Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gadcom.exe, firefox popups


  • This topic is locked This topic is locked
15 replies to this topic

#1 coglesogle

coglesogle

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 05 January 2009 - 05:59 PM

I've been having random pop ups while on the internet that I've never had before. I also have several things that keep showing up in AVG scans even after I "heal" them. One of these files is called gadcom.exe which I guess is a trojan. Thanks in advance for helping me, here is my log file.

DDS (Version 1.1.0) - NTFSx86
Run by Chris at 17:37:08.37 on Mon 01/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.921 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\stf2ED.tmp
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: {0ff2520d-408a-48b1-bca5-8336a71ad19a} - c:\windows\system32\fccccYpQ.dll
BHO: {85b9275e-5382-fd2b-5344-c1e9a935f9e5}: {5e9f539a-9e1c-4435-b2df-2835e5729b58} - c:\windows\system32\qtzwga.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\pmnnnmkj.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ares] "c:\program files\ares\Ares.exe" -h
mRun: [CTSysVol] c:\program files\creative\sbaudigy ls\surround mixer\CTSysVol.exe /r
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [b42761d2] rundll32.exe "c:\windows\system32\vhrnstfr.dll",b
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {40B2063F-DB01-4962-BE63-59435C01283C} - c:\progra~1\doyles~1\client.exe
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\program files\titan poker\casino.exe
IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe
IE: {83F8B625-1B04-4c35-8BA1-6DB4D7EDBADF} - c:\program files\riverbellempp\MPPoker.exe
IE: {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - c:\program files\noble poker\casino.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {EFFF8D47-D060-4108-B761-E8EC86622E56} - c:\documents and settings\all users\start menu\programs\absolute poker\Absolute Poker.lnk
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\GameClient.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: aol.com\free
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: pmnnnmkj - pmnnnmkj.dll
AppInit_DLLs: avgrsstx.dll qtzwga.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\pmnnnmkj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccccYpQ

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\8yaut70w.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-5 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-5 26824]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [2005-8-22 44032]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-5 231704]
R4 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-12-13 23856]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\drivers\aldebaran.sys --> c:\windows\system32\drivers\Aldebaran.sys [?]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [2005-10-31 17536]
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter;c:\windows\system32\drivers\swld23u.sys [2005-10-31 82888]
S3 swlubtl;WLAN USB Boot Device;c:\windows\system32\drivers\swlubtl.sys [2005-10-31 53690]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-01-05 17:20 <DIR> --d----- c:\program files\Trend Micro
2009-01-05 01:08 129,024 a------- c:\windows\system32\qtzwga.dll
2009-01-05 01:08 129,024 a------- c:\windows\system32\wnayfxgg.dll
2009-01-05 01:02 1,307,356 ---sh--- c:\windows\system32\rftsnrhv.ini
2009-01-05 01:02 72,704 a------- c:\windows\system32\vhrnstfr.dll
2009-01-05 01:02 728,468 a--sh--- c:\windows\system32\QpYccccf.ini2
2009-01-05 01:02 728,468 a--sh--- c:\windows\system32\QpYccccf.ini
2009-01-05 01:02 302,592 a------- c:\windows\system32\fccccYpQ.dll
2009-01-05 00:57 <DIR> --d----- c:\docume~1\chris\applic~1\gadcom
2009-01-05 00:56 34,816 a------- c:\windows\system32\pmnnnmkj.dll
2009-01-05 00:56 22,016 a------- c:\windows\system32\~.exe
2009-01-03 15:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-01-03 15:19 <DIR> --d----- c:\program files\Security Task Manager
2008-12-12 00:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

==================== Find3M ====================

2008-11-30 22:25 27,608 a------- c:\docume~1\chris\applic~1\GDIPFONTCACHEV1.DAT
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-11 14:16 48,456 a------- c:\windows\system32\UninstallElectricSheep.exe

============= FINISH: 17:40:10.45 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 07 January 2009 - 05:45 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 coglesogle

coglesogle
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 07 January 2009 - 11:14 PM

Hey, thanks for your help and sorry I'm taking so long. I did everything you instructed and the first two scans went well and I've posted them below as you asked. The last part, using GMER, caused my computer to crash both times I tried it. It gave me a missing file error when it rebooted and then windows suggested that it was a driver problem. I can do it again and write down exactly what it said if you want, I just wasn't sure that purposefully crashing my computer again could be a good thing.

Malwarebytes' Anti-Malware 1.32
Database version: 1629
Windows 5.1.2600 Service Pack 2

1/7/2009 7:47:43 PM
mbam-log-2009-01-07 (19-47-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 161518
Time elapsed: 2 hour(s), 32 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 21
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 5
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fccccYpQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ogkospka.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pmnnnmkj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qtzwga.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kbjixdvb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fudkbb.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brow

ser Helper Objects\{0ff2520d-408a-48b1-bca5-8336a71ad19a} (Trojan.Vundo.H)

-> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0ff2520d-408a-48b1-bca5-8336a71ad19a}

(Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brow

ser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H)

-> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

NT\CurrentVersion\Winlogon\Notify\pmnnnmkj (Trojan.Vundo.H) -> Delete on

reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}

(Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brow

ser Helper Objects\{beabfa5c-473c-4981-853e-dc439541dcf9} (Trojan.Vundo.H)

-> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{beabfa5c-473c-4981-853e-dc439541dcf9}

(Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ff

2520d-408a-48b1-bca5-8336a71ad19a} (Trojan.Vundo) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d7

94cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bea

bfa5c-473c-4981-853e-dc439541dcf9} (Trojan.Vundo) -> Quarantined and

deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d57

92aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Lop) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spee

dRunner (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined

and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined

and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined

and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) ->

Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wea

ther Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b42761d2

(Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shel

lExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) ->

Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification

Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccccypq ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad:

("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication

Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccccypq -> Delete

on reboot.

Folders Infected:
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted

successfully.
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted

successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted

successfully.
C:\Documents and Settings\Chris\Application Data\gadcom (Trojan.Agent) ->

Delete on reboot.
C:\Documents and Settings\Chris\Application Data\speedrunner

(Adware.SurfAccuracy) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\fccccYpQ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\QpYccccf.ini (Trojan.Vundo.H) -> Quarantined and

deleted successfully.
C:\WINDOWS\system32\QpYccccf.ini2 (Trojan.Vundo.H) -> Quarantined and

deleted successfully.
C:\WINDOWS\system32\pmnnnmkj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fudkbb.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dpbffsms.dll (Trojan.Vundo.H) -> Quarantined and

deleted successfully.
C:\WINDOWS\system32\smsffbpd.ini (Trojan.Vundo.H) -> Quarantined and

deleted successfully.
C:\WINDOWS\system32\ogkospka.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\akpsokgo.ini (Trojan.Vundo.H) -> Quarantined and

deleted successfully.
C:\WINDOWS\system32\vhrnstfr.dll (Trojan.Vundo.H) -> Quarantined and

deleted successfully.
C:\WINDOWS\system32\rftsnrhv.ini (Trojan.Vundo.H) -> Quarantined and

deleted successfully.
C:\WINDOWS\system32\qtzwga.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\kbjixdvb.dll (Trojan.Vundo) -> Quarantined and deleted

successfully.
C:\Documents and Settings\Chris\Application Data\gadcom\gadcom.exe

(Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet

Files\Content.IE5\4NU5A52N\CARWJJYM (Trojan.Vundo) -> Quarantined and

deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet

Files\Content.IE5\8TM78PMF\upd105320[1] (Trojan.Vundo.H) -> Quarantined

and deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet

Files\Content.IE5\KP2ZWDAN\index[1] (Trojan.Vundo) -> Quarantined and

deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet

Files\Content.IE5\WE3GU6BE\152[1].net (Trojan.Dropper) -> Quarantined and

deleted successfully.
C:\Documents and Settings\Chris\Local Settings\Temporary Internet

Files\Content.IE5\YHN0LKBA\load[1].exe (Trojan.Dropper) -> Quarantined and

deleted successfully.
C:\System Volume

Information\_restore{F4462B83-64C2-4081-BDF3-B0F34408D50D}\RP1210\A0200644

.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wnayfxgg.dll (Trojan.Vundo) -> Quarantined and deleted

successfully.
C:\WINDOWS\system32\~.exe (Trojan.Dropper) -> Quarantined and deleted

successfully.
C:\Documents and Settings\Chris\Application Data\speedrunner\config.cfg

(Adware.SurfAccuracy) -> Quarantined and deleted successfully.

#4 coglesogle

coglesogle
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 07 January 2009 - 11:19 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Chris at 2009-01-07 23:15:40
Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (12%) free of 114 GB
Total RAM: 2047 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:51 PM, on 1/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Chris\Desktop\utorrent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Chris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Chris\Application Data\SpeedRunner\SpeedRunner.exe
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra button: River Belle Poker - {83F8B625-1B04-4c35-8BA1-6DB4D7EDBADF} - C:\Program Files\riverbelleMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134467470875
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll fudkbb.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 1: GRAND THEFT AUTO IV - http://www.rockstargames.com/IV/

--
End of file - 7916 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-05 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-05 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"=C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe [2003-05-02 57344]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2003-12-01 892928]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ares"=C:\Program Files\Ares\Ares.exe [2006-03-12 1233408]
"SpeedRunner"=C:\Documents and Settings\Chris\Application Data\SpeedRunner\SpeedRunner.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APVXDWIN]
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe [2006-03-12 1233408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe /pause []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C2kWep]
C:\Program Files\Netopia\C3kWEPn.exe [2005-02-23 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe [2005-11-07 601200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe [2003-03-04 86100]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2008-09-17 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\System32\NvMcTray.dll [2008-09-17 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO]
C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Up list body roam]
C:\Documents and Settings\All Users\Application Data\default heart roam idol\Exit web meal.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2005-10-31 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
C:\Documents and Settings\Chris\Desktop\GameSpot\GameSpotDownloadManager_Win32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
C:\PROGRA~1\Yahoo!\Widgets\YAHOOW~1.EXE [2008-03-18 4742184]

C:\Documents and Settings\Chris\Start Menu\Programs\Startup
Digsby.lnk - C:\Program Files\Digsby\digsby.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll fudkbb.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares"
"C:\Documents and Settings\Chris\Desktop\utorrent.exe"="C:\Documents and Settings\Chris\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\ElectricSheep.scr"="C:\WINDOWS\system32\ElectricSheep.scr:*:Enabled:ElectricSheep"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e7c33d6-4a59-11da-9e56-000278ec1f60}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7abdfcaa-be81-11dd-a02a-00508d5e7bae}]
shell\AutoRun\command - F:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8467f742-cbb7-11d9-9e49-806d6172696f}]
shell\AutoRun\command - D:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e43601de-f1b6-11da-9ebf-000278ec1f60}]
shell\AutoRun\command - E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff6bd808-0bd0-11dd-a002-00183913156f}]
shell\AutoRun\command - F:\Autorun.exe /run
shell\Shell00\command - F:\Autorun.exe /run
shell\Shell01\command - F:\Autorun.exe /action
shell\Shell02\command - F:\Autorun.exe /uninstall


======List of files/folders created in the last 3 months======

2009-01-07 23:02:12 ----D---- C:\WINDOWS\LastGood
2009-01-07 20:02:17 ----A---- C:\WINDOWS\gmer.ini
2009-01-07 20:02:16 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-07 20:02:16 ----A---- C:\WINDOWS\gmer.exe
2009-01-07 20:02:16 ----A---- C:\WINDOWS\gmer.dll
2009-01-07 19:56:25 ----D---- C:\rsit
2009-01-07 16:32:34 ----D---- C:\Documents and Settings\Chris\Application Data\Malwarebytes
2009-01-07 16:32:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-07 16:32:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-06 01:13:43 ----D---- C:\Documents and Settings\Chris\Application Data\Twain
2009-01-05 18:34:11 ----D---- C:\Documents and Settings\Chris\Application Data\JAM Software
2009-01-05 17:20:31 ----D---- C:\Program Files\Trend Micro
2009-01-05 11:12:10 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-05 01:02:24 ----A---- C:\WINDOWS\system32\bf04a5ac-.txt
2009-01-03 15:19:42 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-01-03 15:19:33 ----D---- C:\Program Files\Security Task Manager
2008-12-12 00:07:22 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-12 00:05:25 ----D---- C:\Program Files\QuickTime
2008-12-04 12:20:25 ----D---- C:\Documents and Settings\Chris\Application Data\Canneverbe_Limited
2008-12-04 12:20:05 ----D---- C:\Program Files\CDBurnerXP
2008-12-01 18:11:13 ----D---- C:\Program Files\MySQL
2008-11-30 23:15:17 ----D---- C:\Documents and Settings\Chris\Application Data\vlc
2008-11-29 20:52:22 ----D---- C:\Documents and Settings\Chris\Application Data\AdobeAUM
2008-11-24 21:56:43 ----D---- C:\Documents and Settings\All Users\Application Data\Digsby
2008-11-24 21:54:17 ----D---- C:\Documents and Settings\Chris\Application Data\Digsby
2008-11-24 21:53:04 ----D---- C:\Program Files\Digsby
2008-11-24 16:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-11-24 16:29:32 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-24 16:29:31 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-11-24 16:29:00 ----D---- C:\Program Files\Windows Media Connect 2
2008-11-24 16:28:07 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2008-11-24 16:27:41 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-24 16:27:36 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-11-22 14:46:01 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-11-21 19:50:10 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-11-21 19:28:45 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-11-13 07:00:04 ----D---- C:\Program Files\Bonjour
2008-10-14 19:27:06 ----D---- C:\Program Files\Cake Poker
2008-10-11 14:16:44 ----A---- C:\WINDOWS\system32\UninstallElectricSheep.exe

======List of files/folders modified in the last 3 months======

2009-01-07 23:15:51 ----D---- C:\WINDOWS\Temp
2009-01-07 23:15:44 ----D---- C:\Documents and Settings\Chris\Application Data\uTorrent
2009-01-07 23:03:13 ----HD---- C:\WINDOWS\inf
2009-01-07 23:03:13 ----D---- C:\WINDOWS\system32
2009-01-07 23:03:13 ----D---- C:\WINDOWS\Prefetch
2009-01-07 23:03:13 ----D---- C:\WINDOWS
2009-01-07 23:02:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-07 20:34:19 ----RSD---- C:\WINDOWS\Fonts
2009-01-07 20:16:01 ----D---- C:\Program Files\Mozilla Firefox
2009-01-07 20:02:16 ----D---- C:\WINDOWS\system32\drivers
2009-01-07 19:48:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-07 19:47:42 ----RD---- C:\Program Files
2009-01-07 06:02:22 ----HD---- C:\$AVG8.VAULT$
2009-01-06 20:24:06 ----D---- C:\Documents and Settings\Chris\Application Data\Adobe
2009-01-05 11:13:17 ----SHD---- C:\WINDOWS\Installer
2009-01-05 11:13:16 ----HD---- C:\Config.Msi
2009-01-05 11:12:54 ----D---- C:\Program Files\Lavasoft
2009-01-05 11:12:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-05 11:12:51 ----D---- C:\Documents and Settings\Chris\Application Data\Lavasoft
2009-01-05 11:11:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-03 15:12:55 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-03 15:07:37 ----D---- C:\WINDOWS\system32\config
2009-01-03 15:07:09 ----D---- C:\WINDOWS\system32\wbem
2009-01-03 15:07:09 ----D---- C:\WINDOWS\Registration
2009-01-03 15:05:32 ----D---- C:\WINDOWS\security
2009-01-03 15:04:53 ----D---- C:\WINDOWS\system32\Restore
2008-12-17 00:29:14 ----D---- C:\Program Files\Google
2008-12-16 23:55:44 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-14 06:55:32 ----D---- C:\Documents and Settings\Chris\Application Data\dvdcss
2008-12-13 19:35:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 19:30:30 ----D---- C:\Program Files\Windows Media Player
2008-12-13 03:08:35 ----D---- C:\Program Files\Starcraft
2008-12-12 00:07:50 ----D---- C:\Program Files\iTunes
2008-12-12 00:07:25 ----D---- C:\Program Files\iPod
2008-12-12 00:07:24 ----D---- C:\Program Files\Common Files\Apple
2008-11-30 16:54:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-29 19:40:26 ----A---- C:\WINDOWS\win.ini
2008-11-29 19:34:52 ----D---- C:\WINDOWS\Help
2008-11-24 21:52:33 ----D---- C:\Program Files\Common Files\AOL
2008-11-24 21:52:30 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-11-24 21:52:14 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-24 20:36:34 ----D---- C:\WINDOWS\AppPatch
2008-11-24 16:30:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-22 12:46:07 ----D---- C:\Program Files\Common Files\Adobe
2008-11-21 20:54:00 ----RASH---- C:\boot.ini
2008-11-21 20:54:00 ----A---- C:\WINDOWS\system.ini
2008-11-21 20:36:25 ----D---- C:\Program Files\Apple Software Update
2008-11-21 19:50:10 ----D---- C:\Program Files\Adobe
2008-11-21 19:45:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-21 19:29:22 ----D---- C:\WINDOWS\WinSxS
2008-11-21 19:28:45 ----D---- C:\Program Files\Common Files
2008-11-13 07:04:41 ----SD---- C:\WINDOWS\Tasks
2008-11-13 07:02:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-13 06:54:16 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-13 06:21:05 ----D---- C:\Documents and Settings\Chris\Application Data\Apple Computer
2008-11-01 14:03:24 ----D---- C:\WINDOWS\pss
2008-11-01 14:01:32 ----D---- C:\Program Files\Common Files\Ahead
2008-11-01 13:59:35 ----D---- C:\Program Files\Image-Line
2008-11-01 13:58:39 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-01 13:57:06 ----D---- C:\Documents and Settings\Chris\Application Data\Viewpoint
2008-11-01 13:57:06 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-11-01 13:57:03 ----D---- C:\Program Files\Viewpoint
2008-10-25 04:29:28 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-13 01:26:38 ----D---- C:\Documents and Settings\Chris\Application Data\AVGTOOLBAR

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2003-11-07 35328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-05 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-05 26824]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2007-08-17 20747]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2004-02-10 126878]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2004-02-10 13360]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-06-01 223128]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\getnd5b.sys [2003-09-02 44032]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\Drivers\itchfltr.sys [2003-11-08 12953]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 P17;Creative SB Audigy LS; C:\WINDOWS\system32\drivers\P17.sys [2004-01-16 687232]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-05-24 11392]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2003-05-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2003-05-14 44288]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 Aldebaran;Aldebaran - Storage Filter Drivers; \??\C:\WINDOWS\System32\Drivers\Aldebaran.sys []
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-07 85969]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-03-07 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-03-07 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\NTPASp50.sys [2004-08-10 17536]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\System32\DRIVERS\rt73.sys [2005-11-24 245248]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter; C:\WINDOWS\System32\DRIVERS\SWLD23U.sys [2003-12-17 82888]
S3 swlubtl;WLAN USB Boot Device; C:\WINDOWS\System32\Drivers\swlubtl.sys [2003-05-02 53690]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2003-05-14 21216]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2003-05-14 5728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-05 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-28 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R4 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2006-10-16 23856]
S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-21 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-01-07 19:57:13

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy LS\Program\Ctzapxx.EXE" /U /S
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0DD8AE-3DC0-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD549B7B-3532-4160-80D4-3E3DD39A9AE5}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Absolute Poker-->C:\Program Files\_uninstallation_info\Absolute Poker\CasinoUninstall.exe
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acoustica MP3 Audio Mixer-->C:\PROGRA~1\ACOUST~3\UNWISE.EXE C:\PROGRA~1\ACOUST~3\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AMD Athlon 64 Processor Driver-->MsiExec.exe /X{ABC62001-AD9F-46DB-8668-9946154D6A07}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ares 1.9.0-->"C:\Program Files\Ares\uninstall.exe"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BellSouth Wireless LAN USB Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7FB76C8-3A76-49A1-B1A4-C686E4B067B9}\setup.exe" -l0x9
Bodog Poker Version 1.9.12.0-->"C:\Program Files\Bodog Poker\unins000.exe"
Cake Poker-->C:\Program Files\Cake Poker\uninstall.exe
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Cheetah CD Burner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{808C1CB2-5632-4ABF-B4D2-4B54519E3A9A}\Setup.exe"
Compact Wireless-G USB Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}\setup.exe" -l0x9
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove
Desktop Weather by The Weather Channel-->C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Digsby-->C:\Program Files\Digsby\uninstall.exe
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Doyles Room Poker-->C:\PROGRA~1\DOYLES~1\UNWISE.EXE C:\PROGRA~1\DOYLES~1\INSTALL.LOG
ElectricSheep 2.6.6-->C:\WINDOWS\system32\UninstallElectricSheep.exe
EmpirePoker-->"C:\Program Files\EmpirePokerMaster\EmpirePoker\Uninstall.exe" "C:\Program Files\EmpirePokerMaster\EmpirePoker\install.log"
FL Studio 7-->C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
GameSpot Download Manager-->"C:\Documents and Settings\Chris\Desktop\GameSpot\uninstall.exe"
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman Blood Money-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}\setup.exe" -l0x9 -removeonly
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Instant CD & DVD Burner-->"C:\Program Files\Instant CD & DVD Burner\unins000.exe"
iPod for Windows User Guide-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B9987754-9A14-4B61-ABB3-73A79503238D} /l1033
iPod System Software Updater 2.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B02B8E30-EB28-49B0-A60F-696268BAE033} /l1033
iScrobbler-->C:\Program Files\iTunes\UninstalliScrobble.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Last.fm 1.0.7-->"C:\Program Files\Last.fm\unins000.exe"
Lexmark X5100 Series-->C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBAUN5C.EXE -dLexmark X5100 Series
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EC14D5-7AAA-4EAD-BB75-013817A96598}\Setup.Exe" -l0x9
Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech Resource Center-->C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medieval II Total War-->C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ACCESS /dll OSETUP.DLL
Microsoft Office Access 2007-->MsiExec.exe /X{90120000-0015-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG4 Direct Maker-->C:\PROGRA~1\MPEG4D~1\UNWISE.EXE C:\PROGRA~1\MPEG4D~1\INSTALL.LOG
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MySQL Tools for 5.0-->MsiExec.exe /I{CCE07B0A-3DD1-4177-9743-F5A95A57CFEF}
Noble Poker-->"C:\WINDOWS\Noble Poker setup.exe" /uninstall
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Poker (remove only)-->"C:\Program Files\Poker\uninst.exe"
PokerRoom.com (remove only)-->"C:\Program Files\PokerRoom.com\uninst.exe"
PokerStars-->C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Riva FLV Player-->"C:\Program Files\Riva\Riva FLV Player\unins000.exe"
River Belle Poker-->C:\PROGRA~1\RIVERB~1\RIVERB~1\UNWISE.EXE C:\PROGRA~1\RIVERB~1\RIVERB~1\INSTALL.LOG
Security Task Manager 1.7g-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sony Sound Forge 8.0b-->MsiExec.exe /X{48EB9208-593D-4DC7-B613-9C5A210D87BA}
Sony Vegas Pro 8.0-->MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
Sound Blaster Audigy LS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB481CC-F57C-4397-81A0-DADD22257047}\SETUP.EXE" -l0x9
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Titan Poker-->"C:\WINDOWS\Titan Poker setup.exe" /uninstall
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
VC Poker-->C:\PROGRA~1\VCPOKE~1\UNWISE.EXE C:\PROGRA~1\VCPOKE~1\INSTALL.LOG
VLC media player 0.9.6-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordBiz version 1.8-->"C:\Program Files\WordBiz\unins000.exe"
WPTonline 8.0-->C:\Program Files\WPTonline\uninstall.exe
XviD 1.1 final uninstall-->"C:\Program Files\XviD\unins000.exe"
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe

======Hosts File======

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: OGLE
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 39005
Source Name: Cdrom
Time Written: 20080922152011.000000-240
Event Type: error
User:

Computer Name: OGLE
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 39004
Source Name: Cdrom
Time Written: 20080922152008.000000-240
Event Type: error
User:

Computer Name: OGLE
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 39003
Source Name: Cdrom
Time Written: 20080922152005.000000-240
Event Type: error
User:

Computer Name: OGLE
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 39002
Source Name: Cdrom
Time Written: 20080922152002.000000-240
Event Type: error
User:

Computer Name: OGLE
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 39001
Source Name: Cdrom
Time Written: 20080922151959.000000-240
Event Type: error
User:

Application event log

Computer Name: OGLE
Event Code: 1090
Message: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Record Number: 27491
Source Name: Userenv
Time Written: 20080727212940.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: OGLE
Event Code: 1090
Message: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Record Number: 27490
Source Name: Userenv
Time Written: 20080727200340.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: OGLE
Event Code: 1090
Message: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Record Number: 27489
Source Name: Userenv
Time Written: 20080727195040.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: OGLE
Event Code: 1090
Message: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Record Number: 27488
Source Name: Userenv
Time Written: 20080727180840.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: OGLE
Event Code: 1090
Message: Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Record Number: 27487
Source Name: Userenv
Time Written: 20080727175840.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 8, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0408
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 08 January 2009 - 02:13 AM

Please disable your antivirus, antimalware and firewall before proceed with our fix.. Please re-enable them back after performing all steps given..
Please VISIT HERE if you do not know how..

Please download Lop S&D by Eric_71 and save it to your Desktop.

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 coglesogle

coglesogle
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 08 January 2009 - 06:04 PM

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon™ 64 Processor 2800+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Chris ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:13 Go)
D:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Thu 01/08/2009|17:34 )

--------------------\\ Listing folders in APPLIC~1

[12/12/2008|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[11/21/2008|07:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[11/21/2008|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ALM
[11/24/2008|09:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[04/19/2008|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[02/09/2007|03:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/02/2007|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[10/30/2006|04:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[10/05/2008|07:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[01/16/2006|10:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[08/04/2007|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> default heart roam idol
[11/24/2008|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Digsby
[11/22/2008|02:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[09/06/2006|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[08/04/2007|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IDOL UPLOAD LOCKS GRID
[01/05/2009|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[01/07/2009|04:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[02/13/2006|07:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[01/05/2009|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[10/20/2007|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[10/31/2005|04:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Motive
[11/01/2005|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[10/31/2005|02:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[01/03/2009|03:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SecTaskMan
[04/16/2008|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony
[04/24/2008|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[01/02/2007|09:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[11/01/2008|01:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[12/13/2005|04:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[11/14/2005|02:29] C:\DOCUME~1\Chris\APPLIC~1\<DIR> .bittorrent
[02/09/2007|03:51] C:\DOCUME~1\Chris\APPLIC~1\<DIR> acccore
[01/06/2009|08:24] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Adobe
[11/29/2008|08:52] C:\DOCUME~1\Chris\APPLIC~1\<DIR> AdobeAUM
[11/02/2005|01:06] C:\DOCUME~1\Chris\APPLIC~1\<DIR> AdobeUM
[04/13/2006|01:48] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Ahead
[04/04/2007|02:44] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Aim
[11/13/2008|06:21] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Apple Computer
[10/13/2008|01:26] C:\DOCUME~1\Chris\APPLIC~1\<DIR> AVGTOOLBAR
[06/26/2006|01:34] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Azureus
[12/04/2008|12:20] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Canneverbe_Limited
[03/23/2006|12:52] C:\DOCUME~1\Chris\APPLIC~1\<DIR> chinakin04
[04/07/2006|04:46] C:\DOCUME~1\Chris\APPLIC~1\<DIR> coglesogle
[10/31/2005|01:52] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Creative
[11/24/2008|09:56] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Digsby
[12/14/2008|06:55] C:\DOCUME~1\Chris\APPLIC~1\<DIR> dvdcss
[11/12/2006|11:49] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Google
[11/21/2005|02:11] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Help
[01/04/2007|08:08] C:\DOCUME~1\Chris\APPLIC~1\<DIR> HP
[05/28/2005|05:46] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Identities
[02/13/2007|08:54] C:\DOCUME~1\Chris\APPLIC~1\<DIR> InstallShield
[01/05/2009|06:34] C:\DOCUME~1\Chris\APPLIC~1\<DIR> JAM Software
[01/05/2009|11:12] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Lavasoft
[09/06/2007|12:51] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Leadertech
[10/31/2005|04:22] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Macromedia
[01/07/2009|04:32] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Malwarebytes
[02/06/2006|07:32] C:\DOCUME~1\Chris\APPLIC~1\<DIR> McAfee.com Personal Firewall
[12/23/2005|04:40] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Microgaming
[09/10/2008|06:05] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Microsoft
[02/02/2008|03:51] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Move Networks
[09/10/2008|09:18] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Mozilla
[03/28/2006|04:08] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Publish Providers
[01/26/2008|03:47] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Real
[04/18/2007|02:14] C:\DOCUME~1\Chris\APPLIC~1\<DIR> SecuROM
[04/16/2008|11:40] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Sony
[04/16/2008|11:21] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Sony Setup
[11/26/2005|09:21] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Sun
[10/05/2008|06:49] C:\DOCUME~1\Chris\APPLIC~1\<DIR> SystemRequirementsLab
[01/07/2009|04:00] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Twain
[01/08/2009|05:34] C:\DOCUME~1\Chris\APPLIC~1\<DIR> uTorrent
[11/01/2008|01:57] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Viewpoint
[11/30/2008|11:30] C:\DOCUME~1\Chris\APPLIC~1\<DIR> vlc

[05/28/2005|05:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[02/21/2006|09:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Help
[02/06/2006|07:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[10/05/2008|07:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[12/23/2006|02:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla

[10/05/2008|07:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[01/05/2009 11:06 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/07/2009 08:14 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/29/2002 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[12/19/2005|02:29] C:\Program Files\<DIR> _uninstallation_info
[02/26/2006|09:11] C:\Program Files\<DIR> Absolute Poker
[01/26/2008|03:45] C:\Program Files\<DIR> Acoustica Beatcraft
[03/29/2007|04:17] C:\Program Files\<DIR> Acoustica MP3 Audio Mixer
[06/22/2006|01:00] C:\Program Files\<DIR> Acoustica Shared Effects
[04/16/2006|01:23] C:\Program Files\<DIR> Activision
[11/21/2008|07:50] C:\Program Files\<DIR> Adobe
[04/04/2007|02:44] C:\Program Files\<DIR> AIM
[01/16/2006|10:35] C:\Program Files\<DIR> All-in-One DVD Player
[06/21/2006|08:45] C:\Program Files\<DIR> AltoMP3 Gold
[08/22/2005|11:24] C:\Program Files\<DIR> AMD
[09/22/2006|09:38] C:\Program Files\<DIR> AOD
[11/21/2008|08:36] C:\Program Files\<DIR> Apple Software Update
[04/24/2006|08:53] C:\Program Files\<DIR> Ares
[01/15/2007|05:32] C:\Program Files\<DIR> Ares Galaxy Supercharger
[01/16/2006|10:40] C:\Program Files\<DIR> ArtisanDVDPlayer
[10/05/2008|07:29] C:\Program Files\<DIR> AVG
[08/22/2005|11:26] C:\Program Files\<DIR> AvRack
[01/15/2007|05:32] C:\Program Files\<DIR> Azureus
[10/31/2005|04:06] C:\Program Files\<DIR> BellSouth
[01/15/2007|05:32] C:\Program Files\<DIR> BitComet
[12/16/2005|04:10] C:\Program Files\<DIR> Bodog Poker
[01/03/2009|03:24] C:\Program Files\<DIR> Bonjour
[01/29/2006|10:46] C:\Program Files\<DIR> BroadJump
[10/30/2008|11:38] C:\Program Files\<DIR> Cake Poker
[12/04/2008|12:20] C:\Program Files\<DIR> CDBurnerXP
[04/15/2008|07:23] C:\Program Files\<DIR> Cheetah Burner
[11/21/2008|07:28] C:\Program Files\<DIR> Common Files
[08/17/2007|05:20] C:\Program Files\<DIR> Compact Wireless-G USB Adapter Wireless Network Monitor
[05/28/2005|05:25] C:\Program Files\<DIR> ComPlus Applications
[10/31/2005|01:51] C:\Program Files\<DIR> Creative
[01/16/2006|10:46] C:\Program Files\<DIR> CyberLink
[06/01/2006|04:37] C:\Program Files\<DIR> DAEMON Tools
[08/12/2006|04:37] C:\Program Files\<DIR> Dell
[07/07/2008|01:15] C:\Program Files\<DIR> Diablo II
[01/03/2009|03:06] C:\Program Files\<DIR> Digsby
[11/09/2005|08:16] C:\Program Files\<DIR> DivX
[04/07/2006|04:45] C:\Program Files\<DIR> Doyles Room Poker
[08/22/2005|10:57] C:\Program Files\<DIR> EA SPORTS
[01/16/2006|10:39] C:\Program Files\<DIR> Easy DVD Player
[06/15/2006|05:06] C:\Program Files\<DIR> Eidos
[03/25/2007|02:14] C:\Program Files\<DIR> Eidos Interactive
[08/30/2006|08:30] C:\Program Files\<DIR> EmpirePoker
[08/30/2006|08:31] C:\Program Files\<DIR> EmpirePokerMaster
[12/17/2008|12:29] C:\Program Files\<DIR> Google
[09/06/2006|11:17] C:\Program Files\<DIR> Hewlett-Packard
[01/25/2007|03:06] C:\Program Files\<DIR> hideit11
[09/06/2006|11:19] C:\Program Files\<DIR> HP
[11/01/2008|01:59] C:\Program Files\<DIR> Image-Line
[04/05/2006|11:01] C:\Program Files\<DIR> ImTOO
[11/01/2008|01:58] C:\Program Files\<DIR> InstallShield Installation Information
[04/15/2008|07:26] C:\Program Files\<DIR> Instant CD & DVD Burner
[04/16/2008|11:26] C:\Program Files\<DIR> Internet Explorer
[12/12/2008|12:07] C:\Program Files\<DIR> iPod
[10/31/2005|04:18] C:\Program Files\<DIR> iPod Access for Windows
[12/12/2008|12:07] C:\Program Files\<DIR> iTunes
[11/26/2005|09:20] C:\Program Files\<DIR> Java
[11/05/2006|11:50] C:\Program Files\<DIR> Last.fm
[01/05/2009|11:12] C:\Program Files\<DIR> Lavasoft
[02/21/2006|09:14] C:\Program Files\<DIR> Lexmark X5100 Series
[01/15/2007|05:35] C:\Program Files\<DIR> Limouzik
[05/04/2006|05:07] C:\Program Files\<DIR> Logitech
[07/02/2006|03:50] C:\Program Files\<DIR> magix movie edit pro
[01/07/2009|04:32] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[02/13/2006|07:36] C:\Program Files\<DIR> McAfee
[02/13/2006|07:37] C:\Program Files\<DIR> McAfee.com
[02/05/2008|11:42] C:\Program Files\<DIR> Messenger
[11/05/2005|11:41] C:\Program Files\<DIR> Microsoft ActiveSync
[09/15/2007|07:43] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[05/28/2005|05:28] C:\Program Files\<DIR> microsoft frontpage
[10/20/2007|05:32] C:\Program Files\<DIR> Microsoft Office
[11/05/2005|11:40] C:\Program Files\<DIR> Microsoft Visual Studio
[10/20/2007|05:33] C:\Program Files\<DIR> Microsoft Works
[10/20/2007|05:31] C:\Program Files\<DIR> Microsoft.NET
[09/15/2007|09:51] C:\Program Files\<DIR> Movie Maker
[01/08/2009|04:37] C:\Program Files\<DIR> Mozilla Firefox
[05/29/2007|12:11] C:\Program Files\<DIR> MPEG4 Direct Maker
[04/16/2008|11:34] C:\Program Files\<DIR> MSBuild
[07/15/2008|01:00] C:\Program Files\<DIR> MSECache
[05/28/2005|05:25] C:\Program Files\<DIR> MSN
[05/28/2005|05:25] C:\Program Files\<DIR> MSN Gaming Zone
[06/11/2006|06:14] C:\Program Files\<DIR> MsnMusic
[12/22/2007|01:24] C:\Program Files\<DIR> MSXML 4.0
[10/31/2005|04:52] C:\Program Files\<DIR> MUSICMATCH
[12/01/2008|06:11] C:\Program Files\<DIR> MySQL
[02/20/2006|09:28] C:\Program Files\<DIR> NCH Swift Sound
[04/13/2006|01:06] C:\Program Files\<DIR> Nero
[09/15/2007|09:47] C:\Program Files\<DIR> NetMeeting
[10/31/2005|04:09] C:\Program Files\<DIR> Netopia
[02/06/2006|07:26] C:\Program Files\<DIR> Noble Poker
[06/22/2006|12:10] C:\Program Files\<DIR> NoteWorthy Composer
[05/28/2005|05:25] C:\Program Files\<DIR> Online Services
[02/05/2008|11:40] C:\Program Files\<DIR> Outlook Express
[03/29/2006|01:38] C:\Program Files\<DIR> PartyGaming
[09/22/2006|03:01] C:\Program Files\<DIR> Poker
[01/25/2006|01:17] C:\Program Files\<DIR> PokerRoom.com
[05/16/2008|12:46] C:\Program Files\<DIR> PokerStars
[12/12/2008|12:06] C:\Program Files\<DIR> QuickTime
[02/08/2006|07:11] C:\Program Files\<DIR> Real
[08/22/2005|11:26] C:\Program Files\<DIR> Realtek Sound Manager
[04/16/2008|11:29] C:\Program Files\<DIR> Reference Assemblies
[06/28/2008|09:35] C:\Program Files\<DIR> Riva
[12/23/2005|02:35] C:\Program Files\<DIR> riverbelleMPP
[03/23/2008|06:53] C:\Program Files\<DIR> Rockstar Games
[01/03/2009|03:41] C:\Program Files\<DIR> Security Task Manager
[02/13/2007|08:55] C:\Program Files\<DIR> SEGA
[04/16/2008|11:36] C:\Program Files\<DIR> Sony
[03/28/2006|03:51] C:\Program Files\<DIR> Sony Setup
[12/13/2008|03:08] C:\Program Files\<DIR> Starcraft
[10/05/2008|06:49] C:\Program Files\<DIR> SystemRequirementsLab
[01/15/2007|05:37] C:\Program Files\<DIR> The DeeSampler
[02/08/2006|07:14] C:\Program Files\<DIR> The Weather Channel FW
[01/26/2006|04:37] C:\Program Files\<DIR> Titan Poker
[01/15/2007|05:34] C:\Program Files\<DIR> TradeTouch
[01/05/2009|05:20] C:\Program Files\<DIR> Trend Micro
[04/18/2007|01:34] C:\Program Files\<DIR> Ubisoft
[05/28/2005|05:46] C:\Program Files\<DIR> Uninstall Information
[03/14/2006|01:51] C:\Program Files\<DIR> VC Poker
[01/15/2007|05:38] C:\Program Files\<DIR> VideoFramer
[05/02/2006|02:38] C:\Program Files\<DIR> VideoLAN
[11/01/2008|01:57] C:\Program Files\<DIR> Viewpoint
[04/16/2008|11:37] C:\Program Files\<DIR> VSTplugins
[11/24/2008|04:29] C:\Program Files\<DIR> Windows Media Connect 2
[12/13/2008|07:30] C:\Program Files\<DIR> Windows Media Player
[09/15/2007|09:47] C:\Program Files\<DIR> Windows NT
[11/01/2005|04:22] C:\Program Files\<DIR> WindowsUpdate
[03/21/2006|12:27] C:\Program Files\<DIR> WinRAR
[08/04/2006|07:07] C:\Program Files\<DIR> WordBiz
[11/20/2005|09:06] C:\Program Files\<DIR> WorldWinner.com
[07/07/2006|12:48] C:\Program Files\<DIR> WPTonline
[05/28/2005|05:28] C:\Program Files\<DIR> xerox
[07/11/2006|12:00] C:\Program Files\<DIR> XviD
[06/17/2008|03:37] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11/22/2008|12:46] C:\Program Files\Common Files\<DIR> Adobe
[11/01/2008|02:01] C:\Program Files\Common Files\<DIR> Ahead
[11/24/2008|09:52] C:\Program Files\Common Files\<DIR> AOL
[12/12/2008|12:07] C:\Program Files\Common Files\<DIR> Apple
[11/05/2005|11:40] C:\Program Files\Common Files\<DIR> Designer
[09/06/2006|11:16] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[09/06/2006|11:19] C:\Program Files\Common Files\<DIR> HP
[10/31/2005|04:06] C:\Program Files\Common Files\<DIR> InstallShield
[11/05/2005|11:37] C:\Program Files\Common Files\<DIR> L&H
[05/04/2006|05:07] C:\Program Files\Common Files\<DIR> Logitech
[11/21/2008|07:28] C:\Program Files\Common Files\<DIR> Macrovision Shared
[04/16/2008|11:35] C:\Program Files\Common Files\<DIR> Microsoft Shared
[10/31/2005|04:00] C:\Program Files\Common Files\<DIR> Motive
[05/28/2005|05:26] C:\Program Files\Common Files\<DIR> MSSoap
[02/09/2007|03:51] C:\Program Files\Common Files\<DIR> Nullsoft
[05/23/2005|01:13] C:\Program Files\Common Files\<DIR> ODBC
[01/26/2008|03:48] C:\Program Files\Common Files\<DIR> Real
[05/28/2005|05:26] C:\Program Files\Common Files\<DIR> Services
[05/23/2005|01:13] C:\Program Files\Common Files\<DIR> SpeechEngines
[06/28/2008|09:35] C:\Program Files\Common Files\<DIR> SWF Studio
[02/05/2008|11:40] C:\Program Files\Common Files\<DIR> System
[11/11/2006|10:22] C:\Program Files\Common Files\<DIR> Viewpoint
[01/05/2009|11:11] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 52 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Chris\LOCALS~1\Temp\nsaC14.tmp
C:\DOCUME~1\Chris\LOCALS~1\Temp\nskC11.tmp
C:\DOCUME~1\Chris\LOCALS~1\Temp\nst3FA.tmp
C:\DOCUME~1\Chris\LOCALS~1\Temp\nstE6.tmp
C:\DOCUME~1\Chris\LOCALS~1\Temp\nszE7.tmp
C:\DOCUME~1\Chris\LOCALS~1\Temp\ns_temp
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard00.fxV2_Q20_MESH_STANDARD_BLEND_MIRROR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard00.fxV2_Q30_MESH_STANDARD_BLEND_MIRROR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BLEND_MIRROR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_MIRROR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_MIRRORMASK
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_MIRROR_MIRRORMASK
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_SPECULAR_MIRROR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BLEND_MIRROR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND_BUMP
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND_BUMP_PARALLAX_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND_BUMP_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BUMP
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BUMP_PARALLAX
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BUMP_PARALLAX_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BUMP_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BUMP_SPECULAR_REFLECTION_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_ALPHAFADE
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_ALPHAFADE
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_ALPHAFADE_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_ALPHAFADE_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_PARALLAX_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_PARALLAX_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_PARALLAX
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_PARALLAX_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_PARALLAX_REFLECTION_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_PARALLAX_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_PARALLAX_SPECULAR_ILLUMINATION_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_RIMLIGHTING_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_ALPHAFADE
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_ILLUMINATION_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION_ALPHAFADE
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_MIRROR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_REFLECTION_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_RIMLIGHTING
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_ILLUMINATION_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_REFLECTION_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_REFLECTION_ILLUMINATION_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_ALPHAFADE
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_RIMLIGHTING_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_REFLECTION_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_REFLECTION_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_RIMLIGHTING_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_ILLUMINATION_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_MIRROR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_MIRRORMASK
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_MIRROR_MIRRORMASK
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_REFLECTION_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_RIMLIGHTING
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_MIRROR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_REFLECTION_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_REFLECTION_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_TWEENED_BLEND
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_TWEENED_BLEND_ALPHAFADE
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_TWEENED_BLEND_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_TWEENED_BLEND_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BLEND
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BLEND_BUMP_RIMLIGHTING_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BLEND_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_RIMLIGHTING_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_REFLECTION_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_RIMLIGHTING
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_BUMP
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_BUMP_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP_PARALLAX_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR_REFLECTION_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_ALPHAFADE
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_ALPHAFADE_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_MIRROR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_ILLUMINATION_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_RIMLIGHTING_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_TWEENED_BLEND
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BLEND_BUMP_RIMLIGHTING_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BLEND_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BUMP_RIMLIGHTING_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BUMP_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_REFLECTION_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_BUMP
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_BUMP_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP_PARALLAX_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR_REFLECTION_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_ALPHAFADE
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_ALPHAFADE_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_MIRROR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_ILLUMINATION_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_RIMLIGHTING_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_SPECULAR_ILLUMINATION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_TWEENED_BLEND
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BLEND_BUMP_RIMLIGHTING_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BLEND_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BUMP_RIMLIGHTING_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BUMP_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BUMP_SPECULAR_REFLECTION
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_REFLECTION_REFRACTION2D
C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_SPECULAR
C:\DOCUME~1\Chris\LOCALS~1\Temp\StaticShadow.fxV2_Q20_MESH_STANDARD
C:\DOCUME~1\Chris\LOCALS~1\Temp\StaticShadow.fxV2_Q20_MESH_STANDARD_BLEND
C:\DOCUME~1\Chris\LOCALS~1\Temp\StaticShadow.fxV2_Q30_MESH_STANDARD
C:\DOCUME~1\Chris\LOCALS~1\Temp\StaticShadow.fxV2_Q30_MESH_STANDARD_BLEND
C:\DOCUME~1\Chris\LOCALS~1\Temp\StaticShadowTextureAdditive.fxV2_Q20_MESH_STANDARD_BLEND
C:\DOCUME~1\Chris\LOCALS~1\Temp\StaticShadowTextureShadow.fxV2_Q20_MESH_STANDARD_BLEND
C:\DOCUME~1\Chris\LOCALS~1\Temp\StaticShadowTextureShadow.fxV2_Q30_MESH_STANDARD_BLEND
C:\DOCUME~1\Chris\LOCALS~1\Temp\status.txt
C:\DOCUME~1\Chris\Cookies\chris@advertising[2].txt
C:\DOCUME~1\Chris\Cookies\chris@partypoker[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file MODIFIED

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 72 [ 70 ## added by CiD ]

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 17:35:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Chris\Application Data\uTorrent\Adobe Photoshop CS3 Extended + Crack.torrent
C:\DOCUME~1\Chris\Application Data\uTorrent\patch, crack 1.01 and extra content.torrent
C:\DOCUME~1\Chris\Application Data\uTorrent\Starcraft + BroodWar + The Last Update Patch 1.152 + KeyGen.torrent
C:\DOCUME~1\Chris\Application Data\uTorrent\VA-Big_Mike_DJ_Diggz_&_Digital_Product-How_To_Spit_Crack_3-2008-MIXFIEND.torrent
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Leftover Crack
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Bangladesh Ft. Rick Ross & Busta Rhymes\How To Spit Crack Vol. 3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Bangladesh Ft. Rick Ross & Busta Rhymes\How To Spit Crack Vol. 3\08 Girls Love Me.mp3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Jay-Z\In My Lifetime, Vol. 1\12 Rap Game-Crack Game.mp3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Kanye West\Late Registration\08 Crack Music (Feat. The Game).mp3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Kanye West\Unknown Album\Crack Music (feat. The Game).mp3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Leftover Crack\Unknown Album
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Leftover Crack\Unknown Album\Crack City Rockers.mp3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Leftover Crack\Unknown Album\The Good, The Bad, The Leftover Crac.mp3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Lil Wayne\The Leak 2\05 Crack House (Ft. Fat Joe).mp3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Notorious B.I.G\Life After Death (Disc 2 Of 2)\05 Ten Crack Commandments.mp3
C:\DOCUME~1\Chris\My Documents\necessities\Data & Password Recovery\BadCopy Pro 3.72.1012\keygen.exe
C:\DOCUME~1\Chris\My Documents\necessities\Data & Password Recovery\GetDataBack v2.22 NTFS and FAT\GetDataBack for FAT 2.22\keygen.exe
C:\DOCUME~1\Chris\My Documents\necessities\Data & Password Recovery\GetDataBack v2.22 NTFS and FAT\GetDataBack for NTFS 2.22\keygen.exe
C:\DOCUME~1\Chris\My Documents\necessities\Data & Password Recovery\Windows Key Stuff\Microsoft Keygen.exe


[F:5299][D:372]-> C:\DOCUME~1\Chris\LOCALS~1\Temp
[F:264][D:0]-> C:\DOCUME~1\Chris\Cookies
[F:2218][D:16]-> C:\DOCUME~1\Chris\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Thu 01/08/2009|17:38 - Option : [1]

--------------------\\ Scan completed at 17:38:10

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 09 January 2009 - 08:05 AM

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 2 (Fix + Hosts)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)



Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 coglesogle

coglesogle
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 09 January 2009 - 02:53 PM

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Athlon™ 64 Processor 2800+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Chris ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:12 Go)
D:\ (CD or DVD) - CDFS - Total:4 Go (Free:0 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Fri 01/09/2009|14:45 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\nsaC14.tmp
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\nskC11.tmp
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\nst3FA.tmp
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\nstE6.tmp
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\nszE7.tmp
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\ns_temp
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard00.fxV2_Q20_MESH_STANDARD_BLEND_MIRROR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard00.fxV2_Q30_MESH_STANDARD_BLEND_MIRROR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BLEND_MIRROR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_MIRROR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_MIRRORMASK
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_MIRROR_MIRRORMASK
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q20_MESH_STANDARD_SPECULAR_MIRROR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BLEND_MIRROR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard13.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND_BUMP
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND_BUMP_PARALLAX_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND_BUMP_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BLEND_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BUMP
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BUMP_PARALLAX
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BUMP_PARALLAX_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BUMP_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_BUMP_SPECULAR_REFLECTION_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_RIGID_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_ALPHAFADE
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_ALPHAFADE
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_ALPHAFADE_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_ALPHAFADE_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_PARALLAX_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_PARALLAX_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_PARALLAX
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_PARALLAX_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_PARALLAX_REFLECTION_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_PARALLAX_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_PARALLAX_SPECULAR_ILLUMINATION_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_RIMLIGHTING_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_ALPHAFADE
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_ILLUMINATION_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION_ALPHAFADE
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_MIRROR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_REFLECTION_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_RIMLIGHTING
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_ILLUMINATION_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_REFLECTION_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_REFLECTION_ILLUMINATION_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BLEND_SPECULAR_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_ALPHAFADE
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_RIMLIGHTING_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR_REFRACTION2D_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_REFLECTION_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_REFLECTION_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_RIMLIGHTING_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_BUMP_SPECULAR_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_ILLUMINATION_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_MIRROR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_MIRRORMASK
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_MIRROR_MIRRORMASK
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_REFLECTION_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_RIMLIGHTING
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_MIRROR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_REFLECTION_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_STANDARD_SPECULAR_REFLECTION_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_TWEENED_BLEND
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_TWEENED_BLEND_ALPHAFADE
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_TWEENED_BLEND_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_TWEENED_BLEND_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BLEND
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BLEND_BUMP_RIMLIGHTING_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BLEND_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_RIMLIGHTING_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_BUMP_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_REFLECTION_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_RIMLIGHTING
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q20_MESH_WEIGHTED_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_BUMP
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_BUMP_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BLEND_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP_PARALLAX_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR_REFLECTION_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_RIGID_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_ALPHAFADE
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_ALPHAFADE_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_MIRROR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_ILLUMINATION_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_RIMLIGHTING_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_STANDARD_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_TWEENED_BLEND
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BLEND_BUMP_RIMLIGHTING_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BLEND_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BUMP_RIMLIGHTING_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_BUMP_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_REFLECTION_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard20.fxV2_Q30_MESH_WEIGHTED_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_BUMP
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_BUMP_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BLEND_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP_PARALLAX_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_BUMP_SPECULAR_REFLECTION_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_RIGID_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_ALPHAFADE
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_ALPHAFADE_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_BUMPDETAIL_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_BUMP_SPECULAR_REFLECTION_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_MIRROR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_ILLUMINATION_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BLEND_SPECULAR_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_PARALLAX_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_BUMPDETAIL_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_PARALLAX_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_RIMLIGHTING_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION2D_REFRACTION2D_SCROLL
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFLECTION_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_BUMP_SPECULAR_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_SPECULAR_ILLUMINATION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_STANDARD_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_TWEENED_BLEND
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BLEND_BUMP_RIMLIGHTING_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BLEND_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BUMP_PARALLAX_RIMLIGHTING_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BUMP_RIMLIGHTING_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BUMP_RIMLIGHTING_SUBSURFACE_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BUMP_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_BUMP_SPECULAR_REFLECTION
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_REFLECTION_REFRACTION2D
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\Standard30.fxV2_Q30_MESH_WEIGHTED_SPECULAR
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\StaticShadow.fxV2_Q20_MESH_STANDARD
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\StaticShadow.fxV2_Q20_MESH_STANDARD_BLEND
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\StaticShadow.fxV2_Q30_MESH_STANDARD
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\StaticShadow.fxV2_Q30_MESH_STANDARD_BLEND
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\StaticShadowTextureAdditive.fxV2_Q20_MESH_STANDARD_BLEND
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\StaticShadowTextureShadow.fxV2_Q20_MESH_STANDARD_BLEND
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\StaticShadowTextureShadow.fxV2_Q30_MESH_STANDARD_BLEND
Deleted! - C:\DOCUME~1\Chris\LOCALS~1\Temp\status.txt
Deleted! - C:\DOCUME~1\Chris\Cookies\chris@advertising[2].txt
Deleted! - C:\DOCUME~1\Chris\Cookies\chris@partypoker[2].txt
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Deleted! - C:\Program Files\Viewpoint
Deleted! - C:\DOCUME~1\Chris\APPLIC~1\Viewpoint
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[12/12/2008|12:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[11/21/2008|07:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[11/21/2008|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> ALM
[11/24/2008|09:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[04/19/2008|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[02/09/2007|03:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[07/02/2007|08:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[10/30/2006|04:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[10/05/2008|07:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> avg8
[01/16/2006|10:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[08/04/2007|11:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> default heart roam idol
[11/24/2008|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Digsby
[11/22/2008|02:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[09/06/2006|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[08/04/2007|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> IDOL UPLOAD LOCKS GRID
[01/05/2009|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[01/07/2009|04:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[02/13/2006|07:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[01/05/2009|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[10/20/2007|08:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[10/31/2005|04:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Motive
[11/01/2005|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[10/31/2005|02:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[01/03/2009|03:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SecTaskMan
[04/16/2008|11:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony
[04/24/2008|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[01/02/2007|09:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[12/13/2005|04:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[11/14/2005|02:29] C:\DOCUME~1\Chris\APPLIC~1\<DIR> .bittorrent
[02/09/2007|03:51] C:\DOCUME~1\Chris\APPLIC~1\<DIR> acccore
[01/06/2009|08:24] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Adobe
[11/29/2008|08:52] C:\DOCUME~1\Chris\APPLIC~1\<DIR> AdobeAUM
[11/02/2005|01:06] C:\DOCUME~1\Chris\APPLIC~1\<DIR> AdobeUM
[04/13/2006|01:48] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Ahead
[04/04/2007|02:44] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Aim
[11/13/2008|06:21] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Apple Computer
[10/13/2008|01:26] C:\DOCUME~1\Chris\APPLIC~1\<DIR> AVGTOOLBAR
[06/26/2006|01:34] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Azureus
[12/04/2008|12:20] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Canneverbe_Limited
[03/23/2006|12:52] C:\DOCUME~1\Chris\APPLIC~1\<DIR> chinakin04
[04/07/2006|04:46] C:\DOCUME~1\Chris\APPLIC~1\<DIR> coglesogle
[10/31/2005|01:52] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Creative
[11/24/2008|09:56] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Digsby
[12/14/2008|06:55] C:\DOCUME~1\Chris\APPLIC~1\<DIR> dvdcss
[11/12/2006|11:49] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Google
[11/21/2005|02:11] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Help
[01/04/2007|08:08] C:\DOCUME~1\Chris\APPLIC~1\<DIR> HP
[05/28/2005|05:46] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Identities
[02/13/2007|08:54] C:\DOCUME~1\Chris\APPLIC~1\<DIR> InstallShield
[01/05/2009|06:34] C:\DOCUME~1\Chris\APPLIC~1\<DIR> JAM Software
[01/05/2009|11:12] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Lavasoft
[09/06/2007|12:51] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Leadertech
[10/31/2005|04:22] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Macromedia
[01/07/2009|04:32] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Malwarebytes
[02/06/2006|07:32] C:\DOCUME~1\Chris\APPLIC~1\<DIR> McAfee.com Personal Firewall
[12/23/2005|04:40] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Microgaming
[09/10/2008|06:05] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Microsoft
[02/02/2008|03:51] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Move Networks
[09/10/2008|09:18] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Mozilla
[03/28/2006|04:08] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Publish Providers
[01/26/2008|03:47] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Real
[04/18/2007|02:14] C:\DOCUME~1\Chris\APPLIC~1\<DIR> SecuROM
[04/16/2008|11:40] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Sony
[04/16/2008|11:21] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Sony Setup
[11/26/2005|09:21] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Sun
[10/05/2008|06:49] C:\DOCUME~1\Chris\APPLIC~1\<DIR> SystemRequirementsLab
[01/07/2009|04:00] C:\DOCUME~1\Chris\APPLIC~1\<DIR> Twain
[01/09/2009|02:46] C:\DOCUME~1\Chris\APPLIC~1\<DIR> uTorrent
[11/30/2008|11:30] C:\DOCUME~1\Chris\APPLIC~1\<DIR> vlc

[05/28/2005|05:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[02/21/2006|09:38] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Help
[02/06/2006|07:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[10/05/2008|07:28] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[12/23/2006|02:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla

[10/05/2008|07:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[01/05/2009 11:06 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[01/07/2009 08:14 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/29/2002 07:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[12/19/2005|02:29] C:\Program Files\<DIR> _uninstallation_info
[02/26/2006|09:11] C:\Program Files\<DIR> Absolute Poker
[01/26/2008|03:45] C:\Program Files\<DIR> Acoustica Beatcraft
[03/29/2007|04:17] C:\Program Files\<DIR> Acoustica MP3 Audio Mixer
[06/22/2006|01:00] C:\Program Files\<DIR> Acoustica Shared Effects
[04/16/2006|01:23] C:\Program Files\<DIR> Activision
[11/21/2008|07:50] C:\Program Files\<DIR> Adobe
[04/04/2007|02:44] C:\Program Files\<DIR> AIM
[01/16/2006|10:35] C:\Program Files\<DIR> All-in-One DVD Player
[06/21/2006|08:45] C:\Program Files\<DIR> AltoMP3 Gold
[08/22/2005|11:24] C:\Program Files\<DIR> AMD
[09/22/2006|09:38] C:\Program Files\<DIR> AOD
[11/21/2008|08:36] C:\Program Files\<DIR> Apple Software Update
[04/24/2006|08:53] C:\Program Files\<DIR> Ares
[01/15/2007|05:32] C:\Program Files\<DIR> Ares Galaxy Supercharger
[01/16/2006|10:40] C:\Program Files\<DIR> ArtisanDVDPlayer
[10/05/2008|07:29] C:\Program Files\<DIR> AVG
[08/22/2005|11:26] C:\Program Files\<DIR> AvRack
[01/15/2007|05:32] C:\Program Files\<DIR> Azureus
[10/31/2005|04:06] C:\Program Files\<DIR> BellSouth
[01/15/2007|05:32] C:\Program Files\<DIR> BitComet
[12/16/2005|04:10] C:\Program Files\<DIR> Bodog Poker
[01/03/2009|03:24] C:\Program Files\<DIR> Bonjour
[01/29/2006|10:46] C:\Program Files\<DIR> BroadJump
[10/30/2008|11:38] C:\Program Files\<DIR> Cake Poker
[12/04/2008|12:20] C:\Program Files\<DIR> CDBurnerXP
[04/15/2008|07:23] C:\Program Files\<DIR> Cheetah Burner
[11/21/2008|07:28] C:\Program Files\<DIR> Common Files
[08/17/2007|05:20] C:\Program Files\<DIR> Compact Wireless-G USB Adapter Wireless Network Monitor
[05/28/2005|05:25] C:\Program Files\<DIR> ComPlus Applications
[10/31/2005|01:51] C:\Program Files\<DIR> Creative
[01/16/2006|10:46] C:\Program Files\<DIR> CyberLink
[06/01/2006|04:37] C:\Program Files\<DIR> DAEMON Tools
[08/12/2006|04:37] C:\Program Files\<DIR> Dell
[07/07/2008|01:15] C:\Program Files\<DIR> Diablo II
[01/03/2009|03:06] C:\Program Files\<DIR> Digsby
[11/09/2005|08:16] C:\Program Files\<DIR> DivX
[04/07/2006|04:45] C:\Program Files\<DIR> Doyles Room Poker
[08/22/2005|10:57] C:\Program Files\<DIR> EA SPORTS
[01/16/2006|10:39] C:\Program Files\<DIR> Easy DVD Player
[06/15/2006|05:06] C:\Program Files\<DIR> Eidos
[03/25/2007|02:14] C:\Program Files\<DIR> Eidos Interactive
[08/30/2006|08:30] C:\Program Files\<DIR> EmpirePoker
[08/30/2006|08:31] C:\Program Files\<DIR> EmpirePokerMaster
[12/17/2008|12:29] C:\Program Files\<DIR> Google
[09/06/2006|11:17] C:\Program Files\<DIR> Hewlett-Packard
[01/25/2007|03:06] C:\Program Files\<DIR> hideit11
[09/06/2006|11:19] C:\Program Files\<DIR> HP
[11/01/2008|01:59] C:\Program Files\<DIR> Image-Line
[04/05/2006|11:01] C:\Program Files\<DIR> ImTOO
[11/01/2008|01:58] C:\Program Files\<DIR> InstallShield Installation Information
[04/15/2008|07:26] C:\Program Files\<DIR> Instant CD & DVD Burner
[04/16/2008|11:26] C:\Program Files\<DIR> Internet Explorer
[12/12/2008|12:07] C:\Program Files\<DIR> iPod
[10/31/2005|04:18] C:\Program Files\<DIR> iPod Access for Windows
[12/12/2008|12:07] C:\Program Files\<DIR> iTunes
[11/26/2005|09:20] C:\Program Files\<DIR> Java
[11/05/2006|11:50] C:\Program Files\<DIR> Last.fm
[01/05/2009|11:12] C:\Program Files\<DIR> Lavasoft
[02/21/2006|09:14] C:\Program Files\<DIR> Lexmark X5100 Series
[01/15/2007|05:35] C:\Program Files\<DIR> Limouzik
[05/04/2006|05:07] C:\Program Files\<DIR> Logitech
[07/02/2006|03:50] C:\Program Files\<DIR> magix movie edit pro
[01/07/2009|04:32] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[02/13/2006|07:36] C:\Program Files\<DIR> McAfee
[02/13/2006|07:37] C:\Program Files\<DIR> McAfee.com
[02/05/2008|11:42] C:\Program Files\<DIR> Messenger
[11/05/2005|11:41] C:\Program Files\<DIR> Microsoft ActiveSync
[09/15/2007|07:43] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[05/28/2005|05:28] C:\Program Files\<DIR> microsoft frontpage
[10/20/2007|05:32] C:\Program Files\<DIR> Microsoft Office
[11/05/2005|11:40] C:\Program Files\<DIR> Microsoft Visual Studio
[10/20/2007|05:33] C:\Program Files\<DIR> Microsoft Works
[10/20/2007|05:31] C:\Program Files\<DIR> Microsoft.NET
[09/15/2007|09:51] C:\Program Files\<DIR> Movie Maker
[01/09/2009|02:42] C:\Program Files\<DIR> Mozilla Firefox
[05/29/2007|12:11] C:\Program Files\<DIR> MPEG4 Direct Maker
[04/16/2008|11:34] C:\Program Files\<DIR> MSBuild
[07/15/2008|01:00] C:\Program Files\<DIR> MSECache
[05/28/2005|05:25] C:\Program Files\<DIR> MSN
[05/28/2005|05:25] C:\Program Files\<DIR> MSN Gaming Zone
[06/11/2006|06:14] C:\Program Files\<DIR> MsnMusic
[12/22/2007|01:24] C:\Program Files\<DIR> MSXML 4.0
[10/31/2005|04:52] C:\Program Files\<DIR> MUSICMATCH
[12/01/2008|06:11] C:\Program Files\<DIR> MySQL
[02/20/2006|09:28] C:\Program Files\<DIR> NCH Swift Sound
[04/13/2006|01:06] C:\Program Files\<DIR> Nero
[09/15/2007|09:47] C:\Program Files\<DIR> NetMeeting
[10/31/2005|04:09] C:\Program Files\<DIR> Netopia
[02/06/2006|07:26] C:\Program Files\<DIR> Noble Poker
[06/22/2006|12:10] C:\Program Files\<DIR> NoteWorthy Composer
[05/28/2005|05:25] C:\Program Files\<DIR> Online Services
[02/05/2008|11:40] C:\Program Files\<DIR> Outlook Express
[03/29/2006|01:38] C:\Program Files\<DIR> PartyGaming
[09/22/2006|03:01] C:\Program Files\<DIR> Poker
[01/25/2006|01:17] C:\Program Files\<DIR> PokerRoom.com
[05/16/2008|12:46] C:\Program Files\<DIR> PokerStars
[12/12/2008|12:06] C:\Program Files\<DIR> QuickTime
[02/08/2006|07:11] C:\Program Files\<DIR> Real
[08/22/2005|11:26] C:\Program Files\<DIR> Realtek Sound Manager
[04/16/2008|11:29] C:\Program Files\<DIR> Reference Assemblies
[06/28/2008|09:35] C:\Program Files\<DIR> Riva
[12/23/2005|02:35] C:\Program Files\<DIR> riverbelleMPP
[03/23/2008|06:53] C:\Program Files\<DIR> Rockstar Games
[01/03/2009|03:41] C:\Program Files\<DIR> Security Task Manager
[02/13/2007|08:55] C:\Program Files\<DIR> SEGA
[04/16/2008|11:36] C:\Program Files\<DIR> Sony
[03/28/2006|03:51] C:\Program Files\<DIR> Sony Setup
[12/13/2008|03:08] C:\Program Files\<DIR> Starcraft
[10/05/2008|06:49] C:\Program Files\<DIR> SystemRequirementsLab
[01/15/2007|05:37] C:\Program Files\<DIR> The DeeSampler
[02/08/2006|07:14] C:\Program Files\<DIR> The Weather Channel FW
[01/26/2006|04:37] C:\Program Files\<DIR> Titan Poker
[01/15/2007|05:34] C:\Program Files\<DIR> TradeTouch
[01/05/2009|05:20] C:\Program Files\<DIR> Trend Micro
[04/18/2007|01:34] C:\Program Files\<DIR> Ubisoft
[05/28/2005|05:46] C:\Program Files\<DIR> Uninstall Information
[03/14/2006|01:51] C:\Program Files\<DIR> VC Poker
[01/15/2007|05:38] C:\Program Files\<DIR> VideoFramer
[05/02/2006|02:38] C:\Program Files\<DIR> VideoLAN
[04/16/2008|11:37] C:\Program Files\<DIR> VSTplugins
[11/24/2008|04:29] C:\Program Files\<DIR> Windows Media Connect 2
[12/13/2008|07:30] C:\Program Files\<DIR> Windows Media Player
[09/15/2007|09:47] C:\Program Files\<DIR> Windows NT
[11/01/2005|04:22] C:\Program Files\<DIR> WindowsUpdate
[03/21/2006|12:27] C:\Program Files\<DIR> WinRAR
[08/04/2006|07:07] C:\Program Files\<DIR> WordBiz
[11/20/2005|09:06] C:\Program Files\<DIR> WorldWinner.com
[07/07/2006|12:48] C:\Program Files\<DIR> WPTonline
[05/28/2005|05:28] C:\Program Files\<DIR> xerox
[07/11/2006|12:00] C:\Program Files\<DIR> XviD
[06/17/2008|03:37] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[11/22/2008|12:46] C:\Program Files\Common Files\<DIR> Adobe
[11/01/2008|02:01] C:\Program Files\Common Files\<DIR> Ahead
[11/24/2008|09:52] C:\Program Files\Common Files\<DIR> AOL
[12/12/2008|12:07] C:\Program Files\Common Files\<DIR> Apple
[11/05/2005|11:40] C:\Program Files\Common Files\<DIR> Designer
[09/06/2006|11:16] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[09/06/2006|11:19] C:\Program Files\Common Files\<DIR> HP
[10/31/2005|04:06] C:\Program Files\Common Files\<DIR> InstallShield
[11/05/2005|11:37] C:\Program Files\Common Files\<DIR> L&H
[05/04/2006|05:07] C:\Program Files\Common Files\<DIR> Logitech
[11/21/2008|07:28] C:\Program Files\Common Files\<DIR> Macrovision Shared
[04/16/2008|11:35] C:\Program Files\Common Files\<DIR> Microsoft Shared
[10/31/2005|04:00] C:\Program Files\Common Files\<DIR> Motive
[05/28/2005|05:26] C:\Program Files\Common Files\<DIR> MSSoap
[02/09/2007|03:51] C:\Program Files\Common Files\<DIR> Nullsoft
[05/23/2005|01:13] C:\Program Files\Common Files\<DIR> ODBC
[01/26/2008|03:48] C:\Program Files\Common Files\<DIR> Real
[05/28/2005|05:26] C:\Program Files\Common Files\<DIR> Services
[05/23/2005|01:13] C:\Program Files\Common Files\<DIR> SpeechEngines
[06/28/2008|09:35] C:\Program Files\Common Files\<DIR> SWF Studio
[02/05/2008|11:40] C:\Program Files\Common Files\<DIR> System
[11/11/2006|10:22] C:\Program Files\Common Files\<DIR> Viewpoint
[01/05/2009|11:11] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 48 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 14:47:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Chris\Application Data\uTorrent\Adobe Photoshop CS3 Extended + Crack.torrent
C:\DOCUME~1\Chris\Application Data\uTorrent\patch, crack 1.01 and extra content.torrent
C:\DOCUME~1\Chris\Application Data\uTorrent\Starcraft + BroodWar + The Last Update Patch 1.152 + KeyGen.torrent
C:\DOCUME~1\Chris\Application Data\uTorrent\VA-Big_Mike_DJ_Diggz_&_Digital_Product-How_To_Spit_Crack_3-2008-MIXFIEND.torrent
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Leftover Crack
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Bangladesh Ft. Rick Ross & Busta Rhymes\How To Spit Crack Vol. 3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Bangladesh Ft. Rick Ross & Busta Rhymes\How To Spit Crack Vol. 3\08 Girls Love Me.mp3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Jay-Z\In My Lifetime, Vol. 1\12 Rap Game-Crack Game.mp3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Kanye West\Late Registration\08 Crack Music (Feat. The Game).mp3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Kanye West\Unknown Album\Crack Music (feat. The Game).mp3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Leftover Crack\Unknown Album
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Leftover Crack\Unknown Album\Crack City Rockers.mp3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Leftover Crack\Unknown Album\The Good, The Bad, The Leftover Crac.mp3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Lil Wayne\The Leak 2\05 Crack House (Ft. Fat Joe).mp3
C:\DOCUME~1\Chris\My Documents\My Music\iTunes\iTunes Music\Notorious B.I.G\Life After Death (Disc 2 Of 2)\05 Ten Crack Commandments.mp3
C:\DOCUME~1\Chris\My Documents\necessities\Data & Password Recovery\BadCopy Pro 3.72.1012\keygen.exe
C:\DOCUME~1\Chris\My Documents\necessities\Data & Password Recovery\GetDataBack v2.22 NTFS and FAT\GetDataBack for FAT 2.22\keygen.exe
C:\DOCUME~1\Chris\My Documents\necessities\Data & Password Recovery\GetDataBack v2.22 NTFS and FAT\GetDataBack for NTFS 2.22\keygen.exe
C:\DOCUME~1\Chris\My Documents\necessities\Data & Password Recovery\Windows Key Stuff\Microsoft Keygen.exe


[F:5011][D:367]-> C:\DOCUME~1\Chris\LOCALS~1\Temp
[F:262][D:0]-> C:\DOCUME~1\Chris\Cookies
[F:2218][D:16]-> C:\DOCUME~1\Chris\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Thu 01/08/2009|17:38 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Fri 01/09/2009|14:49 - Option : [2]

--------------------\\ Scan completed at 14:49:09

#9 coglesogle

coglesogle
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 09 January 2009 - 03:25 PM

ComboFix 09-01-08.05 - Chris 2009-01-09 15:04:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1546 [GMT -5:00]
Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Chris\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))))
.

2009-01-08 17:31 . 2009-01-09 14:49 <DIR> d-------- C:\Lop SD
2009-01-07 23:02 . 2009-01-07 23:02 <DIR> d-------- c:\windows\LastGood
2009-01-07 20:02 . 2009-01-07 20:11 250 --a------ c:\windows\gmer.ini
2009-01-07 19:56 . 2009-01-07 19:57 <DIR> d-------- C:\rsit
2009-01-07 16:32 . 2009-01-07 16:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 16:32 . 2009-01-07 16:32 <DIR> d-------- c:\documents and settings\Chris\Application Data\Malwarebytes
2009-01-07 16:32 . 2009-01-07 16:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 16:32 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 16:32 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-06 01:13 . 2009-01-07 04:00 <DIR> d-------- c:\documents and settings\Chris\Application Data\Twain
2009-01-05 18:34 . 2009-01-05 18:34 <DIR> d-------- c:\documents and settings\Chris\Application Data\JAM Software
2009-01-05 17:20 . 2009-01-05 17:20 <DIR> d-------- c:\program files\Trend Micro
2009-01-05 11:12 . 2009-01-05 11:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-03 15:19 . 2009-01-03 15:41 <DIR> d-------- c:\program files\Security Task Manager
2009-01-03 15:19 . 2009-01-03 15:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2008-12-12 00:07 . 2008-12-12 00:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-12 00:05 . 2008-12-12 00:06 <DIR> d-------- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 19:57 --------- d-----w c:\documents and settings\Chris\Application Data\uTorrent
2009-01-05 16:12 --------- d-----w c:\program files\Lavasoft
2009-01-05 16:12 --------- d-----w c:\documents and settings\Chris\Application Data\Lavasoft
2009-01-05 16:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-03 20:24 --------- d-----w c:\program files\Bonjour
2009-01-03 20:06 --------- d-----w c:\program files\Digsby
2008-12-17 05:29 --------- d-----w c:\program files\Google
2008-12-14 11:55 --------- d-----w c:\documents and settings\Chris\Application Data\dvdcss
2008-12-13 08:08 --------- d-----w c:\program files\Starcraft
2008-12-12 05:07 --------- d-----w c:\program files\iTunes
2008-12-12 05:07 --------- d-----w c:\program files\iPod
2008-12-12 05:07 --------- d-----w c:\program files\Common Files\Apple
2008-12-04 17:20 --------- d-----w c:\program files\CDBurnerXP
2008-12-04 17:20 --------- d-----w c:\documents and settings\Chris\Application Data\Canneverbe_Limited
2008-12-01 23:11 --------- d-----w c:\program files\MySQL
2008-12-01 04:30 --------- d-----w c:\documents and settings\Chris\Application Data\vlc
2008-12-01 03:25 27,608 ----a-w c:\documents and settings\Chris\Application Data\GDIPFONTCACHEV1.DAT
2008-11-30 01:52 --------- d-----w c:\documents and settings\Chris\Application Data\AdobeAUM
2008-11-25 02:56 --------- d-----w c:\documents and settings\Chris\Application Data\Digsby
2008-11-25 02:56 --------- d-----w c:\documents and settings\All Users\Application Data\Digsby
2008-11-25 02:52 --------- d-----w c:\program files\Common Files\AOL
2008-11-25 02:52 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-11-24 21:29 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-22 19:46 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-22 17:46 --------- d-----w c:\program files\Common Files\Adobe
2008-11-22 01:36 --------- d-----w c:\program files\Apple Software Update
2008-11-22 00:50 --------- d-----w c:\documents and settings\All Users\Application Data\ALM
2008-11-22 00:28 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-11-13 11:21 --------- d-----w c:\documents and settings\Chris\Application Data\Apple Computer
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-11 19:16 48,456 ----a-w c:\windows\system32\UninstallElectricSheep.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ares"="c:\program files\Ares\Ares.exe" [2006-03-12 1233408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe" [2003-05-02 57344]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2003-12-01 892928]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

c:\documents and settings\Chris\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2008-10-10 137728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll fudkbb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.XVID"= xvid.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=c:\documents and settings\Chris\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=c:\windows\pss\GameSpot Download Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\Chris\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2006-03-12 21:35 1233408 c:\program files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-11-27 09:16 1261336 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C2kWep]
--------- 2005-02-23 10:44 249856 c:\program files\Netopia\C3kWEPn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 09:57 133016 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
--a------ 2005-11-07 15:49 601200 c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 22:12 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
--a------ 2003-03-04 07:49 86100 c:\program files\Lexmark X5100 Series\lxbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-09-17 08:55 13574144 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-09-17 08:55 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-09-17 08:55 1657376 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Documents and Settings\\Chris\\Desktop\\utorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ElectricSheep.scr"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-05 97928]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [2005-08-22 44032]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-05 231704]
R4 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-12-13 23856]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\System32\Drivers\Aldebaran.sys --> c:\windows\System32\Drivers\Aldebaran.sys [?]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [2005-10-31 17536]
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter;c:\windows\system32\drivers\swld23u.sys [2005-10-31 82888]
S3 swlubtl;WLAN USB Boot Device;c:\windows\system32\drivers\swlubtl.sys [2005-10-31 53690]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e7c33d6-4a59-11da-9e56-000278ec1f60}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7abdfcaa-be81-11dd-a02a-00508d5e7bae}]
\Shell\AutoRun\command - f:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff6bd808-0bd0-11dd-a002-00183913156f}]
\Shell\AutoRun\command - F:\Autorun.exe /run
\Shell\Shell00\Command - F:\Autorun.exe /run
\Shell\Shell01\Command - F:\Autorun.exe /action
\Shell\Shell02\Command - F:\Autorun.exe /uninstall
.
Contents of the 'Scheduled Tasks' folder

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AIM - c:\program files\AIM\aim.exe
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-APVXDWIN - c:\program files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
MSConfigStartUp-BearShare - c:\program files\BearShare\BearShare.exe
MSConfigStartUp-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MSKAgent.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-SCANINICIO - c:\program files\Panda Software\Panda Antivirus Platinum\Inicio.exe
MSConfigStartUp-Up list body roam - c:\documents and settings\All Users\Application Data\default heart roam idol\Exit web meal.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{40B2063F-DB01-4962-BE63-59435C01283C} - c:\progra~1\DOYLES~1\client.exe
IE: {{83F8B625-1B04-4c35-8BA1-6DB4D7EDBADF} - c:\program files\riverbelleMPP\MPPoker.exe
IE: {{B723B1B8-9788-4684-ADA7-D1DB02E1D516} - c:\program files\Noble Poker\casino.exe
IE: {{EFFF8D47-D060-4108-B761-E8EC86622E56} - c:\documents and settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
Trusted Zone: free.aol.com

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\8yaut70w.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 15:06:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-1547161642-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:c3,77,a5,05,e2,af,df,03,20,c9,5c,5a,60,b4,dc,3f,95,6f,21,0f,48,b8,a4,
16,07,2e,b8,00,25,5d,9b,90,20,59,73,e2,3a,2c,3c,36,98,98,84,81,e5,12,be,00,\
"??"=hex:5f,17,89,14,c1,01,dc,26,a7,39,ad,84,59,fe,12,7d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\SYSTEM32\avgrsstx.dll
c:\windows\SYSTEM32\GTGina.dll

- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-01-09 15:08:25
ComboFix-quarantined-files.txt 2009-01-09 20:07:16

Pre-Run: 15,785,172,992 bytes free
Post-Run: 18,958,999,552 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

256 --- E O F --- 2008-02-05 16:45:32

#10 coglesogle

coglesogle
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 09 January 2009 - 03:34 PM

DDS (Ver_09-01-07.01) - NTFSx86
Run by Chris at 15:30:01.57 on Fri 01/09/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1411 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ares] "c:\program files\ares\Ares.exe" -h
mRun: [CTSysVol] c:\program files\creative\sbaudigy ls\surround mixer\CTSysVol.exe /r
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\chris\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {40B2063F-DB01-4962-BE63-59435C01283C} - c:\progra~1\doyles~1\client.exe
IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\program files\titan poker\casino.exe
IE: {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\empirepokermaster\empirepoker\RunEPoker.exe
IE: {83F8B625-1B04-4c35-8BA1-6DB4D7EDBADF} - c:\program files\riverbellempp\MPPoker.exe
IE: {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - c:\program files\noble poker\casino.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {EFFF8D47-D060-4108-B761-E8EC86622E56} - c:\documents and settings\all users\start menu\programs\absolute poker\Absolute Poker.lnk
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\GameClient.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: aol.com\free
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll fudkbb.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chris\applic~1\mozilla\firefox\profiles\8yaut70w.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-5 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-5 26824]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [2005-8-22 44032]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-5 231704]
R4 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-12-13 23856]
S3 Aldebaran;Aldebaran - Storage Filter Drivers;\??\c:\windows\system32\drivers\aldebaran.sys --> c:\windows\system32\drivers\Aldebaran.sys [?]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [2005-10-31 17536]
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter;c:\windows\system32\drivers\swld23u.sys [2005-10-31 82888]
S3 swlubtl;WLAN USB Boot Device;c:\windows\system32\drivers\swlubtl.sys [2005-10-31 53690]

=============== Created Last 30 ================

2009-01-09 14:58 <DIR> a-dshr-- C:\cmdcons
2009-01-09 14:55 161,792 a------- c:\windows\SWREG.exe
2009-01-09 14:55 98,816 a------- c:\windows\sed.exe
2009-01-09 14:55 <DIR> --d----- C:\ComboFix
2009-01-08 17:31 <DIR> --d----- C:\Lop SD
2009-01-07 20:02 250 a------- c:\windows\gmer.ini
2009-01-07 16:32 <DIR> --d----- c:\docume~1\chris\applic~1\Malwarebytes
2009-01-07 16:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-07 16:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 16:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-07 16:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-06 01:13 <DIR> --d----- c:\docume~1\chris\applic~1\Twain
2009-01-05 18:34 <DIR> --d----- c:\docume~1\chris\applic~1\JAM Software
2009-01-05 17:20 <DIR> --d----- c:\program files\Trend Micro
2009-01-03 15:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2009-01-03 15:19 <DIR> --d----- c:\program files\Security Task Manager
2008-12-12 00:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

==================== Find3M ====================

2008-11-30 22:25 27,608 a------- c:\docume~1\chris\applic~1\GDIPFONTCACHEV1.DAT
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

============= FINISH: 15:30:16.89 ===============

Attached Files



#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 10 January 2009 - 03:40 PM

Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\Documents and Settings\Chris\Application Data\uTorrent\Adobe Photoshop CS3 Extended + Crack.torrent
    C:\Documents and Settings\Chris\Application Data\uTorrent\patch, crack 1.01 and extra content.torrent
    C:\Documents and Settings\Chris\Application Data\uTorrent\Starcraft + BroodWar + The Last Update Patch 1.152 + KeyGen.torrent
    C:\Documents and Settings\Chris\My Documents\necessities\Data & Password Recovery\BadCopy Pro 3.72.1012\keygen.exe
    C:\Documents and Settings\Chris\My Documents\necessities\Data & Password Recovery\GetDataBack v2.22 NTFS and FAT\GetDataBack for FAT 2.22\keygen.exe
    C:\Documents and Settings\Chris\My Documents\necessities\Data & Password Recovery\GetDataBack v2.22 NTFS and FAT\GetDataBack for NTFS 2.22\keygen.exe
    C:\Documents and Settings\Chris\My Documents\necessities\Data & Password Recovery\Windows Key Stuff\Microsoft Keygen.exe
    c:\documents and settings\Chris\Application Data\Twain
    
    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll"
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 coglesogle

coglesogle
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 14 January 2009 - 06:17 PM

sorry i haven't responded in a few days thanks for your help, here we go.

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\Documents and Settings\Chris\Application Data\uTorrent\Adobe Photoshop CS3 Extended + Crack.torrent not found.
C:\Documents and Settings\Chris\Application Data\uTorrent\patch, crack 1.01 and extra content.torrent moved successfully.
File/Folder C:\Documents and Settings\Chris\Application Data\uTorrent\Starcraft + BroodWar + The Last Update Patch 1.152 + KeyGen.torrent not found.
C:\Documents and Settings\Chris\My Documents\necessities\Data & Password Recovery\BadCopy Pro 3.72.1012\keygen.exe moved successfully.
C:\Documents and Settings\Chris\My Documents\necessities\Data & Password Recovery\GetDataBack v2.22 NTFS and FAT\GetDataBack for FAT 2.22\keygen.exe moved successfully.
C:\Documents and Settings\Chris\My Documents\necessities\Data & Password Recovery\GetDataBack v2.22 NTFS and FAT\GetDataBack for NTFS 2.22\keygen.exe moved successfully.
C:\Documents and Settings\Chris\My Documents\necessities\Data & Password Recovery\Windows Key Stuff\Microsoft Keygen.exe moved successfully.
c:\documents and settings\Chris\Application Data\Twain moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|avgrsstx.dll" /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Chris\LOCALS~1\Temp\etilqs_8SNJnus18eJ0nI2bMppE scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yaut70w.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yaut70w.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yaut70w.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yaut70w.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yaut70w.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yaut70w.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01142009_181047

Files moved on Reboot...
File C:\DOCUME~1\Chris\LOCALS~1\Temp\etilqs_8SNJnus18eJ0nI2bMppE not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yaut70w.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yaut70w.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yaut70w.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yaut70w.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yaut70w.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\8yaut70w.default\XUL.mfl moved successfully.

#13 coglesogle

coglesogle
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 14 January 2009 - 08:29 PM

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3766 (20090114)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=8e0d577a7a80e840ac68e7ae4e42cd48
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-15 01:04:55
# local_time=2009-01-14 08:04:55 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=287445
# found=0
# scan_time=6256

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:15 AM

Posted 15 January 2009 - 03:44 AM

Looks good to me.. Run RSIT again and post the log here for my final review :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 coglesogle

coglesogle
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:15 PM

Posted 15 January 2009 - 10:29 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Chris at 2009-01-15 22:28:02
Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (11%) free of 114 GB
Total RAM: 2047 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:25 PM, on 1/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\SEGA\Medieval II Total War\medieval2.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\~e5.0001
C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Chris\Desktop\utorrent.exe
C:\Documents and Settings\Chris\Desktop\RSIT.exe
C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\Chris.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Stickies] C:\Program Files\Bret Taylor\Stickies\\Stickies.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Doyles Room Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - C:\PROGRA~1\DOYLES~1\client.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePokerMaster\EmpirePoker\RunEPoker.exe
O9 - Extra button: River Belle Poker - {83F8B625-1B04-4c35-8BA1-6DB4D7EDBADF} - C:\Program Files\riverbelleMPP\MPPoker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134467470875
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll"
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 1: GRAND THEFT AUTO IV - http://www.rockstargames.com/IV/

--
End of file - 8738 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1547161642-1801674531-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-05 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-05 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"=C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe [2003-05-02 57344]
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2003-12-01 892928]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ares"=C:\Program Files\Ares\Ares.exe [2006-03-12 1233408]
"Stickies"=C:\Program Files\Bret Taylor\Stickies\\Stickies.exe [2007-03-14 335872]
"Google Update"=C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-14 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
C:\Program Files\Ares\Ares.exe [2006-03-12 1233408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C2kWep]
C:\Program Files\Netopia\C3kWEPn.exe [2005-02-23 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2005-12-10 133016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe [2005-11-07 601200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe [2003-03-04 86100]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\System32\NvCpl.dll [2008-09-17 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\System32\NvMcTray.dll [2008-09-17 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [2005-10-31 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
C:\Documents and Settings\Chris\Desktop\GameSpot\GameSpotDownloadManager_Win32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Chris^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
C:\PROGRA~1\Yahoo!\Widgets\YAHOOW~1.EXE [2008-03-18 4742184]

C:\Documents and Settings\Chris\Start Menu\Programs\Startup
Digsby.lnk - C:\Program Files\Digsby\digsby.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares"
"C:\Documents and Settings\Chris\Desktop\utorrent.exe"="C:\Documents and Settings\Chris\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\ElectricSheep.scr"="C:\WINDOWS\system32\ElectricSheep.scr:*:Enabled:ElectricSheep"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e7c33d6-4a59-11da-9e56-000278ec1f60}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7abdfcaa-be81-11dd-a02a-00508d5e7bae}]
shell\AutoRun\command - F:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8467f742-cbb7-11d9-9e49-806d6172696f}]
shell\AutoRun\command - D:\Launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff6bd808-0bd0-11dd-a002-00183913156f}]
shell\AutoRun\command - F:\Autorun.exe /run
shell\Shell00\command - F:\Autorun.exe /run
shell\Shell01\command - F:\Autorun.exe /action
shell\Shell02\command - F:\Autorun.exe /uninstall


======List of files/folders created in the last 3 months======

2009-01-14 18:18:57 ----D---- C:\Program Files\EsetOnlineScanner
2009-01-14 18:10:47 ----D---- C:\_OTMoveIt
2009-01-14 18:05:06 ----D---- C:\Documents and Settings\Chris\Application Data\Bret Taylor
2009-01-14 18:04:57 ----D---- C:\Program Files\Bret Taylor
2009-01-09 16:49:21 ----SHD---- C:\RECYCLER
2009-01-09 15:08:28 ----D---- C:\WINDOWS\temp
2009-01-09 15:08:26 ----A---- C:\ComboFix.txt
2009-01-09 14:59:06 ----A---- C:\Boot.bak
2009-01-09 14:58:58 ----RASHD---- C:\cmdcons
2009-01-09 14:55:43 ----A---- C:\WINDOWS\zip.exe
2009-01-09 14:55:43 ----A---- C:\WINDOWS\VFIND.exe
2009-01-09 14:55:43 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-09 14:55:43 ----A---- C:\WINDOWS\SWSC.exe
2009-01-09 14:55:43 ----A---- C:\WINDOWS\SWREG.exe
2009-01-09 14:55:43 ----A---- C:\WINDOWS\sed.exe
2009-01-09 14:55:43 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-09 14:55:43 ----A---- C:\WINDOWS\grep.exe
2009-01-09 14:55:43 ----A---- C:\WINDOWS\fdsv.exe
2009-01-09 14:55:39 ----D---- C:\WINDOWS\ERDNT
2009-01-09 14:55:39 ----D---- C:\Qoobox
2009-01-09 14:55:39 ----D---- C:\ComboFix
2009-01-08 17:34:20 ----A---- C:\lopR.txt
2009-01-08 17:31:40 ----D---- C:\Lop SD
2009-01-07 20:02:17 ----A---- C:\WINDOWS\gmer.ini
2009-01-07 20:02:16 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-07 20:02:16 ----A---- C:\WINDOWS\gmer.exe
2009-01-07 20:02:16 ----A---- C:\WINDOWS\gmer.dll
2009-01-07 19:56:25 ----D---- C:\rsit
2009-01-07 16:32:34 ----D---- C:\Documents and Settings\Chris\Application Data\Malwarebytes
2009-01-07 16:32:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-07 16:32:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-05 18:34:11 ----D---- C:\Documents and Settings\Chris\Application Data\JAM Software
2009-01-05 17:20:31 ----D---- C:\Program Files\Trend Micro
2009-01-05 11:12:10 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-05 01:02:24 ----A---- C:\WINDOWS\system32\bf04a5ac-.txt
2009-01-03 15:19:42 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-01-03 15:19:33 ----D---- C:\Program Files\Security Task Manager
2008-12-12 00:07:22 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-12 00:05:25 ----D---- C:\Program Files\QuickTime
2008-12-04 12:20:25 ----D---- C:\Documents and Settings\Chris\Application Data\Canneverbe_Limited
2008-12-04 12:20:05 ----D---- C:\Program Files\CDBurnerXP
2008-12-01 18:11:13 ----D---- C:\Program Files\MySQL
2008-11-30 23:15:17 ----D---- C:\Documents and Settings\Chris\Application Data\vlc
2008-11-29 20:52:22 ----D---- C:\Documents and Settings\Chris\Application Data\AdobeAUM
2008-11-24 21:56:43 ----D---- C:\Documents and Settings\All Users\Application Data\Digsby
2008-11-24 21:54:17 ----D---- C:\Documents and Settings\Chris\Application Data\Digsby
2008-11-24 21:53:04 ----D---- C:\Program Files\Digsby
2008-11-24 16:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-11-24 16:29:32 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-24 16:29:31 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-11-24 16:29:00 ----D---- C:\Program Files\Windows Media Connect 2
2008-11-24 16:28:07 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2008-11-24 16:27:41 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-24 16:27:36 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-11-22 14:46:01 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-11-21 19:50:10 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2008-11-21 19:28:45 ----D---- C:\Program Files\Common Files\Macrovision Shared
2008-11-13 07:00:04 ----D---- C:\Program Files\Bonjour

======List of files/folders modified in the last 3 months======

2009-01-15 22:28:06 ----D---- C:\Documents and Settings\Chris\Application Data\uTorrent
2009-01-15 22:27:28 ----D---- C:\WINDOWS\Prefetch
2009-01-15 22:21:01 ----D---- C:\Program Files\Mozilla Firefox
2009-01-14 18:34:26 ----SD---- C:\WINDOWS\Tasks
2009-01-14 18:18:57 ----RD---- C:\Program Files
2009-01-14 18:18:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-14 18:18:50 ----D---- C:\WINDOWS\system32
2009-01-14 18:18:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-14 18:13:34 ----D---- C:\WINDOWS
2009-01-14 18:12:55 ----D---- C:\Program Files\Google
2009-01-14 18:11:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-14 18:05:03 ----SHD---- C:\WINDOWS\Installer
2009-01-14 18:05:03 ----SD---- C:\Documents and Settings\Chris\Application Data\Microsoft
2009-01-14 18:05:03 ----HD---- C:\Config.Msi
2009-01-14 17:58:38 ----SHD---- C:\System Volume Information
2009-01-13 19:02:00 ----HD---- C:\WINDOWS\inf
2009-01-10 05:40:01 ----HD---- C:\$AVG8.VAULT$
2009-01-09 15:06:12 ----A---- C:\WINDOWS\system.ini
2009-01-09 15:05:12 ----D---- C:\WINDOWS\system32\drivers
2009-01-09 15:05:11 ----D---- C:\WINDOWS\AppPatch
2009-01-09 15:05:11 ----D---- C:\Program Files\Common Files
2009-01-09 14:59:06 ----RASH---- C:\boot.ini
2009-01-07 20:34:19 ----RSD---- C:\WINDOWS\Fonts
2009-01-07 20:13:55 ----D---- C:\WINDOWS\Minidump
2009-01-06 20:24:06 ----D---- C:\Documents and Settings\Chris\Application Data\Adobe
2009-01-05 11:12:54 ----D---- C:\Program Files\Lavasoft
2009-01-05 11:12:51 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-05 11:12:51 ----D---- C:\Documents and Settings\Chris\Application Data\Lavasoft
2009-01-05 11:11:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-03 15:12:55 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-03 15:07:37 ----D---- C:\WINDOWS\system32\config
2009-01-03 15:07:09 ----D---- C:\WINDOWS\system32\wbem
2009-01-03 15:07:09 ----D---- C:\WINDOWS\Registration
2009-01-03 15:05:32 ----D---- C:\WINDOWS\security
2009-01-03 15:04:53 ----D---- C:\WINDOWS\system32\Restore
2008-12-16 23:55:44 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-12-14 06:55:32 ----D---- C:\Documents and Settings\Chris\Application Data\dvdcss
2008-12-13 19:35:50 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 19:30:30 ----D---- C:\Program Files\Windows Media Player
2008-12-13 03:08:35 ----D---- C:\Program Files\Starcraft
2008-12-12 00:07:50 ----D---- C:\Program Files\iTunes
2008-12-12 00:07:25 ----D---- C:\Program Files\iPod
2008-12-12 00:07:24 ----D---- C:\Program Files\Common Files\Apple
2008-11-30 16:54:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-29 19:40:26 ----A---- C:\WINDOWS\win.ini
2008-11-29 19:34:52 ----D---- C:\WINDOWS\Help
2008-11-24 21:52:33 ----D---- C:\Program Files\Common Files\AOL
2008-11-24 21:52:30 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-11-24 16:30:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-22 12:46:07 ----D---- C:\Program Files\Common Files\Adobe
2008-11-21 20:36:25 ----D---- C:\Program Files\Apple Software Update
2008-11-21 19:50:10 ----D---- C:\Program Files\Adobe
2008-11-21 19:45:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-21 19:29:22 ----D---- C:\WINDOWS\WinSxS
2008-11-13 07:02:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-13 06:54:16 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-13 06:21:05 ----D---- C:\Documents and Settings\Chris\Application Data\Apple Computer
2008-11-01 14:03:24 ----D---- C:\WINDOWS\pss
2008-11-01 14:01:32 ----D---- C:\Program Files\Common Files\Ahead
2008-11-01 13:59:35 ----D---- C:\Program Files\Image-Line
2008-11-01 13:58:39 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-30 23:38:59 ----D---- C:\Program Files\Cake Poker
2008-10-25 04:29:28 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2003-11-07 35328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-05 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-05 26824]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2007-08-17 20747]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2004-02-10 126878]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2004-02-10 13360]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-06-01 223128]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\getnd5b.sys [2003-09-02 44032]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\Drivers\itchfltr.sys [2003-11-08 12953]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 P17;Creative SB Audigy LS; C:\WINDOWS\system32\drivers\P17.sys [2004-01-16 687232]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-05-24 11392]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2003-05-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2003-05-14 44288]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 Aldebaran;Aldebaran - Storage Filter Drivers; \??\C:\WINDOWS\System32\Drivers\Aldebaran.sys []
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-03-07 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-03-07 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\NTPASp50.sys [2004-08-10 17536]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\System32\DRIVERS\rt73.sys [2005-11-24 245248]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SWLD23U;Netopia 802.11b WLAN USB Adapter; C:\WINDOWS\System32\DRIVERS\SWLD23U.sys [2003-12-17 82888]
S3 swlubtl;WLAN USB Boot Device; C:\WINDOWS\System32\Drivers\swlubtl.sys [2003-05-02 53690]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2003-05-14 21216]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2003-05-14 5728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-05 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-28 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-21 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users