Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

win32/rootkitAgent.odg trojan unable to clean(SOLVED)


  • Please log in to reply

#1
ektor

ektor

    Member

  • Member
  • PipPip
  • 35 posts
Hello i need some help i have the win32/rootkit Agent.odg i need to remove it i think it is in my bootsector everytime i turn on my pc this appears Invalid Boot N File can somebody help me!!!.I am using windows xp sp3 and NOD32 . Please help me!!.Here is my mbam log:



Malwarebytes' Anti-Malware 1.37
Database version: 2198
Windows 5.1.2600 Service Pack 3

5/30/2009 5:35:00 PM
mbam-log-2009-05-30 (17-35-00).txt

Scan type: Full Scan (C:\|)
Objects scanned: 201134
Time elapsed: 20 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by ektor, 31 May 2009 - 10:33 AM.

  • 0

Advertisements


#2
ektor

ektor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
sorry for double posting today i did a scan with malwarebytes and here is the log



Malwarebytes' Anti-Malware 1.37
Database version: 2197
Windows 5.1.2600 Service Pack 3

5/30/2009 3:16:57 PM
mbam-log-2009-05-30 (15-16-57).txt

Scan type: Quick Scan
Objects scanned: 106856
Time elapsed: 3 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#3
ektor

ektor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
here is my rooter.exe log file



Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:70904 Mo/Free:605 Mo)
D:\ [Fixed] - NTFS - (Total:238472 Mo/Free:1343 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:959 Mo/Free:298 Mo)
H:\ [Removable] (Total:1952 Mo/Free:813 Mo)

Sat 05/30/2009|16:38

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\windows\system32\csrss.exe
---------- \??\C:\windows\system32\winlogon.exe
---------- C:\windows\system32\services.exe
---------- C:\windows\system32\lsass.exe
---------- C:\windows\system32\Ati2evxx.exe
---------- C:\windows\system32\svchost.exe
---------- C:\windows\system32\svchost.exe
---------- C:\windows\System32\svchost.exe
---------- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
---------- C:\windows\system32\svchost.exe
---------- C:\windows\System32\svchost.exe
---------- C:\windows\system32\spoolsv.exe
---------- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
---------- C:\windows\system32\Ati2evxx.exe
---------- C:\Program Files\Google\Update\GoogleUpdate.exe
---------- C:\windows\Explorer.EXE
---------- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
---------- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
---------- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
---------- C:\Program Files\Windows Media Player\WMPNSCFG.exe
---------- C:\windows\system32\ctfmon.exe
---------- C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
---------- C:\Program Files\a-squared Anti-Malware\a2service.exe
---------- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
---------- C:\Program Files\Logitech\MouseWare\system\em_exec.exe
---------- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
---------- C:\windows\System32\svchost.exe
---------- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
---------- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
---------- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
---------- C:\PROGRA~1\AVG\AVG8\avgam.exe
---------- C:\windows\System32\svchost.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\windows\System32\TUProgSt.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
---------- C:\windows\System32\alg.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\windows\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

Trojan ! .. C:\windows\system32\rundll32.exe C:\windows\system32\qfmyzwx.dll,DllMain -

----------------------\\ Tasks

C:\windows\tasks\At1.job

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Sat 05/30/2009|16:38

----------------------\\ Scan completed at 16:38





here is my OTlist.txt log



OTListIt logfile created on: 5/30/2009 4:41:13 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\lo nuevo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 56.74% Memory free
3.35 Gb Paging File | 2.84 Gb Available in Paging File | 84.58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.24 Gb Total Space | 36.59 Gb Free Space | 52.84% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 5.31 Gb Free Space | 2.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 959.97 Mb Total Space | 298.06 Mb Free Space | 31.05% Space Free | Partition Type: FAT
Drive H: | 1.91 Gb Total Space | 0.79 Gb Free Space | 41.68% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: BORIKE
Current User Name: lo nuevo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe ()
PRC - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe (AVG)
PRC - C:\windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe (AVG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe (AVG)
PRC - C:\Program Files\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe (AVG)
PRC - C:\Program Files\Logitech\MouseWare\system\em_exec.exe (Logitech Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
PRC - C:\Program Files\AVG\AVG8\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\lo nuevo\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (a2antimalware [Auto | Running]) -- C:\Program Files\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (AOL TopSpeedMonitor [Auto | Stopped]) -- File not found
SRV - (APC UPS Service [Auto | Running]) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\windows\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgidsagent [Auto | Running]) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe (AVG)
SRV - (avgidswatcher [Auto | Running]) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe (AVG)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehttpsrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (gupdate1c9cfdb191bd854 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (mbamservice [Auto | Running]) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NBService [On_Demand | Stopped]) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NMIndexingService [On_Demand | Running]) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (rpcapd [On_Demand | Stopped]) -- File not found
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SgtSch2Svc [Auto | Running]) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (StyleXPService [Auto | Running]) -- C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe ()
SRV - (TuneUp.Defrag [On_Demand | Stopped]) -- C:\windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.ProgramStatisticsSvc [Auto | Running]) -- C:\windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (UxTuneUp [Auto | Running]) -- C:\windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (WMPNetworkSvc [Auto | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (026134c [Boot | Stopped]) -- C:\windows\System32\drivers\026134C.DAT ()
DRV - (6ab134d [System | Stopped]) -- C:\windows\System32\drivers\6ab134D.DAT ()
DRV - (ALCXSENS [On_Demand | Running]) -- C:\windows\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\windows\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AmdPPM [System | Running]) -- C:\windows\system32\DRIVERS\AmdPPM.sys (Advanced Micro Devices)
DRV - (ASPI32 [System | Running]) -- C:\windows\System32\drivers\aspi32.sys (Adaptec)
DRV - (ati2mtag [On_Demand | Running]) -- C:\windows\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (avgidsdriver [On_Demand | Running]) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys (AVG Technologies )
DRV - (avgidserhr [Boot | Running]) -- C:\windows\System32\Drivers\AVGIDSErHr.sys (AVG Technologies )
DRV - (avgidsfilter [On_Demand | Running]) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys (AVG Technologies )
DRV - (avgidsshim [On_Demand | Running]) -- C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys (AVG Technologies )
DRV - (avgldx86 [System | Running]) -- C:\windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgmfx86 [System | Running]) -- C:\windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgrkx86 [Boot | Running]) -- C:\windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgtdix [System | Running]) -- C:\windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XX [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (cdrbsdrv [System | Running]) -- C:\windows\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (d92134e [Auto | Stopped]) -- C:\windows\System32\drivers\d92134E.DAT ()
DRV - (eamon [Auto | Running]) -- C:\windows\system32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\windows\system32\DRIVERS\ehdrv.sys (ESET)
DRV - (epfwtdir [System | Running]) -- C:\windows\system32\DRIVERS\epfwtdir.sys (ESET)
DRV - (fssfltr [Auto | Running]) -- C:\windows\system32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\windows\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HidBatt [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (itchfltr [On_Demand | Running]) -- C:\windows\System32\DRIVERS\itchfltr.sys (Logitech, Inc.)
DRV - (LCcfltr [On_Demand | Running]) -- C:\windows\system32\drivers\lccfltr.sys (Logitech, Inc.)
DRV - (LHidFlt2 [On_Demand | Running]) -- C:\windows\System32\DRIVERS\LHidFlt2.sys (Logitech, Inc.)
DRV - (LHidUsb [On_Demand | Running]) -- C:\windows\system32\drivers\lhidusb.sys (Logitech, Inc.)
DRV - (LMouFlt2 [On_Demand | Running]) -- C:\windows\System32\DRIVERS\LMouFlt2.sys (Logitech, Inc.)
DRV - (mbamprotector [On_Demand | Running]) -- C:\windows\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (MODEMCSA [On_Demand | Stopped]) -- C:\windows\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (motmodem [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\motmodem.sys (Motorola)
DRV - (MR97310_USB_DUAL_CAMERA [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\mr97310c.sys (Mars Semiconductor Corp.)
DRV - (nm [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (Pcouffin [On_Demand | Stopped]) -- C:\windows\System32\Drivers\Pcouffin.sys (VSO Software)
DRV - (pfc [On_Demand | Running]) -- C:\windows\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\windows\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RTL8023 [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (RTL8023xp [On_Demand | Running]) -- C:\windows\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Running]) -- C:\windows\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\windows\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SMC1211 [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\SMC1211.SYS (SMC Networks Inc.)
DRV - (snapman [Boot | Running]) -- C:\windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (StyleXPHelper [System | Running]) -- C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe (Windows ® 2000 DDK provider)
DRV - (tdrpman [Boot | Running]) -- C:\windows\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (tifsfilter [Auto | Running]) -- C:\windows\system32\DRIVERS\tifsfilt.sys (Acronis)
DRV - (timounter [Boot | Running]) -- C:\windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (TVICHW32 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS (EnTech Taiwan)
DRV - (UlSata [Boot | Running]) -- C:\windows\system32\DRIVERS\ulsata.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbsermptxp [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\usbsermptxp.sys (Microsoft Corporation)
DRV - (VC4CB104 [On_Demand | Stopped]) -- C:\windows\System32\Drivers\VC4CB104.SYS (FUJI PHOTO FILM CO.,LTD.)
DRV - (viaagp1 [Boot | Running]) -- C:\windows\System32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viasraid [Boot | Running]) -- C:\windows\system32\drivers\viasraid.sys (VIA Technologies inc,.ltd)
DRV - (wanatw [On_Demand | Stopped]) -- C:\windows\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (WMP300Nv1 [On_Demand | Running]) -- C:\windows\system32\DRIVERS\WMP300Nv1.sys (Broadcom Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft...amp;ar=iesearch
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default = 63 1A F5 00 D5 C6 78 4C 9F 30 6D 1C 17 38 E2 62 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:2.3.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.0.4


FF - HKLM\software\mozilla\firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/05/30 14:20:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\PROGRAM FILES\FLOCK\FLOCK\PLUGINS [2009/05/03 15:57:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\PROGRAM FILES\FLOCK\FLOCK\COMPONENTS [2009/05/28 23:37:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/25 05:56:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/03 15:57:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\thunderbird\extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2009/05/28 22:02:00 | 00,000,000 | ---D | M]

[2009/05/27 21:48:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lo nuevo\Application Data\mozilla\Extensions
[2009/05/27 21:48:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lo nuevo\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/30 13:43:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lo nuevo\Application Data\mozilla\Firefox\Profiles\gpukcfe5.default\extensions
[2009/05/28 22:15:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lo nuevo\Application Data\mozilla\Firefox\Profiles\gpukcfe5.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2009/05/29 12:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lo nuevo\Application Data\mozilla\Firefox\Profiles\gpukcfe5.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/05/28 01:21:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lo nuevo\Application Data\mozilla\Firefox\Profiles\gpukcfe5.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/05/28 22:16:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lo nuevo\Application Data\mozilla\Firefox\Profiles\gpukcfe5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/28 01:19:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\lo nuevo\Application Data\mozilla\Firefox\Profiles\gpukcfe5.default\extensions\[email protected]
[2009/05/30 13:43:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 18:41:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/30 20:38:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/13 19:00:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/31 11:51:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/28 18:41:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 18:41:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 16:36:33 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 16:36:33 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 16:36:33 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 16:36:34 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 16:36:34 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 16:36:34 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

O1 HOSTS File: (600399 bytes) - C:\windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 downloads.aaa1screensavers.com #[Bargin Buddy]
O1 - Hosts: 127.0.0.1 dl.aaascreensavers.com
O1 - Hosts: 127.0.0.1 abcsearch.com
O1 - Hosts: 127.0.0.1 admin.abcsearch.com
O1 - Hosts: 127.0.0.1 www3.abcsearch.com #[Browseraid]
O1 - Hosts: 127.0.0.1 www.abcsearch.com
O1 - Hosts: 127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
O1 - Hosts: 127.0.0.1 absoluagency.com #[Trojan.StartPage.H]
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 127.0.0.1 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]
O1 - Hosts: 127.0.0.1 www.actualnames.com
O1 - Hosts: 127.0.0.1 ad-up.com
O1 - Hosts: 127.0.0.1 www.ad-up.com
O1 - Hosts: 127.0.0.1 adatom.com
O1 - Hosts: 127.0.0.1 aesp.adatom.com
O1 - Hosts: 127.0.0.1 adbest.com
O1 - Hosts: 127.0.0.1 adserv.adbonus.com
O1 - Hosts: 127.0.0.1 www.adbonus.com
O1 - Hosts: 127.0.0.1 ad2.adcept.net
O1 - Hosts: 127.0.0.1 ad3.adcept.net
O1 - Hosts: 127.0.0.1 www.adcept.net
O1 - Hosts: 127.0.0.1 adcomplete.com
O1 - Hosts: 127.0.0.1 www.adcomplete.com
O1 - Hosts: 127.0.0.1 www.adcopy.info
O1 - Hosts: 19216 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CoTGT_BHO Class) - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\webbrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\webbrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\webbrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60 (Emsi Software GmbH)
O4 - HKLM..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" (AVG)
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Logitech Utility] Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray File not found
O4 - HKLM..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack File not found
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Nero AG)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: e&xport to microsoft excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} (Reg Error: Key error.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\windows\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\jbqbfz: DllName - jbqbfz.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (relog_ap) - C:\windows\System32\relog_ap.dll (Acronis)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/24 13:30:32 | 00,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/05/12 14:31:50 | 00,000,000 | ---D | M] - G:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2009/05/12 14:30:56 | 00,000,000 | ---D | M] - H:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{a3158912-cdd2-11dd-9673-000c7691543a}\Shell\autorun\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{a3158912-cdd2-11dd-9673-000c7691543a}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{a3158912-cdd2-11dd-9673-000c7691543a}\Shell\usermanualenglish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{a3158912-cdd2-11dd-9673-000c7691543a}\Shell\usermanualfrench\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{a3158912-cdd2-11dd-9673-000c7691543a}\Shell\usermanualspanish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/30 16:40:33 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/05/30 16:39:40 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lo nuevo\Desktop\OTListIt2.exe
[2009/05/30 16:38:29 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/30 16:23:38 | 00,000,000 | ---D | C] -- C:\windows\ERDNT
[2009/05/30 16:23:09 | 00,000,598 | ---- | C] () -- C:\Documents and Settings\lo nuevo\Desktop\ERUNT.lnk
[2009/05/30 16:23:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/30 13:55:54 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/05/30 13:37:23 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys
[2009/05/30 13:37:23 | 00,012,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgrkx86.sys
[2009/05/30 13:37:23 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll
[2009/05/30 13:37:23 | 00,001,513 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG 8.5.lnk
[2009/05/30 13:37:19 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys
[2009/05/30 13:37:18 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2009/05/30 13:37:16 | 36,557,916 | ---- | C] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2009/05/30 13:37:16 | 06,061,540 | ---- | C] () -- C:\windows\System32\drivers\Avg\avi7.avg
[2009/05/30 13:37:16 | 00,434,673 | ---- | C] () -- C:\windows\System32\drivers\Avg\miniavi.avg
[2009/05/30 13:37:16 | 00,063,467 | ---- | C] () -- C:\windows\System32\drivers\Avg\microavi.avg
[2009/05/30 13:37:16 | 00,000,000 | ---D | C] -- C:\windows\System32\drivers\Avg
[2009/05/30 13:37:09 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/05/30 13:33:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/05/30 13:30:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Desktop\Wisin & Yandel - La Revolucion (2009)
[2009/05/30 12:42:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\lo nuevo\My Documents\My Videos
[2009/05/30 12:29:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Application Data\GRETECH
[2009/05/30 11:47:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Desktop\Las_Guanabanas 2009
[2009/05/29 16:55:44 | 02,703,240 | ---- | C] () -- C:\Documents and Settings\lo nuevo\Desktop\hip hop new.mp3
[2009/05/29 16:55:30 | 03,237,974 | ---- | C] () -- C:\Documents and Settings\lo nuevo\Desktop\hip hop con bajo.mp3
[2009/05/29 16:16:35 | 00,000,454 | ---- | C] () -- C:\windows\tasks\XoftSpySE 2.job
[2009/05/29 16:16:35 | 00,000,368 | ---- | C] () -- C:\windows\tasks\XoftSpySE.job
[2009/05/29 16:16:34 | 00,000,688 | ---- | C] () -- C:\Documents and Settings\lo nuevo\Desktop\XoftSpySE.lnk
[2009/05/29 16:16:33 | 00,000,000 | ---D | C] -- C:\Program Files\XoftSpySE
[2009/05/29 16:12:51 | 00,000,234 | -HS- | C] () -- C:\windows\System32\drivers\d92134E.DAT
[2009/05/29 16:12:51 | 00,000,234 | -HS- | C] () -- C:\windows\System32\drivers\6ab134D.DAT
[2009/05/29 16:12:51 | 00,000,234 | -HS- | C] () -- C:\windows\System32\drivers\026134C.DAT
[2009/05/29 16:10:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/05/29 15:55:26 | 00,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2009/05/29 14:43:03 | 00,000,448 | ---- | C] () -- C:\windows\tasks\ParetoLogic Registration.job
[2009/05/29 14:42:57 | 00,028,704 | -HS- | C] () -- C:\windows\System32\drivers\fidbox.dat
[2009/05/29 14:42:57 | 00,001,460 | -HS- | C] () -- C:\windows\System32\drivers\fidbox.idx
[2009/05/29 14:42:57 | 00,000,032 | -HS- | C] () -- C:\windows\System32\drivers\fidbox2.idx
[2009/05/29 14:42:57 | 00,000,032 | -HS- | C] () -- C:\windows\System32\drivers\fidbox2.dat
[2009/05/29 14:42:35 | 00,000,000 | ---- | C] () -- C:\rollback.ini
[2009/05/29 13:53:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/05/29 13:53:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/29 11:47:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Application Data\Apple Computer
[2009/05/28 23:36:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Application Data\Flock
[2009/05/28 23:01:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Application Data\Google
[2009/05/28 22:11:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Application Data\TuneUp Software
[2009/05/28 22:02:01 | 00,001,771 | ---- | C] () -- C:\Documents and Settings\lo nuevo\Desktop\ESET NOD32 Antivirus.lnk
[2009/05/28 22:01:59 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/05/28 22:01:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/05/28 20:47:59 | 00,000,490 | ---- | C] () -- C:\windows\tasks\Malwarebytes' Scheduled Update for lo nuevo.job
[2009/05/28 15:11:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Application Data\Sun
[2009/05/28 03:07:42 | 00,001,554 | ---- | C] () -- C:\Documents and Settings\lo nuevo\Desktop\CCleaner.lnk
[2009/05/28 03:07:41 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/05/28 02:54:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Local Settings\Apps
[2009/05/28 02:24:57 | 00,000,699 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\a-squared Anti-Malware.lnk
[2009/05/28 02:24:46 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware
[2009/05/28 02:24:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\My Documents\a-squared
[2009/05/28 01:46:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/05/28 01:33:07 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\lo nuevo\My Documents\Default.rdp
[2009/05/28 00:46:52 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/05/27 23:24:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/05/27 22:53:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Application Data\WinRAR
[2009/05/27 22:40:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\My Documents\My Received Files
[2009/05/27 22:32:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\My Documents\My Chat Logs
[2009/05/27 22:03:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Application Data\Malwarebytes
[2009/05/27 22:03:17 | 00,000,702 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/27 22:03:14 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/05/27 22:03:13 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2009/05/27 22:03:13 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/27 21:59:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Application Data\Macromedia
[2009/05/27 21:59:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Application Data\Adobe
[2009/05/27 21:48:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Application Data\Mozilla
[2009/05/27 21:41:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Application Data\Identities
[2009/05/27 21:40:57 | 00,000,079 | -HS- | C] () -- C:\Documents and Settings\lo nuevo\My Documents\desktop.ini
[2009/05/27 21:40:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\lo nuevo\My Documents\My Pictures
[2009/05/27 21:40:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\lo nuevo\My Documents\My Music
[2009/05/27 21:40:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\lo nuevo\Local Settings\Temp
[2009/05/27 21:40:31 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\lo nuevo\Start Menu\Programs\Startup\desktop.ini
[2009/05/27 21:40:31 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\lo nuevo\Local Settings\desktop.ini
[2009/05/27 21:40:31 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\lo nuevo\Application Data\desktop.ini
[2009/05/27 21:40:31 | 00,000,000 | --SD | C] -- C:\Documents and Settings\lo nuevo\Application Data\Microsoft
[2009/05/27 21:40:31 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\lo nuevo\Local Settings\Temporary Internet Files
[2009/05/27 21:40:31 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\lo nuevo\Local Settings\History
[2009/05/27 21:40:31 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\lo nuevo\Local Settings\Application Data
[2009/05/27 21:33:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2009/05/27 21:08:16 | 00,099,422 | ---- | C] () -- C:\windows\System32\drivers\3f15b5b6.sys
[2009/05/27 20:21:30 | 00,000,434 | ---- | C] () -- C:\windows\tasks\At1.job
[2009/05/27 20:08:32 | 00,000,000 | ---D | C] -- C:\windows\dhcp
[2009/05/27 20:08:09 | 00,000,000 | ---D | C] -- C:\windows\System32\sysloc
[2009/05/27 20:07:18 | 00,107,212 | ---- | C] () -- C:\windows\System32\drivers\cba958ea.sys
[2009/05/23 23:01:30 | 00,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2009/05/23 21:19:07 | 00,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2009/05/23 18:51:02 | 00,000,000 | ---D | C] -- C:\Program Files\Outsim
[2009/05/21 23:17:31 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009/05/19 18:38:02 | 00,000,026 | ---- | C] () -- C:\windows\marscam.ini
[2009/05/19 18:37:32 | 00,000,000 | ---- | C] () -- C:\windows\PTWebCam.INI
[2009/05/19 18:36:10 | 00,000,000 | -HSD | C] -- C:\windows\ftpcache
[2009/05/19 18:28:10 | 00,000,000 | ---D | C] -- C:\Program Files\Mars
[2009/05/19 18:27:18 | 00,000,000 | ---D | C] -- C:\Program Files\PhoTags Express
[2009/05/19 14:46:12 | 00,202,752 | ---- | C] (Lexmark) -- C:\windows\System32\LXAISUI.DLL
[2009/05/19 12:55:21 | 00,000,000 | ---D | C] -- C:\LXKZ33
[2009/05/18 17:03:44 | 00,002,137 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/05/18 17:03:11 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/05/18 17:03:07 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/05/18 17:00:05 | 00,001,610 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\QuickTime Player.lnk
[2009/05/18 16:59:33 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/05/18 15:08:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/05/18 15:07:33 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/05/18 14:28:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/05/18 12:43:57 | 00,000,000 | ---D | C] -- C:\Program Files\iPod(2)
[2009/05/18 11:02:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/05/12 17:04:27 | 00,000,488 | ---- | C] () -- C:\windows\tasks\Malwarebytes' Scheduled Scan for Sony.job
[2009/05/12 17:04:20 | 00,000,474 | ---- | C] () -- C:\windows\tasks\Malwarebytes' Scheduled Update for Sony.job
[2009/05/12 15:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/11 18:22:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy-PizzaParty
[2009/05/11 18:07:32 | 00,000,000 | ---D | C] -- C:\windows\Farm Frenzy Pizza Party
[2009/05/11 18:07:32 | 00,000,000 | ---D | C] -- C:\Program Files\Farm Frenzy Pizza Party
[2009/05/08 22:36:05 | 00,368,640 | ---- | C] (Propellerhead Software AB) -- C:\windows\System32\ReWire.dll
[2009/05/08 22:36:05 | 00,233,472 | ---- | C] (Propellerhead Software AB) -- C:\windows\System32\REX Shared Library.dll
[2009/05/08 22:36:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2009/05/08 10:57:47 | 00,000,015 | ---- | C] () -- C:\windows\WinPatchService
[2009/05/08 10:54:34 | 00,000,000 | ---D | C] -- C:\Program Files\Codemonster
[2009/05/08 10:28:28 | 00,000,000 | ---D | C] -- C:\autorun.inf
[2009/05/08 08:48:28 | 00,001,842 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Google Earth.lnk
[2009/05/08 08:47:09 | 00,000,882 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachine.job
[2009/05/06 20:42:15 | 00,001,685 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Motorola Phone Tools.lnk
[2009/05/05 17:47:41 | 00,049,152 | ---- | C] () -- C:\windows\System32\ChCfg.exe
[2009/05/05 17:46:53 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek AC97
[2009/05/05 15:38:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/05/04 20:36:18 | 00,118,784 | ---- | C] () -- C:\windows\dsdxirmv.exe
[2009/05/04 18:24:58 | 02,328,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TUKernel.exe
[2009/05/04 16:31:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/05/04 15:43:43 | 00,000,484 | ---- | C] () -- C:\windows\tasks\1-Click Maintenance.job
[2009/05/04 15:43:42 | 00,604,416 | ---- | C] (TuneUp Software) -- C:\windows\System32\TUProgSt.exe
[2009/05/04 15:43:42 | 00,361,216 | ---- | C] (TuneUp Software) -- C:\windows\System32\TuneUpDefragService.exe
[2009/05/04 15:43:42 | 00,028,928 | ---- | C] (TuneUp Software) -- C:\windows\System32\uxtuneup.dll
[2009/05/04 15:43:36 | 00,001,617 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\TuneUp 1-Click Maintenance.lnk
[2009/05/04 15:43:35 | 00,001,545 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\TuneUp Utilities 2009.lnk
[2009/05/04 15:43:20 | 00,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2009
[2009/04/15 19:29:28 | 00,001,053 | ---- | C] () -- C:\windows\_ISENV31.INI
[2009/04/15 19:29:28 | 00,000,545 | ---- | C] () -- C:\windows\_iserr31.ini
[2009/04/15 19:29:28 | 00,000,378 | ---- | C] () -- C:\windows\_delis43.ini
[2009/04/02 14:15:17 | 00,001,233 | ---- | C] () -- C:\windows\ARPR.INI
[2009/03/30 20:23:31 | 00,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
[2009/03/30 20:23:06 | 00,005,937 | ---- | C] () -- C:\windows\mgxoschk.ini
[2009/03/03 12:18:04 | 00,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2008/12/18 11:44:03 | 00,000,412 | ---- | C] () -- C:\windows\MAXLINK.INI
[2008/12/17 21:04:08 | 00,094,208 | ---- | C] () -- C:\windows\System32\GTW32N50.dll
[2008/08/30 21:16:30 | 00,000,927 | ---- | C] () -- C:\windows\posteriza.INI
[2008/08/30 19:03:00 | 00,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2008/08/30 13:27:53 | 00,000,000 | ---- | C] () -- C:\windows\ATIMMC.INI
[2006/12/23 00:07:28 | 00,000,034 | ---- | C] () -- C:\windows\cdplayer.ini
[2006/12/13 20:19:03 | 00,000,140 | ---- | C] () -- C:\windows\ODBC.INI
[2006/11/10 14:59:25 | 00,000,187 | ---- | C] () -- C:\windows\DVDXRestrictionFree.ini
[2006/11/10 14:52:56 | 00,000,014 | ---- | C] () -- C:\windows\System32\SysEngine2.SYS
[2006/05/02 18:38:24 | 00,000,748 | ---- | C] () -- C:\windows\SetBrowser.ini
[2006/01/21 16:10:56 | 00,000,030 | ---- | C] () -- C:\windows\atid.ini
[2006/01/21 01:53:21 | 00,000,225 | ---- | C] () -- C:\windows\wininit.ini
[2005/12/02 13:44:54 | 00,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2005/12/02 13:44:24 | 00,000,025 | ---- | C] () -- C:\windows\ESPRX700.ini
[2005/08/20 03:30:07 | 00,000,001 | ---- | C] () -- C:\windows\System32\au3305adc.dll
[2005/08/20 03:29:16 | 00,000,067 | ---- | C] () -- C:\windows\Apollo DVD Copy.INI
[2005/08/10 07:08:19 | 00,000,000 | ---- | C] () -- C:\windows\iPlayer.INI
[2005/07/06 11:23:46 | 00,008,183 | ---- | C] () -- C:\windows\lviewp.ini
[2005/06/29 15:52:20 | 00,000,051 | ---- | C] () -- C:\windows\iTouch.ini
[2005/06/29 15:41:27 | 00,001,125 | ---- | C] () -- C:\windows\winamp.ini
[2005/06/29 03:40:21 | 00,363,520 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2005/06/29 03:39:09 | 00,003,654 | ---- | C] () -- C:\windows\System32\drivers\Sonyhcp.dll
[2005/06/29 03:36:23 | 00,065,536 | ---- | C] () -- C:\windows\System32\Gif89.dll
[2005/06/29 03:24:46 | 00,155,648 | R--- | C] () -- C:\windows\System32\RTLCPAPI.dll
[2005/06/29 03:17:11 | 00,000,488 | ---- | C] () -- C:\windows\Cmousecc.ini
[2003/03/31 08:00:00 | 00,102,400 | ---- | C] () -- C:\windows\System32\mfipzgt.dll
[2003/03/31 08:00:00 | 00,000,816 | ---- | C] () -- C:\windows\win.ini
[2003/03/31 08:00:00 | 00,000,227 | ---- | C] () -- C:\windows\system.ini
[2002/03/26 15:18:28 | 00,091,136 | ---- | C] () -- C:\windows\System32\mp4fil32.dll
[2002/01/20 08:26:36 | 00,073,728 | ---- | C] () -- C:\windows\System32\SimpleResize.dll
[2001/10/12 10:58:20 | 00,028,672 | ---- | C] () -- C:\windows\System32\mr310exd.dll
[2001/10/12 10:57:18 | 00,036,864 | ---- | C] () -- C:\windows\System32\mr310exv.dll
[2000/12/07 10:13:58 | 00,015,164 | ---- | C] () -- C:\windows\mr310twc.ini
[2000/07/27 05:13:02 | 00,053,760 | ---- | C] () -- C:\windows\System32\zlib.dll
[1999/08/12 00:00:00 | 01,708,032 | ---- | C] () -- C:\windows\System32\MSO97V.DLL
[1999/08/12 00:00:00 | 00,036,864 | ---- | C] () -- C:\windows\System32\DOCOBJ.DLL
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\windows\System32\sysres.dll
[1997/06/18 03:00:00 | 00,012,288 | ---- | C] () -- C:\windows\System32\HLINKPRX.DLL

========== Files - Modified Within 30 Days ==========

[2009/05/30 16:42:05 | 00,107,212 | ---- | M] () -- C:\windows\System32\drivers\cba958ea.sys
[2009/05/30 16:40:00 | 00,000,420 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{B6398F36-5CBD-4A2A-B4F7-EA8DEEE2296D}.job
[2009/05/30 16:39:49 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lo nuevo\Desktop\OTListIt2.exe
[2009/05/30 16:37:20 | 00,000,868 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job
[2009/05/30 16:33:30 | 00,013,742 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/05/30 16:33:10 | 00,000,434 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts.ics
[2009/05/30 16:32:44 | 00,000,454 | ---- | M] () -- C:\windows\tasks\XoftSpySE 2.job
[2009/05/30 16:32:38 | 00,000,484 | ---- | M] () -- C:\windows\tasks\1-Click Maintenance.job
[2009/05/30 16:32:28 | 00,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachine.job
[2009/05/30 16:32:26 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\lo nuevo\Local Settings\desktop.ini
[2009/05/30 16:32:23 | 00,000,368 | ---- | M] () -- C:\windows\tasks\XoftSpySE.job
[2009/05/30 16:32:23 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/05/30 16:23:09 | 00,000,598 | ---- | M] () -- C:\Documents and Settings\lo nuevo\Desktop\ERUNT.lnk
[2009/05/30 16:14:19 | 00,000,434 | ---- | M] () -- C:\windows\tasks\At1.job
[2009/05/30 16:07:43 | 00,000,069 | ---- | M] () -- C:\windows\NeroDigital.ini
[2009/05/30 14:18:43 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys
[2009/05/30 14:18:43 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys
[2009/05/30 14:18:43 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll
[2009/05/30 14:18:39 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys
[2009/05/30 14:18:34 | 00,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgrkx86.sys
[2009/05/30 14:02:32 | 00,099,422 | ---- | M] () -- C:\windows\System32\drivers\3f15b5b6.sys
[2009/05/30 14:02:17 | 03,237,974 | ---- | M] () -- C:\Documents and Settings\lo nuevo\Desktop\hip hop con bajo.mp3
[2009/05/30 13:50:35 | 36,557,916 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2009/05/30 13:49:46 | 00,434,673 | ---- | M] () -- C:\windows\System32\drivers\Avg\miniavi.avg
[2009/05/30 13:49:46 | 00,063,467 | ---- | M] () -- C:\windows\System32\drivers\Avg\microavi.avg
[2009/05/30 13:37:23 | 00,001,513 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\AVG 8.5.lnk
[2009/05/30 13:37:16 | 06,061,540 | ---- | M] () -- C:\windows\System32\drivers\Avg\avi7.avg
[2009/05/29 18:00:05 | 00,000,448 | ---- | M] () -- C:\windows\tasks\ParetoLogic Registration.job
[2009/05/29 17:00:00 | 00,000,488 | ---- | M] () -- C:\windows\tasks\Malwarebytes' Scheduled Scan for Sony.job
[2009/05/29 16:16:34 | 00,000,688 | ---- | M] () -- C:\Documents and Settings\lo nuevo\Desktop\XoftSpySE.lnk
[2009/05/29 16:13:34 | 00,001,460 | -HS- | M] () -- C:\windows\System32\drivers\fidbox.idx
[2009/05/29 16:13:34 | 00,000,032 | -HS- | M] () -- C:\windows\System32\drivers\fidbox2.idx
[2009/05/29 16:13:34 | 00,000,032 | -HS- | M] () -- C:\windows\System32\drivers\fidbox2.dat
[2009/05/29 16:13:33 | 00,028,704 | -HS- | M] () -- C:\windows\System32\drivers\fidbox.dat
[2009/05/29 16:12:51 | 00,000,234 | -HS- | M] () -- C:\windows\System32\drivers\d92134E.DAT
[2009/05/29 16:12:51 | 00,000,234 | -HS- | M] () -- C:\windows\System32\drivers\6ab134D.DAT
[2009/05/29 16:12:51 | 00,000,234 | -HS- | M] () -- C:\windows\System32\drivers\026134C.DAT
[2009/05/29 15:23:00 | 00,002,137 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/05/29 14:42:35 | 00,000,000 | ---- | M] () -- C:\rollback.ini
[2009/05/29 12:00:00 | 00,000,474 | ---- | M] () -- C:\windows\tasks\Malwarebytes' Scheduled Update for Sony.job
[2009/05/28 22:02:01 | 00,001,771 | ---- | M] () -- C:\Documents and Settings\lo nuevo\Desktop\ESET NOD32 Antivirus.lnk
[2009/05/28 20:47:59 | 00,000,490 | ---- | M] () -- C:\windows\tasks\Malwarebytes' Scheduled Update for lo nuevo.job
[2009/05/28 03:07:42 | 00,001,554 | ---- | M] () -- C:\Documents and Settings\lo nuevo\Desktop\CCleaner.lnk
[2009/05/28 02:24:57 | 00,000,699 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\a-squared Anti-Malware.lnk
[2009/05/28 01:33:07 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\lo nuevo\My Documents\Default.rdp
[2009/05/27 22:03:17 | 00,000,702 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/27 21:41:44 | 00,000,079 | -HS- | M] () -- C:\Documents and Settings\lo nuevo\My Documents\desktop.ini
[2009/05/27 21:33:21 | 00,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2009/05/27 20:08:20 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\ndis.sys
[2009/05/27 20:08:20 | 00,182,656 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndis.sys
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2009/05/25 21:14:19 | 00,000,936 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-362288127-839522115-1005.job
[2009/05/25 12:57:21 | 00,600,399 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts
[2009/05/24 14:21:13 | 02,703,240 | ---- | M] () -- C:\Documents and Settings\lo nuevo\Desktop\hip hop new.mp3
[2009/05/22 01:50:48 | 00,525,692 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2009/05/22 01:50:48 | 00,444,360 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2009/05/22 01:50:48 | 00,072,252 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2009/05/21 14:58:59 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2009/05/19 18:38:02 | 00,000,026 | ---- | M] () -- C:\windows\marscam.ini
[2009/05/19 18:38:00 | 00,012,106 | ---- | M] () -- C:\windows\mr310twc.src
[2009/05/19 18:37:32 | 00,000,000 | ---- | M] () -- C:\windows\PTWebCam.INI
[2009/05/18 17:00:05 | 00,001,610 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\QuickTime Player.lnk
[2009/05/17 09:49:38 | 00,000,816 | ---- | M] () -- C:\windows\win.ini
[2009/05/08 22:36:05 | 00,368,640 | ---- | M] (Propellerhead Software AB) -- C:\windows\System32\ReWire.dll
[2009/05/08 22:36:05 | 00,233,472 | ---- | M] (Propellerhead Software AB) -- C:\windows\System32\REX Shared Library.dll
[2009/05/08 12:34:01 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2009/05/08 10:57:50 | 00,000,015 | ---- | M] () -- C:\windows\WinPatchService
[2009/05/08 08:48:28 | 00,001,842 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Google Earth.lnk
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MRT.exe
[2009/05/06 20:42:15 | 00,001,685 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Motorola Phone Tools.lnk
[2009/05/05 19:29:10 | 02,328,704 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\TUKernel.exe
[2009/05/04 20:36:18 | 00,118,784 | ---- | M] () -- C:\windows\dsdxirmv.exe
[2009/05/04 15:43:43 | 00,604,416 | ---- | M] (TuneUp Software) -- C:\windows\System32\TUProgSt.exe
[2009/05/04 15:43:42 | 00,361,216 | ---- | M] (TuneUp Software) -- C:\windows\System32\TuneUpDefragService.exe
[2009/05/04 15:43:36 | 00,001,617 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\TuneUp 1-Click Maintenance.lnk
[2009/05/04 15:43:35 | 00,001,545 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\TuneUp Utilities 2009.lnk
[2009/05/01 15:21:56 | 00,276,560 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2009/05/01 14:54:11 | 00,000,749 | RH-- | M] () -- C:\windows\WindowsShell.Manifest
[2009/05/01 14:54:11 | 00,000,749 | RH-- | M] () -- C:\windows\System32\wuaucpl.cpl.manifest
[2009/05/01 14:54:11 | 00,000,749 | RH-- | M] () -- C:\windows\System32\sapi.cpl.manifest
[2009/05/01 14:54:11 | 00,000,749 | RH-- | M] () -- C:\windows\System32\nwc.cpl.manifest
[2009/05/01 14:54:11 | 00,000,749 | RH-- | M] () -- C:\windows\System32\ncpa.cpl.manifest
[2009/05/01 14:54:11 | 00,000,749 | RH-- | M] () -- C:\windows\System32\cdplayer.exe.manifest
< End of report >


here is the extra log from OTlist

OTListIt Extras logfile created on: 5/30/2009 4:41:13 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\lo nuevo\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 56.74% Memory free
3.35 Gb Paging File | 2.84 Gb Available in Paging File | 84.58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.24 Gb Total Space | 36.59 Gb Free Space | 52.84% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 5.31 Gb Free Space | 2.28% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 959.97 Mb Total Space | 298.06 Mb Free Space | 31.05% Space Free | Partition Type: FAT
Drive H: | 1.91 Gb Total Space | 0.79 Gb Free Space | 41.68% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: BORIKE
Current User Name: lo nuevo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\kasperskyantivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\mcafeeantivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\mcafeefirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5100:UDP" = 5100:UDP:*:Enabled:webcam.yahoo.com
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"80:TCP" = 80:TCP:*:Enabled:SYSDLL
"7171:TCP" = 7171:TCP:*:Enabled:SYSDLL

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call File not found
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\WinRAR\WinRAR.exe:*:Enabled:WinRAR ()
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\XBC\XBC_NS.exe:*:Enabled:XBConnect (TGL Microsystems)
C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup (Nero AG)
C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Documents and Settings\Sony.BORIKE\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application File not found
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{18455581-e099-4ba8-bc6b-f34b2f06600c}" = Google Toolbar for Internet Explorer
"{200F584F-848D-4B6B-B1A1-C74D735F18A4}" = InstallRTC
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318c2b1-4965-11d4-9b18-009027a5cd4f}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.80
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7583d2f8-8e7d-40c5-9862-4d218006fb84}" = AVG Identity Protection
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{857343AD-9A00-4287-BF8B-F65C9633CA0C}" = CIF Dual-Mode Camera
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client for Internet Explorer 1.02.04
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A16FE6B8-F871-469F-A96F-524E8CD8A2CE}" = Motorola Phone Tools
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Ultra Edition
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{cdf97135-7fd2-4289-96b8-dd4505267acd}" = ESET NOD32 Antivirus
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D5D87F30-86CE-437B-92F7-493C1CF66B33}" = Cabos
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}" = Natural Color
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE7A3FE1-AF76-44FD-BC70-09868A51887A}" = iPod for Windows 2005-06-26
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ASIO4ALL" = ASIO4ALL
"a-squared anti-malware_is1" = a-squared Anti-Malware 4.5
"ATI Display Driver" = ATI Display Driver
"avg8uninstall" = AVG 8.5
"Canon MP470 series User Registration" = Canon MP470 series User Registration
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"ccleaner" = CCleaner (remove only)
"cdngo_is1" = CD'n'Go! Suite 2.00
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab Decrypter_is1" = DVDFab Decrypter 3.0.5.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EPSON Printer and Utilities" = EPSON Printer Software
"erunt_is1" = ERUNT 1.1j
"Farm Frenzy 21.0" = Farm Frenzy 2
"Farm Frenzy Pizza Party1.0" = Farm Frenzy Pizza Party
"Farm Frenzy_is1" = Farm Frenzy
"FL Studio 8" = FL Studio 8
"Flock" = Flock 1.1
"GOM Player" = GOM Player
"Google Updater" = Google Updater
"Hometown Hero" = Hometown Hero
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"InstallShield_{FE7A3FE1-AF76-44FD-BC70-09868A51887A}" = iPod for Windows 2005-06-26
"InterActual Player" = InterActual Player
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"mr97310c_79b33283ba293e6c94e125bce27e0ecded0a2591" = Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image 05/02/2006 2.0.1.0
"PhoTagsExpress" = PhoTags Express
"PhotoScape" = PhotoScape
"PoiZone" = PoiZone
"POSTERIZA" = POSTERIZA 1.1.1
"Pro Media Director_is1" = Pro Media Director Version 2.0.0.1
"STANDARDR" = Microsoft Office Standard 2007
"StyleXP" = StyleXP (remove only)
"SystemRequirementsLab" = System Requirements Lab
"Tetris Game Gold" = Tetris Game Gold
"Toxic Biohazard" = Toxic Biohazard
"Videora iPod Converter" = Videora iPod Converter 4.07
"VLC media player" = VideoLAN VLC media player 0.8.6h
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XBC 5.1" = XBC 5.1
"xoftspyse" = XoftSpySE
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Zuma Deluxe RA" = Zuma Deluxe RA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/28/2009 12:55:05 AM | Computer Name = BORIKE | Source = MsiInstaller | ID = 11304
Description = Product: ESET Smart Security -- Error 1304. Error writing to file:
C:\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys. Verify
that you have access to that directory.

Error - 5/28/2009 12:55:05 AM | Computer Name = BORIKE | Source = MsiInstaller | ID = 11304
Description = Product: ESET Smart Security -- Error 1304. Error writing to file:
C:\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys. Verify
that you have access to that directory.

Error - 5/28/2009 12:55:05 AM | Computer Name = BORIKE | Source = MsiInstaller | ID = 11304
Description = Product: ESET Smart Security -- Error 1304. Error writing to file:
C:\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys. Verify
that you have access to that directory.

Error - 5/28/2009 12:55:07 AM | Computer Name = BORIKE | Source = MsiInstaller | ID = 11304
Description = Product: ESET Smart Security -- Error 1304. Error writing to file:
C:\Program Files\ESET\ESET Smart Security\Drivers\epfwndis\epfwndis.sys. Verify
that you have access to that directory.

Error - 5/28/2009 8:13:32 PM | Computer Name = BORIKE | Source = MsiInstaller | ID = 11306
Description = Product: AVG Identity Protection -- Error 1306.Another application
has exclusive access to the file C:\Program Files\AVG\AVG8\IdentityProtection\agent\log\AVGIDSUI_boot.log.
Please shut down all other applications, then click Retry.

Error - 5/29/2009 2:18:37 PM | Computer Name = BORIKE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/29/2009 2:18:53 PM | Computer Name = BORIKE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/29/2009 2:19:11 PM | Computer Name = BORIKE | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 5/30/2009 12:32:57 AM | Computer Name = BORIKE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02381d54.

Error - 5/30/2009 12:16:57 PM | Computer Name = BORIKE | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 9/27/2006 6:53:30 AM | Computer Name = WINXP_HOME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4017.1006, Microsoft Office Version: 12.0.4017.1006. This session lasted 361
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/30/2009 4:33:10 PM | Computer Name = BORIKE | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 5/30/2009 4:33:10 PM | Computer Name = BORIKE | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058

Error - 5/30/2009 4:33:40 PM | Computer Name = BORIKE | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/30/2009 4:33:40 PM | Computer Name = BORIKE | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 5/30/2009 4:33:40 PM | Computer Name = BORIKE | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/30/2009 4:33:40 PM | Computer Name = BORIKE | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 5/30/2009 4:35:20 PM | Computer Name = BORIKE | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 5/30/2009 4:35:20 PM | Computer Name = BORIKE | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058

Error - 5/30/2009 4:35:20 PM | Computer Name = BORIKE | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 5/30/2009 4:35:20 PM | Computer Name = BORIKE | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058

[ TuneUp Events ]
Error - 5/30/2009 12:39:12 PM | Computer Name = BORIKE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-30 12:39:12', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamgui.exe','3236',0)

Error - 5/30/2009 1:24:47 PM | Computer Name = BORIKE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-30 13:24:47', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','7624',0)

Error - 5/30/2009 1:58:02 PM | Computer Name = BORIKE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-30 13:58:02', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','5576',0)

Error - 5/30/2009 2:04:58 PM | Computer Name = BORIKE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-30 14:04:51', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamgui.exe','2592',0)

Error - 5/30/2009 2:04:58 PM | Computer Name = BORIKE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-30 14:04:58', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','2768',0)

Error - 5/30/2009 2:14:05 PM | Computer Name = BORIKE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-30 14:13:57', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','3820',0)

Error - 5/30/2009 2:21:27 PM | Computer Name = BORIKE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-30 14:21:18', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','456',0)

Error - 5/30/2009 3:09:58 PM | Computer Name = BORIKE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-30 15:09:58', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','9344',0)

Error - 5/30/2009 4:15:12 PM | Computer Name = BORIKE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-30 16:15:10', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbamservice.exe','3524',0)

Error - 5/30/2009 4:24:04 PM | Computer Name = BORIKE | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-30 16:24:04', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','9732',0)


< End of report >
  • 0

#4
ektor

ektor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
hey thx for your help but i think i have remove it with GMER. Anyway if you still think i have it please help me
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP