Solved Trying To Cleanup Windows XP

[Resolved] Trying To Cleanup Windows XP

I am trying to cleanup my Windows XP and get my CPU down out of the clouds. It often runs 100% even at idle. I was asked to post a log here although I don't believe I have a virus or malware. Nevertheless here is my log:

[HJT log removed by Broni]

 

Dds

I am trying to complete my logs but the DDS tool says it shouldn't take more than 3 minutes to complete. I started the tool and it's been running for about a hour. Is this normal or what?

 

Logs

Here are 3 of the logs requested:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7692

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/10/2011 5:06:17 PM
mbam-log-2011-09-10 (17-06-17).txt

Scan type: Quick scan
Objects scanned: 152406
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-02 18:10:13
-----------------------------
18:10:13.109 OS Version: Windows 5.1.2600 Service Pack 3
18:10:13.109 Number of processors: 1 586 0x303
18:10:13.125 ComputerName: JOE-D4894AEAD29 UserName: Joe
18:10:14.640 Initialize success
18:10:27.625 Service scanning
18:10:30.406 Modules scanning
18:11:52.765 Disk 0 trace - called modules:
18:11:52.812 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
18:11:52.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a448ab8]
18:11:52.812 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\0000006b[0x8a46de98]
18:11:52.812 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a46c940]
18:11:52.812 Scan finished successfully
18:14:15.203 The log file has been saved successfully to "I:\Documents and Settings\Joe\De

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-02 21:25:39
Windows 5.1.2600 Service Pack 3
Running: vnl2tqpq.exe; Driver: I:\DOCUME~1\Joe\LOCALS~1\Temp\ffpyrkob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA89C6F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA89C6FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA89C7080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA89C711C]

---- User code sections - GMER 1.0.15 ----

.text I:\WINDOWS\system32\ctfmon.exe[168] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F00001
.text I:\WINDOWS\system32\ctfmon.exe[168] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text I:\WINDOWS\system32\ctfmon.exe[168] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\system32\svchost.exe[212] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FA0001
.text I:\WINDOWS\system32\svchost.exe[212] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text I:\WINDOWS\system32\svchost.exe[212] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[232] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EC0001
.text I:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[232] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text I:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe[232] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe[356] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 033F0001
.text I:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe[356] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A00F5A
.text I:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe[356] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\System32\alg.exe[376] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008D0001
.text I:\WINDOWS\System32\alg.exe[376] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A10F5A
.text I:\WINDOWS\System32\alg.exe[376] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[384] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01420001
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[384] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[384] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01010001
.text I:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[432] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text I:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe[432] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\PROGRA~1\Webshots\315~1.761\Webshots.scr[520] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017B0001
.text I:\PROGRA~1\Webshots\315~1.761\Webshots.scr[520] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 719F0F5A
.text I:\PROGRA~1\Webshots\315~1.761\Webshots.scr[520] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\system32\winlogon.exe[808] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01EF0001
.text I:\WINDOWS\system32\winlogon.exe[808] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text I:\WINDOWS\system32\winlogon.exe[808] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[828] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012F0001
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[828] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 719F0F5A
.text I:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[828] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\system32\services.exe[852] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01630001
.text I:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text I:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01140001
.text I:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text I:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F40001
.text I:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text I:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01280001
.text I:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A00F5A
.text I:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02560001
.text I:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A00F5A
.text I:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01380001
.text I:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A00F5A
.text I:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01D90001
.text I:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A00F5A
.text I:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\AVG\AVG2012\avgwdsvc.exe[1324] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03760001
.text I:\Program Files\AVG\AVG2012\avgwdsvc.exe[1324] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text I:\Program Files\AVG\AVG2012\avgwdsvc.exe[1324] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\Bonjour\mDNSResponder.exe[1364] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C60001
.text I:\Program Files\Bonjour\mDNSResponder.exe[1364] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A00F5A
.text I:\Program Files\Bonjour\mDNSResponder.exe[1364] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\Apoint2K\ApMsgFwd.exe[1452] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010F0001
.text I:\Program Files\Apoint2K\ApMsgFwd.exe[1452] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text I:\Program Files\Apoint2K\ApMsgFwd.exe[1452] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 019B0001
.text I:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A10F5A
.text I:\WINDOWS\system32\spoolsv.exe[1536] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\Spybot - Search & Destroy 2\SDScan.exe[1628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01D50001
.text I:\Program Files\Spybot - Search & Destroy 2\SDScan.exe[1628] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A40F5A
.text I:\Program Files\Spybot - Search & Destroy 2\SDScan.exe[1628] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe[1676] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02D70001
.text I:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe[1676] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A40F5A
.text I:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe[1676] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\Explorer.EXE[1688] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DE0001
.text I:\WINDOWS\Explorer.EXE[1688] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text I:\WINDOWS\Explorer.EXE[1688] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01330001
.text I:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A00F5A
.text I:\Program Files\Java\jre6\bin\jqs.exe[1836] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\Apoint2K\Apntex.exe[1840] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01180001
.text I:\Program Files\Apoint2K\Apntex.exe[1840] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text I:\Program Files\Apoint2K\Apntex.exe[1840] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\system32\CTSvcCDA.EXE[1852] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EC0001
.text I:\WINDOWS\system32\CTSvcCDA.EXE[1852] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text I:\WINDOWS\system32\CTSvcCDA.EXE[1852] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[1936] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001
.text I:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[1936] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text I:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[1936] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text I:\WINDOWS\system32\MsPMSPSv.exe[1948] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009B0001
.text I:\WINDOWS\system32\MsPMSPSv.exe[1948] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text I:\WINDOWS\system32\MsPMSPSv.exe[1948] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text I:\Program Files\AVG Secure Search\vprot.exe[1956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02000001
.text I:\Program Files\AVG Secure Search\vprot.exe[1956] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text I:\Program Files\AVG Secure Search\vprot.exe[1956] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01020001
.text I:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text I:\Program Files\Common Files\Java\Java Update\jusched.exe[1972] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2000] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01430001
.text I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2000] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2000] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2016] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DD0001
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2016] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text I:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2016] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE[2024] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01750001
.text I:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE[2024] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text I:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE[2024] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\AVG\AVG2012\avgtray.exe[2032] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02AC0001
.text I:\Program Files\AVG\AVG2012\avgtray.exe[2032] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text I:\Program Files\AVG\AVG2012\avgtray.exe[2032] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\Apoint2K\Apoint.exe[2044] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01400001
.text I:\Program Files\Apoint2K\Apoint.exe[2044] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text I:\Program Files\Apoint2K\Apoint.exe[2044] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2092] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 016F0001
.text I:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2092] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A50F5A
.text I:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2092] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\System32\svchost.exe[2468] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B30001
.text I:\WINDOWS\System32\svchost.exe[2468] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A40F5A
.text I:\WINDOWS\System32\svchost.exe[2468] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\System32\svchost.exe[2500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B30001
.text I:\WINDOWS\System32\svchost.exe[2500] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A40F5A
.text I:\WINDOWS\System32\svchost.exe[2500] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[2528] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001
.text I:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[2528] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A80F5A
.text I:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe[2528] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2540] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01140001
.text I:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2540] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A40F5A
.text I:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2540] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AE0F5A
.text I:\WINDOWS\system32\svchost.exe[3000] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009D0001
.text I:\WINDOWS\system32\svchost.exe[3000] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text I:\WINDOWS\system32\svchost.exe[3000] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text I:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3012] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A20001
.text I:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3012] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text I:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe[3012] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text I:\Documents and Settings\Joe\My Documents\Downloads\vnl2tqpq.exe[3068] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D00001
.text I:\Documents and Settings\Joe\My Documents\Downloads\vnl2tqpq.exe[3068] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text I:\Documents and Settings\Joe\My Documents\Downloads\vnl2tqpq.exe[3068] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text I:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3460] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D60001
.text I:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3460] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text I:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3460] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3496] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CA0001
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3496] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3496] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A
.text I:\WINDOWS\system32\wscntfy.exe[3664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A50001
.text I:\WINDOWS\system32\wscntfy.exe[3664] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A90F5A
.text I:\WINDOWS\system32\wscntfy.exe[3664] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71AF0F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Files - GMER 1.0.15 ----

File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70 0 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\A0016471.cfg 72198 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\A0016472.gdb 65852 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\change.log 1980 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\RestorePointSize 8 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\rp.log 536 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot 0 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\ComDb.Dat 22512 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\domain.txt 56 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\Repository 0 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\Repository\$WinMgmt.CFG 20 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\Repository\FS 0 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\Repository\FS\INDEX.BTR 1310720 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\Repository\FS\INDEX.MAP 680 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\Repository\FS\MAPPING.VER 4 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\Repository\FS\MAPPING1.MAP 10504 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\Repository\FS\MAPPING2.MAP 10504 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\Repository\FS\OBJECTS.DATA 20103168 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\Repository\FS\OBJECTS.MAP 9840 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\_REGISTRY_MACHINE_SAM 28672 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\_REGISTRY_MACHINE_SECURITY 57344 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\_REGISTRY_MACHINE_SOFTWARE 46923776 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\_REGISTRY_MACHINE_SYSTEM 4694016 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\_REGISTRY_USER_.DEFAULT 4874240 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18 4874240 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19 233472 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20 229376 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1482476501-527237240-725345543-1003 7168000 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19 8192 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20 8192 bytes
File I:\System Volume Information\_restore{D64BE854-BAF9-476C-8E9A-0B765A1E0D15}\RP70\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1482476501-527237240-725345543-1003 212992 bytes

---- EOF - GMER 1.0.15 ----

 

Broni;
Could only run combofix in safe mode and when it rebooted my normal startup programs, such as AVG, Malwarebytes, etc. all loaded. The program says it was creating a log (3m) but has been doing it for the last hour. I think something went wrong. Question: Did you find something in my logs that makes you think I have some problem?

 

Combofix did reboot in normal mode but seemed to be hung up on creating a log. Wouldn't running the program again in Safe Mode and then letting it do its thing enc up in the same rut?

 

when it reboots should I reboot in safe mode or normal? It seems to have worked this time so I will be sending log on next reply.

 

Combofix.txt

ComboFix 11-10-03.01 - Joe 10/03/2011 11:38:58.2.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.3287 [GMT -7:00]
Running from: i:\documents and settings\Joe\Desktop\Biggdogg.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
D:\Autorun.inf
i:\program files\google\common\google updater\googleupdaterservice.exe
i:\program files\StartNow Toolbar\Resources\images\engine_images.png
i:\program files\StartNow Toolbar\Resources\images\engine_maps.png
i:\program files\StartNow Toolbar\Resources\images\engine_news.png
i:\program files\StartNow Toolbar\Resources\images\engine_videos.png
i:\program files\StartNow Toolbar\Resources\images\engine_web.png
i:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
i:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
i:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
i:\program files\StartNow Toolbar\Resources\images\icon_games.png
i:\program files\StartNow Toolbar\Resources\images\icon_msn.png
i:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
i:\program files\StartNow Toolbar\Resources\images\icon_travel.png
i:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
i:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
i:\program files\StartNow Toolbar\Resources\installer.xml
i:\program files\StartNow Toolbar\Resources\protect\index.html
i:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
i:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
i:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
i:\program files\StartNow Toolbar\Resources\protect\window.css
i:\program files\StartNow Toolbar\Resources\protect\window.js
i:\program files\StartNow Toolbar\Resources\reactivate\index.html
i:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
i:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
i:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
i:\program files\StartNow Toolbar\Resources\reactivate\window.css
i:\program files\StartNow Toolbar\Resources\reactivate\window.js
i:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
i:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
i:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
i:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
i:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
i:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
i:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
i:\program files\StartNow Toolbar\Resources\skin\separator.png
i:\program files\StartNow Toolbar\Resources\skin\splitter.png
i:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
i:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
i:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
i:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
i:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
i:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
i:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
i:\program files\StartNow Toolbar\Resources\toolbar.xml
i:\program files\StartNow Toolbar\Resources\update.xml
i:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
i:\program files\StartNow Toolbar\ToOLbar32.dll
i:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
i:\program files\StartNow Toolbar\uninstall.dat
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-10-03 16:50 . 2011-10-03 16:50 -------- d-----w- I:\Biggdogg
2011-10-03 16:39 . 2011-10-03 17:04 -------- d-----w- I:\ComboFix
2011-09-15 23:14 . 2011-09-15 23:16 -------- d-----w- I:\Masque
2011-09-12 03:00 . 2011-09-12 03:01 -------- d-----w- I:\Kpcms
2011-09-12 00:53 . 2011-09-12 00:53 -------- d-----r- I:\MSOCache
2011-09-11 23:37 . 2011-09-11 23:38 -------- d-----w- I:\6c7f785dba37855ce238b4fc5e
2011-09-11 02:50 . 2011-09-11 02:50 -------- d-----w- I:\$AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 02:35 . 2003-03-19 02:05 106496 ----a-w- i:\windows\system32\ATL71.DLL
2011-09-09 09:12 . 2006-02-28 12:00 599040 ----a-w- i:\windows\system32\crypt32.dll
2011-08-08 13:08 . 2011-08-08 13:08 40016 ----a-w- i:\windows\system32\drivers\avgmfx86.sys
2011-07-15 13:29 . 2006-02-28 12:00 456320 ----a-w- i:\windows\system32\drivers\mrxsmb.sys
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- i:\windows\system32\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- i:\windows\system32\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 50536 ----a-w- i:\windows\system32\jdns_sd.dll
2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- i:\windows\system32\dnssdX.dll
2011-07-11 08:14 . 2011-07-11 08:14 295248 ----a-w- i:\windows\system32\drivers\avgtdix.sys
2011-07-11 08:14 . 2011-07-11 08:14 16720 ----a-w- i:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 08:14 . 2011-07-11 08:14 24272 ----a-w- i:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 08:14 . 2011-07-11 08:14 23120 ----a-w- i:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 08:14 . 2011-07-11 08:14 134608 ----a-w- i:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 08:13 . 2011-07-11 08:13 229840 ----a-w- i:\windows\system32\drivers\avgldx86.sys
2011-07-11 08:13 . 2011-07-11 08:13 32464 ----a-w- i:\windows\system32\drivers\avgrkx86.sys
2011-07-08 14:02 . 2006-02-28 12:00 10496 ----a-w- i:\windows\system32\drivers\ndistapi.sys
2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- i:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- i:\windows\system32\QuickTime.qts
2011-09-12 23:26 . 2011-09-12 22:56 134104 ----a-w- i:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A} "= "mscoree.dll" [2010-03-18 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2010-03-18 17:09 297808 ----a-w- i:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-08-03 11:31 89008 ----a-w- i:\progra~1\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-08-09 10:36 1235376 ----a-w- i:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-09-10 19:18 1451336 ----a-w- i:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- i:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-05-30 13:48 87480 ----a-w- i:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233} "= "i:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-10 1451336]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} "= "i:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} "= "i:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-05-30 87480]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0} "= "i:\progra~1\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll" [2011-08-03 89008]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} "= "i:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerSuite "= "i:\progra~1\Uniblue\POWERS~1\launcher.exe" [2011-07-18 67448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vProt "= "i:\program files\AVG Secure Search\vprot.exe" [2011-09-10 218440]
"UpdReg "= "i:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched "= "i:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SDTray "= "i:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-08-04 3225504]
"Malwarebytes' Anti-Malware "= "i:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"HP Software Update "= "i:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG_TRAY "= "i:\program files\AVG\AVG2012\avgtray.exe" [2011-09-08 2401120]
"Apoint "= "i:\program files\Apoint2K\Apoint.exe" [2011-09-13 233472]
"Spybot-S&D Cleaning "= "i:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-08-04 3008408]
.
i:\documents and settings\Joe\Start Menu\Programs\Startup\
MagicDisc.lnk - i:\program files\MagicDisc\MagicDisc.exe [2011-9-11 576000]
Nikon Monitor.lnk - i:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
Webshots.lnk - i:\program files\Webshots\3.1.5.7619\Launcher.exe [2011-9-10 157088]
.
i:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - i:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2011-9-11 49254]
Adobe Gamma Loader.lnk - i:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-9-12 113664]
HP Digital Imaging Monitor.lnk - i:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCommonGroups "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe\0i:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vToolbarUpdater "=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"i:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"i:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe "=
"i:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe "=
"i:\\Program Files\\uTorrent\\uTorrent.exe "=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"i:\\Program Files\\iTunes\\iTunes.exe "=
"i:\\Program Files\\FrostWire 5\\FrostWire.exe "=
"i:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe "=
"i:\\Program Files\\BearShare Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe "=
"i:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"i:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"i:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"i:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe "=
"i:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe "=
"i:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe "=
"i:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe "=
"i:\\Program Files\\AVG\\AVG2012\\avgnsx.exe "=
"i:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe "=
"i:\\Program Files\\AVG\\AVG2012\\avgemcx.exe "=
"i:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe "=
"i:\\Program Files\\iMesh Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe "=
.
R0 AVGIDSEH;AVGIDSEH;i:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;i:\windows\system32\drivers\avgrkx86.sys [7/11/2011 1:13 AM 32464]
S1 Avgldx86;AVG AVI Loader Driver;i:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]
S1 Avgtdix;AVG TDI Driver;i:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;i:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [9/14/2011 3:30 PM 38504]
S2 AGCoreService;AG Core Services;i:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [9/10/2011 9:42 PM 20480]
S2 AVGIDSAgent;AVGIDSAgent;i:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/1/2011 6:16 AM 5265248]
S2 avgwd;AVG WatchDog;i:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;i:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 MBAMService;MBAMService;i:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/10/2011 4:55 PM 366152]
S2 SDHookService;Spybot S&D 2 Live Protection Service;i:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [9/14/2011 3:30 PM 130976]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;i:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [9/14/2011 3:29 PM 1082800]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;i:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [9/14/2011 3:30 PM 1149864]
S2 SDWSCService;Integration into the systems Windows Security Center.;i:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [9/14/2011 9:50 PM 169624]
S3 AVGIDSDriver;AVGIDSDriver;i:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
S3 AVGIDSFilter;AVGIDSFilter;i:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
S3 AVGIDSShim;AVGIDSShim;i:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]
S3 DrvAgent32;DrvAgent32;i:\windows\system32\drivers\DrvAgent32.sys [9/29/2011 9:41 PM 23456]
S3 epmntdrv;epmntdrv;i:\windows\system32\epmntdrv.sys [9/10/2011 2:18 PM 13192]
S3 EuGdiDrv;EuGdiDrv;i:\windows\system32\EuGdiDrv.sys [9/10/2011 2:18 PM 8456]
S3 MBAMProtector;MBAMProtector;i:\windows\system32\drivers\mbam.sys [9/10/2011 4:55 PM 22216]
S3 SDTHelper;Helper driver for SDT-Tool;\??\i:\docume~1\Joe\LOCALS~1\Temp\Rar$EX00.609\sdthlpr.sys --> i:\docume~1\Joe\LOCALS~1\Temp\Rar$EX00.609\sdthlpr.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;i:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 vToolbarUpdater;vToolbarUpdater;i:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [9/10/2011 12:18 PM 246600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-30 i:\windows\Tasks\AppleSoftwareUpdate.job
- i:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-09-27 i:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- i:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-09-14 23:18]
.
2011-10-03 i:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- i:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-09-14 23:17]
.
2011-10-03 i:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- i:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-09-14 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - i:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: EarthLink Google Search - i:\program files\EarthLink\Toolbar\SearchUI.dll/search.html
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - i:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - i:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\a34zlyoq.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://netscape.aol.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-StartNowToolbarHelper - i:\program files\StartNow Toolbar\ToolbarHelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-03 11:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1544)
i:\windows\system32\WININET.dll
i:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
i:\windows\system32\ieframe.dll
.
Completion time: 2011-10-03 11:51:32
ComboFix-quarantined-files.txt 2011-10-03 18:51
.
Pre-Run: 284,045,905,920 bytes free
Post-Run: 284,035,764,224 bytes free
.
- - End Of File - - A0901535B1795095BE341037C2A3708C

 

Combofix.txt (2)

ComboFix 11-10-03.01 - Joe 10/03/2011 12:48:54.3.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.3281 [GMT -7:00]
Running from: i:\documents and settings\Joe\Desktop\Security\Biggdogg.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-10-03 16:50 . 2011-10-03 16:50 -------- d-----w- I:\Biggdogg
2011-10-03 16:39 . 2011-10-03 17:04 -------- d-----w- I:\ComboFix
2011-09-15 23:14 . 2011-09-15 23:16 -------- d-----w- I:\Masque
2011-09-12 03:00 . 2011-09-12 03:01 -------- d-----w- I:\Kpcms
2011-09-12 00:53 . 2011-09-12 00:53 -------- d-----r- I:\MSOCache
2011-09-11 23:37 . 2011-09-11 23:38 -------- d-----w- I:\6c7f785dba37855ce238b4fc5e
2011-09-11 02:50 . 2011-09-11 02:50 -------- d-----w- I:\$AVG
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 02:35 . 2003-03-19 02:05 106496 ----a-w- i:\windows\system32\ATL71.DLL
2011-09-09 09:12 . 2006-02-28 12:00 599040 ----a-w- i:\windows\system32\crypt32.dll
2011-08-08 13:08 . 2011-08-08 13:08 40016 ----a-w- i:\windows\system32\drivers\avgmfx86.sys
2011-07-15 13:29 . 2006-02-28 12:00 456320 ----a-w- i:\windows\system32\drivers\mrxsmb.sys
2011-07-12 18:20 . 2011-07-12 18:20 83816 ----a-w- i:\windows\system32\dns-sd.exe
2011-07-12 18:20 . 2011-07-12 18:20 73064 ----a-w- i:\windows\system32\dnssd.dll
2011-07-12 18:20 . 2011-07-12 18:20 50536 ----a-w- i:\windows\system32\jdns_sd.dll
2011-07-12 18:20 . 2011-07-12 18:20 178536 ----a-w- i:\windows\system32\dnssdX.dll
2011-07-11 08:14 . 2011-07-11 08:14 295248 ----a-w- i:\windows\system32\drivers\avgtdix.sys
2011-07-11 08:14 . 2011-07-11 08:14 16720 ----a-w- i:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 08:14 . 2011-07-11 08:14 24272 ----a-w- i:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 08:14 . 2011-07-11 08:14 23120 ----a-w- i:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 08:14 . 2011-07-11 08:14 134608 ----a-w- i:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 08:13 . 2011-07-11 08:13 229840 ----a-w- i:\windows\system32\drivers\avgldx86.sys
2011-07-11 08:13 . 2011-07-11 08:13 32464 ----a-w- i:\windows\system32\drivers\avgrkx86.sys
2011-07-08 14:02 . 2006-02-28 12:00 10496 ----a-w- i:\windows\system32\drivers\ndistapi.sys
2011-07-06 01:37 . 2011-07-06 01:37 94208 ----a-w- i:\windows\system32\QuickTimeVR.qtx
2011-07-06 01:37 . 2011-07-06 01:37 69632 ----a-w- i:\windows\system32\QuickTime.qts
2011-09-12 23:26 . 2011-09-12 22:56 134104 ----a-w- i:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A} "= "mscoree.dll" [2010-03-18 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2010-03-18 17:09 297808 ----a-w- i:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
2011-08-03 11:31 89008 ----a-w- i:\progra~1\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-08-09 10:36 1235376 ----a-w- i:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-09-10 19:18 1451336 ----a-w- i:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- i:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-05-30 13:48 87480 ----a-w- i:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233} "= "i:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-10 1451336]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} "= "i:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} "= "i:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-05-30 87480]
"{28387537-e3f9-4ed7-860c-11e69af4a8a0} "= "i:\progra~1\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll" [2011-08-03 89008]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} "= "i:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerSuite "= "i:\progra~1\Uniblue\POWERS~1\launcher.exe" [2011-07-18 67448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vProt "= "i:\program files\AVG Secure Search\vprot.exe" [2011-09-10 218440]
"UpdReg "= "i:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched "= "i:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SDTray "= "i:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-08-04 3225504]
"Malwarebytes' Anti-Malware "= "i:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
"HP Software Update "= "i:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AVG_TRAY "= "i:\program files\AVG\AVG2012\avgtray.exe" [2011-09-08 2401120]
"Apoint "= "i:\program files\Apoint2K\Apoint.exe" [2011-09-13 233472]
"Spybot-S&D Cleaning "= "i:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2011-08-04 3008408]
.
i:\documents and settings\Joe\Start Menu\Programs\Startup\
MagicDisc.lnk - i:\program files\MagicDisc\MagicDisc.exe [2011-9-11 576000]
Nikon Monitor.lnk - i:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
Webshots.lnk - i:\program files\Webshots\3.1.5.7619\Launcher.exe [2011-9-10 157088]
.
i:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - i:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2011-9-11 49254]
Adobe Gamma Loader.lnk - i:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-9-12 113664]
HP Digital Imaging Monitor.lnk - i:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCommonGroups "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe\0i:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vToolbarUpdater "=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"i:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe "=
"i:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe "=
"i:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe "=
"i:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe "=
"i:\\Program Files\\uTorrent\\uTorrent.exe "=
"i:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"i:\\Program Files\\iTunes\\iTunes.exe "=
"i:\\Program Files\\FrostWire 5\\FrostWire.exe "=
"i:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe "=
"i:\\Program Files\\BearShare Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe "=
"i:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"i:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"i:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"i:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe "=
"i:\\Program Files\\Spybot - Search & Destroy 2\\SDFSSvc.exe "=
"i:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe "=
"i:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdSvc.exe "=
"i:\\Program Files\\AVG\\AVG2012\\avgnsx.exe "=
"i:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe "=
"i:\\Program Files\\AVG\\AVG2012\\avgemcx.exe "=
"i:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe "=
"i:\\Program Files\\iMesh Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe "=
.
R0 AVGIDSEH;AVGIDSEH;i:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;i:\windows\system32\drivers\avgrkx86.sys [7/11/2011 1:13 AM 32464]
R1 Avgtdix;AVG TDI Driver;i:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]
S1 Avgldx86;AVG AVI Loader Driver;i:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;i:\program files\Spybot - Search & Destroy 2\SDHookDrv32.sys [9/14/2011 3:30 PM 38504]
S2 AGCoreService;AG Core Services;i:\program files\AGI\core\4.2.0.10754\AGCoreService.exe [9/10/2011 9:42 PM 20480]
S2 AVGIDSAgent;AVGIDSAgent;i:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/1/2011 6:16 AM 5265248]
S2 avgwd;AVG WatchDog;i:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;i:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 MBAMService;MBAMService;i:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/10/2011 4:55 PM 366152]
S2 SDHookService;Spybot S&D 2 Live Protection Service;i:\program files\Spybot - Search & Destroy 2\SDHookSvc.exe [9/14/2011 3:30 PM 130976]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;i:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [9/14/2011 3:29 PM 1082800]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;i:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [9/14/2011 3:30 PM 1149864]
S2 SDWSCService;Integration into the systems Windows Security Center.;i:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [9/14/2011 9:50 PM 169624]
S3 AVGIDSDriver;AVGIDSDriver;i:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
S3 AVGIDSFilter;AVGIDSFilter;i:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
S3 AVGIDSShim;AVGIDSShim;i:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]
S3 DrvAgent32;DrvAgent32;i:\windows\system32\drivers\DrvAgent32.sys [9/29/2011 9:41 PM 23456]
S3 epmntdrv;epmntdrv;i:\windows\system32\epmntdrv.sys [9/10/2011 2:18 PM 13192]
S3 EuGdiDrv;EuGdiDrv;i:\windows\system32\EuGdiDrv.sys [9/10/2011 2:18 PM 8456]
S3 MBAMProtector;MBAMProtector;i:\windows\system32\drivers\mbam.sys [9/10/2011 4:55 PM 22216]
S3 SDTHelper;Helper driver for SDT-Tool;\??\i:\docume~1\Joe\LOCALS~1\Temp\Rar$EX00.609\sdthlpr.sys --> i:\docume~1\Joe\LOCALS~1\Temp\Rar$EX00.609\sdthlpr.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;i:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 vToolbarUpdater;vToolbarUpdater;i:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [9/10/2011 12:18 PM 246600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-30 i:\windows\Tasks\AppleSoftwareUpdate.job
- i:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-09-27 i:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- i:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2011-09-14 23:18]
.
2011-10-03 i:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- i:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2011-09-14 23:17]
.
2011-10-03 i:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- i:\program files\Spybot - Search & Destroy 2\SDScan.exe [2011-09-14 23:17]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - i:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - i:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: EarthLink Google Search - i:\program files\EarthLink\Toolbar\SearchUI.dll/search.html
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - i:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - i:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\a34zlyoq.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://netscape.aol.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-03 12:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1572)
i:\windows\system32\WININET.dll
i:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
Completion time: 2011-10-03 12:55:28
ComboFix-quarantined-files.txt 2011-10-03 19:55
.
Pre-Run: 284,016,177,152 bytes free
Post-Run: 284,004,728,832 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0250BB9ED55C0DDA4A51DEBB8C0D2255

 

Extras.txt

While OTL was running, my CPU registered 100% most of the time. Here are the logs:
OTL Extras logfile created on: 10/3/2011 3:20:33 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = I:\Documents and Settings\Joe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 71.55% Memory free
9.84 Gb Paging File | 9.04 Gb Available in Paging File | 91.80% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive D: | 232.88 Gb Total Space | 192.49 Gb Free Space | 82.65% Space Free | Partition Type: NTFS
Drive G: | 74.52 Gb Total Space | 63.10 Gb Free Space | 84.68% Space Free | Partition Type: NTFS
Drive I: | 298.08 Gb Total Space | 261.02 Gb Free Space | 87.57% Space Free | Partition Type: NTFS

Computer Name: JOE-D4894AEAD29 | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1482476501-527237240-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- I:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "I:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"I:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = I:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = I:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"I:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = I:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = I:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"I:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = I:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = I:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = I:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = I:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\HP Software Update\HPWUCli.exe" = I:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"I:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = I:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"I:\Program Files\BearShare Applications\BearShare\BearShare.exe" = I:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"I:\Program Files\iMesh Applications\iMesh\iMesh.exe" = I:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\Program Files\AVG\AVG2012\avgmfapx.exe" = I:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"I:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = I:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = I:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"I:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = I:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = I:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"I:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = I:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = I:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = I:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = I:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\HP Software Update\HPWUCli.exe" = I:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"I:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = I:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"I:\Program Files\uTorrent\uTorrent.exe" = I:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"I:\Program Files\FrostWire 5\FrostWire.exe" = I:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"I:\Program Files\BearShare Applications\BearShare\BearShare.exe" = I:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- (MusicLab, LLC)
"I:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe" = I:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\dtUser.exe:*:EnabledTX broker -- (Visicom Media Inc.)
"I:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = I:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"I:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = I:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*isabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"I:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = I:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"I:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = I:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"I:\Program Files\AVG\AVG2012\avgnsx.exe" = I:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"I:\Program Files\AVG\AVG2012\avgdiagex.exe" = I:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"I:\Program Files\AVG\AVG2012\avgemcx.exe" = I:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabledersonal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"I:\Program Files\iMesh Applications\iMesh\iMesh.exe" = I:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- (iMesh, Inc)
"I:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe" = I:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe:*:EnabledTX broker -- (Visicom Media Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{2857dbef-0b50-361c-8690-7d505747009f}" = Webshots Desktop
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40939C6D-8F27-40B8-9CBC-72701624185D}" = Redistributed Files
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{56839333-0802-40D6-9A50-EBB9EB2BF541}" = AVG 2012
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{96172E04-BB14-45F6-A77B-8EE7A421B903}" = SAPI Wrapper
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1713E14-4A72-4DE1-B555-5354F710D51E}" = AVG 2012
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}" = EarthLink Toolbar
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C057F6D0-0E4C-4B18-B645-9D0804FCFAFD}" = EarthLink Common Authentication
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}" = Microsoft Streets & Trips 2011
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CD1CD48D-7B18-4254-B43D-AEAB704AB063}" = EarthLink MailBox
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Audigy LS
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DC67641A-05C4-4FED-A462-1EB1DC6CF2F5}" = ArcSoft Software Suite
"{DD1E51DF-C3C0-400C-A0D7-C67DB49C9D9C}" = RingtoneJunkiez Desktop
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AVG" = AVG 2012
"AVS Audio Converter_is1" = AVS Audio Converter version 7
"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"BearShare" = BearShare
"BearShare 2 MediaBar" = MediaBar
"CCleaner" = CCleaner
"Dell Laser Printer 1100" = Dell Laser Printer 1100 Software Uninstall
"DriverAgent.exe" = DriverAgent by eSupport.com
"EarthLinkMailClient" = EarthLink MailBox
"EASEUS Partition Master Server Edition_is1" = EASEUS Partition Master 9.0.0 Server Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FrostWire 5" = FrostWire 5.1.4
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"iMesh" = iMesh
"iMesh 1 MediaBar" = MediaBar
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.8
"Picasa 3" = Picasa 3
"SearchCore for Browsers" = SearchCore for Browsers
"Shop for HP Supplies" = Shop for HP Supplies
"Uniblue" = Uniblue 2011
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/3/2011 12:50:05 PM | Computer Name = JOE-D4894AEAD29 | Source = Application Error | ID = 1000
Description = Faulting application cf27916.3xe, version 5.1.2600.5512, faulting
module sdhook32.dll, version 2.0.5.1, fault address 0x00034e67.

Error - 10/3/2011 12:51:50 PM | Computer Name = JOE-D4894AEAD29 | Source = Application Error | ID = 1000
Description = Faulting application cf28102.3xe, version 5.1.2600.5512, faulting
module sdhook32.dll, version 2.0.5.1, fault address 0x00034e67.

Error - 10/3/2011 12:52:50 PM | Computer Name = JOE-D4894AEAD29 | Source = Application Error | ID = 1000
Description = Faulting application cf28465.3xe, version 5.1.2600.5512, faulting
module sdhook32.dll, version 2.0.5.1, fault address 0x00034e67.

Error - 10/3/2011 12:53:15 PM | Computer Name = JOE-D4894AEAD29 | Source = Application Error | ID = 1001
Description = Fault bucket -1660665637.

Error - 10/3/2011 2:26:24 PM | Computer Name = JOE-D4894AEAD29 | Source = Application Error | ID = 1000
Description = Faulting application cf14049.3xe, version 5.1.2600.5512, faulting
module sdhook32.dll, version 2.0.5.1, fault address 0x00034e67.

Error - 10/3/2011 2:32:40 PM | Computer Name = JOE-D4894AEAD29 | Source = Application Error | ID = 1000
Description = Faulting application cf15277.3xe, version 5.1.2600.5512, faulting
module sdhook32.dll, version 2.0.5.1, fault address 0x00034e67.

Error - 10/3/2011 3:37:10 PM | Computer Name = JOE-D4894AEAD29 | Source = Application Error | ID = 1000
Description = Faulting application cf27912.3xe, version 5.1.2600.5512, faulting
module sdhook32.dll, version 2.0.5.1, fault address 0x00034e67.

Error - 10/3/2011 3:37:22 PM | Computer Name = JOE-D4894AEAD29 | Source = Application Error | ID = 1001
Description = Fault bucket -1660506579.

Error - 10/3/2011 4:04:18 PM | Computer Name = JOE-D4894AEAD29 | Source = Application Hang | ID = 1002
Description = Hanging application SDCleaner.exe, version 2.0.5.106, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/3/2011 4:04:19 PM | Computer Name = JOE-D4894AEAD29 | Source = Application Hang | ID = 1002
Description = Hanging application SDCleaner.exe, version 2.0.5.106, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/26/2011 1:01:19 PM | Computer Name = JOE-D4894AEAD29 | Source = Service Control Manager | ID = 7001
Description = The Spybot-S&D 2 Updating Service service depends on the Secondary
Logon service which failed to start because of the following error: %%1058

Error - 9/26/2011 1:01:19 PM | Computer Name = JOE-D4894AEAD29 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Integration into the
systems Windows Security Center. service to connect.

Error - 9/26/2011 1:01:19 PM | Computer Name = JOE-D4894AEAD29 | Source = Service Control Manager | ID = 7000
Description = The Integration into the systems Windows Security Center. service
failed to start due to the following error: %%1053

Error - 9/26/2011 3:11:19 PM | Computer Name = JOE-D4894AEAD29 | Source = Service Control Manager | ID = 7034
Description = The Updater Service for StartNow Toolbar service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/26/2011 9:02:01 PM | Computer Name = JOE-D4894AEAD29 | Source = Service Control Manager | ID = 7001
Description = The Spybot-S&D 2 Updating Service service depends on the Secondary
Logon service which failed to start because of the following error: %%1058

Error - 9/27/2011 12:58:09 PM | Computer Name = JOE-D4894AEAD29 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AG Core Services service
to connect.

Error - 9/27/2011 12:58:09 PM | Computer Name = JOE-D4894AEAD29 | Source = Service Control Manager | ID = 7000
Description = The AG Core Services service failed to start due to the following
error: %%1053

Error - 9/27/2011 12:58:09 PM | Computer Name = JOE-D4894AEAD29 | Source = Service Control Manager | ID = 7001
Description = The Spybot-S&D 2 Updating Service service depends on the Secondary
Logon service which failed to start because of the following error: %%1058

Error - 9/27/2011 12:58:09 PM | Computer Name = JOE-D4894AEAD29 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Integration into the
systems Windows Security Center. service to connect.

Error - 9/27/2011 12:58:09 PM | Computer Name = JOE-D4894AEAD29 | Source = Service Control Manager | ID = 7000
Description = The Integration into the systems Windows Security Center. service
failed to start due to the following error: %%1053


< End of report >

 

1st half of OTL

OTL logfile created on: 10/3/2011 3:20:33 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = I:\Documents and Settings\Joe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 71.55% Memory free
9.84 Gb Paging File | 9.04 Gb Available in Paging File | 91.80% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
Drive D: | 232.88 Gb Total Space | 192.49 Gb Free Space | 82.65% Space Free | Partition Type: NTFS
Drive G: | 74.52 Gb Total Space | 63.10 Gb Free Space | 84.68% Space Free | Partition Type: NTFS
Drive I: | 298.08 Gb Total Space | 261.02 Gb Free Space | 87.57% Space Free | Partition Type: NTFS

Computer Name: JOE-D4894AEAD29 | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/03 15:17:37 | 000,582,656 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Joe\Desktop\OTL.exe
PRC - [2011/09/10 12:18:29 | 000,218,440 | ---- | M] () -- I:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/09/09 17:43:18 | 001,220,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/09/08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- I:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/12 06:10:32 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/08/09 03:36:31 | 001,598,392 | ---- | M] (MusicLab, LLC) -- I:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2011/08/04 16:17:58 | 003,148,200 | ---- | M] (Safer-Networking Ltd.) -- I:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
PRC - [2011/08/04 16:17:34 | 003,219,880 | ---- | M] (Safer-Networking Ltd.) -- I:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
PRC - [2011/08/04 16:17:18 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- I:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011/08/04 16:17:04 | 001,149,864 | ---- | M] (Safer-Networking Ltd.) -- I:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/08/04 16:16:58 | 001,082,800 | ---- | M] (Safer-Networking Ltd.) -- I:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- I:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/18 16:08:22 | 000,053,088 | ---- | M] (Uniblue Systems Limited) -- I:\Program Files\Uniblue\PowerSuite\powersuite.exe
PRC - [2011/07/18 15:17:16 | 000,056,168 | ---- | M] (Uniblue Systems Limited) -- I:\Program Files\Uniblue\SpeedUpMyPC\sump.exe
PRC - [2010/07/27 00:01:58 | 003,474,848 | ---- | M] (Webshots.com) -- I:\Program Files\Webshots\3.1.5.7619\Webshots.scr
PRC - [2010/06/29 08:04:18 | 000,020,480 | ---- | M] (AG Interactive) -- I:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- I:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
PRC - [2007/10/18 20:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- I:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2001/03/15 08:18:18 | 000,049,254 | ---- | M] (Adobe Systems Inc.) -- I:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/16 12:00:01 | 000,212,992 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/09/16 11:59:38 | 000,141,312 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\585e68739b2a8aff61ee6b2786513245\System.Configuration.Install.ni.dll
MOD - [2011/09/16 11:59:33 | 000,627,712 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\75f452279422a7898e840ee5768c9d2e\System.EnterpriseServices.ni.dll
MOD - [2011/09/16 11:58:19 | 000,971,264 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/09/16 11:44:46 | 005,450,752 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/09/16 11:40:34 | 007,950,848 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/09/16 11:40:18 | 011,490,816 | ---- | M] () -- I:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/09/10 12:18:29 | 000,218,440 | ---- | M] () -- I:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/07/26 11:56:16 | 000,576,512 | ---- | M] () -- I:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2011/07/18 16:08:22 | 000,131,584 | ---- | M] () -- I:\Program Files\Uniblue\PowerSuite\locale\en\en.dll
MOD - [2011/07/18 16:08:22 | 000,047,616 | ---- | M] () -- I:\Program Files\Uniblue\PowerSuite\cache.dll
MOD - [2011/07/18 16:08:22 | 000,013,312 | ---- | M] () -- I:\Program Files\Uniblue\PowerSuite\cwebpage.dll
MOD - [2011/04/20 12:39:12 | 000,565,827 | ---- | M] () -- I:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- I:\Program Files\WinRAR\RarExt.dll
MOD - [2005/04/12 01:34:54 | 000,020,594 | ---- | M] () -- I:\WINDOWS\system32\DELS1LMK.DLL
MOD - [2001/03/15 08:18:08 | 000,065,536 | ---- | M] () -- I:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2011/09/10 12:18:30 | 000,246,600 | ---- | M] () [Disabled | Stopped] -- I:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/09/01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- I:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- I:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/04 16:17:18 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- I:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011/08/04 16:17:04 | 001,149,864 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- I:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011/08/04 16:16:58 | 001,082,800 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- I:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2011/08/04 07:17:06 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) [Auto | Stopped] -- I:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- I:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/29 08:04:18 | 000,020,480 | ---- | M] (AG Interactive) [Auto | Running] -- I:\Program Files\AGI\core\4.2.0.10754\AGCoreService.exe -- (AGCoreService)


========== Driver Services (SafeList) ==========

DRV - [2011/09/29 21:41:42 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2011/09/12 18:27:43 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- I:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- I:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/08/04 16:17:08 | 000,038,504 | ---- | M] () [Kernel | System | Running] -- I:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys -- (SDHookDriver)
DRV - [2011/07/29 13:54:56 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- I:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/04/13 11:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/08/03 15:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/09/20 08:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/02 23:05:42 | 000,650,752 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\P17.sys -- (P17)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1482476501-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com "
FF - prefs.js..browser.search.defaultenginename: "Ask.com "
FF - prefs.js..browser.search.order.1: "Ask.com "
FF - prefs.js..browser.search.selectedEngine: "Ask.com "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://netscape.aol.com/ "

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: I:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: I:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: I:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: i:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: I:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: I:\Program Files\AVG\AVG2012\Firefox4\ [2011/09/20 10:59:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: I:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/10 13:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2011/09/12 20:43:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: I:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/10 13:01:47 | 000,000,000 | ---D | M]

[2011/09/30 14:17:06 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Joe\Application Data\Mozilla\Extensions
[2011/09/22 14:41:12 | 000,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\a34zlyoq.default\extensions
[2011/09/20 18:52:45 | 000,000,000 | ---D | M] (MediaBar) -- I:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\a34zlyoq.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2011/09/10 14:11:10 | 000,000,000 | ---D | M] (StartNow Toolbar) -- I:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\a34zlyoq.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/09/22 14:41:12 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- I:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\a34zlyoq.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/09/13 17:20:45 | 000,000,000 | ---D | M] (MediaBar) -- I:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\a34zlyoq.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
[2011/09/20 15:51:42 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- I:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\a34zlyoq.default\extensions\avg@toolbar
[2011/09/30 14:17:06 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
[2011/09/11 16:12:32 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/09/20 14:35:45 | 000,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/20 10:59:01 | 000,000,000 | ---D | M] (AVG Safe Search) -- I:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/09/11 16:11:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- I:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/12 17:13:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- I:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/09/12 16:26:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- I:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/12 16:26:16 | 000,002,252 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/20 18:51:51 | 000,002,514 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

========== Chrome ==========


O1 HOSTS File: ([2011/10/03 10:21:35 | 000,000,027 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - I:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - I:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ElnkPubBHO Class) - {512ACF1B-64D9-4928-B382-A80556F28DB4} - I:\Program Files\EarthLink\Toolbar\ElnkPuB.dll (EarthLink, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - I:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (ElnkProtectionBHO Class) - {9579D574-D4D8-4335-9560-FE8641A013BD} - I:\Program Files\EarthLink\Toolbar\ProtctIE.dll (EarthLink, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - I:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - I:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - I:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O2 - BHO: (ElnkLegacyUninstBHO Class) - {E713904C-DF05-4C79-BBAD-02DB923253BE} - I:\Program Files\EarthLink\Toolbar\uninsttb.dll (EarthLink, Inc.)
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - I:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - I:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - I:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - I:\Program Files\BearShare Applications\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - I:\Program Files\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O3 - HKU\S-1-5-21-1482476501-527237240-725345543-1003\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - I:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1482476501-527237240-725345543-1003\..\Toolbar\WebBrowser: (EarthLink Toolbar) - {C7768536-96F8-4001-B1A2-90EE21279187} - I:\Program Files\EarthLink\Toolbar\Toolbar.dll (EarthLink, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] I:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] I:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] I:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SDTray] I:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Spybot-S&D Cleaning] I:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [UpdReg] I:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vProt] I:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1482476501-527237240-725345543-1003..\Run: [PowerSuite] I:\Program Files\Uniblue\PowerSuite\Launcher.exe (Uniblue Systems Limited)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = I:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: I:\Documents and Settings\Joe\Start Menu\Programs\Startup\MagicDisc.lnk = I:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: I:\Documents and Settings\Joe\Start Menu\Programs\Startup\Nikon Monitor.lnk = I:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: I:\Documents and Settings\Joe\Start Menu\Programs\Startup\Webshots.lnk = I:\Program Files\Webshots\3.1.5.7619\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-527237240-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1482476501-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1482476501-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-21-1482476501-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1482476501-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - I:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: EarthLink Google Search - I:\Program Files\EarthLink\Toolbar\SearchUI.dll (EarthLink, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1482476501-527237240-725345543-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA2CECB7-7095-4DEB-AE27-9FE44DDAB07B}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - I:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) -I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: I:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: I:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

Drivers32: msacm.iac2 - I:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - I:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - I:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - I:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - I:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - I:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - I:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/03 15:17:34 | 000,582,656 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\Joe\Desktop\OTL.exe
[2011/10/03 12:55:30 | 000,000,000 | ---D | C] -- I:\WINDOWS\temp
[2011/10/03 12:40:34 | 000,000,000 | RHSD | C] -- I:\cmdcons
[2011/10/03 12:38:42 | 000,000,000 | ---D | C] -- I:\WINDOWS\CSC
[2011/10/03 10:55:58 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\AVG
[2011/10/03 10:55:07 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011
[2011/10/03 10:04:44 | 000,518,144 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWREG.exe
[2011/10/03 10:04:44 | 000,406,528 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWSC.exe
[2011/10/03 10:04:44 | 000,212,480 | ---- | C] (SteelWerX) -- I:\WINDOWS\SWXCACLS.exe
[2011/10/03 10:04:44 | 000,060,416 | ---- | C] (NirSoft) -- I:\WINDOWS\NIRCMD.exe
[2011/10/03 09:50:00 | 000,000,000 | ---D | C] -- I:\Biggdogg
[2011/10/03 09:39:24 | 000,000,000 | ---D | C] -- I:\WINDOWS\ERDNT
[2011/10/03 09:39:22 | 000,000,000 | ---D | C] -- I:\ComboFix
[2011/10/03 09:37:42 | 000,000,000 | ---D | C] -- I:\Qoobox
[2011/10/02 18:49:44 | 000,000,000 | -H-D | C] -- I:\WINDOWS\PIF
[2011/09/30 15:58:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Start Menu\Programs\WinRAR
[2011/09/30 15:58:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/09/29 21:41:42 | 000,023,456 | ---- | C] (Phoenix Technologies) -- I:\WINDOWS\System32\drivers\DrvAgent32.sys
[2011/09/29 21:41:42 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\eSupport.com
[2011/09/29 16:51:01 | 000,000,000 | RH-D | C] -- I:\Documents and Settings\Joe\Recent
[2011/09/24 12:01:28 | 000,000,000 | ---D | C] -- I:\WINDOWS\Sun
[2011/09/21 16:53:38 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\appmgmt
[2011/09/21 09:25:29 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\imeshbandmltbpi
[2011/09/20 18:52:29 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\mediabarim
[2011/09/20 18:51:51 | 000,000,000 | ---D | C] -- I:\Program Files\SearchCore for Browsers
[2011/09/20 18:51:31 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\iMesh
[2011/09/20 18:47:34 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\iMesh
[2011/09/20 18:47:33 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\iMesh
[2011/09/20 18:47:32 | 000,000,000 | ---D | C] -- I:\Program Files\iMesh Applications
[2011/09/20 18:46:04 | 000,000,000 | -H-D | C] -- I:\Documents and Settings\All Users\Application Data\{71C01C2D-E157-4490-AEA7-088A4E791A2E}
[2011/09/20 18:29:54 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\My Documents\My Received Files
[2011/09/20 14:52:42 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\Java
[2011/09/20 11:26:46 | 000,000,000 | ---D | C] -- I:\WINDOWS\pss
[2011/09/17 16:45:58 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Joe\Desktop\Microsoft Office
[2011/09/17 16:06:58 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\Nikon
[2011/09/16 15:27:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Start Menu\Programs\Uniblue
[2011/09/16 13:25:00 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/16 10:06:58 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\Netscape
[2011/09/16 10:06:38 | 000,000,000 | ---D | C] -- I:\Program Files\Photodex
[2011/09/16 10:03:29 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\Photodex
[2011/09/15 18:09:06 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/09/15 16:14:53 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Start Menu\Programs\Masque Casino Game Pak
[2011/09/15 16:14:49 | 000,000,000 | ---D | C] -- I:\Masque
[2011/09/14 22:38:51 | 000,000,000 | ---D | C] -- I:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/09/14 21:52:41 | 000,000,000 | ---D | C] -- I:\Program Files\CyberDefender
[2011/09/14 15:31:13 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/09/14 15:30:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2011/09/14 15:29:59 | 000,015,224 | ---- | C] (Safer Networking Limited) -- I:\WINDOWS\System32\sdnclean.exe
[2011/09/14 15:29:48 | 000,000,000 | ---D | C] -- I:\Program Files\Spybot - Search & Destroy 2
[2011/09/14 13:08:40 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\Threat Expert
[2011/09/14 12:54:43 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Start Menu\Programs\HiJackThis
[2011/09/14 12:54:41 | 000,000,000 | ---D | C] -- I:\Program Files\Trend Micro
[2011/09/14 12:49:14 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Perfect Uninstaller
[2011/09/14 12:49:12 | 000,000,000 | ---D | C] -- I:\Program Files\Perfect Uninstaller
[2011/09/14 11:49:49 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\PC Tools
[2011/09/14 11:49:21 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/13 21:06:14 | 000,000,000 | ---D | C] -- I:\Program Files\Microsoft Works
[2011/09/13 21:04:31 | 000,000,000 | ---D | C] -- I:\Program Files\Microsoft Visual Studio
[2011/09/13 21:04:28 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\DESIGNER
[2011/09/13 20:19:05 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/09/13 17:46:20 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\bsbandmltbpi
[2011/09/13 17:46:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\AppData
[2011/09/13 17:20:44 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\mediabarbs
[2011/09/13 17:19:50 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\BearShare
[2011/09/13 17:18:20 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\BearShare
[2011/09/13 17:18:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\BearShare
[2011/09/13 17:18:18 | 000,000,000 | ---D | C] -- I:\Program Files\BearShare Applications
[2011/09/13 17:17:07 | 000,000,000 | -H-D | C] -- I:\Documents and Settings\All Users\Application Data\{22413C8E-60CA-4C36-8C3D-C5FDE865E4A3}
[2011/09/13 17:08:04 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\My Documents\FrostWire
[2011/09/13 17:07:52 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\.frostwire5
[2011/09/13 17:04:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Start Menu\Programs\FrostWire 5
[2011/09/13 17:02:29 | 000,000,000 | ---D | C] -- I:\Program Files\FrostWire 5
[2011/09/13 12:50:18 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\My Documents\Bookmarks
[2011/09/13 12:25:08 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\My Documents\My Documents
[2011/09/13 12:00:12 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\My Documents\TurboTax
[2011/09/13 11:55:25 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\My Documents\Links
[2011/09/12 20:54:15 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\Apple Computer
[2011/09/12 20:53:21 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/09/12 20:51:14 | 000,000,000 | ---D | C] -- I:\Program Files\iPod
[2011/09/12 20:51:05 | 000,000,000 | ---D | C] -- I:\Program Files\iTunes
[2011/09/12 20:51:05 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/12 20:43:11 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/09/12 20:41:35 | 000,000,000 | ---D | C] -- I:\Program Files\QuickTime
[2011/09/12 20:38:08 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\Apple
[2011/09/12 20:37:53 | 000,000,000 | ---D | C] -- I:\Program Files\Apple Software Update
[2011/09/12 20:35:21 | 000,000,000 | ---D | C] -- I:\Program Files\Bonjour
[2011/09/12 20:34:41 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\Apple
[2011/09/12 20:34:41 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Apple
[2011/09/12 20:32:55 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\Apple Computer
[2011/09/12 20:29:26 | 000,000,000 | ---D | C] -- I:\Program Files\MixMeister EZ Vinyl Tape Converter
[2011/09/12 19:35:03 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\WinZip
[2011/09/12 19:34:37 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/09/12 19:34:25 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\WinZip
[2011/09/12 19:34:17 | 000,000,000 | ---D | C] -- I:\Program Files\WinZip
[2011/09/12 19:26:53 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/09/12 19:26:50 | 000,000,000 | ---D | C] -- I:\Program Files\7-Zip
[2011/09/12 19:26:48 | 000,000,000 | ---D | C] -- I:\Program Files\RingtoneJunkiez Desktop
[2011/09/12 19:26:48 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\RingtoneJunkiez
[2011/09/12 19:26:48 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\RingtoneJunkiez
[2011/09/12 18:37:52 | 000,000,000 | ---D | C] -- I:\WINDOWS\Minidump
[2011/09/12 18:28:50 | 000,000,000 | ---D | C] -- I:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/09/12 18:27:54 | 000,000,000 | ---D | C] -- I:\Program Files\Apoint2K
[2011/09/12 12:23:01 | 000,053,552 | ---- | C] (Creative® Technology Ltd.) -- I:\WINDOWS\CTCCW.DLL
[2011/09/12 12:22:59 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- I:\WINDOWS\System32\INETWH32.DLL
[2011/09/12 12:22:57 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\Defaults
[2011/09/12 12:21:59 | 000,065,536 | R--- | C] ( ) -- I:\WINDOWS\System32\A3d.dll
[2011/09/12 12:21:59 | 000,065,536 | ---- | C] ( ) -- I:\WINDOWS\System32\dllcache\a3d.dll
[2011/09/12 12:21:51 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\Data
[2011/09/12 12:21:48 | 000,159,744 | ---- | C] (Creative Labs) -- I:\WINDOWS\System32\OPENAL32.DLL
[2011/09/12 12:21:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Creative
[2011/09/12 12:20:21 | 000,000,000 | ---D | C] -- I:\Program Files\Creative
[2011/09/11 20:17:22 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\OfficeGuardian
[2011/09/11 20:02:11 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2011/09/11 20:01:41 | 000,243,712 | ---- | C] (Eastman Kodak Company) -- I:\WINDOWS\Kpcp32.dll
[2011/09/11 20:01:41 | 000,058,368 | ---- | C] (Eastman Kodak Company) -- I:\WINDOWS\pfpick.dll
[2011/09/11 20:01:41 | 000,053,760 | ---- | C] (Eastman Kodak Company) -- I:\WINDOWS\Ptpick32.dll
[2011/09/11 20:01:41 | 000,048,128 | ---- | C] (Eastman Kodak Company) -- I:\WINDOWS\Kpsys32.dll
[2011/09/11 20:01:41 | 000,031,744 | ---- | C] (Eastman Kodak Company) -- I:\WINDOWS\Kpsharp.dll
[2011/09/11 20:01:40 | 000,156,672 | ---- | C] (Eastman Kodak Company) -- I:\WINDOWS\sprof32.dll
[2011/09/11 20:01:40 | 000,070,144 | ---- | C] (Eastman Kodak Company) -- I:\WINDOWS\Kpfp32.dll
[2011/09/11 20:01:40 | 000,031,232 | ---- | C] (Eastman Kodak Company) -- I:\WINDOWS\Kpscale.dll
[2011/09/11 20:01:40 | 000,020,992 | ---- | C] (Eastman Kodak Company) -- I:\WINDOWS\icccodes.dll
[2011/09/11 20:00:58 | 000,032,792 | ---- | C] (Eastman Kodak Company) -- I:\WINDOWS\Spwhpt.dll
[2011/09/11 20:00:32 | 000,000,000 | ---D | C] -- I:\Kpcms
[2011/09/11 20:00:32 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\Color
[2011/09/11 19:56:38 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\My Documents\My eBooks
[2011/09/11 19:56:38 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\InterTrust
[2011/09/11 19:47:24 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\ArcSoft
[2011/09/11 19:47:14 | 000,143,360 | ---- | C] (ArcSoft Inc.) -- I:\WINDOWS\System32\PhotoBase Screen Saver.scr
[2011/09/11 19:47:09 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft Software Suite
[2011/09/11 19:45:32 | 000,212,480 | ---- | C] (Eastman Kodak) -- I:\WINDOWS\PCDLIB32.DLL
[2011/09/11 19:45:30 | 000,000,000 | ---D | C] -- I:\Program Files\ArcSoft
[2011/09/11 19:44:43 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Panasonic
[2011/09/11 19:44:41 | 000,000,000 | ---D | C] -- I:\Program Files\Panasonic
[2011/09/11 19:40:21 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\ViewNX
[2011/09/11 19:37:28 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Nikon Transfer
[2011/09/11 19:37:22 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\muvee Technologies
[2011/09/11 19:37:05 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Nikon
[2011/09/11 19:37:04 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\Nikon
[2011/09/11 19:36:48 | 000,000,000 | ---D | C] -- I:\Program Files\Nikon
[2011/09/11 19:35:27 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/09/11 19:35:27 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/09/11 19:29:07 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/09/11 19:28:38 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Link to Nikon
[2011/09/11 19:27:00 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Picasa 3
[2011/09/11 17:58:20 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Visual Studio 2005
[2011/09/11 17:57:55 | 000,000,000 | ---D | C] -- I:\Program Files\Microsoft Visual Studio 8
[2011/09/11 17:55:32 | 000,000,000 | ---D | C] -- I:\WINDOWS\SHELLNEW
[2011/09/11 17:55:07 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft Help
[2011/09/11 17:54:41 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/09/11 17:53:49 | 000,000,000 | R--D | C] -- I:\MSOCache
[2011/09/11 17:14:22 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Start Menu\Programs\AVS4YOU
[2011/09/11 17:13:17 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\AVS4YOU
[2011/09/11 17:12:53 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\AVSMedia
[2011/09/11 17:11:56 | 000,000,000 | ---D | C] -- I:\Program Files\AVS4YOU
[2011/09/11 16:40:22 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\XPSViewer
[2011/09/11 16:39:58 | 000,000,000 | ---D | C] -- I:\Program Files\MSBuild
[2011/09/11 16:39:29 | 000,000,000 | ---D | C] -- I:\Program Files\Reference Assemblies
[2011/09/11 16:37:08 | 000,000,000 | ---D | C] -- I:\6c7f785dba37855ce238b4fc5e
[2011/09/11 16:23:08 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\OpenOffice.org
[2011/09/11 16:19:05 | 000,000,000 | --SD | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
[2011/09/11 16:15:35 | 000,000,000 | ---D | C] -- I:\Program Files\OpenOffice.org 3
[2011/09/11 16:13:03 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Sun
[2011/09/11 16:11:42 | 000,000,000 | ---D | C] -- I:\Program Files\Java
[2011/09/11 16:11:24 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\Sun
[2011/09/11 15:51:32 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\AVS4YOU
[2011/09/11 15:51:02 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\AVS4YOU
[2011/09/11 14:46:22 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Joe\Desktop\Audio-Video
[2011/09/11 14:09:20 | 000,000,000 | ---D | C] -- I:\Program Files\Microsoft Streets & Trips 2011
[2011/09/11 14:05:43 | 000,000,000 | ---D | C] -- I:\Program Files\Microsoft Office
[2011/09/11 14:05:29 | 000,000,000 | ---D | C] -- I:\Program Files\MSECache
[2011/09/11 14:04:23 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\drivers\umdf
[2011/09/11 13:42:05 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Start Menu\Programs\MagicDisc
[2011/09/11 13:41:51 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- I:\WINDOWS\System32\drivers\mcdbus.sys
[2011/09/11 13:41:40 | 000,000,000 | ---D | C] -- I:\Program Files\MagicDisc
[2011/09/11 13:39:47 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Start Menu\Programs\MagicISO
[2011/09/11 13:39:31 | 000,000,000 | ---D | C] -- I:\Program Files\MagicISO
[2011/09/11 13:33:58 | 000,000,000 | ---D | C] -- I:\WINDOWS\Hewlett-Packard
[2011/09/11 13:22:31 | 000,000,000 | ---D | C] -- I:\Program Files\Microsoft.NET
[2011/09/10 21:42:47 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\Webshots
[2011/09/10 21:42:44 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\My Documents\Webshots Data
[2011/09/10 21:42:28 | 000,000,000 | ---D | C] -- I:\Program Files\Webshots
[2011/09/10 21:42:28 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\AGI
[2011/09/10 21:42:18 | 000,000,000 | ---D | C] -- I:\Program Files\AGI
[2011/09/10 21:36:57 | 000,000,000 | R-SD | C] -- I:\WINDOWS\assembly
[2011/09/10 21:35:09 | 000,000,000 | ---D | C] -- I:\WINDOWS\Microsoft.NET
[2011/09/10 21:31:56 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\agi
[2011/09/10 21:03:08 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Google
[2011/09/10 21:03:00 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/09/10 20:59:45 | 000,000,000 | ---D | C] -- I:\Program Files\CCleaner
[2011/09/10 20:58:35 | 000,000,000 | ---D | C] -- I:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/09/10 20:58:18 | 000,000,000 | ---D | C] -- I:\Program Files\Google
[2011/09/10 20:58:18 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\Google
[2011/09/10 20:54:18 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Joe\Desktop\Security
[2011/09/10 20:32:57 | 000,000,000 | ---D | C] -- I:\Program Files\Unlocker
[2011/09/10 20:32:57 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Start Menu\Programs\Unlocker
[2011/09/10 20:00:47 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\Uniblue
[2011/09/10 19:50:27 | 000,000,000 | ---D | C] -- I:\$AVG
[2011/09/10 19:27:27 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Uniblue
[2011/09/10 18:49:21 | 000,000,000 | ---D | C] -- I:\Program Files\MSXML 4.0
[2011/09/10 17:11:09 | 000,000,000 | ---D | C] -- I:\Program Files\Uniblue
[2011/09/10 17:11:09 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Uniblue
[2011/09/10 17:11:01 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\PackageAware
[2011/09/10 16:55:25 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\Malwarebytes
[2011/09/10 16:55:12 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/10 16:55:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/09/10 16:55:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbam.sys
[2011/09/10 16:55:05 | 000,000,000 | ---D | C] -- I:\Program Files\Malwarebytes' Anti-Malware
[2011/09/10 15:34:01 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\HPAppData
[2011/09/10 14:36:34 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\Adobe
[2011/09/10 14:34:47 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\Adobe
[2011/09/10 14:34:47 | 000,000,000 | ---D | C] -- I:\Program Files\Adobe
[2011/09/10 14:34:05 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Adobe
[2011/09/10 14:18:26 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\EASEUS Partition Master 9.0.0 Server Edition
[2011/09/10 14:17:43 | 000,000,000 | ---D | C] -- I:\Program Files\EASEUS
[2011/09/10 14:16:35 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\WinRAR
[2011/09/10 14:16:23 | 000,000,000 | ---D | C] -- I:\Program Files\WinRAR
[2011/09/10 14:10:51 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Joe\My Documents\My Videos
[2011/09/10 14:10:51 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Joe\Start Menu\Programs\Administrative Tools
[2011/09/10 13:56:18 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\uTorrentBar
[2011/09/10 13:56:17 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\Temp
[2011/09/10 13:56:16 | 000,000,000 | ---D | C] -- I:\Program Files\uTorrentBar
[2011/09/10 13:56:01 | 000,000,000 | ---D | C] -- I:\Program Files\uTorrent
[2011/09/10 13:55:28 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\uTorrent
[2011/09/10 13:55:28 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\uTorrent
[2011/09/10 13:39:54 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\HP
[2011/09/10 13:28:52 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\WEBREG
[2011/09/10 13:08:24 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\HP
[2011/09/10 12:59:29 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011/09/10 12:58:16 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\HP
[2011/09/10 12:57:54 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\Hewlett-Packard
[2011/09/10 12:57:42 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/09/10 12:57:30 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\HP
[2011/09/10 12:55:44 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\DRVSTORE
[2011/09/10 12:54:51 | 000,000,000 | ---D | C] -- I:\Config.Msi
[2011/09/10 12:52:14 | 000,000,000 | ---D | C] -- I:\Program Files\HP
[2011/09/10 12:45:38 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Dell Printers
[2011/09/10 12:45:34 | 000,065,536 | ---- | C] (Samsung Electronics) -- I:\WINDOWS\System32\ssdevm.dll
[2011/09/10 12:45:34 | 000,049,152 | ---- | C] (Samsung Electronics) -- I:\WINDOWS\System32\ssusbpn.dll
[2011/09/10 12:44:59 | 000,151,552 | ---- | C] (Samsung Electronics Co., Ltd.) -- I:\WINDOWS\System32\SSCoInst.exe
[2011/09/10 12:44:59 | 000,135,168 | ---- | C] (Samsung Electronics Co., Ltd.) -- I:\WINDOWS\System32\SVSetup.Exe
[2011/09/10 12:44:59 | 000,053,248 | ---- | C] (Samsung Electronics Co., Ltd.) -- I:\WINDOWS\System32\SVSetup.dll
[2011/09/10 12:44:58 | 000,057,344 | ---- | C] (SEC) -- I:\WINDOWS\System32\SSCoInst.dll
[2011/09/10 12:44:40 | 000,000,000 | ---D | C] -- I:\Program Files\DELL
[2011/09/10 12:38:15 | 000,000,000 | -H-D | C] -- I:\Program Files\InstallShield Installation Information
[2011/09/10 12:38:15 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Western Digital Data Lifeguard
[2011/09/10 12:38:15 | 000,000,000 | ---D | C] -- I:\Program Files\Western Digital
[2011/09/10 12:21:28 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\AVG2012
[2011/09/10 12:18:38 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/09/10 12:18:32 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\AVG Secure Search
[2011/09/10 12:18:30 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\AVG Secure Search
[2011/09/10 12:18:29 | 000,000,000 | ---D | C] -- I:\Program Files\AVG Secure Search
[2011/09/10 12:18:27 | 000,000,000 | -H-D | C] -- I:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/10 12:18:07 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/10 12:18:07 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\drivers\AVG
[2011/09/10 12:17:49 | 000,000,000 | ---D | C] -- I:\Program Files\AVG
[2011/09/10 12:12:35 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/10 12:00:02 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\InstallShield
[2011/09/10 12:00:00 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\InstallShield
[2011/09/10 12:00:00 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\EarthLink MailBox

 

2nd Part of OTL

[2011/09/10 11:33:54 | 000,000,000 | -HSD | C] -- I:\Documents and Settings\Joe\PrivacIE
[2011/09/10 11:33:54 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\EarthLink
[2011/09/10 11:33:12 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\EarthLink
[2011/09/10 11:33:10 | 000,000,000 | ---D | C] -- I:\Program Files\EarthLink
[2011/09/10 11:30:43 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\Macromedia
[2011/09/10 11:30:43 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\Adobe
[2011/09/10 11:28:32 | 000,000,000 | ---D | C] -- I:\Program Files\EarthLink MailBox
[2011/09/10 11:23:28 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/09/10 11:18:16 | 000,000,000 | ---D | C] -- I:\WINDOWS\Prefetch
[2011/09/10 00:19:25 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\scripting
[2011/09/10 00:19:25 | 000,000,000 | ---D | C] -- I:\WINDOWS\l2schemas
[2011/09/10 00:19:25 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\en
[2011/09/10 00:19:25 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\bits
[2011/09/10 00:16:58 | 000,000,000 | ---D | C] -- I:\WINDOWS\network diagnostic
[2011/09/10 00:15:43 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\ReinstallBackups
[2011/09/10 00:13:55 | 000,000,000 | -H-D | C] -- I:\WINDOWS\$NtServicePackUninstall$
[2011/09/09 23:26:21 | 000,000,000 | -HSD | C] -- I:\Documents and Settings\Joe\IETldCache
[2011/09/09 23:23:05 | 000,000,000 | ---D | C] -- I:\WINDOWS\ie8updates
[2011/09/09 23:22:47 | 000,000,000 | ---D | C] -- I:\WINDOWS\WBEM
[2011/09/09 23:22:07 | 000,000,000 | -H-D | C] -- I:\WINDOWS\ie8
[2011/09/09 23:22:07 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\en-US
[2011/09/09 23:14:13 | 000,000,000 | ---D | C] -- I:\WINDOWS\ServicePackFiles
[2011/09/09 23:10:55 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\My Documents\Downloads
[2011/09/09 23:10:16 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\Mozilla
[2011/09/09 23:10:16 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\Mozilla
[2011/09/09 23:10:11 | 000,000,000 | ---D | C] -- I:\Program Files\Mozilla Firefox
[2011/09/09 23:05:23 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\NtmsData
[2011/09/09 22:45:34 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\PreInstall
[2011/09/09 22:45:11 | 000,000,000 | -H-D | C] -- I:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/09/09 22:44:27 | 000,000,000 | -HSD | C] -- I:\Documents and Settings\Joe\UserData
[2011/09/09 22:42:35 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Application Data\Identities
[2011/09/09 22:42:33 | 000,000,000 | -H-D | C] -- I:\Program Files\Uninstall Information
[2011/09/09 22:42:32 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Joe\My Documents\My Pictures
[2011/09/09 22:42:32 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Joe\My Documents\My Music
[2011/09/09 22:42:28 | 000,000,000 | --SD | C] -- I:\Documents and Settings\Joe\Application Data\Microsoft
[2011/09/09 22:42:28 | 000,000,000 | RH-D | C] -- I:\Documents and Settings\Joe\Application Data
[2011/09/09 22:42:28 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Joe\Favorites
[2011/09/09 22:42:28 | 000,000,000 | -HSD | C] -- I:\Documents and Settings\Joe\Cookies
[2011/09/09 22:42:28 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft
[2011/09/09 22:42:28 | 000,000,000 | ---D | C] -- I:\Documents and Settings\Joe\Desktop
[2011/09/09 22:42:27 | 000,000,000 | RH-D | C] -- I:\Documents and Settings\Joe\SendTo
[2011/09/09 22:42:27 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Joe\Start Menu\Programs\Startup
[2011/09/09 22:42:27 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Joe\Start Menu
[2011/09/09 22:42:27 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Joe\My Documents
[2011/09/09 22:42:27 | 000,000,000 | R--D | C] -- I:\Documents and Settings\Joe\Start Menu\Programs\Accessories
[2011/09/09 22:42:27 | 000,000,000 | -H-D | C] -- I:\Documents and Settings\Joe\Templates
[2011/09/09 22:42:27 | 000,000,000 | -H-D | C] -- I:\Documents and Settings\Joe\PrintHood
[2011/09/09 22:42:27 | 000,000,000 | -H-D | C] -- I:\Documents and Settings\Joe\NetHood
[2011/09/09 22:42:27 | 000,000,000 | -H-D | C] -- I:\Documents and Settings\Joe\Local Settings
[2011/09/09 22:40:40 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\SoftwareDistribution
[2011/09/09 22:38:38 | 000,000,000 | ---D | C] -- I:\WINDOWS\SoftwareDistribution
[2011/09/09 22:38:36 | 000,000,000 | --SD | C] -- I:\WINDOWS\System32\Microsoft
[2011/09/09 22:38:36 | 000,000,000 | --SD | C] -- I:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/09/09 22:38:36 | 000,000,000 | ---D | C] -- I:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/09/09 22:38:20 | 000,000,000 | ---D | C] -- I:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/09/09 22:38:19 | 000,000,000 | --SD | C] -- I:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/09/09 22:36:45 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- I:\WINDOWS\System32\dllcache\rwia330.dll
[2011/09/09 22:36:45 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- I:\WINDOWS\System32\dllcache\rwia001.dll
[2011/09/09 22:35:24 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- I:\WINDOWS\System32\dllcache\cap7146.sys
[2011/09/09 22:34:48 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\xircom
[2011/09/09 22:34:48 | 000,000,000 | ---D | C] -- I:\Program Files\xerox
[2011/09/09 22:34:48 | 000,000,000 | ---D | C] -- I:\Program Files\microsoft frontpage
[2011/09/09 22:34:35 | 000,000,000 | -H-D | C] -- I:\WINDOWS\$hf_mig$
[2011/09/09 22:33:32 | 000,000,000 | -HSD | C] -- I:\Documents and Settings\All Users\DRM
[2011/09/09 22:33:23 | 000,000,000 | --SD | C] -- I:\WINDOWS\Downloaded Program Files
[2011/09/09 22:33:23 | 000,000,000 | R--D | C] -- I:\WINDOWS\Offline Web Pages
[2011/09/09 22:33:13 | 000,000,000 | -H-D | C] -- I:\Program Files\WindowsUpdate
[2011/09/09 22:32:47 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\DirectX
[2011/09/09 22:31:39 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\Services
[2011/09/09 22:31:32 | 000,000,000 | --SD | C] -- I:\WINDOWS\Tasks
[2011/09/09 22:31:31 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\MSSoap
[2011/09/09 22:31:23 | 000,000,000 | ---D | C] -- I:\WINDOWS\srchasst
[2011/09/09 22:31:22 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\Macromed
[2011/09/09 22:31:07 | 000,000,000 | ---D | C] -- I:\Program Files\Movie Maker
[2011/09/09 22:30:52 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\Restore
[2011/09/09 22:30:43 | 000,000,000 | ---D | C] -- I:\Program Files\NetMeeting
[2011/09/09 22:30:37 | 000,000,000 | ---D | C] -- I:\Program Files\Outlook Express
[2011/09/09 22:30:24 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\System
[2011/09/09 22:30:23 | 000,000,000 | ---D | C] -- I:\Program Files\Internet Explorer
[2011/09/09 22:30:22 | 000,000,000 | R--D | C] -- I:\Documents and Settings\All Users\Documents\My Pictures
[2011/09/09 22:30:03 | 000,000,000 | R--D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/09/09 22:29:54 | 000,000,000 | ---D | C] -- I:\Program Files\ComPlus Applications
[2011/09/09 22:29:49 | 000,000,000 | R--D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/09/09 22:29:49 | 000,000,000 | ---D | C] -- I:\WINDOWS\Registration
[2011/09/09 22:29:43 | 000,000,000 | R--D | C] -- I:\Documents and Settings\All Users\Documents\My Music
[2011/09/09 22:29:43 | 000,000,000 | ---D | C] -- I:\Program Files\Windows Media Player
[2011/09/09 22:29:43 | 000,000,000 | ---D | C] -- I:\Program Files\Online Services
[2011/09/09 22:29:38 | 000,000,000 | ---D | C] -- I:\Program Files\Messenger
[2011/09/09 22:29:26 | 000,000,000 | ---D | C] -- I:\Program Files\MSN Gaming Zone
[2011/09/09 22:27:55 | 000,000,000 | ---D | C] -- I:\Program Files\MSN
[2011/09/09 22:27:52 | 000,000,000 | ---D | C] -- I:\Program Files\Windows NT
[2011/09/09 22:27:43 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\MsDtc
[2011/09/09 22:27:38 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\Com
[2011/09/09 22:27:15 | 000,000,000 | R--D | C] -- I:\Documents and Settings\All Users\Documents\My Videos
[2011/09/09 22:26:24 | 000,000,000 | R--D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/09/09 15:17:07 | 000,000,000 | -HSD | C] -- I:\WINDOWS\Installer
[2011/09/09 15:17:06 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\ODBC
[2011/09/09 15:17:00 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\SpeechEngines
[2011/09/09 15:16:59 | 000,000,000 | R--D | C] -- I:\Program Files
[2011/09/09 15:16:59 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\Microsoft Shared
[2011/09/09 15:16:59 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files
[2011/09/09 15:16:10 | 000,000,000 | R--D | C] -- I:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/09/09 15:16:10 | 000,000,000 | R--D | C] -- I:\Documents and Settings\All Users\Start Menu
[2011/09/09 15:16:10 | 000,000,000 | R--D | C] -- I:\Documents and Settings\All Users\Documents
[2011/09/09 15:16:10 | 000,000,000 | -H-D | C] -- I:\Documents and Settings\All Users\Templates
[2011/09/09 15:16:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Favorites
[2011/09/09 15:16:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Desktop
[2011/09/09 15:15:46 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\CatRoot2
[2011/09/09 15:15:46 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\CatRoot
[2011/09/09 15:15:41 | 000,000,000 | --SD | C] -- I:\Documents and Settings\All Users\Application Data\Microsoft
[2011/09/09 15:15:41 | 000,000,000 | RH-D | C] -- I:\Documents and Settings\All Users\Application Data
[2011/09/09 15:15:07 | 000,000,000 | -HSD | C] -- I:\System Volume Information
[2011/09/09 15:15:07 | 000,000,000 | ---D | C] -- I:\Documents and Settings
[2011/09/09 15:03:02 | 000,000,000 | R-SD | C] -- I:\WINDOWS\Fonts
[2011/09/09 15:03:02 | 000,000,000 | RHSD | C] -- I:\WINDOWS\System32\dllcache
[2011/09/09 15:03:02 | 000,000,000 | R--D | C] -- I:\WINDOWS\Web
[2011/09/09 15:03:02 | 000,000,000 | -H-D | C] -- I:\WINDOWS\inf
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\WinSxS
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\wins
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\wbem
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\usmt
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\twain_32
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\system32
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\system
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\spool
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\ShellExt
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\Setup
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\security
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\Resources
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\repair
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\ras
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\Provisioning
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\PeerNet
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\pchealth
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\oobe
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\npp
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\mui
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\mui
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\msapps
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\msagent
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\Media
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\java
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\inetsrv
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\IME
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\ime
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\icsxml
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\ias
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\Help
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\export
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\drivers\etc
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\ehome
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\drivers
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\Driver Cache
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\drivers\disdn
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\dhcp
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\Debug
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\Cursors
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\Connection Wizard
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\config
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\Config
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\AppPatch
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\addins
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\3com_dmi
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\3076
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\2052
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\1054
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\1042
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\1041
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\1037
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\1033
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\1031
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\1028
[2011/09/09 15:03:02 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\1025
[5 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/03 15:17:37 | 000,582,656 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Joe\Desktop\OTL.exe
[2011/10/03 13:04:37 | 000,013,646 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2011/10/03 13:03:41 | 000,001,183 | ---- | M] () -- I:\Documents and Settings\Joe\Quarantine.reg
[2011/10/03 13:03:20 | 000,000,300 | ---- | M] () -- I:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/10/03 13:03:20 | 000,000,290 | ---- | M] () -- I:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/10/03 13:03:12 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2011/10/03 13:03:11 | 3757,625,344 | -HS- | M] () -- I:\hiberfil.sys
[2011/10/03 12:40:38 | 000,000,327 | RHS- | M] () -- I:\boot.ini
[2011/10/03 10:55:08 | 000,000,830 | ---- | M] () -- I:\Documents and Settings\Joe\Desktop\AVG PC Tuneup 2011.lnk
[2011/10/03 10:21:35 | 000,000,027 | ---- | M] () -- I:\WINDOWS\System32\drivers\etc\hosts
[2011/10/03 09:15:41 | 105,685,727 | ---- | M] () -- I:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/30 14:17:18 | 000,000,082 | ---- | M] () -- I:\WINDOWS\WinInit.Ini
[2011/09/29 21:41:42 | 000,023,456 | ---- | M] (Phoenix Technologies) -- I:\WINDOWS\System32\drivers\DrvAgent32.sys
[2011/09/29 18:09:03 | 000,000,284 | ---- | M] () -- I:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/29 13:47:46 | 000,207,095 | ---- | M] () -- I:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/09/29 13:46:22 | 000,018,354 | ---- | M] () -- I:\Documents and Settings\Joe\My Documents\Budget.ods
[2011/09/29 12:39:10 | 000,000,777 | ---- | M] () -- I:\Documents and Settings\Joe\Start Menu\Programs\Startup\Webshots.lnk
[2011/09/27 09:56:49 | 000,000,330 | ---- | M] () -- I:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/09/21 15:19:58 | 000,001,458 | ---- | M] () -- I:\WINDOWS\WSOPSAVE.GAM
[2011/09/21 15:19:58 | 000,000,230 | ---- | M] () -- I:\WINDOWS\WSOPDELX.INI
[2011/09/20 20:03:50 | 000,000,804 | ---- | M] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/09/20 18:48:13 | 000,000,869 | ---- | M] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
[2011/09/19 16:28:42 | 000,006,784 | ---- | M] () -- I:\Documents and Settings\Joe\My Documents\webb.jpg
[2011/09/18 13:53:07 | 000,298,848 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/17 20:17:21 | 000,122,278 | ---- | M] () -- I:\Documents and Settings\Joe\My Documents\WDS_Concept.pdf
[2011/09/17 16:45:17 | 000,020,846 | ---- | M] () -- I:\Documents and Settings\Joe\My Documents\micorsoftofficeicon.htm
[2011/09/17 16:07:20 | 000,000,000 | ---- | M] () -- I:\WINDOWS\ViewNX.INI
[2011/09/17 16:06:59 | 000,000,020 | -H-- | M] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2011/09/16 18:36:13 | 000,495,958 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2011/09/16 18:36:13 | 000,084,442 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2011/09/15 16:15:49 | 000,000,027 | ---- | M] () -- I:\WINDOWS\VPWIN.INI
[2011/09/14 12:50:24 | 000,000,042 | ---- | M] () -- I:\WINDOWS\System32\Jiii_PNUCT.pnc
[2011/09/14 12:33:08 | 000,000,042 | ---- | M] () -- I:\WINDOWS\System32\AK083E209605E394C.lie
[2011/09/13 17:18:45 | 000,000,943 | ---- | M] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
[2011/09/13 17:04:10 | 000,000,884 | ---- | M] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.1.4.lnk
[2011/09/12 20:43:12 | 000,001,604 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/09/12 19:47:13 | 000,000,814 | ---- | M] () -- I:\Documents and Settings\Joe\Desktop\Photoshop.lnk
[2011/09/12 19:44:11 | 000,000,986 | ---- | M] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/09/12 18:28:51 | 000,000,000 | -H-- | M] () -- I:\WINDOWS\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2011/09/12 18:28:45 | 000,000,000 | -H-- | M] () -- I:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/09/12 16:02:09 | 000,000,000 | ---- | M] () -- I:\WINDOWS\nsreg.dat
[2011/09/12 15:56:15 | 000,000,742 | ---- | M] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/12 15:56:15 | 000,000,724 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/12 12:40:38 | 000,000,731 | ---- | M] () -- I:\Documents and Settings\Joe\Desktop\Webshots Desktop.lnk
[2011/09/12 12:26:37 | 000,000,099 | ---- | M] () -- I:\WINDOWS\È
[2011/09/12 12:23:28 | 000,000,000 | ---- | M] () -- I:\WINDOWS\SBWIN.INI
[2011/09/11 20:10:13 | 000,000,797 | ---- | M] () -- I:\Documents and Settings\Joe\Desktop\PageMaker.lnk
[2011/09/11 20:07:45 | 000,001,794 | ---- | M] () -- I:\Documents and Settings\Joe\Desktop\Acrobat Distiller 5.0.lnk
[2011/09/11 19:56:54 | 000,000,910 | ---- | M] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2011/09/11 19:39:00 | 000,000,268 | RH-- | M] () -- I:\Documents and Settings\All Users\Application Data\Calibrators
[2011/09/11 19:39:00 | 000,000,268 | RH-- | M] () -- I:\Documents and Settings\Joe\Application Data\Bundle
[2011/09/11 19:39:00 | 000,000,012 | RH-- | M] () -- I:\Documents and Settings\All Users\Application Data\Clips
[2011/09/11 19:38:05 | 000,001,815 | ---- | M] () -- I:\Documents and Settings\Joe\Start Menu\Programs\Startup\Nikon Monitor.lnk
[2011/09/11 19:35:27 | 000,000,268 | RH-- | M] () -- I:\Documents and Settings\All Users\Application Data\CMMs
[2011/09/11 19:35:27 | 000,000,268 | RH-- | M] () -- I:\Documents and Settings\Joe\Application Data\Brother
[2011/09/11 19:35:27 | 000,000,020 | -H-- | M] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/09/11 19:35:27 | 000,000,012 | RH-- | M] () -- I:\Documents and Settings\All Users\Application Data\Chorus
[2011/09/11 19:27:39 | 000,000,759 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2011/09/11 16:19:06 | 000,000,885 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/09/11 14:44:57 | 000,000,725 | ---- | M] () -- I:\Documents and Settings\Joe\Desktop\Streets.lnk
[2011/09/11 13:42:05 | 000,000,652 | ---- | M] () -- I:\Documents and Settings\Joe\Start Menu\Programs\Startup\MagicDisc.lnk
[2011/09/10 20:33:01 | 000,001,124 | ---- | M] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2011/09/10 14:34:55 | 000,001,734 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/09/10 14:18:27 | 000,001,075 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\EASEUS Partition.lnk
[2011/09/10 13:56:04 | 000,000,630 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/09/10 13:08:23 | 000,202,412 | ---- | M] () -- I:\WINDOWS\hpoins41.dat
[2011/09/10 12:59:24 | 000,001,018 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/09/10 12:58:34 | 000,001,808 | ---- | M] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/09/10 12:58:04 | 000,001,985 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Windows Live Photo Gallery.lnk
[2011/09/10 12:00:00 | 000,000,769 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\EarthLink MailBox.lnk
[2011/09/10 11:18:58 | 000,316,640 | ---- | M] () -- I:\WINDOWS\WMSysPr9.prx
[2011/09/10 00:16:49 | 000,250,048 | RHS- | M] () -- I:\ntldr
[2011/09/09 23:26:24 | 000,000,815 | ---- | M] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/09 22:51:29 | 000,000,337 | ---- | M] () -- I:\Documents and Settings\Joe\Desktop\My Documents.lnk
[2011/09/09 22:51:16 | 000,000,104 | ---- | M] () -- I:\Documents and Settings\Joe\Desktop\My Computer.lnk
[2011/09/09 22:42:42 | 000,000,079 | ---- | M] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/09/09 22:41:56 | 000,013,588 | ---- | M] () -- I:\WINDOWS\System32\wpa.bak
[2011/09/09 22:38:22 | 000,008,192 | ---- | M] () -- I:\WINDOWS\REGLOCS.OLD
[2011/09/09 22:37:23 | 000,000,261 | ---- | M] () -- I:\WINDOWS\System32\$winnt$.inf
[2011/09/09 22:34:14 | 000,023,392 | ---- | M] () -- I:\WINDOWS\System32\nscompat.tlb
[2011/09/09 22:34:14 | 000,016,832 | ---- | M] () -- I:\WINDOWS\System32\amcompat.tlb
[2011/09/09 22:34:06 | 000,004,161 | ---- | M] () -- I:\WINDOWS\ODBCINST.INI
[2011/09/09 22:30:01 | 000,021,640 | ---- | M] () -- I:\WINDOWS\System32\emptyregdb.dat
[2011/09/09 15:14:09 | 000,000,210 | ---- | M] () -- I:\Boot.bak
[5 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

PHP:

 

Last Part of OTL

========== Files Created - No Company Name ==========

[2011/10/03 13:03:41 | 000,001,183 | ---- | C] () -- I:\Documents and Settings\Joe\Quarantine.reg
[2011/10/03 13:03:11 | 3757,625,344 | -HS- | C] () -- I:\hiberfil.sys
[2011/10/03 12:40:38 | 000,000,210 | ---- | C] () -- I:\Boot.bak
[2011/10/03 12:40:37 | 000,260,272 | RHS- | C] () -- I:\cmldr
[2011/10/03 10:55:08 | 000,000,830 | ---- | C] () -- I:\Documents and Settings\Joe\Desktop\AVG PC Tuneup 2011.lnk
[2011/10/03 10:04:44 | 000,256,000 | ---- | C] () -- I:\WINDOWS\PEV.exe
[2011/10/03 10:04:44 | 000,208,896 | ---- | C] () -- I:\WINDOWS\MBR.exe
[2011/10/03 10:04:44 | 000,098,816 | ---- | C] () -- I:\WINDOWS\sed.exe
[2011/10/03 10:04:44 | 000,080,412 | ---- | C] () -- I:\WINDOWS\grep.exe
[2011/10/03 10:04:44 | 000,068,096 | ---- | C] () -- I:\WINDOWS\zip.exe
[2011/10/03 09:15:41 | 105,685,727 | ---- | C] () -- I:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/09/29 13:47:46 | 000,207,095 | ---- | C] () -- I:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/09/28 11:34:06 | 000,001,815 | ---- | C] () -- I:\Documents and Settings\Joe\Start Menu\Programs\Startup\Nikon Monitor.lnk
[2011/09/28 11:34:06 | 000,001,808 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/09/28 11:34:06 | 000,000,986 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/09/28 11:34:06 | 000,000,910 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2011/09/28 11:34:06 | 000,000,777 | ---- | C] () -- I:\Documents and Settings\Joe\Start Menu\Programs\Startup\Webshots.lnk
[2011/09/28 11:34:06 | 000,000,652 | ---- | C] () -- I:\Documents and Settings\Joe\Start Menu\Programs\Startup\MagicDisc.lnk
[2011/09/27 12:24:27 | 000,018,354 | ---- | C] () -- I:\Documents and Settings\Joe\My Documents\Budget.ods
[2011/09/21 15:19:58 | 000,001,458 | ---- | C] () -- I:\WINDOWS\WSOPSAVE.GAM
[2011/09/21 09:33:16 | 000,000,082 | ---- | C] () -- I:\WINDOWS\WinInit.Ini
[2011/09/20 20:03:50 | 000,000,804 | ---- | C] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/09/20 18:48:13 | 000,000,869 | ---- | C] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk
[2011/09/19 16:28:36 | 000,006,784 | ---- | C] () -- I:\Documents and Settings\Joe\My Documents\webb.jpg
[2011/09/17 20:17:21 | 000,122,278 | ---- | C] () -- I:\Documents and Settings\Joe\My Documents\WDS_Concept.pdf
[2011/09/17 16:45:06 | 000,020,846 | ---- | C] () -- I:\Documents and Settings\Joe\My Documents\micorsoftofficeicon.htm
[2011/09/17 16:07:20 | 000,000,000 | ---- | C] () -- I:\WINDOWS\ViewNX.INI
[2011/09/16 19:34:20 | 000,749,720 | ---- | C] () -- I:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/09/15 16:16:51 | 000,000,230 | ---- | C] () -- I:\WINDOWS\WSOPDELX.INI
[2011/09/15 16:15:49 | 000,000,027 | ---- | C] () -- I:\WINDOWS\VPWIN.INI
[2011/09/14 16:35:31 | 000,000,734 | ---- | C] () -- I:\WINDOWS\System32\drivers\etc\hosts.20110914-163531.backup
[2011/09/14 15:31:49 | 000,000,300 | ---- | C] () -- I:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2011/09/14 15:31:48 | 000,000,330 | ---- | C] () -- I:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2011/09/14 15:31:48 | 000,000,290 | ---- | C] () -- I:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/09/14 15:30:21 | 000,001,842 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2011/09/14 12:50:24 | 000,000,042 | ---- | C] () -- I:\WINDOWS\System32\Jiii_PNUCT.pnc
[2011/09/14 12:33:08 | 000,000,042 | ---- | C] () -- I:\WINDOWS\System32\AK083E209605E394C.lie
[2011/09/13 17:18:45 | 000,000,943 | ---- | C] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\BearShare.lnk
[2011/09/13 17:04:10 | 000,000,884 | ---- | C] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.1.4.lnk
[2011/09/13 11:56:06 | 000,000,080 | ---- | C] () -- I:\Documents and Settings\Joe\My Documents\Official FrostWire Website.url
[2011/09/12 20:43:12 | 000,001,604 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/09/12 20:38:09 | 000,000,284 | ---- | C] () -- I:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/12 20:38:04 | 000,001,830 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/09/12 19:47:13 | 000,000,814 | ---- | C] () -- I:\Documents and Settings\Joe\Desktop\Photoshop.lnk
[2011/09/12 19:44:10 | 000,000,819 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2011/09/12 19:44:09 | 000,000,814 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop 7.0.lnk
[2011/09/12 18:28:51 | 000,000,000 | -H-- | C] () -- I:\WINDOWS\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2011/09/12 18:28:45 | 000,000,000 | -H-- | C] () -- I:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/09/12 16:02:09 | 000,000,000 | ---- | C] () -- I:\WINDOWS\nsreg.dat
[2011/09/12 15:56:15 | 000,000,742 | ---- | C] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/12 15:56:15 | 000,000,730 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/12 15:56:15 | 000,000,724 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/09/12 12:23:28 | 000,000,000 | ---- | C] () -- I:\WINDOWS\SBWIN.INI
[2011/09/12 12:23:02 | 000,000,231 | ---- | C] () -- I:\WINDOWS\AC3API.INI
[2011/09/12 12:22:59 | 001,048,576 | ---- | C] () -- I:\WINDOWS\System32\SFMAN.DAT
[2011/09/12 12:21:51 | 000,020,930 | ---- | C] () -- I:\WINDOWS\System32\LudaP17.ini
[2011/09/12 12:21:51 | 000,000,029 | ---- | C] () -- I:\WINDOWS\System32\ctzapxx.ini
[2011/09/12 12:21:49 | 002,259,070 | R--- | C] () -- I:\WINDOWS\System32\drivers\eapci2m.ecw
[2011/09/12 12:21:49 | 000,057,856 | R--- | C] () -- I:\WINDOWS\System32\P17.dll
[2011/09/12 12:20:10 | 000,000,099 | ---- | C] () -- I:\WINDOWS\È
[2011/09/11 20:10:13 | 000,000,797 | ---- | C] () -- I:\Documents and Settings\Joe\Desktop\PageMaker.lnk
[2011/09/11 20:07:45 | 000,001,794 | ---- | C] () -- I:\Documents and Settings\Joe\Desktop\Acrobat Distiller 5.0.lnk
[2011/09/11 20:01:40 | 000,042,483 | ---- | C] () -- I:\WINDOWS\Icccodes.dat
[2011/09/11 20:01:40 | 000,039,095 | ---- | C] () -- I:\WINDOWS\Iccsigs.dat
[2011/09/11 20:01:40 | 000,000,156 | ---- | C] () -- I:\WINDOWS\Kpcms.ini
[2011/09/11 20:00:58 | 000,210,944 | ---- | C] () -- I:\WINDOWS\System32\Msvcrt10.dll
[2011/09/11 19:57:15 | 000,001,794 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 5.0.lnk
[2011/09/11 19:56:51 | 000,065,536 | ---- | C] () -- I:\WINDOWS\System32\adistres.dll
[2011/09/11 19:39:00 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\All Users\Application Data\Calibrators
[2011/09/11 19:39:00 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\Joe\Application Data\Bundle
[2011/09/11 19:39:00 | 000,000,020 | -H-- | C] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2011/09/11 19:39:00 | 000,000,012 | RH-- | C] () -- I:\Documents and Settings\All Users\Application Data\Clips
[2011/09/11 19:35:27 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\All Users\Application Data\CMMs
[2011/09/11 19:35:27 | 000,000,268 | RH-- | C] () -- I:\Documents and Settings\Joe\Application Data\Brother
[2011/09/11 19:35:27 | 000,000,020 | -H-- | C] () -- I:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/09/11 19:35:27 | 000,000,012 | RH-- | C] () -- I:\Documents and Settings\All Users\Application Data\Chorus
[2011/09/11 19:27:39 | 000,000,759 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Picasa 3.lnk
[2011/09/11 16:19:05 | 000,000,885 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/09/11 14:44:57 | 000,000,725 | ---- | C] () -- I:\Documents and Settings\Joe\Desktop\Streets.lnk
[2011/09/11 14:12:20 | 000,002,016 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Streets & Trips 2011.lnk
[2011/09/10 21:42:46 | 000,000,737 | ---- | C] () -- I:\Documents and Settings\Joe\Start Menu\Programs\Webshots Desktop.lnk
[2011/09/10 21:42:46 | 000,000,731 | ---- | C] () -- I:\Documents and Settings\Joe\Desktop\Webshots Desktop.lnk
[2011/09/10 20:33:01 | 000,001,124 | ---- | C] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk
[2011/09/10 14:34:55 | 000,001,734 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/09/10 14:34:54 | 000,002,347 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/10 14:18:26 | 002,469,248 | ---- | C] () -- I:\WINDOWS\System32\BootMan.exe
[2011/09/10 14:18:26 | 000,086,408 | ---- | C] () -- I:\WINDOWS\System32\setupempdrv03.exe
[2011/09/10 14:18:26 | 000,019,840 | ---- | C] () -- I:\WINDOWS\System32\EuEpmGdi.dll
[2011/09/10 14:18:26 | 000,013,192 | ---- | C] () -- I:\WINDOWS\System32\epmntdrv.sys
[2011/09/10 14:18:26 | 000,008,456 | ---- | C] () -- I:\WINDOWS\System32\EuGdiDrv.sys
[2011/09/10 14:18:26 | 000,001,075 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\EASEUS Partition.lnk
[2011/09/10 13:56:04 | 000,000,630 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2011/09/10 12:59:24 | 000,001,018 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2011/09/10 12:58:04 | 000,001,985 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Windows Live Photo Gallery.lnk
[2011/09/10 12:49:00 | 000,202,412 | ---- | C] () -- I:\WINDOWS\hpoins41.dat
[2011/09/10 12:48:59 | 000,001,253 | ---- | C] () -- I:\WINDOWS\hpomdl41.dat
[2011/09/10 12:44:53 | 000,020,594 | ---- | C] () -- I:\WINDOWS\System32\DELS1LMK.DLL
[2011/09/10 12:44:53 | 000,000,533 | ---- | C] () -- I:\WINDOWS\System32\DELS1LMK.SMT
[2011/09/10 12:00:00 | 000,000,769 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\EarthLink MailBox.lnk
[2011/09/09 23:04:58 | 000,613,334 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/09/09 23:04:58 | 000,572,557 | ---- | C] () -- I:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/09/09 23:04:58 | 000,375,519 | ---- | C] () -- I:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/09/09 23:04:58 | 000,354,468 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/09/09 23:04:58 | 000,343,204 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/09/09 23:04:58 | 000,343,204 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/09/09 23:04:58 | 000,300,969 | ---- | C] () -- I:\WINDOWS\System32\dllcache\viz.wmv
[2011/09/09 23:04:58 | 000,172,196 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/09/09 23:04:58 | 000,172,196 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/09/09 23:04:58 | 000,172,196 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/09/09 23:04:58 | 000,086,196 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/09/09 23:04:58 | 000,086,180 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/09/09 23:04:58 | 000,086,180 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/09/09 23:04:58 | 000,077,307 | ---- | C] () -- I:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/09/09 23:04:58 | 000,067,866 | ---- | C] () -- I:\WINDOWS\System32\drivers\netwlan5.img
[2011/09/09 23:04:58 | 000,067,374 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/09/09 23:04:58 | 000,023,829 | ---- | C] () -- I:\WINDOWS\System32\dllcache\tourbg.gif
[2011/09/09 23:04:58 | 000,023,195 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmplay.chm
[2011/09/09 23:04:58 | 000,022,060 | ---- | C] () -- I:\WINDOWS\System32\dllcache\npds.zip
[2011/09/09 23:04:58 | 000,017,489 | ---- | C] () -- I:\WINDOWS\System32\dllcache\videobg.gif
[2011/09/09 23:04:58 | 000,017,272 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmdm.inf
[2011/09/09 23:04:58 | 000,010,457 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmptour.hta
[2011/09/09 23:04:58 | 000,008,677 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wm7.gif
[2011/09/09 23:04:58 | 000,007,892 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wm9.gif
[2011/09/09 23:04:58 | 000,007,636 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wm2.gif
[2011/09/09 23:04:58 | 000,007,369 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wm4.gif
[2011/09/09 23:04:58 | 000,006,769 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/09/09 23:04:58 | 000,006,241 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wm3.gif
[2011/09/09 23:04:58 | 000,006,060 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wm6.gif
[2011/09/09 23:04:58 | 000,005,789 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wm1.gif
[2011/09/09 23:04:58 | 000,005,290 | ---- | C] () -- I:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/09/09 23:04:58 | 000,004,193 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wm8.gif
[2011/09/09 23:04:58 | 000,003,187 | ---- | C] () -- I:\WINDOWS\System32\dllcache\tour.js
[2011/09/09 23:04:58 | 000,002,477 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wm5.gif
[2011/09/09 23:04:58 | 000,002,469 | ---- | C] () -- I:\WINDOWS\System32\dllcache\tplay.gif
[2011/09/09 23:04:58 | 000,002,450 | ---- | C] () -- I:\WINDOWS\System32\dllcache\tpause.gif
[2011/09/09 23:04:58 | 000,002,375 | ---- | C] () -- I:\WINDOWS\System32\dllcache\tplayh.gif
[2011/09/09 23:04:58 | 000,002,371 | ---- | C] () -- I:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/09/09 23:04:58 | 000,001,771 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmptour.css
[2011/09/09 23:04:58 | 000,001,398 | ---- | C] () -- I:\WINDOWS\System32\dllcache\taon.gif
[2011/09/09 23:04:58 | 000,001,380 | ---- | C] () -- I:\WINDOWS\System32\dllcache\taonh.gif
[2011/09/09 23:04:58 | 000,001,380 | ---- | C] () -- I:\WINDOWS\System32\dllcache\taoff.gif
[2011/09/09 23:04:58 | 000,001,367 | ---- | C] () -- I:\WINDOWS\System32\dllcache\taoffh.gif
[2011/09/09 23:04:58 | 000,001,148 | ---- | C] () -- I:\WINDOWS\System32\dllcache\snd.htm
[2011/09/09 23:04:58 | 000,000,908 | ---- | C] () -- I:\WINDOWS\System32\dllcache\skins.inf
[2011/09/09 23:04:58 | 000,000,855 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/09/09 23:04:58 | 000,000,420 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmploc.js
[2011/09/09 23:04:58 | 000,000,403 | ---- | C] () -- I:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/09/09 23:04:56 | 000,457,607 | ---- | C] () -- I:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/09/09 23:04:56 | 000,018,286 | ---- | C] () -- I:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/09/09 23:04:56 | 000,005,971 | ---- | C] () -- I:\WINDOWS\System32\dllcache\events.js
[2011/09/09 23:04:56 | 000,002,778 | ---- | C] () -- I:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/09/09 23:04:56 | 000,002,545 | ---- | C] () -- I:\WINDOWS\System32\dllcache\mplogo.gif
[2011/09/09 23:04:54 | 000,381,425 | ---- | C] () -- I:\WINDOWS\System32\dllcache\copycd.wmv
[2011/09/09 23:04:54 | 000,129,045 | ---- | C] () -- I:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/09/09 23:04:54 | 000,009,585 | ---- | C] () -- I:\WINDOWS\System32\dllcache\controls.css
[2011/09/09 23:04:54 | 000,008,298 | ---- | C] () -- I:\WINDOWS\System32\dllcache\contents.htm
[2011/09/09 23:04:54 | 000,006,878 | ---- | C] () -- I:\WINDOWS\System32\dllcache\controls.js
[2011/09/09 23:04:54 | 000,000,999 | ---- | C] () -- I:\WINDOWS\System32\dllcache\bktrh.gif
[2011/09/09 23:04:54 | 000,000,773 | ---- | C] () -- I:\WINDOWS\System32\dllcache\cnth.gif
[2011/09/09 23:04:54 | 000,000,773 | ---- | C] () -- I:\WINDOWS\System32\dllcache\cnt.gif
[2011/09/09 23:04:54 | 000,000,772 | ---- | C] () -- I:\WINDOWS\System32\dllcache\cntd.gif
[2011/09/09 23:04:54 | 000,000,760 | ---- | C] () -- I:\WINDOWS\System32\dllcache\cloapph.gif
[2011/09/09 23:04:54 | 000,000,717 | ---- | C] () -- I:\WINDOWS\System32\dllcache\cloapp.gif
[2011/09/09 23:04:42 | 000,064,352 | ---- | C] () -- I:\WINDOWS\System32\drivers\ativmc20.cod
[2011/09/09 22:51:29 | 000,000,337 | ---- | C] () -- I:\Documents and Settings\Joe\Desktop\My Documents.lnk
[2011/09/09 22:51:16 | 000,000,104 | ---- | C] () -- I:\Documents and Settings\Joe\Desktop\My Computer.lnk
[2011/09/09 22:42:42 | 000,000,079 | ---- | C] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/09/09 22:42:35 | 000,000,738 | ---- | C] () -- I:\Documents and Settings\Joe\Start Menu\Programs\Outlook Express.lnk
[2011/09/09 22:42:33 | 000,000,815 | ---- | C] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/09 22:42:33 | 000,000,803 | ---- | C] () -- I:\Documents and Settings\Joe\Start Menu\Programs\Internet Explorer.lnk
[2011/09/09 22:42:28 | 000,001,599 | ---- | C] () -- I:\Documents and Settings\Joe\Start Menu\Programs\Remote Assistance.lnk
[2011/09/09 22:42:28 | 000,000,792 | ---- | C] () -- I:\Documents and Settings\Joe\Start Menu\Programs\Windows Media Player.lnk
[2011/09/09 22:41:57 | 000,013,588 | ---- | C] () -- I:\WINDOWS\System32\wpa.bak
[2011/09/09 22:38:22 | 000,008,192 | ---- | C] () -- I:\WINDOWS\REGLOCS.OLD
[2011/09/09 22:37:23 | 000,002,048 | --S- | C] () -- I:\WINDOWS\bootstat.dat
[2011/09/09 22:36:39 | 000,175,104 | ---- | C] () -- I:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/09/09 22:36:21 | 001,158,818 | ---- | C] () -- I:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/09/09 22:36:12 | 000,059,392 | ---- | C] () -- I:\WINDOWS\System32\dllcache\imscinst.exe
[2011/09/09 22:36:10 | 000,196,665 | ---- | C] () -- I:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/09/09 22:36:08 | 000,134,339 | ---- | C] () -- I:\WINDOWS\System32\dllcache\imekr.lex
[2011/09/09 22:35:54 | 013,463,552 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/09/09 22:35:47 | 000,108,827 | ---- | C] () -- I:\WINDOWS\System32\dllcache\hanja.lex
[2011/09/09 22:35:29 | 000,173,568 | ---- | C] () -- I:\WINDOWS\System32\dllcache\chtskf.dll
[2011/09/09 22:34:14 | 000,023,392 | ---- | C] () -- I:\WINDOWS\System32\nscompat.tlb
[2011/09/09 22:34:14 | 000,016,832 | ---- | C] () -- I:\WINDOWS\System32\amcompat.tlb
[2011/09/09 22:34:13 | 000,316,640 | ---- | C] () -- I:\WINDOWS\WMSysPr9.prx
[2011/09/09 22:33:12 | 000,000,786 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/09/09 22:33:00 | 004,399,505 | ---- | C] () -- I:\WINDOWS\System32\dllcache\nls302en.lex
[2011/09/09 22:31:58 | 000,048,680 | -HS- | C] () -- I:\WINDOWS\winnt256.bmp
[2011/09/09 22:31:58 | 000,048,680 | -HS- | C] () -- I:\WINDOWS\winnt.bmp
[2011/09/09 22:31:43 | 000,000,984 | ---- | C] () -- I:\WINDOWS\System32\dllcache\srframe.mmf
[2011/09/09 22:30:03 | 000,000,609 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/09/09 22:30:01 | 000,021,640 | ---- | C] () -- I:\WINDOWS\System32\emptyregdb.dat
[2011/09/09 22:29:43 | 000,001,986 | ---- | C] () -- I:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/09/09 22:28:50 | 000,065,832 | ---- | C] () -- I:\WINDOWS\Santa Fe Stucco.bmp
[2011/09/09 22:28:50 | 000,026,680 | ---- | C] () -- I:\WINDOWS\River Sumida.bmp
[2011/09/09 22:28:50 | 000,017,362 | ---- | C] () -- I:\WINDOWS\Rhododendron.bmp
[2011/09/09 22:28:50 | 000,009,522 | ---- | C] () -- I:\WINDOWS\Zapotec.bmp
[2011/09/09 22:28:49 | 000,065,954 | ---- | C] () -- I:\WINDOWS\Prairie Wind.bmp
[2011/09/09 22:28:49 | 000,026,582 | ---- | C] () -- I:\WINDOWS\Greenstone.bmp
[2011/09/09 22:28:49 | 000,017,336 | ---- | C] () -- I:\WINDOWS\Gone Fishing.bmp
[2011/09/09 22:28:49 | 000,016,730 | ---- | C] () -- I:\WINDOWS\FeatherTexture.bmp
[2011/09/09 22:28:48 | 000,065,978 | ---- | C] () -- I:\WINDOWS\Soap Bubbles.bmp
[2011/09/09 22:28:48 | 000,017,062 | ---- | C] () -- I:\WINDOWS\Coffee Bean.bmp
[2011/09/09 22:28:48 | 000,001,272 | ---- | C] () -- I:\WINDOWS\Blue Lace 16.bmp
[2011/09/09 22:28:40 | 000,001,161 | ---- | C] () -- I:\WINDOWS\System32\usrlogon.cmd
[2011/09/09 22:28:39 | 000,003,286 | ---- | C] () -- I:\WINDOWS\System32\tslabels.h
[2011/09/09 22:28:34 | 000,000,768 | ---- | C] () -- I:\WINDOWS\System32\msdtcprf.h
[2011/09/09 22:28:20 | 000,063,488 | ---- | C] () -- I:\WINDOWS\System32\wmimgmt.msc
[2011/09/09 15:17:07 | 000,004,161 | ---- | C] () -- I:\WINDOWS\ODBCINST.INI
[2011/09/09 15:17:04 | 001,685,606 | ---- | C] () -- I:\WINDOWS\System32\dllcache\sam.spd
[2011/09/09 15:17:04 | 000,000,888 | ---- | C] () -- I:\WINDOWS\System32\dllcache\sam.sdf
[2011/09/09 15:17:02 | 000,605,050 | ---- | C] () -- I:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/09/09 15:17:01 | 000,643,717 | ---- | C] () -- I:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/09/09 15:16:20 | 000,002,577 | ---- | C] () -- I:\WINDOWS\System32\CONFIG.NT
[2011/09/09 15:16:20 | 000,001,688 | ---- | C] () -- I:\WINDOWS\System32\AUTOEXEC.NT
[2011/09/09 15:16:07 | 000,008,574 | ---- | C] () -- I:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/09/09 15:16:07 | 000,007,382 | ---- | C] () -- I:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/09/09 15:16:06 | 001,042,903 | ---- | C] () -- I:\WINDOWS\System32\dllcache\SP2.CAT
[2011/09/09 15:16:06 | 000,797,189 | ---- | C] () -- I:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/09/09 15:16:06 | 000,399,645 | ---- | C] () -- I:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/09/09 15:16:06 | 000,037,484 | ---- | C] () -- I:\WINDOWS\System32\dllcache\MW770.CAT
[2011/09/09 15:16:06 | 000,013,472 | ---- | C] () -- I:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/09/09 15:16:06 | 000,007,334 | ---- | C] () -- I:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/09/09 15:15:06 | 000,298,848 | ---- | C] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/09 15:14:09 | 000,000,327 | RHS- | C] () -- I:\boot.ini
[2011/09/09 15:14:06 | 000,000,261 | ---- | C] () -- I:\WINDOWS\System32\$winnt$.inf
[2006/02/28 05:00:00 | 013,107,200 | ---- | C] () -- I:\WINDOWS\System32\oembios.bin
[2006/02/28 05:00:00 | 000,673,088 | ---- | C] () -- I:\WINDOWS\System32\mlang.dat
[2006/02/28 05:00:00 | 000,495,958 | ---- | C] () -- I:\WINDOWS\System32\perfh009.dat
[2006/02/28 05:00:00 | 000,272,128 | ---- | C] () -- I:\WINDOWS\System32\perfi009.dat
[2006/02/28 05:00:00 | 000,218,003 | ---- | C] () -- I:\WINDOWS\System32\dssec.dat
[2006/02/28 05:00:00 | 000,084,442 | ---- | C] () -- I:\WINDOWS\System32\perfc009.dat
[2006/02/28 05:00:00 | 000,046,258 | ---- | C] () -- I:\WINDOWS\System32\mib.bin
[2006/02/28 05:00:00 | 000,028,626 | ---- | C] () -- I:\WINDOWS\System32\perfd009.dat
[2006/02/28 05:00:00 | 000,004,569 | ---- | C] () -- I:\WINDOWS\System32\secupd.dat
[2006/02/28 05:00:00 | 000,004,461 | ---- | C] () -- I:\WINDOWS\System32\oembios.dat
[2006/02/28 05:00:00 | 000,001,804 | ---- | C] () -- I:\WINDOWS\System32\dcache.bin
[2006/02/28 05:00:00 | 000,000,741 | ---- | C] () -- I:\WINDOWS\System32\noise.dat
[2002/03/13 15:46:46 | 000,053,248 | R--- | C] () -- I:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2011/09/10 21:31:56 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\agi
[2011/09/10 12:36:00 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\AVG2012
[2011/09/13 17:18:41 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\BearShare
[2011/09/20 20:10:29 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/09/10 12:18:27 | 000,000,000 | -H-D | M] -- I:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/11 19:39:00 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/09/20 18:48:09 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\iMesh
[2011/10/03 09:15:46 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\MFAData
[2011/09/11 19:37:05 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Nikon
[2011/09/11 20:18:14 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\OfficeGuardian
[2011/10/03 12:37:34 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\TEMP
[2011/09/11 19:39:00 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/09/12 19:36:27 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\WinZip
[2011/09/13 17:21:20 | 000,000,000 | -H-D | M] -- I:\Documents and Settings\All Users\Application Data\{22413C8E-60CA-4C36-8C3D-C5FDE865E4A3}
[2011/09/16 13:25:01 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/09/12 20:53:08 | 000,000,000 | ---D | M] -- I:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/09/20 18:52:50 | 000,000,000 | -H-D | M] -- I:\Documents and Settings\All Users\Application Data\{71C01C2D-E157-4490-AEA7-088A4E791A2E}
[2011/09/14 21:57:52 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\AGI
[2011/10/03 10:56:16 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\AVG
[2011/09/10 12:18:32 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\AVG Secure Search
[2011/09/10 12:21:28 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\AVG2012
[2011/09/13 17:46:20 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\bsbandmltbpi
[2011/09/10 12:00:12 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\EarthLink
[2011/09/21 09:25:29 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\imeshbandmltbpi
[2011/09/11 19:56:38 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\InterTrust
[2011/09/13 17:48:11 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\mediabarbs
[2011/09/21 09:26:02 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\mediabarim
[2011/09/16 10:06:58 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\Netscape
[2011/09/17 16:08:12 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\Nikon
[2011/09/11 16:23:08 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\OpenOffice.org
[2011/09/16 10:03:29 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\Photodex
[2011/09/16 15:48:26 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\Uniblue
[2011/09/21 20:09:53 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\uTorrent
[2011/09/10 21:42:47 | 000,000,000 | ---D | M] -- I:\Documents and Settings\Joe\Application Data\Webshots
[2011/09/27 09:56:49 | 000,000,330 | ---- | M] () -- I:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
[2011/10/03 13:03:20 | 000,000,290 | ---- | M] () -- I:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2011/10/03 13:03:20 | 000,000,300 | ---- | M] () -- I:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/09/09 15:14:09 | 000,000,210 | ---- | M] () -- I:\Boot.bak
[2011/10/03 12:40:38 | 000,000,327 | RHS- | M] () -- I:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- I:\cmldr
[2011/10/03 13:03:11 | 3757,625,344 | -HS- | M] () -- I:\hiberfil.sys
[2006/02/28 05:00:00 | 000,047,564 | RHS- | M] () -- I:\NTDETECT.COM
[2011/09/10 00:16:49 | 000,250,048 | RHS- | M] () -- I:\ntldr
[2011/10/03 13:03:10 | 3757,555,712 | -HS- | M] () -- I:\pagefile.sys
[2011/09/16 10:07:15 | 000,001,670 | ---- | M] () -- I:\photodex-presenter-install.log
[2011/09/10 12:38:53 | 000,000,014 | ---- | M] () -- I:\RECOVER.TXT

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- I:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2011/09/09 22:33:57 | 000,000,067 | -HS- | M] () -- I:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/04/20 12:23:48 | 000,315,904 | ---- | M] (Hewlett-Packard Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70w.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/09/09 15:14:09 | 000,094,208 | ---- | M] () -- I:\WINDOWS\System32\config\default.sav
[2011/09/09 15:14:09 | 000,659,456 | ---- | M] () -- I:\WINDOWS\System32\config\software.sav
[2011/09/09 15:14:08 | 000,921,600 | ---- | M] () -- I:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/09/10 00:20:03 | 000,000,272 | -HS- | M] () -- I:\Documents and Settings\All Users\Start Menu\desktop.ini
[2011/09/12 12:23:19 | 000,000,219 | ---- | M] () -- I:\Documents and Settings\All Users\Start Menu\Free AOL & Unlimited Internet.url

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/09/09 22:42:43 | 000,000,119 | -HS- | M] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/09/09 22:42:42 | 000,000,079 | ---- | M] () -- I:\Documents and Settings\Joe\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/10/03 15:17:37 | 000,582,656 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Joe\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/09/09 22:42:42 | 000,000,122 | -HS- | M] () -- I:\Documents and Settings\Joe\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/10/03 13:06:06 | 000,032,768 | -HS- | M] () -- I:\Documents and Settings\Joe\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2008/04/13 17:12:38 | 000,208,896 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- I:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- I:\Program Files\Messenger\lvback.gif
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Messenger\msgsc.dll
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Messenger\msmsgs.exe
[2007/04/02 11:07:23 | 000,002,882 | ---- | M] () -- I:\Program Files\Messenger\newalert.wav
[2007/04/02 11:07:23 | 000,006,156 | ---- | M] () -- I:\Program Files\Messenger\newemail.wav
[2007/04/02 11:07:24 | 000,006,160 | ---- | M] () -- I:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- I:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- I:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> I:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 146 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 109 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >