heres the combofix log
ComboFix 09-07-19.04 - Jonny 20/07/2009 17:57.2.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.44.1033.18.3581.2322 [GMT 1:00]
Running from: c:\users\Jonny\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: ESET NOD32 Antivirus 4.0 *enabled* (Outdated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-06-20 to 2009-07-20 )))))))))))))))))))))))))))))))
.
2009-07-20 16:12 . 2009-07-20 16:12 -------- d-----w- c:\users\Deshveer\AppData\Local\temp
2009-07-20 13:11 . 2009-07-20 13:11 -------- d-sh--w- C:\found.000
2009-07-18 13:12 . 2009-07-18 13:12 -------- d-----w- C:\rsit
2009-07-18 12:33 . 2009-07-18 12:33 -------- d-----w- C:\Rooter$
2009-07-17 19:57 . 2004-11-09 17:20 87552 ----a-w- c:\windows\system32\trltmpct.dll
2009-07-17 19:57 . 2009-07-17 19:57 -------- d-----w- C:\3D Rad
2009-07-15 18:54 . 2009-07-15 18:57 -------- d-----w- c:\users\Jonny\AppData\Roaming\IGN_DLM
2009-07-15 18:54 . 2009-07-15 18:54 -------- d-----w- c:\program files\Download Manager
2009-07-14 16:38 . 2009-07-14 16:38 -------- d-----w- c:\users\Jonny\AppData\Local\PunkBuster
2009-07-14 16:37 . 2009-07-14 16:37 -------- d-----w- c:\users\Jonny\AppData\Local\Activision
2009-07-14 16:10 . 2009-07-14 16:10 22328 ----a-w- c:\users\Jonny\AppData\Roaming\PnkBstrK.sys
2009-07-14 15:47 . 2009-07-14 15:47 -------- d-----w- c:\program files\Activision
2009-07-14 14:51 . 2009-07-14 14:52 -------- d-----w- c:\program files\Safari
2009-07-14 12:35 . 2009-07-14 12:35 -------- d-----w- c:\users\Jonny\AppData\Local\Mozilla
2009-07-14 09:48 . 2009-07-14 09:48 -------- d-----w- c:\program files\Trend Micro
2009-07-08 19:09 . 2009-07-08 19:09 -------- d-----w- c:\program files\ESET
2009-07-01 19:17 . 2009-07-01 19:17 69632 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 4.30.19.1\SetupAdmin.exe
2009-07-01 16:27 . 2009-07-01 16:26 832144 ----a-w- c:\programdata\avg8\update\backup\AVGToolbarInstall.exe
2009-07-01 16:27 . 2009-07-01 16:27 -------- d-----w- c:\programdata\AVG Security Toolbar
2009-06-28 18:32 . 2009-06-28 18:32 -------- d-----w- c:\programdata\NortonInstaller
2009-06-28 18:32 . 2009-06-28 18:32 -------- d-----w- c:\program files\NortonInstaller
2009-06-28 18:04 . 2009-06-28 18:14 -------- d-----w- c:\users\Jonny\AppData\Roaming\DMCache
2009-06-28 18:04 . 2009-06-28 18:09 -------- d-----w- c:\users\Jonny\AppData\Roaming\IDM
2009-06-28 18:04 . 2009-06-28 18:15 -------- d-----w- c:\program files\Internet Download Manager
2009-06-28 14:17 . 2009-06-28 18:13 -------- d-----w- c:\program files\PC Satellite TV
2009-06-28 11:34 . 2009-06-28 11:34 -------- d-----w- c:\program files\Windows Doctor
2009-06-24 19:56 . 2009-06-24 19:56 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-24 19:05 . 2009-06-24 19:05 -------- d-----w- c:\users\Jonny\AppData\Local\AirMouse
2009-06-24 19:04 . 2009-06-24 19:04 -------- d-----w- c:\program files\Air Mouse
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 16:52 . 2009-02-23 19:14 -------- d-----w- c:\users\Jonny\AppData\Roaming\Skype
2009-07-20 16:45 . 2008-04-24 22:37 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-18 23:08 . 2008-04-24 22:48 -------- d-----w- c:\program files\Java
2009-07-18 21:56 . 2008-04-28 19:44 27335 ----a-w- c:\users\Jonny\AppData\Roaming\nvModes.dat
2009-07-18 21:53 . 2009-05-02 11:55 -------- d-----w- c:\users\Jonny\AppData\Roaming\uTorrent
2009-07-18 21:53 . 2009-04-26 15:54 -------- d-----w- c:\users\Jonny\AppData\Roaming\BitTorrent
2009-07-18 21:41 . 2008-04-24 22:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 10:25 . 2009-04-11 20:47 -------- d-----w- c:\users\Jonny\AppData\Roaming\mIRC
2009-07-08 19:21 . 2008-07-01 13:52 34 ----a-w- c:\users\Jonny\jagex_runescape_preferences.dat
2009-07-07 16:07 . 2008-06-08 09:54 -------- d-----w- c:\users\Jonny\AppData\Roaming\LimeWire
2009-07-01 18:54 . 2008-05-02 20:53 680 ----a-w- c:\users\Jonny\AppData\Local\d3d9caps.dat
2009-07-01 16:26 . 2008-05-17 10:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 16:26 . 2008-05-17 10:12 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-01 16:26 . 2008-05-17 10:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-24 19:57 . 2008-04-24 23:05 -------- d-----w- c:\program files\Google
2009-06-24 19:56 . 2008-05-05 09:12 -------- d-----w- c:\program files\DivX
2009-06-22 14:34 . 2009-05-04 10:24 -------- d-----w- c:\program files\Advanced System Optimizer
2009-06-22 12:02 . 2008-10-11 17:45 -------- d-----w- c:\program files\Electronic Arts
2009-06-22 11:52 . 2009-04-30 18:27 -------- d-----w- c:\programdata\Microsoft Games
2009-06-22 11:52 . 2009-04-30 18:26 -------- d-----w- c:\users\Jonny\AppData\Roaming\Microsoft Game Studios
2009-06-22 11:52 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games
2009-06-21 20:16 . 2009-02-28 14:07 -------- d-----w- c:\users\Jonny\AppData\Roaming\DiskAid
2009-06-20 14:29 . 2009-06-20 13:57 -------- d-----w- c:\program files\iTunes
2009-06-20 13:57 . 2009-06-20 13:57 -------- d-----w- c:\program files\iPod
2009-06-20 13:57 . 2008-05-04 10:21 -------- d-----w- c:\program files\Common Files\Apple
2009-06-20 13:53 . 2009-01-18 15:37 -------- d-----w- c:\program files\QuickTime
2009-06-18 21:21 . 2009-01-02 13:52 -------- d-----w- c:\program files\VirtualDJ
2009-06-18 20:00 . 2009-06-18 20:00 -------- d-----w- c:\program files\RealVNC
2009-06-12 18:39 . 2009-06-12 18:39 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb3544.tmp.exe
2009-06-11 20:12 . 2008-05-04 10:19 -------- d-----w- c:\programdata\Apple
2009-06-11 19:43 . 2009-06-11 19:43 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-11 19:40 . 2009-06-11 19:40 -------- d-----w- c:\program files\Bonjour
2009-06-09 17:54 . 2009-06-09 17:54 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbAE79.tmp.exe
2009-06-07 17:09 . 2009-06-07 17:07 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-06-07 15:57 . 2009-06-07 15:57 -------- d-----w- c:\program files\Bethesda Softworks
2009-06-06 16:56 . 2009-06-06 16:56 -------- d-----w- c:\program files\Rockstar Games
2009-06-06 11:49 . 2009-02-04 21:00 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-06 11:44 . 2008-05-17 10:11 -------- d-----w- c:\programdata\avg8
2009-06-05 12:57 . 2009-06-05 12:57 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-31 21:52 . 2009-05-31 21:52 -------- d-----w- c:\program files\Team JPN
2009-05-30 18:30 . 2009-05-30 18:30 -------- d-----w- c:\program files\Ubisoft Entertainment
2009-05-29 19:42 . 2009-05-29 19:42 3954 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-05-29 19:29 . 2009-05-29 19:23 -------- d-----w- c:\program files\Image-Line
2009-05-29 19:29 . 2008-07-16 11:28 -------- d-----w- c:\program files\Vstplugins
2009-05-29 19:27 . 2009-05-29 19:27 -------- d-----w- c:\program files\Outsim
2009-05-29 10:44 . 2009-05-28 15:13 -------- d-----w- c:\programdata\NOS
2009-05-29 10:44 . 2009-05-28 15:13 -------- d-----w- c:\program files\NOS
2009-05-28 15:18 . 2009-05-28 15:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-28 15:17 . 2008-06-01 12:23 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-23 16:48 . 2009-03-01 12:06 -------- d-----w- c:\program files\SwiftKit
2009-05-23 12:28 . 2009-05-23 11:11 -------- d-----w- c:\users\Jonny\AppData\Roaming\Ventrilo
2009-05-10 14:34 . 2009-05-10 14:34 390664 ----a-w- c:\users\Jonny\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-10 14:34 . 2009-05-10 14:34 390664 ----a-w- c:\users\Jonny\AppData\Roaming\Real\Update\temp\~Upg5\RealPlayer11.exe
2009-05-04 15:48 . 2009-05-04 15:48 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-05-04 15:48 . 2009-05-04 15:48 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-05-04 15:48 . 2009-05-04 15:48 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-04-30 14:34 . 2009-04-30 14:34 390664 ----a-w- c:\users\Jonny\AppData\Roaming\Real\Update\temp\~Upg4\RealPlayer11.exe
2009-04-26 17:08 . 2009-04-26 15:40 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-04-26 15:45 . 2009-04-26 15:45 223128 ----a-w- c:\windows\system32\drivers\vaxscsi.sys
2009-04-26 15:40 . 2009-04-26 15:40 140392 ----a-w- c:\windows\system32\drivers\sptddrv1.sys
2009-04-22 20:57 . 2009-04-22 20:57 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-04-22 20:57 . 2009-04-22 20:57 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-24 14:37 . 2009-07-14 12:35 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-04-24 22:53 . 2008-04-24 22:53 74 --sh--r- c:\windows\CT4CET.bin
2008-04-25 06:25 . 2008-04-25 06:16 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-07-20_16.01.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-24 23:18 . 2009-07-20 16:51 68752 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-07-20 16:51 85668 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-04-28 17:27 . 2009-07-20 16:51 16020 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2617438544-2265370005-1231189347-1000_UserData.bin
+ 2008-04-28 17:22 . 2009-07-20 16:56 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-28 17:22 . 2009-07-20 15:39 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-04-28 17:22 . 2009-07-20 16:56 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-28 17:22 . 2009-07-20 15:39 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-28 17:22 . 2009-07-20 16:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-28 17:22 . 2009-07-20 15:39 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-20 13:16 . 2009-07-20 15:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-20 16:46 . 2009-07-20 16:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-20 16:46 . 2009-07-20 16:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-20 13:16 . 2009-07-20 15:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 15:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 22:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"Startup Manager"="c:\program files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 919280]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-04-25 1006264]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-28 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-28 81920]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
"LVComs"="c:\windows\system32\LVComS.exe" [2003-12-06 102400]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-04-22 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= SysInspector.exe
"2"= callmsi.exe
"3"= ecmd.exe
"4"= ecls.exe
"5"= eeclnt.exe
"6"= egui.exe
"7"= EHttpSrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 22:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{24AEA045-D727-4E51-BF3C-08B96179EA60}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5303B92F-6468-4517-BFBC-BF8C4220F0A4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{AC0DC69A-6267-4153-B6E5-06099DAE8319}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{56DE83C4-2578-4690-803F-FDEFC1742FB6}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{952BCEF4-07EE-4E2B-8C21-B1813F7D0CF3}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{84A8C2D8-87CE-45D8-8974-A9948963C19D}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{00B96C10-78C8-49E4-9E1C-A7188D444E65}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8BAFEE4F-CCB7-4277-AA6A-8084E35EF0D8}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{280B61F9-3D9B-4280-A5CE-E53418A9E279}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{622FA5BE-17FF-4559-A9C8-ED963233FEFD}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{9E7A8B28-D463-4386-98DE-C68673E99D0F}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{AE96C397-F1DE-46A0-8C17-ACE85976699D}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{B5FFC567-4B73-4422-868E-EADBB52108B2}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{6AE0BA12-0D46-4518-9ADF-0DF58CB042AE}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{628330B0-0BF3-47BF-B813-0AA28D008068}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{FB1D207E-ECAC-4029-B2F9-187C968BA429}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{D1BDDA8C-87C4-4615-94F5-B3DB1EDA6AA1}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{EE4E3F0F-E3B5-46C6-BBED-A36A17AD9344}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{ADD902C7-9187-4982-B04B-39338BBC65FE}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{638B569C-F2A5-4CDA-B664-3E4E8DE9B759}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D827965C-B380-49B4-893E-08E8DEC3EB0F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{1180650E-0D71-4C59-84DC-DDCF295D405C}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{9344A1CD-7E69-4127-B809-380DF7E75379}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:File Transfer Program
"{2ADDC352-3590-4C97-A159-0538A004CBFD}"= UDP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{A16B23CF-9E29-4225-B4CF-003A310DBC66}"= TCP:c:\program files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:The Battle for Middle-earth(tm) II
"{36161F8D-7254-4624-B51A-0A853F91AB70}"= UDP:c:\program files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{FA278808-9E98-40F3-B9AD-8CCEDAEC035A}"= TCP:c:\program files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{0EBEA67C-EE29-4AD2-9B03-8C3080AED3DD}"= UDP:43594:elitescaoe
"TCP Query User{555106DC-D5D7-4F27-BC3C-F422C1DC8A73}c:\\users\\jonny\\appdata\\local\\temp\\java_ee_sdk-5_06-windows.exe2\\package\\jre\\bin\\javaw.exe"= UDP:c:\users\jonny\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe:javaw.exe
"UDP Query User{B8D69F20-5460-4C16-A2A6-8B6DFA144558}c:\\users\\jonny\\appdata\\local\\temp\\java_ee_sdk-5_06-windows.exe2\\package\\jre\\bin\\javaw.exe"= TCP:c:\users\jonny\appdata\local\temp\java_ee_sdk-5_06-windows.exe2\package\jre\bin\javaw.exe:javaw.exe
"TCP Query User{FF27B841-7623-4B08-B4CB-7C2CE9F57CB0}c:\\sun\\sdk\\jdk\\bin\\java.exe"= UDP:c:\sun\sdk\jdk\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{26E591EC-F85C-4EF4-B49A-ED40E635A958}c:\\sun\\sdk\\jdk\\bin\\java.exe"= TCP:c:\sun\sdk\jdk\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{A2787B0E-9280-429E-979A-16465469CB35}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{E522E844-51A2-40B3-A7DD-FF5B6F7E0285}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{0BE11849-2782-4250-B29A-D04631D5A7AF}"= UDP:c:\program files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"{1AFB604A-7B99-4010-8DB5-077673FB9D90}"= TCP:c:\program files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:The Lord of the Rings, The Rise of the Witch-king
"TCP Query User{C1706AC4-342A-45B9-85E7-AF62AF7FD95A}c:\\program files\\electronic arts\\the lord of the rings, the rise of the witch-king\\patchget.dat"= UDP:c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat:patchgrabber
"UDP Query User{77A52B58-5BB5-4A27-992E-5EACBDDCDB80}c:\\program files\\electronic arts\\the lord of the rings, the rise of the witch-king\\patchget.dat"= TCP:c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\patchget.dat:patchgrabber
"{C335EAFE-C019-4306-ACB0-9DA5211024FE}"= UDP:5353:Adobe CSI CS4
"{ABA4DEC9-C944-4CFF-A851-3AE91EEA927E}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{71E4906A-C4E5-42A1-B99A-CA99C6DFD8E4}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{004F865E-F036-473C-860F-F8311680F11B}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{06A89743-8BD3-4D76-97CA-A82D163992CA}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{7D6CEBF8-DB71-4111-BA06-F68495DBDB7C}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{FFECF2B9-2167-489A-9731-5567904C7AFB}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{19D7584E-279C-4C4B-82A4-575D3845F1CF}"= UDP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"{F966F953-E1FE-41F9-A665-B1AFAEB71F96}"= TCP:c:\program files\Firefly Studios\Stronghold 2\Stronghold2.exe:Stronghold 2
"TCP Query User{9D53B217-5D10-47E1-BC25-EF991429B61B}c:\\program files\\beatpack\\beatpack.exe"= UDP:c:\program files\beatpack\beatpack.exe:BeatPack
"UDP Query User{4FF18342-C82A-4E93-9C13-053C24CE8F33}c:\\program files\\beatpack\\beatpack.exe"= TCP:c:\program files\beatpack\beatpack.exe:BeatPack
"TCP Query User{170C20ED-5538-477C-9387-134C4AF47D98}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{99360190-922B-4CF1-BC5F-F8AFCF1CE87B}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{74DE9808-BA65-4B56-988E-CF9CE18DDEE8}"= UDP:c:\program files\AVG\AVG8\avgui.exe:AVG Free User Interface
"{A3DE4116-70E7-4D3E-A7E8-8D33375A11E8}"= TCP:c:\program files\AVG\AVG8\avgui.exe:AVG Free User Interface
"{694689CD-A605-4235-912D-10547AD0C4F0}"= UDP:c:\program files\AVG\AVG8\avgtray.exe:AVG Free Tray Icon
"{AA307F3D-C477-402B-8FA8-5A677589824B}"= TCP:c:\program files\AVG\AVG8\avgtray.exe:AVG Free Tray Icon
"{90082445-2BA3-4E2F-8525-7F9497F120F7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{53F83388-6C24-47F3-8870-A38C76E08271}c:\\users\\jonny\\appdata\\local\\chat republic games\\superstar racing\\chatrepublicplayer.exe"= UDP:c:\users\jonny\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe:chatrepublicplayer.exe
"UDP Query User{4D73DBC7-41C9-4FD9-B7B8-BD771F590DD4}c:\\users\\jonny\\appdata\\local\\chat republic games\\superstar racing\\chatrepublicplayer.exe"= TCP:c:\users\jonny\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe:chatrepublicplayer.exe
"TCP Query User{6E7108C1-9249-478E-9F9F-AF22DFF35023}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{07C52273-BACA-4A0F-BFF5-FE5FA5707F6F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{FBB090FE-F07D-4393-913D-F09583BFA7F9}"= UDP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"{76582215-B58A-4074-B4E2-B940C67CB3A9}"= TCP:c:\program files\iMesh Applications\iMesh\iMesh.exe:iMesh
"TCP Query User{2D2CD9B6-7DC2-47AB-8870-FC7C1032213A}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{53144CF5-84BD-424B-9C03-4E6CAF0FB89D}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{4DFD2325-2AEC-4B46-8945-5D5084B0EB40}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{B7983852-0E4A-4ABB-8212-537CF9F91C50}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{FC0E956C-4719-4897-9A0F-2B4ADA432527}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{9AEF1DA1-671C-4795-AC5C-F4C97E43DA25}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{50BA37F3-93E8-4B03-9121-C4A92DF7D60A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{E68BA396-1515-44E2-93A7-E8629F429409}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{AD004B4A-7F4D-4856-B6E1-9DCC5C20697C}c:\\users\\jonny\\program files\\dna\\btdna.exe"= UDP:c:\users\jonny\program files\dna\btdna.exe:btdna.exe
"UDP Query User{86A606C7-21AA-47AC-A23F-0E0330174F8F}c:\\users\\jonny\\program files\\dna\\btdna.exe"= TCP:c:\users\jonny\program files\dna\btdna.exe:btdna.exe
"TCP Query User{2F9BC0E4-B096-4AA0-83C3-BC5E7F6E9FEA}c:\\users\\jonny\\program files\\dna\\btdna.exe"= UDP:c:\users\jonny\program files\dna\btdna.exe:btdna.exe
"UDP Query User{432C4A61-205A-45E1-BC7F-99894B51932F}c:\\users\\jonny\\program files\\dna\\btdna.exe"= TCP:c:\users\jonny\program files\dna\btdna.exe:btdna.exe
"TCP Query User{DCBA18CA-CD1F-4C84-B328-0F82EDE4F241}c:\\program files\\return to castle wolfenstein\\wolfmp.exe"= UDP:c:\program files\return to castle wolfenstein\wolfmp.exe:WolfMP
"UDP Query User{BDFF5242-C3C8-40C0-9254-DAC1C451C74F}c:\\program files\\return to castle wolfenstein\\wolfmp.exe"= TCP:c:\program files\return to castle wolfenstein\wolfmp.exe:WolfMP
"{B3C265EC-AD41-4ED7-8B9C-05E7A376CD19}"= UDP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{200184DE-6959-44EF-BD6E-E9043E3E3A7A}"= TCP:c:\program files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{91FD91BF-97B2-4111-A310-1E773E469791}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{09FA8E3C-3E27-4D6A-91AE-68F98DEF05B5}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{474FC2FD-7B4C-47BD-8A21-13E3F099B22C}c:\\program files\\saints row 2\\sr2_pc (2).exe"= UDP:c:\program files\saints row 2\sr2_pc (2).exe:SR2_pc (2)
"UDP Query User{10C72A6C-6D17-4F79-A127-F5C65FB6ABC5}c:\\program files\\saints row 2\\sr2_pc (2).exe"= TCP:c:\program files\saints row 2\sr2_pc (2).exe:SR2_pc (2)
"TCP Query User{D911C422-469A-4E26-B758-35D2DEA817B5}c:\\program files\\saints row 2\\sr2_pc (2).exe"= UDP:c:\program files\saints row 2\sr2_pc (2).exe:SR2_pc (2)
"UDP Query User{0EECF539-17B8-4BCD-8F02-C3EC0BDFA011}c:\\program files\\saints row 2\\sr2_pc (2).exe"= TCP:c:\program files\saints row 2\sr2_pc (2).exe:SR2_pc (2)
"{972A5AA4-1A20-4ADA-A90E-CB73733AA8D7}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{227E1D72-12BD-476E-8480-5FEDDD6C1B60}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{1D9A9B40-76E6-42EC-AE22-01745C9DF127}"= UDP:c:\program files\Ubisoft Entertainment\Wheelman\Binaries\WheelmanGame-Final.exe:Wheelman
"{AC32CCA6-21AC-4862-959D-44C4D8F408BE}"= TCP:c:\program files\Ubisoft Entertainment\Wheelman\Binaries\WheelmanGame-Final.exe:Wheelman
"{10D9636B-0FA1-4D17-92E5-16AF2CAE64A1}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{A6F941E8-7B2A-4142-9669-DB9E78ABA65D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{291F7DA0-77C9-4F11-8B7F-DAD89F4FC212}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C4AC6EB2-BDEC-4A5F-B35C-D3548CAAC877}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{58071BF0-C09A-4A9F-94D2-AC8AF676263F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{15139104-E892-4A44-ACA3-5B4FCF119945}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{5C884772-E378-4B9E-B394-4F37D1871570}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{AB62CA9D-0893-49AC-8452-54B681EBCC59}c:\\program files\\air mouse\\air mouse\\air mouse.exe"= UDP:c:\program files\air mouse\air mouse\air mouse.exe:AirMouse
"UDP Query User{D5350BB8-0BF4-4A0B-89A0-4C2E617AACFB}c:\\program files\\air mouse\\air mouse\\air mouse.exe"= TCP:c:\program files\air mouse\air mouse\air mouse.exe:AirMouse
"TCP Query User{08D8CBBA-1B95-43A2-82A8-ADB65E86ED34}c:\\program files\\ubisoft entertainment\\wheelman\\binaries\\wheelmangame-final.exe"= UDP:c:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe:WheelmanGame-Final
"UDP Query User{35F44967-8951-4715-A1F7-48E98510BC15}c:\\program files\\ubisoft entertainment\\wheelman\\binaries\\wheelmangame-final.exe"= TCP:c:\program files\ubisoft entertainment\wheelman\binaries\wheelmangame-final.exe:WheelmanGame-Final
"{49A89240-6E2A-489E-8325-31A3FBB2C70E}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{58A6CFF8-85AC-4EC9-9B80-EC389CFEA188}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{59C82D42-156B-45CD-8CE5-9C1ABD983CFC}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{C390B291-9E70-4D1E-AF70-9CDB39391C41}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{38AF9758-DCC4-42F8-9CFE-D24771BBF861}c:\\program files\\activision\\call of duty - world at war\\codwaw (2).exe"= UDP:c:\program files\activision\call of duty - world at war\codwaw (2).exe:Call of Duty(R): World at War Campaign/Coop
"UDP Query User{A4F2704E-752A-4C68-ABA1-9D29DFD76EBF}c:\\program files\\activision\\call of duty - world at war\\codwaw (2).exe"= TCP:c:\program files\activision\call of duty - world at war\codwaw (2).exe:Call of Duty(R): World at War Campaign/Coop
"{6B43F42C-D101-4E51-B01A-EC729D972EE0}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{68E808BE-91D1-4429-80FC-BE0AA5CAF8C0}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{9EFE3E2C-6335-4DBA-B529-488BDEFE322F}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{B779FD8B-E814-4799-BAF9-041DA823E9D7}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [17/05/2008 11:12 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [04/02/2009 22:00 108552]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [06/02/2009 14:23 106208]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [24/04/2008 23:36 73728]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [06/06/2009 12:48 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [06/06/2009 12:48 298776]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14:23 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [06/02/2009 14:24 92800]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [25/04/2008 07:30 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [25/04/2008 07:30 7424]
S2 gupdate1c9f505dcf6ec00;Google Update Service (gupdate1c9f505dcf6ec00);c:\program files\Google\Update\GoogleUpdate.exe [24/06/2009 20:56 133104]
S3 AVerBDA6x;AVerBDA6x service;c:\windows\System32\drivers\AVerBDA716x.sys [25/04/2008 07:30 1290240]
S3 SMALUSB;Digital Camera Driver;c:\windows\System32\drivers\smallogi.sys [06/12/2003 03:04 9472]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [25/04/2008 07:30 209408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 19:56]
2009-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 19:56]
2009-07-19 c:\windows\Tasks\User_Feed_Synchronization-{A085D112-D7D5-41D0-8160-0C2AC0A1DB84}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.facebook.com/home.phpuInternet Settings,ProxyOverride = *.local
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: mac.com\homepage
Trusted Zone: runescape.com
Trusted Zone: runescape.com\world78
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} -
hxxp://www.yoyogames.com/downloads/activex/YoYo.cabFF - ProfilePath - c:\users\Jonny\AppData\Roaming\Mozilla\Firefox\Profiles\t81c55x5.default\
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Jonny\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\users\Jonny\Program Files\DNA\plugins\npbtdna.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(724)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
- - - - - - - > 'Explorer.exe'(5084)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada\MSVCR90.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Completion time: 2009-07-20 18:15
ComboFix-quarantined-files.txt 2009-07-20 17:15
ComboFix2.txt 2009-07-20 16:12
Pre-Run: 91,418,312,704 bytes free
Post-Run: 90,642,046,976 bytes free
469 --- E O F --- 2009-04-15 10:04