdc75\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\9868363812bbe4a0a4d814b7943ba906\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\b7f0b2892b21211a5630518d058f48d9\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\c2605fe2baba03346e8868859fbe2ead\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d3767eab8f4479a8d252b47e8ec225c8\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6\backup\backup

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\backup\backup

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\backup\backup

Found mount point : C:\WINDOWS\solcache\solcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\solcache\solcache

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Cannot access: C:\WINDOWS\system32\eventlog.dll

Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 12:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 00:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[2] 2004-08-04 12:00:00 55808 C:\WINDOWS\system32\eventlog(3).dll (Microsoft Corporation)

[1] 2008-04-14 00:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-14 00:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)



Found mount point : C:\WINDOWS\Temp\56e04342-43f5-4a5a-8e17-bc01052a1b5d\56e04342-43f5-4a5a-8e17-bc01052a1b5d

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\56e04342-43f5-4a5a-8e17-bc01052a1b5d\56e04342-43f5-4a5a-8e17-bc01052a1b5d

Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar

Found mount point : C:\WINDOWS\Temp\History\Results\Results

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\History\Results\Results

Found mount point : C:\WINDOWS\Temp\ntlStandardInstall_1-8-0\ntlStandardInstall_1-8-0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\ntlStandardInstall_1-8-0\ntlStandardInstall_1-8-0

Found mount point : C:\WINDOWS\Temp\RtSigs\Data\Data

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\RtSigs\Data\Data

Found mount point : C:\WINDOWS\Temp\_ISTMP2.DIR\_ISTMP2.DIR

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\_ISTMP2.DIR\_ISTMP2.DIR

Found mount point : C:\WINDOWS\Temp\_ISTMP4.DIR\_ISTMP4.DIR

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\_ISTMP4.DIR\_ISTMP4.DIR

Found mount point : C:\WINDOWS\Temp\_isTmp_{8675309}\_isTmp_{8675309}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\_isTmp_{8675309}\_isTmp_{8675309}

Found mount point : C:\WINDOWS\Temp\~ef87a1\~ef87a1

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Temp\~ef87a1\~ef87a1

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0



Finished!



ComboFix 09-10-27.07 - Willium 31/10/2009 8:30.1.1 - NTFSx86 MINIMAL
Running from: c:\documents and settings\Willium\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Willium\Start Menu\Programs\[Accessories]\Startup\Logitech . Product Registration.lnk
c:\windows\system32\AdCache
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\SystemService32

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-11-06 19:45 . 2009-10-31 08:03 0 ----a-r- c:\windows\win32k.sys
2009-11-06 19:24 . 2009-11-06 19:24 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2009-11-06 18:27 . 2009-10-28 11:56 -------- d-----w- c:\program files\Gmask 1.70 English
2009-11-06 06:50 . 2009-11-06 06:50 -------- d-----w- c:\documents and settings\Willium\Application Data\Virgin Broadband
2009-11-06 06:50 . 2009-11-06 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Broadband
2009-11-05 16:48 . 2009-11-05 16:48 -------- d-----w- c:\documents and settings\Willium\Application Data\Unity
2009-11-05 16:43 . 2009-11-05 16:43 -------- d-----w- c:\documents and settings\Willium\Local Settings\Application Data\Unity
2009-11-05 16:43 . 2009-11-05 16:43 -------- d-----w- c:\program files\Unity
2009-11-05 16:30 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-11-05 16:28 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-27 20:25 . 2009-10-27 20:25 -------- d-----w- c:\program files\Windows Live
2009-10-27 15:43 . 2009-10-27 15:43 120200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-27 15:39 . 2009-10-27 15:40 -------- d-----w- C:\94a3715beca94d1d71328d050a
2009-10-27 15:30 . 2009-10-27 15:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-27 15:17 . 2009-10-27 15:17 -------- d-----w- c:\documents and settings\Willium\Application Data\Windows Search
2009-10-27 15:13 . 2009-10-27 15:13 -------- d-----w- c:\documents and settings\Willium\Application Data\Windows Desktop Search
2009-10-27 15:12 . 2009-10-28 10:31 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-27 15:12 . 2009-10-27 15:12 -------- d-----w- c:\windows\system32\GroupPolicy
2009-10-27 15:12 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-10-27 15:12 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-10-27 15:12 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-10-27 15:10 . 2009-10-27 15:10 -------- d-----w- c:\windows\system32\URTTEMP
2009-10-27 14:51 . 2009-10-27 14:51 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-26 22:25 . 2009-10-26 22:25 -------- d-----w- c:\documents and settings\Willium\Local Settings\Application Data\AVG Security Toolbar
2009-10-26 22:23 . 2009-10-26 22:34 -------- d-----w- C:\$AVG
2009-10-26 22:22 . 2009-10-26 22:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-26 22:22 . 2009-10-27 14:46 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-26 22:22 . 2009-10-26 22:22 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-26 22:22 . 2009-10-27 14:47 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-26 22:22 . 2009-10-26 22:22 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-26 22:22 . 2009-10-27 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-26 22:22 . 2009-10-26 22:22 -------- d-----w- c:\program files\AVG
2009-10-26 22:22 . 2009-10-26 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-26 22:16 . 2009-10-26 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ZKS_COMPANY_NAME
2009-10-19 17:32 . 2009-10-23 08:32 -------- d-----w- c:\program files\Zax
2009-10-19 16:56 . 2009-10-19 16:56 -------- d-----w- c:\documents and settings\Willium\Application Data\Technology Lighthouse
2009-10-19 16:56 . 2009-10-19 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-19 16:55 . 2009-10-19 16:55 -------- d-----w- c:\program files\Technology Lighthouse
2009-10-19 07:32 . 2009-10-19 07:32 -------- d-----w- c:\documents and settings\Willium\Local Settings\Application Data\iMesh
2009-10-19 07:32 . 2009-10-19 07:32 -------- d-----w- c:\program files\iMesh Applications

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 16:32 . 2008-06-24 12:02 -------- d-----w- c:\program files\Java
2009-10-31 19:44 . 2009-07-27 19:39 -------- d-----w- c:\documents and settings\Willium\Application Data\Juce VST Host
2009-10-31 04:11 . 2008-10-12 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-28 12:27 . 2008-06-10 12:51 -------- d-----w- c:\program files\Steam
2009-10-27 18:53 . 2008-06-10 13:27 48504 -c--a-w- c:\documents and settings\Willium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-26 22:18 . 2008-06-10 13:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 22:18 . 2008-06-10 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ntl
2009-10-26 22:18 . 2008-06-10 13:00 -------- d-----w- c:\program files\Common Files\Command Software
2009-10-26 22:05 . 2008-06-10 14:09 230 ----a-w- c:\windows\freedom.backup.dat
2009-10-23 08:32 . 2008-08-22 16:46 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-10-23 08:32 . 2008-08-22 16:46 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-10-23 08:32 . 2008-08-22 16:46 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-10-22 18:19 . 2008-11-09 16:15 -------- d-----w- c:\program files\DOSBox-0.72
2009-10-19 14:11 . 2009-09-12 22:08 48 ----a-w- c:\windows\popcinfot.dat
2009-10-19 11:55 . 2008-06-19 18:05 -------- d-----w- c:\program files\NetAnts
2009-10-19 11:30 . 2008-11-07 00:10 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-19 11:30 . 2008-11-07 00:10 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-17 19:06 . 2008-10-24 20:14 -------- d-----w- c:\documents and settings\Willium\Application Data\uTorrent
2009-10-17 17:41 . 2009-03-11 00:33 -------- d-----w- c:\program files\Guitar Pro 5
2009-09-22 16:58 . 2009-05-13 18:06 -------- d-----w- c:\program files\Crayon Physics Deluxe
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 08:52 . 2009-09-08 08:52 -------- d-----w- c:\program files\Eidos Interactive
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:44 . 2004-08-04 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-02 15:17 . 2009-04-29 16:35 17 ----a-w- c:\windows\popcinfo.dat
.

------- Sigcheck -------

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-18 12:27 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-23 68856]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-26 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SideWinderTrayV4"="c:\progra~1\MICROS~2\GAMECO~1\common\swtrayv4.exe" [1999-05-12 20545]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-27 2010904]
"NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2004-08-10 106496]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Willium\Start Menu\Programs\[Accessories]\Startup\

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BN-WD54G Wireless Utility.lnk - c:\program files\BLUENEXT\BN-WD54G Wireless Utility\Installer\WINXP\BWCU.exe [2009-4-29 598016]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-26 22:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\source sdk base\\hl2.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\multiwinia\\multiwinia.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\gish\\gish.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 4\\sammax104_drm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes exoddus demo\\Exoddus.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes oddysee demo\\AbeDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the wonderful end of the world\\main.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\geometry wars\\GeometryWars.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\eets\\Eets.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\gumboy crazy adventures\\GumboyCrazyAdventures.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\gumboy crazy features\\GumboyCrazyFeatures.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\flatout\\flatout.exe"=
"c:\\Program Files\\Steam\\steamapps\\lightsxout\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\flatout2\\FlatOut2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\lightsxout\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle deluxe\\Peggle.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle nights\\PeggleNights.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=
"c:\\Program Files\\Team17 Software Ltd\\Worms Forts Under Siege\\WF.exe"=
"c:\\Team17\\Worms2\\frontend.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\gumboy tournament demo\\GumboyTournament.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\full pipe\\Fullpipe.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"c:\\Program Files\\Games\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\lightsxout\\smashball\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=
"c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trine demo\\trine_launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blueberry garden demo\\BlueberryGarden.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Documents and Settings\\Willium\\Desktop\\Valve Lan Lite - School Edition\\hl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56928:TCP"= 56928:TCP:Pando Media Booster
"56928:UDP"= 56928:UDP:Pando Media Booster

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26/10/2009 10:22 PM 333192]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26/10/2009 10:22 PM 360584]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [26/10/2009 10:22 PM 906520]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [26/10/2009 10:22 PM 285392]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [21/03/2002 8:14 AM 21376]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-16 08:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download by NetAnts - c:\progra~1\NetAnts\NAGet.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &All by NetAnts - c:\progra~1\NetAnts\NAGetAll.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Willium\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Willium\Application Data\Mozilla\Firefox\Profiles\151xy818.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ntl Netguard - c:\program files\ntl\ntl Netguard\RPS.exe
HKLM-Run-CmUsbSound - cmcnfgu.cpl
AddRemove-BigTickRhino2Vst_is1 - c:\program files\Rhino2\unins000.exe
AddRemove-Coffee Break PacMan - g:\psp\SAVEDATA\Coffee Break PacMan\uninstall.exe
AddRemove-Dance eJay3 - c:\program_files\eJay\Dance3\deinstal.exe
AddRemove-De_Blob_EN - c:\program files\De Blob\Uninstall EN.exe
AddRemove-eMazing Mazes - c:\progra~1\eGames\EMAZIN~1\UNWISE.EXE
AddRemove-Frets on Fire - c:\program files\Frets on Fire\Uninstall.exe
AddRemove-Golf Demo - c:\program files\Golf Demo\uninstall.exe
AddRemove-Ichor - c:\program files\Ichor\uninstall.exe
AddRemove-Metal Gear Solid 1.0 - c:\program files\Metal Gear Solid\UNINSTAL.EXE
AddRemove-PianoFX STUDIO 4.0_is1 - c:\program files\PianoFX\unins000.exe
AddRemove-Porrasturvat - Stair Dismount - c:\program files\Porrasturvat - Stair Dismount\uninstall.exe
AddRemove-Raptor Special Edition - c:\progra~1\Game\eGames\RAPTOR~1\UNWISE.EXE
AddRemove-Snooker147 1.0 (Shareware) - c:\program files\Games\[Shareware]\JHC SoftWare\Snooker147 1.0 (Shareware)\DeIsL1.isu
AddRemove-Toribash_is1 - c:\games\Toribash-3.32\unins000.exe
AddRemove-VoiceMX STUDIO 4_is1 - c:\program files\VoiceMX\unins000.exe
AddRemove-2speced client10.5 - c:\documents and settings\Willium\My Documents\My Music\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 09:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1708537768-630328440-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:13,3b,01,e9,a8,bb,5b,e8,6d,33,97,85,58,79,f8,67,86,f9,54,bf,33,
02,c2,64,55,dc,95,cd,b2,af,5d,99,4f,ae,16,03,c7,52,61,64,15,ec,63,40,8d,31,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\combofix\CF19472.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-31 9:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-31 09:18

Pre-Run: 9,321,820,160 bytes free
Post-Run: 11,170,033,664 bytes free

- - End Of File - - 2F5F2CF76AEA3DFB1FCA36A03CD38A3D

Attached Files


Edited by chamber, 29 October 2009 - 03:50 AM.
Pasted logs in

  • 0

#12
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Good to know that you can get into your computer.

Lets carry on, just a small note, all of the logs should be pasted in. :)

1) CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\win32k.sys

SRPeek::
c:\windows\system32\mspmsnsv.dll

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\DNA\\btdna.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

2) OTL


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

In your reply I would like to see copied and pasted,

1) ComboFix log
2) OTL logs

  • 0

#13
Willium_Bob_Cole

Willium_Bob_Cole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
ComboFix 09-10-27.07 - Willium 31/10/2009 10:25.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.539 [GMT 0:00]
Running from: c:\documents and settings\Willium\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Willium\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point

FILE ::
"c:\windows\win32k.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\win32k.sys

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-11-06 19:24 . 2009-11-06 19:24 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2009-11-06 18:27 . 2009-10-28 11:56 -------- d-----w- c:\program files\Gmask 1.70 English
2009-11-06 06:50 . 2009-11-06 06:50 -------- d-----w- c:\documents and settings\Willium\Application Data\Virgin Broadband
2009-11-06 06:50 . 2009-11-06 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Broadband
2009-11-05 16:48 . 2009-11-05 16:48 -------- d-----w- c:\documents and settings\Willium\Application Data\Unity
2009-11-05 16:43 . 2009-11-05 16:43 -------- d-----w- c:\documents and settings\Willium\Local Settings\Application Data\Unity
2009-11-05 16:43 . 2009-11-05 16:43 -------- d-----w- c:\program files\Unity
2009-11-05 16:30 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-11-05 16:28 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-31 09:25 . 2009-10-31 09:31 -------- d-----w- c:\documents and settings\Willium\Local Settings\Application Data\ApplicationHistory
2009-10-27 20:25 . 2009-10-27 20:25 -------- d-----w- c:\program files\Windows Live
2009-10-27 15:43 . 2009-10-27 15:43 120200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-27 15:39 . 2009-10-27 15:40 -------- d-----w- C:\94a3715beca94d1d71328d050a
2009-10-27 15:30 . 2009-10-27 15:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-27 15:17 . 2009-10-27 15:17 -------- d-----w- c:\documents and settings\Willium\Application Data\Windows Search
2009-10-27 15:13 . 2009-10-27 15:13 -------- d-----w- c:\documents and settings\Willium\Application Data\Windows Desktop Search
2009-10-27 15:12 . 2009-10-28 10:31 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-27 15:12 . 2009-10-27 15:12 -------- d-----w- c:\windows\system32\GroupPolicy
2009-10-27 15:12 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-10-27 15:12 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-10-27 15:12 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-10-27 15:10 . 2009-10-27 15:10 -------- d-----w- c:\windows\system32\URTTEMP
2009-10-27 14:51 . 2009-10-27 14:51 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-26 22:25 . 2009-10-26 22:25 -------- d-----w- c:\documents and settings\Willium\Local Settings\Application Data\AVG Security Toolbar
2009-10-26 22:23 . 2009-10-26 22:34 -------- d-----w- C:\$AVG
2009-10-26 22:22 . 2009-10-26 22:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-26 22:22 . 2009-10-27 14:46 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-26 22:22 . 2009-10-26 22:22 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-26 22:22 . 2009-10-31 09:31 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-26 22:22 . 2009-10-26 22:22 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-26 22:22 . 2009-10-27 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-26 22:22 . 2009-10-26 22:22 -------- d-----w- c:\program files\AVG
2009-10-26 22:22 . 2009-10-26 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-26 22:16 . 2009-10-26 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ZKS_COMPANY_NAME
2009-10-19 17:32 . 2009-10-23 08:32 -------- d-----w- c:\program files\Zax
2009-10-19 16:56 . 2009-10-19 16:56 -------- d-----w- c:\documents and settings\Willium\Application Data\Technology Lighthouse
2009-10-19 16:56 . 2009-10-19 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-19 16:55 . 2009-10-19 16:55 -------- d-----w- c:\program files\Technology Lighthouse
2009-10-19 07:32 . 2009-10-19 07:32 -------- d-----w- c:\documents and settings\Willium\Local Settings\Application Data\iMesh
2009-10-19 07:32 . 2009-10-19 07:32 -------- d-----w- c:\program files\iMesh Applications

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 16:32 . 2008-06-24 12:02 -------- d-----w- c:\program files\Java
2009-10-31 19:44 . 2009-07-27 19:39 -------- d-----w- c:\documents and settings\Willium\Application Data\Juce VST Host
2009-10-31 09:24 . 2008-06-10 12:51 -------- d-----w- c:\program files\Steam
2009-10-31 04:11 . 2008-10-12 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-27 18:53 . 2008-06-10 13:27 48504 -c--a-w- c:\documents and settings\Willium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-26 22:18 . 2008-06-10 13:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 22:18 . 2008-06-10 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ntl
2009-10-26 22:18 . 2008-06-10 13:00 -------- d-----w- c:\program files\Common Files\Command Software
2009-10-26 22:05 . 2008-06-10 14:09 230 ----a-w- c:\windows\freedom.backup.dat
2009-10-23 08:32 . 2008-08-22 16:46 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-10-23 08:32 . 2008-08-22 16:46 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-10-23 08:32 . 2008-08-22 16:46 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-10-22 18:19 . 2008-11-09 16:15 -------- d-----w- c:\program files\DOSBox-0.72
2009-10-19 14:11 . 2009-09-12 22:08 48 ----a-w- c:\windows\popcinfot.dat
2009-10-19 11:55 . 2008-06-19 18:05 -------- d-----w- c:\program files\NetAnts
2009-10-19 11:30 . 2008-11-07 00:10 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-19 11:30 . 2008-11-07 00:10 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-17 19:06 . 2008-10-24 20:14 -------- d-----w- c:\documents and settings\Willium\Application Data\uTorrent
2009-10-17 17:41 . 2009-03-11 00:33 -------- d-----w- c:\program files\Guitar Pro 5
2009-09-22 16:58 . 2009-05-13 18:06 -------- d-----w- c:\program files\Crayon Physics Deluxe
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 08:52 . 2009-09-08 08:52 -------- d-----w- c:\program files\Eidos Interactive
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:44 . 2004-08-04 12:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-02 15:17 . 2009-04-29 16:35 17 ----a-w- c:\windows\popcinfo.dat
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
((((((((((((((((((((((((((((( SnapShot@2009-10-31_09.00.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-31 09:26 . 2009-10-31 09:26 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_d9c72dba\System.Drawing.Design.dll
+ 2009-10-31 09:25 . 2009-10-31 09:25 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4d925822\CustomMarshalers.dll
+ 2009-10-31 09:27 . 2009-10-31 09:27 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_fa35ee23\System.Drawing.dll
+ 2009-10-31 09:30 . 2009-10-31 09:30 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_c2c63d59\System.Drawing.Design.dll
+ 2009-10-31 09:30 . 2009-10-31 09:30 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_c4f9e307\CustomMarshalers.dll
+ 2009-10-31 09:29 . 2009-10-31 09:30 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_6fa592fa\System.dll
+ 2009-10-31 09:31 . 2009-10-31 09:31 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_a8ac607b\System.Xml.dll
+ 2009-10-31 09:27 . 2009-10-31 09:27 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_4fb5d162\System.Xml.dll
+ 2009-10-31 09:30 . 2009-10-31 09:30 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_34203fab\System.Windows.Forms.dll
+ 2009-10-31 09:26 . 2009-10-31 09:26 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_2fad6561\System.Windows.Forms.dll
+ 2009-10-31 09:31 . 2009-10-31 09:31 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_be8f186c\System.Drawing.dll
+ 2009-10-31 09:31 . 2009-10-31 09:31 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_cc6f41b4\System.Design.dll
+ 2009-10-31 09:27 . 2009-10-31 09:27 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_316f30db\System.Design.dll
+ 2009-10-31 09:31 . 2009-10-31 09:31 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_8fd29a4e\mscorlib.dll
+ 2009-10-31 09:28 . 2009-10-31 09:28 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_79d73e13\mscorlib.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-18 12:27 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-23 68856]
"Steam"="c:\program files\Steam\Steam.exe" [2009-10-26 1217808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SideWinderTrayV4"="c:\progra~1\MICROS~2\GAMECO~1\common\swtrayv4.exe" [1999-05-12 20545]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-27 2010904]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Willium\Start Menu\Programs\[Accessories]\Startup\

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BN-WD54G Wireless Utility.lnk - c:\program files\BLUENEXT\BN-WD54G Wireless Utility\Installer\WINXP\BWCU.exe [2009-4-29 598016]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-26 22:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\multiwinia\\multiwinia.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\gish\\gish.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 4\\sammax104_drm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes exoddus demo\\Exoddus.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes oddysee demo\\AbeDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the wonderful end of the world\\main.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\geometry wars\\GeometryWars.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\eets\\Eets.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\gumboy crazy adventures\\GumboyCrazyAdventures.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\gumboy crazy features\\GumboyCrazyFeatures.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\flatout\\flatout.exe"=
"c:\\Program Files\\Steam\\steamapps\\lightsxout\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\flatout2\\FlatOut2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\lightsxout\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle deluxe\\Peggle.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle nights\\PeggleNights.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=
"c:\\Program Files\\Team17 Software Ltd\\Worms Forts Under Siege\\WF.exe"=
"c:\\Team17\\Worms2\\frontend.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\gumboy tournament demo\\GumboyTournament.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\full pipe\\Fullpipe.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"c:\\Program Files\\Games\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\lightsxout\\smashball\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=
"c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trine demo\\trine_launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blueberry garden demo\\BlueberryGarden.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Documents and Settings\\Willium\\Desktop\\Valve Lan Lite - School Edition\\hl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56928:TCP"= 56928:TCP:Pando Media Booster
"56928:UDP"= 56928:UDP:Pando Media Booster

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26/10/2009 10:22 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26/10/2009 10:22 PM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [26/10/2009 10:22 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [26/10/2009 10:22 PM 285392]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [21/03/2002 8:14 AM 21376]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-16 08:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download by NetAnts - c:\progra~1\NetAnts\NAGet.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download &All by NetAnts - c:\progra~1\NetAnts\NAGetAll.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Willium\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Willium\Application Data\Mozilla\Firefox\Profiles\151xy818.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 10:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1708537768-630328440-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:13,3b,01,e9,a8,bb,5b,e8,6d,33,97,85,58,79,f8,67,86,f9,54,bf,33,
02,c2,64,55,dc,95,cd,b2,af,5d,99,4f,ae,16,03,c7,52,61,64,15,ec,63,40,8d,31,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
.
Completion time: 2009-10-31 10:41
ComboFix-quarantined-files.txt 2009-10-31 10:40
ComboFix2.txt 2009-10-31 09:19

Pre-Run: 10,023,567,360 bytes free
Post-Run: 10,002,956,288 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4872611499F9101C7730491997511E01


OTL Extras logfile created on: 31/10/2009 10:44:31 AM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Willium\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 551.30 Mb Available Physical Memory | 53.87% Memory free
2.40 Gb Paging File | 2.04 Gb Available in Paging File | 84.98% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 9.35 Gb Free Space | 8.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-FB1F72142A
Current User Name: Willium
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"56928:TCP" = 56928:TCP:*:Enabled:Pando Media Booster
"56928:UDP" = 56928:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\Steam\steamapps\willium_bob_cole\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\willium_bob_cole\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\willium_bob_cole\garrysmod\hl2.exe" = C:\Program Files\Steam\steamapps\willium_bob_cole\garrysmod\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\willium_bob_cole\source sdk base\hl2.exe" = C:\Program Files\Steam\steamapps\willium_bob_cole\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Steam\steamapps\willium_bob_cole\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\steamapps\willium_bob_cole\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\common\multiwinia\multiwinia.exe" = C:\Program Files\Steam\steamapps\common\multiwinia\multiwinia.exe:*:Enabled:Multiwinia Demo -- (Introversion Software)
"C:\Program Files\Steam\steamapps\common\gish\gish.exe" = C:\Program Files\Steam\steamapps\common\gish\gish.exe:*:Enabled:Gish -- ()
"C:\Program Files\Steam\steamapps\common\sam and max episode 4\sammax104_drm.exe" = C:\Program Files\Steam\steamapps\common\sam and max episode 4\sammax104_drm.exe:*:Enabled:Sam and Max 104: Abe Lincoln Must Die -- ()
"C:\Program Files\Steam\steamapps\common\oddworld abes exoddus demo\Exoddus.exe" = C:\Program Files\Steam\steamapps\common\oddworld abes exoddus demo\Exoddus.exe:*:Enabled:Oddworld: Abe's Exoddus Demo -- (Oddworld Inhabitants, Inc.)
"C:\Program Files\Steam\steamapps\common\oddworld abes oddysee demo\AbeDemo.exe" = C:\Program Files\Steam\steamapps\common\oddworld abes oddysee demo\AbeDemo.exe:*:Enabled:Oddworld: Abe's Oddysee Demo -- (Oddworld Inhabitants, Inc.)
"C:\Program Files\Steam\steamapps\common\the wonderful end of the world\main.exe" = C:\Program Files\Steam\steamapps\common\the wonderful end of the world\main.exe:*:Enabled:The Wonderful End of the World -- ()
"C:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe" = C:\Program Files\Steam\steamapps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme -- ()
"C:\Program Files\Steam\steamapps\common\geometry wars\GeometryWars.exe" = C:\Program Files\Steam\steamapps\common\geometry wars\GeometryWars.exe:*:Enabled:Geometry Wars -- (Bizarre Creations Ltd.)
"C:\Program Files\Steam\steamapps\common\eets\Eets.exe" = C:\Program Files\Steam\steamapps\common\eets\Eets.exe:*:Enabled:Eets -- ()
"C:\Program Files\Steam\steamapps\common\gumboy crazy adventures\GumboyCrazyAdventures.exe" = C:\Program Files\Steam\steamapps\common\gumboy crazy adventures\GumboyCrazyAdventures.exe:*:Enabled:Gumboy Crazy Adventures -- ()
"C:\Program Files\Steam\steamapps\common\gumboy crazy features\GumboyCrazyFeatures.exe" = C:\Program Files\Steam\steamapps\common\gumboy crazy features\GumboyCrazyFeatures.exe:*:Enabled:Gumboy Crazy Features -- ()
"C:\Program Files\Steam\steamapps\common\flatout\flatout.exe" = C:\Program Files\Steam\steamapps\common\flatout\flatout.exe:*:Enabled:FlatOut -- ()
"C:\Program Files\Steam\steamapps\lightsxout\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\lightsxout\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\common\flatout2\FlatOut2.exe" = C:\Program Files\Steam\steamapps\common\flatout2\FlatOut2.exe:*:Enabled:FlatOut2 -- ()
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Steam\steamapps\lightsxout\source sdk base\hl2.exe" = C:\Program Files\Steam\steamapps\lightsxout\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\common\peggle deluxe\Peggle.exe" = C:\Program Files\Steam\steamapps\common\peggle deluxe\Peggle.exe:*:Enabled:Peggle Deluxe -- ()
"C:\Program Files\Steam\steamapps\common\peggle nights\PeggleNights.exe" = C:\Program Files\Steam\steamapps\common\peggle nights\PeggleNights.exe:*:Enabled:Peggle Nights -- ()
"C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe" = C:\Program Files\Steam\steamapps\common\world of goo\WorldOfGoo.exe:*:Enabled:World of Goo -- ()
"C:\Program Files\Team17 Software Ltd\Worms Forts Under Siege\WF.exe" = C:\Program Files\Team17 Software Ltd\Worms Forts Under Siege\WF.exe:*:Enabled:WF -- ()
"C:\Team17\Worms2\frontend.exe" = C:\Team17\Worms2\frontend.exe:*:Enabled:Worms 2 Frontend -- (Team17 Software Ltd)
"C:\Program Files\Steam\steamapps\common\gumboy tournament demo\GumboyTournament.exe" = C:\Program Files\Steam\steamapps\common\gumboy tournament demo\GumboyTournament.exe:*:Enabled:Gumboy Tournament Demo -- ()
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\full pipe\Fullpipe.exe" = C:\Program Files\Steam\steamapps\common\full pipe\Fullpipe.exe:*:Enabled:Full Pipe -- ()
"C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe" = C:\Program Files\Steam\steamapps\common\plants vs zombies\PlantsVsZombies.exe:*:Enabled:Plants Vs Zombies -- ()
"C:\Program Files\Games\Microsoft Games\Age of Empires II\empires2.exe" = C:\Program Files\Games\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\lightsxout\smashball\hl2.exe" = C:\Program Files\Steam\steamapps\lightsxout\smashball\hl2.exe:*:Disabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe" = C:\Program Files\Steam\steamapps\common\penumbra overture\redist\Penumbra.exe:*:Enabled:Penumbra Overture -- ()
"C:\Program Files\Steam\steamapps\willium_bob_cole\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\willium_bob_cole\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\common\trine demo\trine_launcher.exe" = C:\Program Files\Steam\steamapps\common\trine demo\trine_launcher.exe:*:Enabled:Trine Demo -- ()
"C:\Program Files\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe" = C:\Program Files\Steam\steamapps\common\blueberry garden demo\BlueberryGarden.exe:*:Enabled:Blueberry Garden Demo -- (Erik Svedäng)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)
"C:\Documents and Settings\Willium\Desktop\Valve Lan Lite - School Edition\hl.exe" = C:\Documents and Settings\Willium\Desktop\Valve Lan Lite - School Edition\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{17F17772-A234-4255-A5FE-C0C203A137F2}" = Anti-Spyware
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{19FDE9C5-2EC4-4898-92F4-128BD6F9D23A}" = Glasshouse
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22D56257-DE33-4C7D-817B-C2DE69FE953C}" = BOTS
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{2B072A33-D445-46D5-9442-7B41F5171AAC}" = Guitar Hero Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52F6CC52-0957-4839-83AA-40FEE221063E}" = Teaching You Electric Guitar Skills
"{53BEA20C-4566-401D-8C02-EDEC5678218B}" = AS-Patch-Reset
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6C132D40-361B-11D4-81D4-00E029561B9E}" = Wacky Races
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = The Sims Unleashed
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81A78093-9FBB-44F1-8781-195F4CF0F8EC}" = Music Coach Player
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8CA53298-AB86-49C7-8040-D5E7BA2F703A}" = NVIDIA PhysX Particle Fluid Demo
"{917E73C2-C7DA-4C12-9774-A6A2730BCAAB}" = Worms Forts Under Siege
"{930E3A6E-C479-4AB8-9060-65F44B0B8296}" = Enigmo Download
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}" = Prey
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B785CA1C-3EA0-4EFC-91BC-330EC34555BA}" = GhostMaster
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}" = BlueSoleil
"{BA10AC78-E687-4523-8B93-540428FC256F}" = Fahrenheit
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C3DED766-14AC-11D6-9934-0060080E9FBE}" = Kazoo Home Creative Studio
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4653572-FEF0-4B59-8E2D-BE21652A66B3}" = SpaMsiWrapper
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{DC4748C0-7D4D-11D4-A610-0090CC00AF7E}" = JILL
"{DE15F0C0-108D-11D4-AF73-0000E21444C5}" = ResidentEvil3
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3F38BFE-2DBB-4C16-A4DC-3A00CFE9163B}" = BN-WD54G Wireless Utility
"{EB3D2F14-C178-11D6-B49B-0020183A6529}" = eGames GOG Red
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"1000 Best Games" = 1000 Best Games
"31" = 31
"4oD" = 4oD
"AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disreg~5122E60D_is1" = AaaaaAAaaaAAAaaAAAAaAAAAA!!! - A Reckless Disregard for Gravity
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AFE37E47-37E7-435a-A665-729806B98AEF_is1" = PTFB Pro 3.6.0.3
"ASIO4ALL" = ASIO4ALL
"AsUninst.exe" = Anvil Studio
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"Babyz" = Babyz
"BroadJump Client Foundation" = BroadJump Client Foundation
"Bryce" = Bryce 5.5c
"BUGS" = BUGS
"Bugs Bunny & Taz - Time Busters" = Bugs Bunny & Taz - Time Busters
"Casino-On-Net" = Casino-On-Net
"Castle Video Poker Special Edition" = Castle Video Poker Special Edition
"Chicken Run" = Chicken Run
"Chinese Checkers Special Edition" = Chinese Checkers Special Edition
"Cinergy Script Editor" = Cinergy Script Editor
"Civil War Generals II Demo" = Civil War Generals II Demo
"C-Media USB Sound" = SilverCrest Vibration Headset
"C-Media USB Sound Driver" = C-Media USB Sound Driver
"Coke Side of Life" = Coke Side of Life Screen Saver
"Crayon Physics Deluxe Demo_is1" = Crayon Physics Deluxe Demo - release 52
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"Crazy Drake Special Edition" = Crazy Drake Special Edition
"Crazy Puzzle Special Edition" = Crazy Puzzle Special Edition
"Creatures 3" = Creatures 3
"DarkSide_is1" = DarkSide 1.01.4
"DAZ|Studio" = DAZ|Studio 1.5.1.0
"DeleteProdRunControl_UK" = IBM ViaVoice Command and Control Runtime 5.3 - UK English
"Demonstar Special Edition" = Demonstar Special Edition
"Discover Painting for Kids Special Edition" = Discover Painting for Kids Special Edition
"Disney's Magic Artist Studio" = Disney's Magic Artist Studio
"Docking Station" = Docking Station
"Dream Pinball 3D Demo" = Dream Pinball 3D Demo
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests (2008-2009)
"Dungeon Keeper II" = Dungeon Keeper 2
"Dweebs Special Edition" = Dweebs Special Edition
"Extreme Bugs Special Edition" = Extreme Bugs Special Edition
"Fahrenheit_is1" = Fahrenheit
"Fishie Fishie_is1" = Fishie Fishie 1.0
"FL Studio 8" = FL Studio 8
"Galaxy Slots Special Edition" = Galaxy Slots Special Edition
"Garret Special Edition" = Garret Special Edition
"GCFScape_is1" = GCFScape 1.7.2
"Gmask 1.70 English" = Gmask 1.70 English
"Google Updater" = Google Updater
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Heart Of Darkness" = Heart Of Darkness
"Hot Wheels® Micro Racers™" = Hot Wheels® Micro Racers™
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"Indeo® software" = Indeo® software
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Jack Keane (Demo)" = Jack Keane (Demo)
"Jewel Jam Special Edition" = Jewel Jam Special Edition
"legacyqcam_10.00" = Logitech Legacy USB Camera Driver Package
"LEGO Rock Raiders" = LEGO Rock Raiders
"LEGOIsland" = LEGO Island
"Lemmings Revolution" = Lemmings Revolution
"Lords of Magic Special Edition Demo" = Lords of Magic Special Edition Demo
"Ludo Safari Special Edition" = Ludo Safari Special Edition
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Memory Match" = Memory Match
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Midtown Madness 2.0" = Microsoft Midtown Madness 2
"Mini Golf Master Special Edition" = Mini Golf Master Special Edition
"Monopoly Junior" = Monopoly Junior
"Moon Buggy" = Moon Buggy
"Moonshot" = Moonshot
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NarbacularDrop_is1" = Narbacular Drop version 1.4
"Natural Selection_is1" = Natural Selection 3.2
"Nebulae Fighter Special Edition" = Nebulae Fighter Special Edition
"NetAnts" = NetAnts
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PCCat" = PC Cat
"PCPup" = PC Pup
"Pharaoh" = Pharaoh
"Phun_is1" = Phun beta 4.22
"PitchWorks DX" = PitchWorks remove
"Playground Special Edition" = Playground Special Edition
"PoiZone" = PoiZone
"Poolster 1.1 (Shareware)" = Poolster 1.1 (Shareware)
"rayman2" = rayman2
"Rekkaturvat" = Truck Dismount (remove only)
"Roller Coaster Factory 3" = Roller Coaster Factory 3
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Shockwave" = Shockwave
"SideWinder Game Pad Pro" = SideWinder Game Pad Pro
"Sierra Utilities" = Sierra Utilities
"Solitaire 25 Volume 3" = Solitaire 25 Volume 3
"Solitary Confinement" = Solitary Confinement
"SourceForts" = SourceForts
"Space Clash" = Space Clash
"Speedy Eggbert Special Edition" = Speedy Eggbert Special Edition
"ST4UNST #1" = 3dmaze
"ST4UNST #2" = AI Wars (The Insect Mind) v2.1a
"Star Miner Special Edition" = Star Miner Special Edition
"Steam App 1250" = Killing Floor
"Steam App 20560" = World of Zoo: Creature Creator Demo
"SystemRequirementsLab" = System Requirements Lab
"Tarzan Action Game" = Tarzan Action Game
"Teazle" = Teazle
"Toxic Biohazard" = Toxic Biohazard
"UnityWebPlayer" = Unity Web Player
"US Slots" = US Slots
"Virtools3DLifePlayer" = Virtools 3D Life Player
"Vodafone 804SS USB driver" = Vodafone 804SS USB driver Software
"Wendys Word Game Special Edition" = Wendys Word Game Special Edition
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Word Search Mania" = Word Search Mania
"Worms2" = Worms2
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zax_is1" = Zax: The Alien Hunter

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/10/2009 10:01:48 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
137.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 28/10/2009 10:01:48 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
139.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 28/10/2009 10:01:48 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
139.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 28/10/2009 10:01:49 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
145.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 28/10/2009 10:01:49 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
145.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 28/10/2009 10:01:49 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
146.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 28/10/2009 10:01:49 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
146.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 28/10/2009 10:01:50 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
153.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 28/10/2009 10:01:50 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
153.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 28/10/2009 10:01:50 AM | Computer Name = HOME-FB1F72142A | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\WILLIUM\MY DOCUMENTS\MY PICTURES\IPHONE\PICTURE
157.JPG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

[ System Events ]
Error - 31/10/2009 5:21:34 AM | Computer Name = HOME-FB1F72142A | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 31/10/2009 6:07:45 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 31/10/2009 6:08:00 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7034
Description = The AVG Free E-mail Scanner service terminated unexpectedly. It has
done this 1 time(s).

Error - 31/10/2009 6:08:05 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 31/10/2009 6:13:28 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 31/10/2009 6:13:30 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 31/10/2009 6:14:14 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 31/10/2009 6:24:59 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7034
Description = The BlueSoleil Hid Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 31/10/2009 6:25:00 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 31/10/2009 6:36:59 AM | Computer Name = HOME-FB1F72142A | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.


< End of report >


OTL logfile created on: 31/10/2009 10:44:31 AM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Willium\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 551.30 Mb Available Physical Memory | 53.87% Memory free
2.40 Gb Paging File | 2.04 Gb Available in Paging File | 84.98% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 9.35 Gb Free Space | 8.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-FB1F72142A
Current User Name: Willium
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Willium\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Command Software\dvpapi.exe (Authentium, Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg9emc [Auto | Running]) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd [Auto | Running]) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (BlueSoleil Hid Service [Auto | Stopped]) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dvpapi [Auto | Running]) -- C:\Program Files\Common Files\Command Software\dvpapi.exe (Authentium, Inc.)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (KService [Disabled | Stopped]) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (LVPrcSrv [Auto | Stopped]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (npggsvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (atksgt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\atksgt.sys ()
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BlueletAudio [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\blueletaudio.sys (IVT Corporation)
DRV - (BT [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\btnetdrv.sys (IVT Corporation)
DRV - (Btcsrusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btcusb.sys (IVT Corporation)
DRV - (BTHidEnum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vbtenum.sys ()
DRV - (BTHidMgr [Boot | Running]) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation)
DRV - (catchme [On_Demand | Running]) -- File not found
DRV - (cmudau [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\cmudaxu.sys (C-Media Inc)
DRV - (CSS DVP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\css-dvp.sys (Authentium, Inc.)
DRV - (DM9USB [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\dm9usb.sys (DAVICOM Semiconductor, Inc. )
DRV - (FilterService [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (GcKernel [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\GcKernel.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HIDSwvd [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HIDSwvd.sys (Microsoft Corporation)
DRV - (lirsgt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys ()
DRV - (lvpopflt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (lvselsus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvselsus.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (NPPTNT2 [On_Demand | Stopped]) -- C:\WINDOWS\System32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RT73 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rt73.sys (Ralink Technology, Corp.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ss_bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys (MCCI)
DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys (MCCI)
DRV - (ss_mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys (MCCI)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbcm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\usbcm.sys (Microsystems Corp)
DRV - (USBIO [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbio.sys (Thesycon GmbH, Germany)
DRV - (VComm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\VComm.sys (IVT Corporation)
DRV - (VcommMgr [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\VcommMgr.sys (IVT Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Willium\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 F9 BE 72 B7 5E CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696
FF - prefs.js..extensions.enabledItems: avg@igeared:2.709.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/28 00:38:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/10/27 15:50:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/10/26 22:22:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/05 07:42:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/05 07:42:11 | 00,000,000 | ---D | M]

[2009/04/29 13:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\mozilla\Extensions
[2009/01/13 17:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/26 22:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\mozilla\Firefox\Profiles\151xy818.default\extensions
[2009/06/28 11:23:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\mozilla\Firefox\Profiles\151xy818.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/29 13:03:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\mozilla\Firefox\Profiles\151xy818.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}(2)
[2009/10/27 12:26:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/06 21:22:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/29 13:36:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/08/06 21:21:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/06 21:21:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/06 21:21:56 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/05/02 06:43:03 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2009/10/05 07:42:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/05 07:42:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/05 07:42:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/05 07:42:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/05 07:42:11 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/05 07:42:11 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/05 07:42:11 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/02 17:50:46 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/05/02 17:50:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/10/26 22:25:24 | 00,002,265 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/05/02 17:50:46 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/05/02 17:50:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/02 17:50:46 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/05/02 17:50:46 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/02 17:50:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/02 17:50:46 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SideWinderTrayV4] C:\Program Files\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by NetAnts - C:\Program Files\NetAnts\NaGet.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &All by NetAnts - C:\Program Files\NetAnts\NaGetAll.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Willium\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://dev.srtest.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.mess.../Medialogic.CAB (CMediaMix Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1213103626234 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantac...ad/iaplayer.cab (InstantAction Game Launcher)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:21:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[10 C:\WINDOWS\*.tmp files]
[2009/10/26 22:22:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/26 22:22:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/19 16:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/06 06:50:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2009/10/26 22:16:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME
[2009/10/19 16:56:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Application Data\Technology Lighthouse
[2009/11/05 16:48:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Application Data\Unity
[2009/11/06 06:50:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Application Data\Virgin Broadband
[2009/10/27 15:13:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Application Data\Windows Desktop Search
[2009/10/27 15:17:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Application Data\Windows Search
[2009/10/31 09:25:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Local Settings\Application Data\ApplicationHistory
[2009/10/26 22:25:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Local Settings\Application Data\AVG Security Toolbar
[2009/10/19 07:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Local Settings\Application Data\iMesh
[2009/11/05 16:43:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Local Settings\Application Data\Unity
[2009/10/26 22:22:12 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/06 18:27:38 | 00,000,000 | ---D | C] -- C:\Program Files\Gmask 1.70 English
[2009/10/19 07:32:04 | 00,000,000 | ---D | C] -- C:\Program Files\iMesh Applications
[2009/10/19 16:55:38 | 00,000,000 | ---D | C] -- C:\Program Files\Technology Lighthouse
[2009/11/05 16:43:43 | 00,000,000 | ---D | C] -- C:\Program Files\Unity
[2009/10/27 15:12:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/10/27 20:25:32 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/10/27 14:51:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/10/19 17:32:10 | 00,000,000 | ---D | C] -- C:\Program Files\Zax
[2009/11/06 19:24:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP
[2009/11/06 18:35:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Desktop\b
[2009/11/06 13:11:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Desktop\steamappsss
[2009/11/05 16:32:18 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/05 16:32:18 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/05 16:32:18 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/05 16:30:51 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/11/05 16:30:48 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/11/05 16:28:04 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/10/31 10:41:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/31 10:17:47 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/31 10:14:28 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/31 08:28:02 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/31 08:28:02 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/31 08:28:02 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/31 08:28:02 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/31 08:27:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/31 08:21:33 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/30 12:25:26 | 04,608,744 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Willium\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/10/30 09:21:36 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Willium\Desktop\OTL.exe
[2009/10/29 20:33:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Desktop\Sorting Comp
[2009/10/29 19:16:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/10/28 10:52:12 | 14,653,4806 | ---- | C] (SourceForts Team) -- C:\Documents and Settings\Willium\Desktop\SF1941-Client.exe
[2009/10/27 15:39:29 | 00,000,000 | ---D | C] -- C:\94a3715beca94d1d71328d050a
[2009/10/27 15:12:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/10/27 15:12:10 | 00,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2009/10/27 15:12:10 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2009/10/27 15:12:10 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2009/10/27 15:10:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2009/10/27 09:11:40 | 01,146,184 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Willium\Desktop\wlsetup-web.exe
[2009/10/27 09:07:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/10/26 22:23:03 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/10/26 22:22:40 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/26 22:22:39 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/26 22:22:36 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/26 22:22:35 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/26 22:22:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/10/22 17:10:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Desktop\Valve Lan Lite - School Edition
[2009/10/22 17:07:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Desktop\college work
[2009/10/19 07:32:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\My Documents\iMesh
[2009/10/19 07:32:08 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actskn45.ocx

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[10 C:\WINDOWS\*.tmp files]
[2009/11/06 19:33:47 | 02,639,034 | -H-- | M] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\IconCache.db
[2009/11/06 19:12:48 | 00,003,436 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/31 10:41:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/31 10:37:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/31 10:18:02 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/31 09:30:36 | 44,366,342 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/31 09:28:13 | 00,064,405 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/31 09:24:19 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/31 09:23:46 | 00,181,756 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/31 09:23:44 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/31 09:23:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/31 09:23:02 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/31 09:00:37 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/28 12:19:28 | 04,608,744 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Willium\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[2009/10/28 12:15:00 | 03,440,512 | R--- | M] () -- C:\Documents and Settings\Willium\Desktop\ComboFix.exe
[2009/10/28 12:14:00 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\Win32kDiag(2).exe
[2009/10/28 11:56:08 | 00,366,211 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\Gmsk170E.exe
[2009/10/28 11:24:30 | 14,653,4806 | ---- | M] (SourceForts Team) -- C:\Documents and Settings\Willium\Desktop\SF1941-Client.exe
[2009/10/28 10:55:30 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/28 10:29:53 | 00,539,232 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/28 10:29:53 | 00,462,036 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/28 10:29:53 | 00,078,172 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/28 10:28:40 | 00,000,677 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\Shortcut to msmsgs.exe.lnk
[2009/10/27 20:13:32 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Willium\Desktop\OTL.exe
[2009/10/27 18:53:22 | 00,048,504 | ---- | M] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/27 15:51:10 | 00,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/27 15:13:31 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/27 15:12:55 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/10/27 14:46:26 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/27 09:11:41 | 01,146,184 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Willium\Desktop\wlsetup-web.exe
[2009/10/26 22:22:45 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/26 22:22:40 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/26 22:22:40 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/26 22:22:37 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/26 22:22:35 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/26 22:22:35 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/26 22:22:35 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/26 22:05:25 | 00,000,230 | ---- | M] () -- C:\WINDOWS\freedom.backup.dat
[2009/10/26 15:58:12 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/23 13:14:21 | 00,001,488 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\RESTART.lnk
[2009/10/23 08:32:16 | 00,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/10/23 08:32:16 | 00,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/10/23 08:32:16 | 00,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/10/20 06:22:04 | 03,415,397 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\Lemon Demon - The Ultimate Showdown of Ultimate Destiny.mp3
[2009/10/19 14:11:01 | 00,000,048 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/10/19 13:16:27 | 00,001,692 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\SHUTDOWN.lnk
[2009/10/19 11:30:33 | 00,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/10/19 11:30:33 | 00,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/10/17 17:41:56 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\Guitar Pro 5.lnk
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/02 11:01:58 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Files - No Company Name ==========
[2009/10/31 10:18:02 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/31 10:17:56 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/31 09:23:02 | 10,732,70784 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/31 08:28:02 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/31 08:28:02 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/31 08:28:02 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/31 08:28:02 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/31 08:28:02 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/30 12:25:22 | 03,440,512 | R--- | C] () -- C:\Documents and Settings\Willium\Desktop\ComboFix.exe
[2009/10/30 12:25:10 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\Win32kDiag(2).exe
[2009/10/28 11:56:03 | 00,366,211 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\Gmsk170E.exe
[2009/10/28 10:28:40 | 00,000,677 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\Shortcut to msmsgs.exe.lnk
[2009/10/27 15:12:55 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/10/26 22:22:45 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/26 22:22:40 | 44,366,342 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/26 22:22:40 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/26 22:22:35 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/26 22:22:35 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/26 22:22:35 | 00,064,405 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/23 13:08:06 | 00,001,488 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\RESTART.lnk
[2009/10/20 06:10:05 | 03,415,397 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\Lemon Demon - The Ultimate Showdown of Ultimate Destiny.mp3
[2009/10/19 07:35:55 | 00,001,692 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\SHUTDOWN.lnk
[2009/10/17 17:41:56 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\Guitar Pro 5.lnk
[2009/08/06 12:59:11 | 00,000,065 | ---- | C] () -- C:\WINDOWS\NARBACULARDROP.INI
[2009/05/03 22:28:30 | 00,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/29 13:32:01 | 00,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009/02/05 15:56:47 | 00,000,032 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\4612a3fd366405348c504a9b8fc9da7d_Willium
[2008/12/16 20:58:54 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/09 14:03:24 | 00,000,223 | ---- | C] () -- C:\WINDOWS\FUJIGOLF.INI
[2008/11/09 13:53:08 | 00,002,202 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/11/04 15:27:45 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/26 15:04:59 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll
[2008/09/11 17:58:58 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\VBCARDS.DLL
[2008/09/11 17:58:57 | 00,271,264 | ---- | C] () -- C:\WINDOWS\System32\VBRUN100.DLL
[2008/09/11 17:58:57 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/09/11 17:58:57 | 00,004,608 | ---- | C] () -- C:\WINDOWS\MTNEWS.DLL
[2008/09/11 17:58:57 | 00,000,038 | ---- | C] () -- C:\WINDOWS\BestGame.ini
[2008/09/03 18:30:48 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/09/03 18:30:48 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/08/24 16:28:59 | 00,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/08/24 15:06:32 | 00,000,437 | ---- | C] () -- C:\WINDOWS\pdhpro.ini
[2008/08/24 15:00:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/08/24 14:39:44 | 00,000,146 | ---- | C] () -- C:\WINDOWS\gsp_arcd.ini
[2008/08/24 14:39:43 | 00,271,264 | ---- | C] () -- C:\WINDOWS\VBRUN100.DLL
[2008/08/24 14:39:43 | 00,017,424 | ---- | C] () -- C:\WINDOWS\FH_BMP.DLL
[2008/08/23 16:03:21 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/08/23 16:03:20 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/08/22 16:59:00 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2008/08/22 16:46:35 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/08/22 16:46:35 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/08/22 16:46:35 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/08/22 12:30:50 | 00,000,049 | ---- | C] () -- C:\WINDOWS\dc_jill.INI
[2008/08/22 12:26:49 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/08/21 12:11:28 | 00,974,848 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/08/21 12:11:28 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008/08/21 12:11:28 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2008/08/09 14:00:58 | 00,000,059 | ---- | C] () -- C:\WINDOWS\Crazy.INI
[2008/07/26 11:11:37 | 02,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2008/07/25 18:56:06 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2008/07/25 14:07:24 | 00,000,470 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/07/24 19:08:39 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2008/07/24 19:08:39 | 00,012,500 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2008/07/24 18:49:38 | 00,311,296 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2008/07/24 18:49:37 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\drumpad.dll
[2008/07/24 18:49:23 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\animation.dll
[2008/07/24 18:45:17 | 00,001,857 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/07/24 18:41:57 | 00,189,952 | ---- | C] () -- C:\WINDOWS\Qcard32.dll
[2008/07/24 18:41:56 | 00,189,952 | ---- | C] () -- C:\WINDOWS\System32\Qcard32.dll
[2008/07/24 18:22:02 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/19 18:36:48 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
[2008/06/19 18:36:26 | 00,065,536 | R--- | C] () -- C:\WINDOWS\VMix.dll
[2008/06/19 18:36:26 | 00,005,690 | R--- | C] () -- C:\WINDOWS\Cmudau.ini
[2008/06/10 14:09:32 | 02,639,034 | -H-- | C] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\IconCache.db
[2008/06/10 13:27:11 | 00,048,504 | ---- | C] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/06/10 13:26:31 | 00,000,070 | ---- | C] () -- C:\WINDOWS\EB33ADEF.ini
[2008/06/10 13:10:23 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/06/10 12:53:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/06/10 12:36:06 | 00,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2008/06/10 12:36:06 | 00,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2008/06/10 12:36:06 | 00,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2008/06/10 12:36:06 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2008/06/10 12:36:05 | 00,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2008/06/10 12:28:21 | 00,000,062 | ---- | C] () -- C:\Documents and Settings\Willium\Application Data\desktop.ini
[2008/06/05 07:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/03 04:46:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/03 04:46:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/03 04:46:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/03 04:46:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/03 04:46:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/03 10:59:54 | 06,148,096 | ---- | C] () -- C:\WINDOWS\System32\dzcore.dll
[2006/12/05 15:07:16 | 00,032,256 | ---- | C] () -- C:\WINDOWS\System32\dzbryce6.dll
[2006/12/05 15:00:56 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\dzwrapper.dll
[2006/11/20 16:25:16 | 01,343,488 | ---- | C] () -- C:\WINDOWS\System32\daz-qsa.dll
[2006/11/20 16:25:02 | 04,984,832 | ---- | C] () -- C:\WINDOWS\System32\daz-qt-mt.dll
[2004/08/04 12:00:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(4).dll
[2004/08/04 12:00:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/04 12:00:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/04 12:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2004/08/04 12:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/08/04 12:00:00 | 00,003,436 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 12:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/06/06 01:01:58 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2000/03/29 00:58:40 | 00,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[2000/03/28 14:27:42 | 00,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll

========== LOP Check ==========

[2009/10/26 22:22:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/28 16:24:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/11 15:21:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/07 17:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/10/27 15:03:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/26 22:22:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/24 19:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2008/10/14 18:27:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2009/05/07 09:32:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2008/11/21 13:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/04/29 13:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/04/29 12:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki(2)
[2009/05/06 12:28:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/03/20 11:04:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/04/29 12:48:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mevo
[2008/11/07 19:55:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/10/26 22:18:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ntl
[2009/05/02 06:44:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/05/13 09:33:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/11/23 17:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2009/10/19 16:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/06 06:50:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2009/10/26 22:16:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME
[2009/10/27 15:17:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Willium\Application Data
[2008/12/04 21:41:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Anvil Studio
[2008/07/10 14:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\BitTorrent
[2009/04/20 23:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Braid
[2009/05/21 06:53:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Broken Rules
[2008/10/16 14:26:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\CasinoOnNet
[2009/05/13 18:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Crayon Physics Deluxe
[2008/11/09 19:20:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\DNA
[2008/11/23 17:57:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Download Manager
[2008/08/23 15:00:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\dp3d
[2008/11/20 17:41:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\FileMaker
[2008/06/20 21:38:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\fretsonfire
[2008/12/10 21:17:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\GarageGames
[2008/11/17 21:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\GetRightToGo
[2009/06/30 19:10:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Glasshouse
[2008/10/16 23:01:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\IMVU
[2008/10/16 23:10:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\IMVUClient
[2009/10/31 19:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Juce VST Host
[2009/05/03 22:37:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Leadertech
[2009/04/29 13:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\LimeWire
[2009/06/11 21:28:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Lionhead Studios
[2008/07/25 14:02:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\LucasArts
[2008/06/10 13:26:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\ntl
[2008/06/30 15:47:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\OnReally
[2008/10/16 19:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\OpenOffice.org
[2008/08/23 15:15:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Pi Eye Games
[2009/02/05 15:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Plogue
[2008/10/05 16:16:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Willium\Application Data\SecuROM
[2009/04/21 00:21:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Slam Dunk Studios, LLC
[2009/01/30 16:55:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\SPORE
[2008/10/02 17:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\SPORE Creature Creator
[2008/10/09 19:00:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\SporeCreatureCreator
[2009/01/29 11:28:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\SystemRequirementsLab
[2009/10/19 16:56:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Technology Lighthouse
[2009/11/05 16:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Unity
[2009/10/17 19:06:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\uTorrent
[2009/04/29 13:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\vghd
[2009/11/06 06:50:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Virgin Broadband
[2009/10/27 15:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Windows Desktop Search
[2009/10/27 15:17:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Windows Search
[2004/08/04 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/31 09:23:44 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/10/31 10:41:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/10/06 15:16:08 | 00,894,424 | ---- | M] () -- C:\bots.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/04 12:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll
[6 C:\WINDOWS\system32\*.tmp files]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/04 12:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\scecli.dll
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll
[6 C:\WINDOWS\system32\*.tmp files]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/04 12:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll
[6 C:\WINDOWS\system32\*.tmp files]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >
[logevent.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\logevent.dll
[6 C:\WINDOWS\system32\*.tmp files]

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/04 12:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ERDNT\cache\agp440.sys
[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >



Logs as requested. and pasted this time ;P
  • 0

#14
chamber

chamber

    Face Burnin' Malware Fighter

  • Visiting Consultant
  • 2,712 posts
Hi,

Logs are looking better.

I need you to uninstall the following.

BitTorrent
BitTorrent DNA
uTorrent
LimeWire

1) OTL

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2007/10/06 15:16:08 | 00,894,424 | ---- | M] () -- C:\bots.exe
    [2009/10/17 19:06:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\uTorrent
    [2009/04/29 13:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\LimeWire
    [2008/07/10 14:59:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\BitTorrent
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

2) Malwarebytes

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

3) JavaRa

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

4) Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

In your reply I would like to see copied and pasted,

1) OTL logs
2) Malwarebytes log
3) Kaspersky scan

  • 0

#15
Willium_Bob_Cole

Willium_Bob_Cole

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
OTL logfile created on: 31/10/2009 4:44:37 PM - Run 2
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Willium\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 597.52 Mb Available Physical Memory | 58.38% Memory free
2.40 Gb Paging File | 2.04 Gb Available in Paging File | 84.78% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 9.52 Gb Free Space | 8.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-FB1F72142A
Current User Name: Willium
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Willium\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\BLUENEXT\BN-WD54G Wireless Utility\Installer\WINXP\BWCU.exe (HAYAT and HU CORPORATION LTD )
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Command Software\dvpapi.exe (Authentium, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg9emc [Auto | Running]) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd [Auto | Running]) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (BlueSoleil Hid Service [Auto | Running]) -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dvpapi [Auto | Running]) -- C:\Program Files\Common Files\Command Software\dvpapi.exe (Authentium, Inc.)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (KService [Disabled | Stopped]) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (npggsvc [On_Demand | Stopped]) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Willium\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 F9 BE 72 B7 5E CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696
FF - prefs.js..extensions.enabledItems: avg@igeared:2.709.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/28 00:38:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/10/27 15:50:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/10/26 22:22:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/05 07:42:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/05 07:42:11 | 00,000,000 | ---D | M]

[2009/04/29 13:11:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\mozilla\Extensions
[2009/01/13 17:32:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/26 22:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\mozilla\Firefox\Profiles\151xy818.default\extensions
[2009/06/28 11:23:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\mozilla\Firefox\Profiles\151xy818.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/29 13:03:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\mozilla\Firefox\Profiles\151xy818.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}(2)
[2009/10/27 12:26:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/06 21:22:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/29 13:36:20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/08/06 21:21:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/06 21:21:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/06 21:21:56 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/05/02 06:43:03 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2009/10/05 07:42:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/05 07:42:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/05 07:42:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/05 07:42:10 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/05 07:42:11 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/05 07:42:11 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/05 07:42:11 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/05/02 17:50:46 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/05/02 17:50:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/10/26 22:25:24 | 00,002,265 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/05/02 17:50:46 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/05/02 17:50:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/02 17:50:46 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/05/02 17:50:46 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/02 17:50:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/02 17:50:46 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SideWinderTrayV4] C:\Program Files\Microsoft Hardware\Game Controllers\Common\SWTrayV4.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by NetAnts - C:\Program Files\NetAnts\NaGet.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download &All by NetAnts - C:\Program Files\NetAnts\NaGetAll.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Willium\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://dev.srtest.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.mess.../Medialogic.CAB (CMediaMix Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1213103626234 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....l/installer.exe (Virtools WebPlayer Class)
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} http://www.instantac...ad/iaplayer.cab (InstantAction Game Launcher)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll File not found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 12:21:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/10/26 22:22:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/26 22:22:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/19 16:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/06 06:50:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2009/10/26 22:16:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME
[2009/10/19 16:56:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Application Data\Technology Lighthouse
[2009/11/05 16:48:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Application Data\Unity
[2009/11/06 06:50:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Application Data\Virgin Broadband
[2009/10/27 15:13:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Application Data\Windows Desktop Search
[2009/10/27 15:17:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Application Data\Windows Search
[2009/10/31 09:25:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Local Settings\Application Data\ApplicationHistory
[2009/10/26 22:25:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Local Settings\Application Data\AVG Security Toolbar
[2009/10/19 07:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Local Settings\Application Data\iMesh
[2009/11/05 16:43:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Local Settings\Application Data\Unity
[2009/10/26 22:22:12 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/11/06 18:27:38 | 00,000,000 | ---D | C] -- C:\Program Files\Gmask 1.70 English
[2009/10/19 07:32:04 | 00,000,000 | ---D | C] -- C:\Program Files\iMesh Applications
[2009/10/19 16:55:38 | 00,000,000 | ---D | C] -- C:\Program Files\Technology Lighthouse
[2009/11/05 16:43:43 | 00,000,000 | ---D | C] -- C:\Program Files\Unity
[2009/10/27 15:12:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/10/27 20:25:32 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/10/27 14:51:13 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/10/19 17:32:10 | 00,000,000 | ---D | C] -- C:\Program Files\Zax
[2009/11/06 18:35:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Desktop\b
[2009/11/06 13:11:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Desktop\steamappsss
[2009/10/31 16:39:30 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/10/31 10:41:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/10/31 10:17:47 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/31 10:14:28 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/31 08:28:02 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/31 08:28:02 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/31 08:28:02 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/31 08:28:02 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/31 08:27:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/31 08:21:33 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/30 09:21:36 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Willium\Desktop\OTL.exe
[2009/10/29 20:33:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Desktop\Sorting Comp
[2009/10/29 19:16:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/10/28 10:52:12 | 14,653,4806 | ---- | C] (SourceForts Team) -- C:\Documents and Settings\Willium\Desktop\SF1941-Client.exe
[2009/10/27 15:39:29 | 00,000,000 | ---D | C] -- C:\94a3715beca94d1d71328d050a
[2009/10/27 15:12:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/10/27 15:10:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2009/10/27 09:07:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/10/26 22:23:03 | 00,000,000 | ---D | C] -- C:\$AVG
[2009/10/26 22:22:40 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/26 22:22:39 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/26 22:22:36 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/26 22:22:35 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/26 22:22:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/10/22 17:10:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Desktop\Valve Lan Lite - School Edition
[2009/10/22 17:07:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\Desktop\college work
[2009/10/19 07:32:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Willium\My Documents\iMesh
[2009/10/19 07:32:08 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\WINDOWS\System32\actskn45.ocx

========== Files - Modified Within 14 Days ==========

[2009/11/06 19:33:47 | 02,639,034 | -H-- | M] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\IconCache.db
[2009/11/06 19:12:48 | 00,003,436 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/31 16:41:54 | 00,181,756 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/10/31 16:41:50 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/31 16:41:45 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/10/31 16:41:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/31 16:41:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/31 16:41:27 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/31 10:37:06 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/31 10:18:02 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/10/31 09:30:36 | 44,366,342 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/31 09:28:13 | 00,064,405 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/31 09:00:37 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/28 12:15:00 | 03,440,512 | R--- | M] () -- C:\Documents and Settings\Willium\Desktop\ComboFix.exe
[2009/10/28 12:14:00 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\Win32kDiag(2).exe
[2009/10/28 11:56:08 | 00,366,211 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\Gmsk170E.exe
[2009/10/28 11:24:30 | 14,653,4806 | ---- | M] (SourceForts Team) -- C:\Documents and Settings\Willium\Desktop\SF1941-Client.exe
[2009/10/28 10:55:30 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/28 10:29:53 | 00,539,232 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/28 10:29:53 | 00,462,036 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/28 10:29:53 | 00,078,172 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/28 10:28:40 | 00,000,677 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\Shortcut to msmsgs.exe.lnk
[2009/10/27 20:13:32 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Willium\Desktop\OTL.exe
[2009/10/27 18:53:22 | 00,048,504 | ---- | M] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/27 15:51:10 | 00,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/27 15:13:31 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/27 15:12:55 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/10/27 14:46:26 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/10/26 22:22:45 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/26 22:22:40 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/26 22:22:40 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/26 22:22:37 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/26 22:22:35 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/26 22:22:35 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/26 22:22:35 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/26 22:05:25 | 00,000,230 | ---- | M] () -- C:\WINDOWS\freedom.backup.dat
[2009/10/26 15:58:12 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/23 13:14:21 | 00,001,488 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\RESTART.lnk
[2009/10/23 08:32:16 | 00,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/10/23 08:32:16 | 00,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/10/23 08:32:16 | 00,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/10/20 06:22:04 | 03,415,397 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\Lemon Demon - The Ultimate Showdown of Ultimate Destiny.mp3
[2009/10/19 14:11:01 | 00,000,048 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/10/19 13:16:27 | 00,001,692 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\SHUTDOWN.lnk
[2009/10/19 11:30:33 | 00,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/10/19 11:30:33 | 00,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/10/17 17:41:56 | 00,000,619 | ---- | M] () -- C:\Documents and Settings\Willium\Desktop\Guitar Pro 5.lnk

========== Files - No Company Name ==========
[2009/10/31 10:18:02 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/31 10:17:56 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/31 09:23:02 | 10,732,70784 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/31 08:28:02 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/31 08:28:02 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/31 08:28:02 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/31 08:28:02 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/31 08:28:02 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/30 12:25:22 | 03,440,512 | R--- | C] () -- C:\Documents and Settings\Willium\Desktop\ComboFix.exe
[2009/10/30 12:25:10 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\Win32kDiag(2).exe
[2009/10/28 11:56:03 | 00,366,211 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\Gmsk170E.exe
[2009/10/28 10:28:40 | 00,000,677 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\Shortcut to msmsgs.exe.lnk
[2009/10/27 15:12:55 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/10/26 22:22:45 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2009/10/26 22:22:40 | 44,366,342 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/26 22:22:40 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/26 22:22:35 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/10/26 22:22:35 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/26 22:22:35 | 00,064,405 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/23 13:08:06 | 00,001,488 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\RESTART.lnk
[2009/10/20 06:10:05 | 03,415,397 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\Lemon Demon - The Ultimate Showdown of Ultimate Destiny.mp3
[2009/10/19 07:35:55 | 00,001,692 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\SHUTDOWN.lnk
[2009/10/17 17:41:56 | 00,000,619 | ---- | C] () -- C:\Documents and Settings\Willium\Desktop\Guitar Pro 5.lnk
[2009/08/06 12:59:11 | 00,000,065 | ---- | C] () -- C:\WINDOWS\NARBACULARDROP.INI
[2009/05/03 22:28:30 | 00,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/29 13:32:01 | 00,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009/02/05 15:56:47 | 00,000,032 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\4612a3fd366405348c504a9b8fc9da7d_Willium
[2008/12/16 20:58:54 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/11/09 14:03:24 | 00,000,223 | ---- | C] () -- C:\WINDOWS\FUJIGOLF.INI
[2008/11/09 13:53:08 | 00,002,202 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/11/04 15:27:45 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/26 15:04:59 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\shellses.dll
[2008/09/11 17:58:58 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\VBCARDS.DLL
[2008/09/11 17:58:57 | 00,271,264 | ---- | C] () -- C:\WINDOWS\System32\VBRUN100.DLL
[2008/09/11 17:58:57 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/09/11 17:58:57 | 00,004,608 | ---- | C] () -- C:\WINDOWS\MTNEWS.DLL
[2008/09/11 17:58:57 | 00,000,038 | ---- | C] () -- C:\WINDOWS\BestGame.ini
[2008/09/03 18:30:48 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/09/03 18:30:48 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/08/24 16:28:59 | 00,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2008/08/24 15:06:32 | 00,000,437 | ---- | C] () -- C:\WINDOWS\pdhpro.ini
[2008/08/24 15:00:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/08/24 14:39:44 | 00,000,146 | ---- | C] () -- C:\WINDOWS\gsp_arcd.ini
[2008/08/24 14:39:43 | 00,271,264 | ---- | C] () -- C:\WINDOWS\VBRUN100.DLL
[2008/08/24 14:39:43 | 00,017,424 | ---- | C] () -- C:\WINDOWS\FH_BMP.DLL
[2008/08/23 16:03:21 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/08/23 16:03:20 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/08/22 16:59:00 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2008/08/22 16:46:35 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/08/22 16:46:35 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/08/22 16:46:35 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/08/22 12:30:50 | 00,000,049 | ---- | C] () -- C:\WINDOWS\dc_jill.INI
[2008/08/22 12:26:49 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/08/21 12:11:28 | 00,974,848 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2008/08/21 12:11:28 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008/08/21 12:11:28 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2008/08/09 14:00:58 | 00,000,059 | ---- | C] () -- C:\WINDOWS\Crazy.INI
[2008/07/26 11:11:37 | 02,729,472 | ---- | C] () -- C:\WINDOWS\System32\fun_avcodec.dll
[2008/07/25 18:56:06 | 00,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2008/07/25 14:07:24 | 00,000,470 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/07/24 19:08:39 | 00,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2008/07/24 19:08:39 | 00,012,500 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2008/07/24 18:49:38 | 00,311,296 | ---- | C] () -- C:\WINDOWS\System32\fxstudio.dll
[2008/07/24 18:49:37 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\drumpad.dll
[2008/07/24 18:49:23 | 00,274,432 | ---- | C] () -- C:\WINDOWS\System32\animation.dll
[2008/07/24 18:45:17 | 00,001,857 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/07/24 18:41:57 | 00,189,952 | ---- | C] () -- C:\WINDOWS\Qcard32.dll
[2008/07/24 18:41:56 | 00,189,952 | ---- | C] () -- C:\WINDOWS\System32\Qcard32.dll
[2008/07/24 18:22:02 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/19 18:36:48 | 00,045,056 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
[2008/06/19 18:36:26 | 00,065,536 | R--- | C] () -- C:\WINDOWS\VMix.dll
[2008/06/19 18:36:26 | 00,005,690 | R--- | C] () -- C:\WINDOWS\Cmudau.ini
[2008/06/10 14:09:32 | 02,639,034 | -H-- | C] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\IconCache.db
[2008/06/10 13:27:11 | 00,048,504 | ---- | C] () -- C:\Documents and Settings\Willium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/06/10 13:26:31 | 00,000,070 | ---- | C] () -- C:\WINDOWS\EB33ADEF.ini
[2008/06/10 13:10:23 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/06/10 12:53:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/06/10 12:36:06 | 00,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2008/06/10 12:36:06 | 00,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2008/06/10 12:36:06 | 00,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2008/06/10 12:36:06 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2008/06/10 12:36:05 | 00,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2008/06/10 12:28:21 | 00,000,062 | ---- | C] () -- C:\Documents and Settings\Willium\Application Data\desktop.ini
[2008/06/05 07:58:26 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/03 04:46:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/03 04:46:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/03 04:46:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/03 04:46:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/03 04:46:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/03 10:59:54 | 06,148,096 | ---- | C] () -- C:\WINDOWS\System32\dzcore.dll
[2006/12/05 15:07:16 | 00,032,256 | ---- | C] () -- C:\WINDOWS\System32\dzbryce6.dll
[2006/12/05 15:00:56 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\dzwrapper.dll
[2006/11/20 16:25:16 | 01,343,488 | ---- | C] () -- C:\WINDOWS\System32\daz-qsa.dll
[2006/11/20 16:25:02 | 04,984,832 | ---- | C] () -- C:\WINDOWS\System32\daz-qt-mt.dll
[2004/08/04 12:00:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(4).dll
[2004/08/04 12:00:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(3).dll
[2004/08/04 12:00:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/08/04 12:00:00 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum(2).dll
[2004/08/04 12:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/08/04 12:00:00 | 00,003,436 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 12:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/06/06 01:01:58 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2000/03/29 00:58:40 | 00,280,576 | ---- | C] () -- C:\WINDOWS\System32\pxd_kom.dll
[2000/03/28 14:27:42 | 00,075,976 | ---- | C] () -- C:\WINDOWS\System32\BASSDEC.dll

========== LOP Check ==========

[2009/10/26 22:22:34 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/28 16:24:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/11 15:21:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/07 17:37:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/10/27 15:03:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/10/26 22:22:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/24 19:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2008/10/14 18:27:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2009/05/07 09:32:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driving Test Success
[2008/11/21 13:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/04/29 13:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/04/29 12:39:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki(2)
[2009/05/06 12:28:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/03/20 11:04:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/04/29 12:48:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mevo
[2008/11/07 19:55:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/10/26 22:18:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ntl
[2009/05/02 06:44:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/05/13 09:33:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/11/23 17:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tages
[2009/10/19 16:56:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/06 06:50:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2009/10/26 22:16:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZKS_COMPANY_NAME
[2009/10/31 16:37:50 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Willium\Application Data
[2008/12/04 21:41:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Anvil Studio
[2009/04/20 23:23:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Braid
[2009/05/21 06:53:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Broken Rules
[2008/10/16 14:26:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\CasinoOnNet
[2009/05/13 18:56:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Crayon Physics Deluxe
[2008/11/23 17:57:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Download Manager
[2008/08/23 15:00:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\dp3d
[2008/11/20 17:41:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\FileMaker
[2008/06/20 21:38:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\fretsonfire
[2008/12/10 21:17:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\GarageGames
[2008/11/17 21:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\GetRightToGo
[2009/06/30 19:10:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Glasshouse
[2008/10/16 23:01:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\IMVU
[2008/10/16 23:10:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\IMVUClient
[2009/10/31 19:44:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Juce VST Host
[2009/05/03 22:37:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Leadertech
[2009/06/11 21:28:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Lionhead Studios
[2008/07/25 14:02:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\LucasArts
[2008/06/10 13:26:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\ntl
[2008/06/30 15:47:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\OnReally
[2008/10/16 19:38:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\OpenOffice.org
[2008/08/23 15:15:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Pi Eye Games
[2009/02/05 15:57:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Plogue
[2008/10/05 16:16:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Willium\Application Data\SecuROM
[2009/04/21 00:21:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Slam Dunk Studios, LLC
[2009/01/30 16:55:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\SPORE
[2008/10/02 17:27:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\SPORE Creature Creator
[2008/10/09 19:00:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\SporeCreatureCreator
[2009/01/29 11:28:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\SystemRequirementsLab
[2009/10/19 16:56:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Technology Lighthouse
[2009/11/05 16:48:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Unity
[2009/04/29 13:13:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\vghd
[2009/11/06 06:50:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Virgin Broadband
[2009/10/27 15:13:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Windows Desktop Search
[2009/10/27 15:17:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Willium\Application Data\Windows Search
[2004/08/04 12:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/31 16:41:45 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/10/31 16:41:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >



Malwarebytes' Anti-Malware 1.41
Database version: 3055
Windows 5.1.2600 Service Pack 3

31/10/2009 5:05:43 PM
mbam-log-2009-10-31 (17-05-43).txt

Scan type: Quick Scan
Objects scanned: 98832
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\bots.dat (Trojan.Agent) -> Quarantined and deleted successfully.



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, November 1, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, October 30, 2009 08:51:57
Records in database: 3104349
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 265319
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 05:53:13


File name / Threat / Threats count
C:\Program Files\Games\eGames\Solitaire 25 Volume 3\Wcsup.dll Infected: Backdoor.Win32.SdBot.mua 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\eventlog.dll.vir Infected: Rootkit.Win32.PMax.h 1

Selected area has been scanned.



Hows it look? Sorry for long reply, Kaspersky took ages... and then my spaz mouse did its thing where it just... goes back a page on my browser... probably a driver fault but ive never felt it was that much of an issue to bothe about it.
so anyways, I re ran the scan and it has just finished, so, there are the logs.

Again, I appreciate all the efforts you put in :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP