Hello. Thank for your help.
Here is the MCADiag report
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-WHTGG-VD4C6-TJMKQ
Windows Product Key Hash: lmDOySlyDTHpqI1pKmny3AV11lU=
Windows Product ID: 76477-OEM-2174867-86169
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {9D39FD31-FB25-4686-A55A-9DC0C44D3082}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: I:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{9D39FD31-FB25-4686-A55A-9DC0C44D3082}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-TJMKQ</PKey><PID>76477-OEM-2174867-86169</PID><PIDType>3</PIDType><SID>S-1-5-21-682003330-1390067357-1801674531</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0405 </Version><SMBIOSVersion major="2" minor="3"/><Date>20060911000000.000000+000</Date></BIOS><HWID>479E30870184E07A</HWID><UserLCID>0425</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>5D65FE14D58F586</Val><Hash>BAoDbPc0n8rFHidSDI0n88MWyd0=</Hash><Pid>89388-707-0270147-65625</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Licensing Data-->
N/A
Windows Activation Technologies-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 141E0:ASUSTeK Computer Inc|10322:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005
OEM Activation 2.0 Data-->
N/A
When I tried to use the VirusTotal program the file you wanted wasn't found.
Here is the OTL and Extras logs
OTL logfile created on: 16.07.2010 11:28:26 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = I:\Documents and Settings\USER\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000425 | Country: Estonia | Language: ETI | Date Format: d.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): i:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
C: Drive not present or media not loaded
Drive D: | 450,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465,75 Gb Total Space | 249,87 Gb Free Space | 53,65% Space Free | Partition Type: NTFS
Drive S: | 465,76 Gb Total Space | 462,04 Gb Free Space | 99,20% Space Free | Partition Type: NTFS
Computer Name: USER-PC
Current User Name: USER
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - I:\Documents and Settings\USER\Desktop\OTL.exe (OldTimer Tools)
PRC - I:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - I:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe ()
PRC - I:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
PRC - I:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
PRC - I:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - I:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - I:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - I:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - I:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - I:\WINDOWS\system32\HDDSvc.exe (AltrixSoft (
http://www.altrixsoft.com/))
PRC - I:\Program Files\Registry Clean Expert\RCHelper.exe (iExpert Software)
PRC - I:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - I:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
========== Modules (SafeList) ========== MOD - I:\Documents and Settings\USER\Desktop\OTL.exe (OldTimer Tools)
MOD - I:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (SessionLauncher) -- I:\DOCUME~1\USER\LOCALS~1\Temp\DX9\SessionLauncher.exe File not found
SRV - (RoxLiveShare10) -- I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe File not found
SRV - (HidServ) -- I:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- I:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Sony Ericsson PCCompanion) -- I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (SbieSvc) -- I:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (avg9wd) -- I:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TomTomHOMEService) -- I:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (HDDSvc) -- I:\WINDOWS\system32\HDDSvc.exe (AltrixSoft (
http://www.altrixsoft.com/))
SRV - (btwdins) -- I:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
========== Driver Services (SafeList) ========== DRV - (AvgTdiX) -- I:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- I:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SbieDrv) -- I:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV - (AvgLdx86) -- I:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (sptd) -- I:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nv) -- I:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (RTLE8023xp) -- I:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Aspi32) -- I:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (HDAudBus) -- I:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (usbaudio) USB Audio Driver (WDM) -- I:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (CTEXFIFX.SYS) -- I:\WINDOWS\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- I:\WINDOWS\system32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTEDSPIO.SYS) -- I:\WINDOWS\System32\drivers\CTEDSPIO.SYS (Creative Technology Ltd)
DRV - (CTEDSPIO) -- I:\WINDOWS\system32\drivers\CTEDSPIO.sys (Creative Technology Ltd)
DRV - (CTEDSPSY.SYS) -- I:\WINDOWS\System32\drivers\CTEDSPSY.SYS (Creative Technology Ltd)
DRV - (CTEDSPSY) -- I:\WINDOWS\system32\drivers\CTEDSPSY.sys (Creative Technology Ltd)
DRV - (CTHWIUT.SYS) -- I:\WINDOWS\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT) -- I:\WINDOWS\system32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- I:\WINDOWS\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT) -- I:\WINDOWS\system32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (CTERFXFX.SYS) -- I:\WINDOWS\System32\drivers\CTERFXFX.SYS (Creative Technology Ltd)
DRV - (CTERFXFX) -- I:\WINDOWS\system32\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV - (CTEDSPFX.SYS) -- I:\WINDOWS\System32\drivers\CTEDSPFX.SYS (Creative Technology Ltd)
DRV - (CTEDSPFX) -- I:\WINDOWS\system32\drivers\CTEDSPFX.sys (Creative Technology Ltd)
DRV - (CTEAPSFX.SYS) -- I:\WINDOWS\System32\drivers\CTEAPSFX.SYS (Creative Technology Ltd)
DRV - (CTEAPSFX) -- I:\WINDOWS\system32\drivers\CTEAPSFX.sys (Creative Technology Ltd)
DRV - (CTSBLFX.SYS) -- I:\WINDOWS\System32\drivers\CTSBLFX.SYS (Creative Technology Ltd)
DRV - (CTSBLFX) -- I:\WINDOWS\system32\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV - (CTAUDFX.SYS) -- I:\WINDOWS\System32\drivers\CTAUDFX.SYS (Creative Technology Ltd)
DRV - (CTAUDFX) -- I:\WINDOWS\system32\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV - (COMMONFX.SYS) -- I:\WINDOWS\System32\drivers\COMMONFX.SYS (Creative Technology Ltd)
DRV - (COMMONFX) -- I:\WINDOWS\system32\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV - (SASKUTIL) -- I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ()
DRV - (SASDIFSV) -- I:\Program Files\SUPERAntiSpyware\sasdifsv.sys ()
DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- I:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- I:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- I:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) -- I:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- I:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- I:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- I:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)
DRV - (PfModNT) -- I:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctprxy2k) -- I:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- I:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- I:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- I:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- I:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- I:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- I:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ADIHdAudAddService) -- I:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SenFiltService) -- I:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (atapi) -- I:\WINDOWS\system32\DRIVERS\atapi.sys ()
DRV - (SASENUM) -- I:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (pgfilter) -- I:\Program Files\PeerGuardian2\pgfilter.sys ()
DRV - (btaudio) -- I:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- I:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- I:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- I:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- I:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (DM9USB) -- I:\WINDOWS\system32\drivers\dm9usb.sys (DAVICOM Semiconductor, Inc. )
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://search.live.com/sphome.aspx IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://search.live.comIE - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://uk.msn.com/?ocid=iehpIE - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 31 24 91 95 80 CA 01 [binary data]
IE - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems:
jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: I:\Program Files\Real\RealPlayer\browserrecord [2009.12.16 11:08:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2010.06.28 09:15:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2010.07.03 09:03:45 | 000,000,000 | ---D | M]
[2010.03.17 13:14:57 | 000,000,000 | ---D | M] -- I:\Documents and Settings\USER\Application Data\Mozilla\Extensions
[2010.03.17 13:14:57 | 000,000,000 | ---D | M] -- I:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010.07.16 09:32:03 | 000,000,000 | ---D | M] -- I:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\j7fwx06y.default\extensions
[2010.06.24 12:44:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- I:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\j7fwx06y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.12 13:19:15 | 000,000,000 | ---D | M] (Adblock Plus) -- I:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\j7fwx06y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.12.19 15:10:08 | 000,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox\extensions
[2010.01.16 01:55:13 | 000,001,538 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010.01.16 01:55:13 | 000,000,947 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010.01.16 01:55:13 | 000,000,769 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010.01.16 01:55:13 | 000,001,135 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010.04.03 12:41:33 | 000,000,773 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 applian.securesites.com
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - I:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - I:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] I:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-682003330-1390067357-1801674531-1004..\Run: [RegClean Expert Scheduler] I:\Program Files\Registry Clean Expert\RCHelper.exe (iExpert Software)
O4 - HKU\S-1-5-21-682003330-1390067357-1801674531-1004..\Run: [SandboxieControl] I:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\S-1-5-21-682003330-1390067357-1801674531-1004..\Run: [Sony Ericsson PC Companion] I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe ()
O4 - HKU\S-1-5-21-682003330-1390067357-1801674531-1004..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-682003330-1390067357-1801674531-1004..\Run: [TomTomHOME.exe] I:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = I:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = I:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: I:\Documents and Settings\USER\Start Menu\Programs\Startup\4323569.lnk = I:\Documents and Settings\USER\Local Settings\Temp\systmn.exe File not found
O4 - Startup: I:\Documents and Settings\USER\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = I:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - I:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - I:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/microso ... 0960510546 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - I:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - I:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: I:\WINDOWS\Prairie Wind.bmp
O24 - Desktop BackupWallPaper: I:\WINDOWS\Prairie Wind.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - I:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - I:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - I:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.09.07 20:31:14 | 000,245,854 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002.04.23 10:42:26 | 000,000,050 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{10b450b5-f3a9-11de-864a-0018f304ce28}\Shell\AutoRun\command - "" = vlsdgsdgeryherdhsdfhdfhsdrhserjserjdsfjdsfhdsfgweagi\wetopisdgklsjgbklawjrtioubsaetgioubasegiojbasgdia\autorun.exe
O33 - MountPoints2\{10b450b5-f3a9-11de-864a-0018f304ce28}\Shell\Explore\Command - "" = vlsdgsdC:\aUtORUN.inf
O33 - MountPoints2\{10b450b5-f3a9-11de-864a-0018f304ce28}\Shell\open\command - "" = vlsdgsdgeryherdhsdfhdfhsdrhserjserjdsfjdsfhdsfgweagi\wetopisdgklsjgbklawjrtioubsaetgioubasegiojbasgdia\autorun.exe
O33 - MountPoints2\{1aa04929-ea26-11de-9e15-d6a8837cad13}\Shell - "" = AutoRun
O33 - MountPoints2\{1aa04929-ea26-11de-9e15-d6a8837cad13}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1aa04929-ea26-11de-9e15-d6a8837cad13}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7c6b97b3-4a03-11df-877a-0018f304ce28}\Shell - "" = AutoRun
O33 - MountPoints2\{7c6b97b3-4a03-11df-877a-0018f304ce28}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c6b97b3-4a03-11df-877a-0018f304ce28}\Shell\AutoRun\command - "" = F:\DPFMate.exe -- File not found
O33 - MountPoints2\{815260b1-ee1f-11de-862e-0018f304ce28}\Shell - "" = AutoRun
O33 - MountPoints2\{815260b1-ee1f-11de-862e-0018f304ce28}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{815260b1-ee1f-11de-862e-0018f304ce28}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{9187d3e9-31b5-11df-8733-0018f304ce28}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{c842ef47-ea21-11de-9715-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c842ef47-ea21-11de-9715-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c842ef47-ea21-11de-9715-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.now.exe -- [2004.07.29 14:12:50 | 000,101,376 | R--- | M] (Sold Out Software Ltd.)
O33 - MountPoints2\{e4b9d3d2-8b37-11df-8881-0018f304ce28}\Shell - "" = AutoRun
O33 - MountPoints2\{e4b9d3d2-8b37-11df-8881-0018f304ce28}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e4b9d3d2-8b37-11df-8881-0018f304ce28}\Shell\AutoRun\command - "" = F:\Startme.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010.07.16 11:27:08 | 000,574,976 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\USER\Desktop\OTL.exe
[2010.07.16 11:18:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010.07.16 11:18:02 | 002,031,992 | ---- | C] (Microsoft Corporation) -- I:\Documents and Settings\USER\Desktop\MGADiag.exe
[2010.07.15 16:49:11 | 000,000,000 | RH-D | C] -- I:\Documents and Settings\USER\Recent
[2010.07.15 15:02:52 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Application Data\Google
[2010.07.15 15:01:41 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Local Settings\Application Data\Temp
[2010.07.15 15:01:41 | 000,000,000 | ---D | C] -- I:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010.07.15 15:01:32 | 000,000,000 | ---D | C] -- I:\Program Files\Google
[2010.07.15 15:01:32 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Local Settings\Application Data\Google
[2010.07.15 11:39:52 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Desktop\Utilities
[2010.07.15 11:37:43 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Desktop\Photo
[2010.07.15 11:34:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Desktop\Epson Printer
[2010.07.15 11:33:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Desktop\Video - Audio
[2010.07.15 11:31:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Desktop\DVD - CD
[2010.07.15 11:30:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Desktop\Adobe
[2010.07.14 09:20:03 | 000,744,448 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.13 12:56:34 | 000,000,000 | ---D | C] -- I:\Program Files\Trend Micro
[2010.07.13 11:33:56 | 000,000,000 | ---D | C] -- I:\WINDOWS\pss
[2010.07.09 10:15:54 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\Sony Shared
[2010.07.09 10:13:12 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Local Settings\Application Data\Sony
[2010.07.09 10:11:21 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\My Documents\My Podcasts
[2010.07.09 10:11:21 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\My Documents\Media Go
[2010.07.09 10:10:53 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Local Settings\Application Data\Downloaded Installations
[2010.07.09 10:10:48 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010.07.09 10:10:48 | 000,000,000 | ---D | C] -- I:\Program Files\Sony
[2010.07.09 10:08:52 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Application Data\Sony
[2010.07.09 10:01:40 | 000,000,000 | ---D | C] -- I:\Program Files\Sony Ericsson
[2010.07.09 10:01:40 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2010.06.30 16:26:34 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\My Documents\Untitled
[2010.06.30 16:19:47 | 002,531,328 | ---- | C] (Macrovision Europe Ltd.) -- I:\Documents and Settings\USER\My Documents\AdobeLM_libFNP.dll
[2010.06.21 12:19:00 | 000,000,000 | ---D | C] -- I:\Corralejo+Madrid
[2010.06.16 14:41:32 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\XPSViewer
[2010.06.16 14:41:27 | 000,000,000 | ---D | C] -- I:\Program Files\Reference Assemblies
[2010.06.16 14:41:08 | 001,676,288 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xpssvcs.dll
[2010.06.16 14:41:08 | 001,676,288 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010.06.16 14:41:08 | 000,597,504 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010.06.16 14:41:08 | 000,575,488 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010.06.16 14:41:08 | 000,117,760 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\prntvpt.dll
[2010.06.16 14:41:08 | 000,089,088 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2006.08.04 08:34:28 | 000,033,792 | R--- | C] ( ) -- I:\WINDOWS\System32\a3d.dll
[8 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]
[5 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010.07.16 11:29:00 | 000,000,420 | -H-- | M] () -- I:\WINDOWS\tasks\User_Feed_Synchronization-{C64277A3-026B-427C-BF33-D97DB328E707}.job
[2010.07.16 11:27:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\USER\Desktop\OTL.exe
[2010.07.16 11:18:20 | 000,013,646 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2010.07.16 11:18:02 | 002,031,992 | ---- | M] (Microsoft Corporation) -- I:\Documents and Settings\USER\Desktop\MGADiag.exe
[2010.07.16 11:17:00 | 000,000,238 | -H-- | M] () -- I:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.07.16 11:16:01 | 000,002,521 | ---- | M] () -- I:\Documents and Settings\USER\Desktop\Outlook.lnk
[2010.07.16 11:06:00 | 000,000,928 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.16 10:59:44 | 000,451,584 | ---- | M] () -- I:\Documents and Settings\USER\Desktop\CKScanner.exe
[2010.07.16 10:55:00 | 000,000,274 | -H-- | M] () -- I:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.07.16 10:42:35 | 003,513,237 | ---- | M] () -- I:\Documents and Settings\USER\Desktop\WVCheck.exe
[2010.07.16 10:15:29 | 000,001,915 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2010.07.16 09:17:50 | 062,023,023 | ---- | M] () -- I:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.07.16 09:11:37 | 000,272,291 | ---- | M] () -- I:\WINDOWS\System32\NvApps.xml
[2010.07.16 09:11:20 | 000,000,006 | -H-- | M] () -- I:\WINDOWS\tasks\SA.DAT
[2010.07.16 09:11:13 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2010.07.15 19:20:23 | 000,011,564 | ---- | M] () -- I:\WINDOWS\System32\DVCState-{00000001-00000000-00000001-00001102-00000008-40041102}.rfx
[2010.07.15 19:20:23 | 000,000,924 | ---- | M] () -- I:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000001-00001102-00000008-40041102}.rfx
[2010.07.15 19:20:23 | 000,000,924 | ---- | M] () -- I:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000001-00001102-00000008-40041102}.rfx
[2010.07.15 19:20:23 | 000,000,064 | ---- | M] () -- I:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000001-00001102-00000008-40041102}.rfx
[2010.07.15 19:20:23 | 000,000,064 | ---- | M] () -- I:\WINDOWS\System32\BMXState-{00000001-00000000-00000001-00001102-00000008-40041102}.rfx
[2010.07.15 19:20:13 | 006,553,600 | ---- | M] () -- I:\Documents and Settings\USER\NTUSER.DAT
[2010.07.15 19:20:13 | 000,000,178 | -HS- | M] () -- I:\Documents and Settings\USER\ntuser.ini
[2010.07.15 16:00:00 | 000,000,368 | ---- | M] () -- I:\WINDOWS\tasks\At2.job
[2010.07.15 16:00:00 | 000,000,368 | ---- | M] () -- I:\WINDOWS\tasks\At1.job
[2010.07.15 15:06:00 | 000,000,924 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.15 15:02:27 | 000,001,925 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010.07.15 12:55:34 | 000,000,069 | ---- | M] () -- I:\WINDOWS\NeroDigital.ini
[2010.07.15 12:55:33 | 000,068,096 | ---- | M] () -- I:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.14 17:27:48 | 002,117,308 | -H-- | M] () -- I:\Documents and Settings\USER\Local Settings\Application Data\IconCache.db
[2010.07.14 11:39:15 | 000,167,989 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\The-Princess-And-The-Frog-Poster.jpg
[2010.07.13 12:59:00 | 000,002,445 | ---- | M] () -- I:\Documents and Settings\USER\Desktop\HiJackThis.lnk
[2010.07.13 12:54:50 | 001,402,880 | ---- | M] () -- I:\Documents and Settings\USER\Desktop\HiJackThis.msi
[2010.07.13 11:34:25 | 000,000,582 | ---- | M] () -- I:\WINDOWS\win.ini
[2010.07.13 11:34:25 | 000,000,227 | ---- | M] () -- I:\WINDOWS\system.ini
[2010.07.12 20:49:58 | 000,054,156 | -H-- | M] () -- I:\WINDOWS\QTFont.qfn
[2010.07.11 13:38:00 | 000,001,409 | ---- | M] () -- I:\WINDOWS\QTFont.for
[2010.07.09 10:16:06 | 000,001,632 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Media Go.lnk
[2010.07.08 11:26:56 | 000,010,617 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Bell Hotel letter.docx
[2010.07.07 21:56:30 | 000,156,672 | ---- | M] (Radioactive) -- I:\WINDOWS\System32\rmc_fixasf.exe
[2010.07.07 21:56:29 | 000,237,568 | ---- | M] () -- I:\WINDOWS\System32\rmc_rtspdl.dll
[2010.07.05 16:36:38 | 000,323,130 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Im May No Turn.jpg
[2010.07.05 16:22:20 | 000,043,346 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Im May Love Tattoo.jpg
[2010.07.03 09:03:46 | 000,001,739 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.07.01 16:46:32 | 000,068,717 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cornbury prog.docx
[2010.07.01 16:45:41 | 000,087,587 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cornbury Site and Campsite.docx
[2010.07.01 16:42:17 | 000,068,188 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cornbury arena.docx
[2010.07.01 15:58:49 | 000,036,229 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cornbury Campsite.jpg
[2010.07.01 15:57:58 | 000,040,304 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cornbury Site.jpg
[2010.07.01 15:57:00 | 000,057,482 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cornbury Arena.jpg
[2010.07.01 14:56:46 | 000,058,017 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cornbury programme.jpg
[2010.07.01 11:24:53 | 000,012,931 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cardamomo Flamenco.docx
[2010.06.30 16:26:34 | 000,647,857 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Untitled.ncor
[2010.06.30 16:25:16 | 000,000,116 | ---- | M] () -- I:\Documents and Settings\USER\Adobe Encore_AME.pref
[2010.06.28 15:22:10 | 010,978,543 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Reg Backup File 28 Jun '10.cab
[2010.06.23 17:06:54 | 043,866,600 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\church-at-auvers.psd
[2010.06.23 17:06:46 | 008,713,903 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\church-at-auvers copy.jpg
[2010.06.23 16:32:34 | 006,227,297 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\church-at-auvers.jpg
[2010.06.23 11:44:46 | 000,535,006 | ---- | M] () -- I:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 11:44:46 | 000,465,402 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2010.06.23 11:44:46 | 000,079,162 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2010.06.16 17:49:43 | 000,069,232 | ---- | M] () -- I:\Documents and Settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.06.16 17:47:37 | 001,555,664 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[8 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]
[5 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010.07.16 10:59:44 | 000,451,584 | ---- | C] () -- I:\Documents and Settings\USER\Desktop\CKScanner.exe
[2010.07.16 10:42:24 | 003,513,237 | ---- | C] () -- I:\Documents and Settings\USER\Desktop\WVCheck.exe
[2010.07.15 15:02:27 | 000,001,925 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010.07.15 15:01:38 | 000,000,928 | ---- | C] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.15 15:01:37 | 000,000,924 | ---- | C] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.14 11:36:58 | 000,167,989 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\The-Princess-And-The-Frog-Poster.jpg
[2010.07.13 12:56:34 | 000,002,445 | ---- | C] () -- I:\Documents and Settings\USER\Desktop\HiJackThis.lnk
[2010.07.13 12:54:49 | 001,402,880 | ---- | C] () -- I:\Documents and Settings\USER\Desktop\HiJackThis.msi
[2010.07.13 10:10:36 | 000,011,853 | ---- | C] () -- I:\Documents and Settings\USER\Desktop\RUNDLL32.EX_
[2010.07.11 13:38:00 | 000,054,156 | -H-- | C] () -- I:\WINDOWS\QTFont.qfn
[2010.07.11 13:38:00 | 000,001,409 | ---- | C] () -- I:\WINDOWS\QTFont.for
[2010.07.09 10:16:06 | 000,001,632 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Media Go.lnk
[2010.07.09 10:01:46 | 000,001,915 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2010.07.08 11:26:56 | 000,010,617 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Bell Hotel letter.docx
[2010.07.05 16:23:01 | 000,323,130 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Im May No Turn.jpg
[2010.07.05 16:22:19 | 000,043,346 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Im May Love Tattoo.jpg
[2010.07.01 16:45:41 | 000,087,587 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cornbury Site and Campsite.docx
[2010.07.01 16:41:48 | 000,068,188 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cornbury arena.docx
[2010.07.01 15:58:49 | 000,036,229 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cornbury Campsite.jpg
[2010.07.01 15:57:58 | 000,040,304 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cornbury Site.jpg
[2010.07.01 15:57:00 | 000,057,482 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cornbury Arena.jpg
[2010.07.01 14:58:57 | 000,068,717 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cornbury prog.docx
[2010.07.01 14:56:45 | 000,058,017 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cornbury programme.jpg
[2010.07.01 11:24:23 | 000,012,931 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cardamomo Flamenco.docx
[2010.06.30 16:26:31 | 000,647,857 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Untitled.ncor
[2010.06.30 16:25:16 | 000,000,116 | ---- | C] () -- I:\Documents and Settings\USER\Adobe Encore_AME.pref
[2010.06.28 15:22:10 | 010,978,543 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Reg Backup File 28 Jun '10.cab
[2010.06.23 17:06:51 | 043,866,600 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\church-at-auvers.psd
[2010.06.23 17:06:43 | 008,713,903 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\church-at-auvers copy.jpg
[2010.06.23 16:32:26 | 006,227,297 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\church-at-auvers.jpg
[2010.04.03 12:44:50 | 000,237,568 | ---- | C] () -- I:\WINDOWS\System32\rmc_rtspdl.dll
[2009.12.28 14:02:51 | 000,000,069 | ---- | C] () -- I:\WINDOWS\NeroDigital.ini
[2009.12.21 10:39:49 | 000,002,438 | ---- | C] () -- I:\WINDOWS\Sandboxie.ini
[2009.12.19 15:37:34 | 000,000,097 | ---- | C] () -- I:\WINDOWS\System32\PICSDK.ini
[2009.12.19 15:35:17 | 000,000,025 | ---- | C] () -- I:\WINDOWS\CDESX100DEFGIPS.ini
[2009.12.19 13:02:11 | 000,001,043 | ---- | C] () -- I:\WINDOWS\cdplayer.ini
[2009.12.16 11:43:17 | 000,073,728 | ---- | C] () -- I:\WINDOWS\System32\RtNicProp32.dll
[2009.12.16 11:41:10 | 000,003,072 | ---- | C] () -- I:\WINDOWS\CTXFIRES.DLL
[2009.08.31 15:00:22 | 000,021,504 | ---- | C] () -- I:\WINDOWS\System32\WBCustomizer.dll
[2009.08.31 15:00:21 | 000,185,344 | ---- | C] () -- I:\WINDOWS\System32\MemWarp.dll
[2008.03.20 17:02:24 | 000,086,446 | R--- | C] () -- I:\WINDOWS\System32\instwdm.ini
[2008.03.20 17:02:24 | 000,000,191 | R--- | C] () -- I:\WINDOWS\System32\ctzapxx.ini
[2008.03.20 16:36:48 | 000,043,520 | ---- | C] () -- I:\WINDOWS\System32\CTBurst.dll
[2007.09.27 11:51:02 | 000,020,698 | ---- | C] () -- I:\WINDOWS\System32\idxcntrs.ini
[2007.09.27 11:48:48 | 000,030,628 | ---- | C] () -- I:\WINDOWS\System32\gsrvctr.ini
[2007.09.27 11:48:28 | 000,031,698 | ---- | C] () -- I:\WINDOWS\System32\gthrctr.ini
[2007.08.21 11:22:58 | 000,000,000 | ---- | C] () -- I:\WINDOWS\System32\px.ini
[2006.10.02 18:25:18 | 000,000,307 | ---- | C] () -- I:\WINDOWS\System32\kill.ini
[2006.02.28 13:00:00 | 000,095,360 | ---- | C] () -- I:\WINDOWS\System32\drivers\atapi.sys
[2005.08.24 14:56:04 | 000,090,112 | ---- | C] () -- I:\WINDOWS\System32\btprn2k.dll
[2005.06.16 19:17:16 | 000,071,680 | ---- | C] () -- I:\WINDOWS\System32\ctmmactl.dll
[2004.01.30 16:07:46 | 000,245,408 | ---- | C] () -- I:\WINDOWS\System32\unicows.dll
[2002.05.16 00:29:04 | 000,000,607 | ---- | C] () -- I:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001.11.23 19:18:00 | 000,000,597 | ---- | C] () -- I:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- I:\WINDOWS\System32\lcppn21.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> I:\Documents and Settings\USER\My Documents\Freddy and Babs.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> I:\Documents and Settings\USER\My Documents\DSC00072.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> I:\Documents and Settings\USER\My Documents\DSC00047.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> I:\Documents and Settings\USER\My Documents\Donna and Sherry.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> I:\Documents and Settings\USER\My Documents\Copy of Donna and Sherry.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> I:\Documents and Settings\USER\My Documents\1225091131.jpg:Roxio EMC Stream
< End of report >
OTL Extras logfile created on: 16.07.2010 11:28:26 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = I:\Documents and Settings\USER\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000425 | Country: Estonia | Language: ETI | Date Format: d.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): i:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
C: Drive not present or media not loaded
Drive D: | 450,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465,75 Gb Total Space | 249,87 Gb Free Space | 53,65% Space Free | Partition Type: NTFS
Drive S: | 465,76 Gb Total Space | 462,04 Gb Free Space | 99,20% Space Free | Partition Type: NTFS
Computer Name: USER-PC
Current User Name: USER
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-682003330-1390067357-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- I:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "I:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "I:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "I:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- I:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "I:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"I:\Program Files\Windows Live\Messenger\wlcsdk.exe" = I:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = I:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"I:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = I:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"I:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = I:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"I:\Program Files\Windows Live\Messenger\wlcsdk.exe" = I:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"I:\Program Files\AVG\AVG9\avgupd.exe" = I:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"I:\Program Files\AVG\AVG9\avgnsx.exe" = I:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"I:\Program Files\SoulseekNS\slsk.exe" = I:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- File not found
"I:\Documents and Settings\USER\Local Settings\Temp\taskengc.exe" = I:\Documents and Settings\USER\Local Settings\Temp\taskengc.exe:*:Enabled:49645 -- File not found
"I:\Documents and Settings\USER\Local Settings\Temp\systmn.exe" = I:\Documents and Settings\USER\Local Settings\Temp\systmn.exe:*:Enabled:887638 -- File not found
"I:\Program Files\Vuze\Azureus.exe" = I:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23F20D6B-F211-486F-93DA-DA68AF7FE55F}" = WWTBAM 2nd Edition
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Belkin Bluetooth Software
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.30
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D420D94-7B4A-4213-B8D4-AEC3B45B5158}" = Digital Audio System
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7066F2DB-5032-4B6F-A8E7-A6F946043438}" = Adobe Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EC63FE1-D017-460D-90B1-CCC97239AF73}" = Media Go
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.00.146
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"8461-7759-5462-8226" = Vuze
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_85df662426fa6bb25f7d596f4d1b2a2" = Adobe Encore CS3
"Any Video Converter_is1" = Any Video Converter 3.0.5
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"Easy CD and DVD Cover Creator" = Easy CD and DVD Cover Creator 4.13
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 User’s Guide" = EPSON Stylus SX100_TX100 Manual
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"Hard Drive Inspector" = Hard Drive Inspector Professional 2.70 build # 459
"ie8" = Windows Internet Explorer 8
"ImTOO DVD Ripper Ultimate 5" = ImTOO DVD Ripper Ultimate
"ImTOO Video Converter Ultimate" = ImTOO Video Converter Ultimate
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PeerGuardian_is1" = PeerGuardian 2.0
"PhotoToolkit_is1" = Photo! Editor 1.1
"RealPlayer 6.0" = RealPlayer
"Red Eye Remover_is1" = Red Eye Remover 2.0
"Registry Clean Expert_is1" = Registry Clean Expert
"Replay Media Catcher 3.11" = Replay Media Catcher 3.11
"Replay Video Capture3.1B" = Replay Video Capture
"Sandboxie" = Sandboxie 3.45.07
"Scrabble Plus 1.00" = Scrabble Plus 1.00
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VLC media player 1.0.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 13.07.2010 6:27:50 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog
Error - 13.07.2010 6:28:48 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog
Error - 14.07.2010 10:04:35 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog
Error - 14.07.2010 11:10:56 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog
Error - 14.07.2010 12:04:21 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog
Error - 15.07.2010 7:16:08 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog
Error - 15.07.2010 10:21:04 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog
Error - 15.07.2010 10:21:07 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog
Error - 15.07.2010 11:29:50 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog
Error - 15.07.2010 11:49:11 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog
[ OSession Events ]
Error - 10.01.2010 9:17:44 | Computer Name = USER-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.01.2010 15:49:07 | Computer Name = USER-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.01.2010 7:46:13 | Computer Name = USER-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 9.02.2010 8:10:25 | Computer Name = USER-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.
Error - 19.02.2010 7:23:39 | Computer Name = USER-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.
Error - 25.06.2010 5:01:04 | Computer Name = USER-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 15.07.2010 13:05:26 | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3
Error - 15.07.2010 13:05:29 | Computer Name = USER-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd
Error - 15.07.2010 13:05:46 | Computer Name = USER-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .
Error - 15.07.2010 13:05:46 | Computer Name = USER-PC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 15.07.2010 13:05:46 | Computer Name = USER-PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 16.07.2010 4:11:22 | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3
Error - 16.07.2010 4:11:25 | Computer Name = USER-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd
Error - 16.07.2010 4:11:43 | Computer Name = USER-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .
Error - 16.07.2010 4:11:43 | Computer Name = USER-PC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 16.07.2010 4:11:43 | Computer Name = USER-PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
< End of report >
And finally the GMER report
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-07-16 18:30:30
Windows 5.1.2600 Service Pack 3
Running: lsiq3v3h.exe; Driver: I:\DOCUME~1\USER\LOCALS~1\Temp\kxtdapoc.sys
---- System - GMER 1.0.15 ----
SSDT \??\I:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0xB470C660]
Code B8464C9C ZwRequestPort
Code B8464D3C ZwRequestWaitReplyPort
Code B8464BFC ZwTraceEvent
Code B8464C9B NtRequestPort
Code B8464D3B NtRequestWaitReplyPort
Code B8464BFB NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!NtTraceEvent 805499B8 5 Bytes JMP B8464C00
PAGE ntoskrnl.exe!NtRequestWaitReplyPort 8057CD93 5 Bytes JMP B8464D40
PAGE ntoskrnl.exe!NtRequestPort 805E33BE 5 Bytes JMP B8464CA0
.text I:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7668380, 0x5414D5, 0xE8000020]
.text win32k.sys!EngAcquireSemaphore + 20E2 BF808308 5 Bytes JMP B8464480
.text win32k.sys!EngFreeUserMem + 5BD2 BF80EE8F 5 Bytes JMP B84643E0
.text win32k.sys!EngCopyBits + 68D BF838EFF 5 Bytes JMP B84645C0
.text win32k.sys!EngCreateBitmap + 6F4 BF83E122 5 Bytes JMP B8464700
.text win32k.sys!EngMultiByteToWideChar + 2F32 BF8A0D51 5 Bytes JMP B84648E0
.text win32k.sys!EngAlphaBlend + 350F BF8AA40A 5 Bytes JMP B8464A20
.text win32k.sys!EngMulDiv + 90FA BF8B4264 5 Bytes JMP B8464660
.text win32k.sys!XLATEOBJ_iXlate + 3A50 BF8B9E25 5 Bytes JMP B8464520
.text win32k.sys!EngUnicodeToMultiByteN + 1756 BF8C322E 5 Bytes JMP B84647A0
.text win32k.sys!PATHOBJ_bCloseFigure + 19F1 BF8F98FC 5 Bytes JMP B8464980
.text win32k.sys!EngCreateClip + 1994 BF9132F6 5 Bytes JMP B8464AC0
.text win32k.sys!EngCreateClip + 1F24 BF913886 5 Bytes JMP B8464B60
.text win32k.sys!EngCreateClip + 256A BF913ECC 5 Bytes JMP B8464840
---- User code sections - GMER 1.0.15 ----
.text I:\WINDOWS\system32\SearchIndexer.exe[284] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C I:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3712] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 003AFB50 I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3712] USER32.dll!SetWindowRgn + 2BD 7E42E7E5 7 Bytes JMP 003AFA00 I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3712] USER32.dll!SetClipboardData + 19D 7E43113B 7 Bytes JMP 003AFB30 I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3712] USER32.dll!MessageBoxA + 49 7E450833 7 Bytes JMP 003AFC20 I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3712] USER32.dll!MessageBoxExW + 1F 7E450857 7 Bytes JMP 003AFC70 I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3712] USER32.dll!MessageBoxTimeoutA + CA 7E4664D0 7 Bytes JMP 003AFBA0 I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 I:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0x9C 0x2A 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x57 0xC7 0xDA 0x8F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0x48 0x9E 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 I:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0x9C 0x2A 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x57 0xC7 0xDA 0x8F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x84 0xF0 0x8F 0xC7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 I:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0x9C 0x2A 0xFE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x57 0xC7 0xDA 0x8F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0x48 0x9E 0x57 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 I:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0x9C 0x2A 0xFE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x57 0xC7 0xDA 0x8F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0x48 0x9E 0x57 ...
---- EOF - GMER 1.0.15 ----