Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC Antivirus 2010


  • Please log in to reply

#1
Flowerpot_Lise

Flowerpot_Lise

    New Member

  • Member
  • Pip
  • 1 posts
I've gone through your Malware and Spyware cleaning guide but to no avail.

I run Malewarebytes and when it finishes after about 3Hours (Grr) it says there are files it will delete after reboot, except after rebooting the malware is still there with pop-ups and the PC Antivirus 2010 trying to install itself with pop-ups etc.

My Root Repeal log, Mbam Log and OTL are as follows. Thank you in advance for your help.

RootRepeal Log

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/01 23:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

SSDT
-------------------
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked

#: 001 Function Name: NtAccessCheck
Status: Not hooked

#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked

#: 003 Function Name: NtAccessCheckByType
Status: Not hooked

#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked

#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked

#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked

#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked

#: 008 Function Name: NtAddAtom
Status: Not hooked

#: 009 Function Name: NtAddBootEntry
Status: Not hooked

#: 010 Function Name: NtAdjustGroupsToken
Status: Not hooked

#: 011 Function Name: NtAdjustPrivilegesToken
Status: Not hooked

#: 012 Function Name: NtAlertResumeThread
Status: Not hooked

#: 013 Function Name: NtAlertThread
Status: Not hooked

#: 014 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked

#: 015 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked

#: 016 Function Name: NtAllocateUuids
Status: Not hooked

#: 017 Function Name: NtAllocateVirtualMemory
Status: Not hooked

#: 018 Function Name: NtAreMappedFilesTheSame
Status: Not hooked

#: 019 Function Name: NtAssignProcessToJobObject
Status: Not hooked

#: 020 Function Name: NtCallbackReturn
Status: Not hooked

#: 021 Function Name: NtCancelDeviceWakeupRequest
Status: Not hooked

#: 022 Function Name: NtCancelIoFile
Status: Not hooked

#: 023 Function Name: NtCancelTimer
Status: Not hooked

#: 024 Function Name: NtClearEvent
Status: Not hooked

#: 025 Function Name: NtClose
Status: Not hooked

#: 026 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked

#: 027 Function Name: NtCompactKeys
Status: Not hooked

#: 028 Function Name: NtCompareTokens
Status: Not hooked

#: 029 Function Name: NtCompleteConnectPort
Status: Not hooked

#: 030 Function Name: NtCompressKey
Status: Not hooked

#: 031 Function Name: NtConnectPort
Status: Not hooked

#: 032 Function Name: NtContinue
Status: Not hooked

#: 033 Function Name: NtCreateDebugObject
Status: Not hooked

#: 034 Function Name: NtCreateDirectoryObject
Status: Not hooked

#: 035 Function Name: NtCreateEvent
Status: Not hooked

#: 036 Function Name: NtCreateEventPair
Status: Not hooked

#: 037 Function Name: NtCreateFile
Status: Not hooked

#: 038 Function Name: NtCreateIoCompletion
Status: Not hooked

#: 039 Function Name: NtCreateJobObject
Status: Not hooked

#: 040 Function Name: NtCreateJobSet
Status: Not hooked

#: 041 Function Name: NtCreateKey
Status: Not hooked

#: 042 Function Name: NtCreateMailslotFile
Status: Not hooked

#: 043 Function Name: NtCreateMutant
Status: Not hooked

#: 044 Function Name: NtCreateNamedPipeFile
Status: Not hooked

#: 045 Function Name: NtCreatePagingFile
Status: Not hooked

#: 046 Function Name: NtCreatePort
Status: Not hooked

#: 047 Function Name: NtCreateProcess
Status: Not hooked

#: 048 Function Name: NtCreateProcessEx
Status: Not hooked

#: 049 Function Name: NtCreateProfile
Status: Not hooked

#: 050 Function Name: NtCreateSection
Status: Not hooked

#: 051 Function Name: NtCreateSemaphore
Status: Not hooked

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Not hooked

#: 053 Function Name: NtCreateThread
Status: Not hooked

#: 054 Function Name: NtCreateTimer
Status: Not hooked

#: 055 Function Name: NtCreateToken
Status: Not hooked

#: 056 Function Name: NtCreateWaitablePort
Status: Not hooked

#: 057 Function Name: NtDebugActiveProcess
Status: Not hooked

#: 058 Function Name: NtDebugContinue
Status: Not hooked

#: 059 Function Name: NtDelayExecution
Status: Not hooked

#: 060 Function Name: NtDeleteAtom
Status: Not hooked

#: 061 Function Name: NtDeleteBootEntry
Status: Not hooked

#: 062 Function Name: NtDeleteFile
Status: Not hooked

#: 063 Function Name: NtDeleteKey
Status: Not hooked

#: 064 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked

#: 065 Function Name: NtDeleteValueKey
Status: Not hooked

#: 066 Function Name: NtDeviceIoControlFile
Status: Not hooked

#: 067 Function Name: NtDisplayString
Status: Not hooked

#: 068 Function Name: NtDuplicateObject
Status: Not hooked

#: 069 Function Name: NtDuplicateToken
Status: Not hooked

#: 070 Function Name: NtEnumerateBootEntries
Status: Not hooked

#: 071 Function Name: NtEnumerateKey
Status: Not hooked

#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked

#: 073 Function Name: NtEnumerateValueKey
Status: Not hooked

#: 074 Function Name: NtExtendSection
Status: Not hooked

#: 075 Function Name: NtFilterToken
Status: Not hooked

#: 076 Function Name: NtFindAtom
Status: Not hooked

#: 077 Function Name: NtFlushBuffersFile
Status: Not hooked

#: 078 Function Name: NtFlushInstructionCache
Status: Not hooked

#: 079 Function Name: NtFlushKey
Status: Not hooked

#: 080 Function Name: NtFlushVirtualMemory
Status: Not hooked

#: 081 Function Name: NtFlushWriteBuffer
Status: Not hooked

#: 082 Function Name: NtFreeUserPhysicalPages
Status: Not hooked

#: 083 Function Name: NtFreeVirtualMemory
Status: Not hooked

#: 084 Function Name: NtFsControlFile
Status: Not hooked

#: 085 Function Name: NtGetContextThread
Status: Not hooked

#: 086 Function Name: NtGetDevicePowerState
Status: Not hooked

#: 087 Function Name: NtGetPlugPlayEvent
Status: Not hooked

#: 088 Function Name: NtGetWriteWatch
Status: Not hooked

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Not hooked

#: 090 Function Name: NtImpersonateClientOfPort
Status: Not hooked

#: 091 Function Name: NtImpersonateThread
Status: Not hooked

#: 092 Function Name: NtInitializeRegistry
Status: Not hooked

#: 093 Function Name: NtInitiatePowerAction
Status: Not hooked

#: 094 Function Name: NtIsProcessInJob
Status: Not hooked

#: 095 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked

#: 096 Function Name: NtListenPort
Status: Not hooked

#: 097 Function Name: NtLoadDriver
Status: Not hooked

#: 098 Function Name: NtLoadKey
Status: Not hooked

#: 099 Function Name: NtLoadKey2
Status: Not hooked

#: 100 Function Name: NtLockFile
Status: Not hooked

#: 101 Function Name: NtLockProductActivationKeys
Status: Not hooked

#: 102 Function Name: NtLockRegistryKey
Status: Not hooked

#: 103 Function Name: NtLockVirtualMemory
Status: Not hooked

#: 104 Function Name: NtMakePermanentObject
Status: Not hooked

#: 105 Function Name: NtMakeTemporaryObject
Status: Not hooked

#: 106 Function Name: NtMapUserPhysicalPages
Status: Not hooked

#: 107 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked

#: 108 Function Name: NtMapViewOfSection
Status: Not hooked

#: 109 Function Name: NtModifyBootEntry
Status: Not hooked

#: 110 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked

#: 111 Function Name: NtNotifyChangeKey
Status: Not hooked

#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked

#: 113 Function Name: NtOpenDirectoryObject
Status: Not hooked

#: 114 Function Name: NtOpenEvent
Status: Not hooked

#: 115 Function Name: NtOpenEventPair
Status: Not hooked

#: 116 Function Name: NtOpenFile
Status: Not hooked

#: 117 Function Name: NtOpenIoCompletion
Status: Not hooked

#: 118 Function Name: NtOpenJobObject
Status: Not hooked

#: 119 Function Name: NtOpenKey
Status: Not hooked

#: 120 Function Name: NtOpenMutant
Status: Not hooked

#: 121 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked

#: 122 Function Name: NtOpenProcess
Status: Not hooked

#: 123 Function Name: NtOpenProcessToken
Status: Not hooked

#: 124 Function Name: NtOpenProcessTokenEx
Status: Not hooked

#: 125 Function Name: NtOpenSection
Status: Not hooked

#: 126 Function Name: NtOpenSemaphore
Status: Not hooked

#: 127 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked

#: 128 Function Name: NtOpenThread
Status: Not hooked

#: 129 Function Name: NtOpenThreadToken
Status: Not hooked

#: 130 Function Name: NtOpenThreadTokenEx
Status: Not hooked

#: 131 Function Name: NtOpenTimer
Status: Not hooked

#: 132 Function Name: NtPlugPlayControl
Status: Not hooked

#: 133 Function Name: NtPowerInformation
Status: Not hooked

#: 134 Function Name: NtPrivilegeCheck
Status: Not hooked

#: 135 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked

#: 136 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked

#: 137 Function Name: NtProtectVirtualMemory
Status: Not hooked

#: 138 Function Name: NtPulseEvent
Status: Not hooked

#: 139 Function Name: NtQueryAttributesFile
Status: Not hooked

#: 140 Function Name: NtQueryBootEntryOrder
Status: Not hooked

#: 141 Function Name: NtQueryBootOptions
Status: Not hooked

#: 142 Function Name: NtQueryDebugFilterState
Status: Not hooked

#: 143 Function Name: NtQueryDefaultLocale
Status: Not hooked

#: 144 Function Name: NtQueryDefaultUILanguage
Status: Not hooked

#: 145 Function Name: NtQueryDirectoryFile
Status: Not hooked

#: 146 Function Name: NtQueryDirectoryObject
Status: Not hooked

#: 147 Function Name: NtQueryEaFile
Status: Not hooked

#: 148 Function Name: NtQueryEvent
Status: Not hooked

#: 149 Function Name: NtQueryFullAttributesFile
Status: Not hooked

#: 150 Function Name: NtQueryInformationAtom
Status: Not hooked

#: 151 Function Name: NtQueryInformationFile
Status: Not hooked

#: 152 Function Name: NtQueryInformationJobObject
Status: Not hooked

#: 153 Function Name: NtQueryInformationPort
Status: Not hooked

#: 154 Function Name: NtQueryInformationProcess
Status: Not hooked

#: 155 Function Name: NtQueryInformationThread
Status: Not hooked

#: 156 Function Name: NtQueryInformationToken
Status: Not hooked

#: 157 Function Name: NtQueryInstallUILanguage
Status: Not hooked

#: 158 Function Name: NtQueryIntervalProfile
Status: Not hooked

#: 159 Function Name: NtQueryIoCompletion
Status: Not hooked

#: 160 Function Name: NtQueryKey
Status: Not hooked

#: 161 Function Name: NtQueryMultipleValueKey
Status: Not hooked

#: 162 Function Name: NtQueryMutant
Status: Not hooked

#: 163 Function Name: NtQueryObject
Status: Not hooked

#: 164 Function Name: NtQueryOpenSubKeys
Status: Not hooked

#: 165 Function Name: NtQueryPerformanceCounter
Status: Not hooked

#: 166 Function Name: NtQueryQuotaInformationFile
Status: Not hooked

#: 167 Function Name: NtQuerySection
Status: Not hooked

#: 168 Function Name: NtQuerySecurityObject
Status: Not hooked

#: 169 Function Name: NtQuerySemaphore
Status: Not hooked

#: 170 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked

#: 171 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked

#: 172 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked

#: 173 Function Name: NtQuerySystemInformation
Status: Not hooked

#: 174 Function Name: NtQuerySystemTime
Status: Not hooked

#: 175 Function Name: NtQueryTimer
Status: Not hooked

#: 176 Function Name: NtQueryTimerResolution
Status: Not hooked

#: 177 Function Name: NtQueryValueKey
Status: Not hooked

#: 178 Function Name: NtQueryVirtualMemory
Status: Not hooked

#: 179 Function Name: NtQueryVolumeInformationFile
Status: Not hooked

#: 180 Function Name: NtQueueApcThread
Status: Not hooked

#: 181 Function Name: NtRaiseException
Status: Not hooked

#: 182 Function Name: NtRaiseHardError
Status: Not hooked

#: 183 Function Name: NtReadFile
Status: Not hooked

#: 184 Function Name: NtReadFileScatter
Status: Not hooked

#: 185 Function Name: NtReadRequestData
Status: Not hooked

#: 186 Function Name: NtReadVirtualMemory
Status: Not hooked

#: 187 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked

#: 188 Function Name: NtReleaseMutant
Status: Not hooked

#: 189 Function Name: NtReleaseSemaphore
Status: Not hooked

#: 190 Function Name: NtRemoveIoCompletion
Status: Not hooked

#: 191 Function Name: NtRemoveProcessDebug
Status: Not hooked

#: 192 Function Name: NtRenameKey
Status: Not hooked

#: 193 Function Name: NtReplaceKey
Status: Not hooked

#: 194 Function Name: NtReplyPort
Status: Not hooked

#: 195 Function Name: NtReplyWaitReceivePort
Status: Not hooked

#: 196 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked

#: 197 Function Name: NtReplyWaitReplyPort
Status: Not hooked

#: 198 Function Name: NtRequestDeviceWakeup
Status: Not hooked

#: 199 Function Name: NtRequestPort
Status: Not hooked

#: 200 Function Name: NtRequestWaitReplyPort
Status: Not hooked

#: 201 Function Name: NtRequestWakeupLatency
Status: Not hooked

#: 202 Function Name: NtResetEvent
Status: Not hooked

#: 203 Function Name: NtResetWriteWatch
Status: Not hooked

#: 204 Function Name: NtRestoreKey
Status: Not hooked

#: 205 Function Name: NtResumeProcess
Status: Not hooked

#: 206 Function Name: NtResumeThread
Status: Not hooked

#: 207 Function Name: NtSaveKey
Status: Not hooked

#: 208 Function Name: NtSaveKeyEx
Status: Not hooked

#: 209 Function Name: NtSaveMergedKeys
Status: Not hooked

#: 210 Function Name: NtSecureConnectPort
Status: Not hooked

#: 211 Function Name: NtSetBootEntryOrder
Status: Not hooked

#: 212 Function Name: NtSetBootOptions
Status: Not hooked

#: 213 Function Name: NtSetContextThread
Status: Not hooked

#: 214 Function Name: NtSetDebugFilterState
Status: Not hooked

#: 215 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked

#: 216 Function Name: NtSetDefaultLocale
Status: Not hooked

#: 217 Function Name: NtSetDefaultUILanguage
Status: Not hooked

#: 218 Function Name: NtSetEaFile
Status: Not hooked

#: 219 Function Name: NtSetEvent
Status: Not hooked

#: 220 Function Name: NtSetEventBoostPriority
Status: Not hooked

#: 221 Function Name: NtSetHighEventPair
Status: Not hooked

#: 222 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked

#: 223 Function Name: NtSetInformationDebugObject
Status: Not hooked

#: 224 Function Name: NtSetInformationFile
Status: Not hooked

#: 225 Function Name: NtSetInformationJobObject
Status: Not hooked

#: 226 Function Name: NtSetInformationKey
Status: Not hooked

#: 227 Function Name: NtSetInformationObject
Status: Not hooked

#: 228 Function Name: NtSetInformationProcess
Status: Not hooked

#: 229 Function Name: NtSetInformationThread
Status: Not hooked

#: 230 Function Name: NtSetInformationToken
Status: Not hooked

#: 231 Function Name: NtSetIntervalProfile
Status: Not hooked

#: 232 Function Name: NtSetIoCompletion
Status: Not hooked

#: 233 Function Name: NtSetLdtEntries
Status: Not hooked

#: 234 Function Name: NtSetLowEventPair
Status: Not hooked

#: 235 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked

#: 236 Function Name: NtSetQuotaInformationFile
Status: Not hooked

#: 237 Function Name: NtSetSecurityObject
Status: Not hooked

#: 238 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked

#: 239 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked

#: 240 Function Name: NtSetSystemInformation
Status: Not hooked

#: 241 Function Name: NtSetSystemPowerState
Status: Not hooked

#: 242 Function Name: NtSetSystemTime
Status: Not hooked

#: 243 Function Name: NtSetThreadExecutionState
Status: Not hooked

#: 244 Function Name: NtSetTimer
Status: Not hooked

#: 245 Function Name: NtSetTimerResolution
Status: Not hooked

#: 246 Function Name: NtSetUuidSeed
Status: Not hooked

#: 247 Function Name: NtSetValueKey
Status: Not hooked

#: 248 Function Name: NtSetVolumeInformationFile
Status: Not hooked

#: 249 Function Name: NtShutdownSystem
Status: Not hooked

#: 250 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked

#: 251 Function Name: NtStartProfile
Status: Not hooked

#: 252 Function Name: NtStopProfile
Status: Not hooked

#: 253 Function Name: NtSuspendProcess
Status: Not hooked

#: 254 Function Name: NtSuspendThread
Status: Not hooked

#: 255 Function Name: NtSystemDebugControl
Status: Not hooked

#: 256 Function Name: NtTerminateJobObject
Status: Not hooked

#: 257 Function Name: NtTerminateProcess
Status: Not hooked

#: 258 Function Name: NtTerminateThread
Status: Not hooked

#: 259 Function Name: NtTestAlert
Status: Not hooked

#: 260 Function Name: NtTraceEvent
Status: Not hooked

#: 261 Function Name: NtTranslateFilePath
Status: Not hooked

#: 262 Function Name: NtUnloadDriver
Status: Not hooked

#: 263 Function Name: NtUnloadKey
Status: Not hooked

#: 264 Function Name: NtUnloadKeyEx
Status: Not hooked

#: 265 Function Name: NtUnlockFile
Status: Not hooked

#: 266 Function Name: NtUnlockVirtualMemory
Status: Not hooked

#: 267 Function Name: NtUnmapViewOfSection
Status: Not hooked

#: 268 Function Name: NtVdmControl
Status: Not hooked

#: 269 Function Name: NtWaitForDebugEvent
Status: Not hooked

#: 270 Function Name: NtWaitForMultipleObjects
Status: Not hooked

#: 271 Function Name: NtWaitForSingleObject
Status: Not hooked

#: 272 Function Name: NtWaitHighEventPair
Status: Not hooked

#: 273 Function Name: NtWaitLowEventPair
Status: Not hooked

#: 274 Function Name: NtWriteFile
Status: Not hooked

#: 275 Function Name: NtWriteFileGather
Status: Not hooked

#: 276 Function Name: NtWriteRequestData
Status: Not hooked

#: 277 Function Name: NtWriteVirtualMemory
Status: Not hooked

#: 278 Function Name: NtYieldExecution
Status: Not hooked

#: 279 Function Name: NtCreateKeyedEvent
Status: Not hooked

#: 280 Function Name: NtOpenKeyedEvent
Status: Not hooked

#: 281 Function Name: NtReleaseKeyedEvent
Status: Not hooked

#: 282 Function Name: NtWaitForKeyedEvent
Status: Not hooked

#: 283 Function Name: NtQueryPortInformationProcess
Status: Not hooked

Drivers
-------------------
Name: essmug.sys
Image Path: essmug.sys
Address: 0xF7816000 Size: 61440 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF79E6000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

Processes
-------------------
Path: System
PID: 4 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 128 Status: -

Path: C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PID: 200 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 208 Status: -

Path: C:\Documents and Settings\Lise\sys32_nov.exe
PID: 292 Status: -

Path: C:\WINDOWS\system32\smss.exe
PID: 324 Status: -

Path: C:\WINDOWS\system32\csrss.exe
PID: 380 Status: -

Path: C:\WINDOWS\system32\winlogon.exe
PID: 404 Status: -

Path: C:\WINDOWS\system32\services.exe
PID: 448 Status: -

Path: C:\WINDOWS\system32\lsass.exe
PID: 460 Status: -

Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 572 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 604 Status: -

Path: C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PID: 660 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 664 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 704 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 740 Status: -

Path: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 828 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 868 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 912 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 940 Status: -

Path: C:\Documents and Settings\Lise\Desktop\RootRepeal.exe
PID: 972 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1064 Status: -

Path: C:\WINDOWS\explorer.exe
PID: 1100 Status: -

Path: C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PID: 1124 Status: -

Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PID: 1160 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1276 Status: -

Path: C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PID: 1472 Status: -

Path: C:\WINDOWS\system32\spoolsv.exe
PID: 1536 Status: -

Path: C:\WINDOWS\system32\igfxtray.exe
PID: 1624 Status: -

Path: C:\WINDOWS\system32\hkcmd.exe
PID: 1644 Status: -

Path: C:\WINDOWS\SOUNDMAN.EXE
PID: 1652 Status: -

Path: C:\WINDOWS\AGRSMMSG.exe
PID: 1676 Status: -

Path: C:\WINDOWS\vsnpstd.exe
PID: 1704 Status: -

Path: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
PID: 1712 Status: -

Path: C:\PROGRA~1\AVG\AVG8\avgtray.exe
PID: 1732 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1736 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1772 Status: -

Path: C:\Program Files\iTunes\iTunesHelper.exe
PID: 1804 Status: -

Path: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1856 Status: -

Path: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PID: 1888 Status: -

Path: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 1920 Status: -

Path: C:\WINDOWS\system32\ctfmon.exe
PID: 1956 Status: -

Path: C:\Program Files\DNA\btdna.exe
PID: 1984 Status: -

Path: C:\Program Files\Skype\Phone\Skype.exe
PID: 2044 Status: -

Path: C:\WINDOWS\system32\snmp.exe
PID: 2116 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 2140 Status: -

Path: C:\WINDOWS\system32\Tablet.exe
PID: 2176 Status: -

Path: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 2444 Status: -

Path: C:\WINDOWS\system32\WTablet\TabUserW.exe
PID: 2496 Status: -

Path: C:\WINDOWS\system32\Tablet.exe
PID: 2540 Status: -

Path: C:\Program Files\iPod\bin\iPodService.exe
PID: 3208 Status: -

Path: C:\WINDOWS\system32\alg.exe
PID: 3356 Status: -

Path: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PID: 3444 Status: -

Path: C:\Program Files\Skype\Plugin Manager\skypePM.exe
PID: 4064 Status: -

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF77C7000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xEE1FD000 Size: 138496 File Visible: - Signed: -
Status: -

Name: AGRSM.sys
Image Path: C:\WINDOWS\System32\DRIVERS\AGRSM.sys
Address: 0xF66C0000 Size: 1268128 File Visible: - Signed: -
Status: -

Name: ALCXSENS.SYS
Image Path: C:\WINDOWS\system32\drivers\ALCXSENS.SYS
Address: 0xF6593000 Size: 404736 File Visible: - Signed: -
Status: -

Name: ALCXWDM.SYS
Image Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xF661A000 Size: 453760 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF777F000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF7E29000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xEE003000 Size: 328576 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xF7B2E000 Size: 21120 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7C26000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xEDDA7000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF6F37000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF7866000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7856000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF6F17000 Size: 61440 File Visible: - Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xEDFF3000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7EA1000 Size: 4096 File Visible: - Signed: -
Status: -

Name: essmug.sys
Image Path: essmug.sys
Address: 0xF7816000 Size: 61440 File Visible: No Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xEDFB7000 Size: 143744 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF7C16000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF79A6000 Size: 44544 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF7B06000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF775F000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7D60000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF7797000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF7CAE000 Size: 9984 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 131840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF78B6000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF7C1E000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\hidusb.sys
Address: 0xF7D0A000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xECD1F000 Size: 264832 File Visible: - Signed: -
Status: -

Name: ialmdd5.DLL
Image Path: C:\WINDOWS\System32\ialmdd5.DLL
Address: 0xBFA2E000 Size: 905216 File Visible: - Signed: -
Status: -

Name: ialmdev5.DLL
Image Path: C:\WINDOWS\System32\ialmdev5.DLL
Address: 0xBFA02000 Size: 180224 File Visible: - Signed: -
Status: -

Name: ialmdnt5.dll
Image Path: C:\WINDOWS\System32\ialmdnt5.dll
Address: 0xBF9E3000 Size: 126976 File Visible: - Signed: -
Status: -

Name: ialmnt5.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
Address: 0xF682E000 Size: 807872 File Visible: - Signed: -
Status: -

Name: ialmrnt5.dll
Image Path: C:\WINDOWS\System32\ialmrnt5.dll
Address: 0xBF9D5000 Size: 57344 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xF6F47000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xF6F77000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xEE114000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xEE2A0000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7826000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF7ACE000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xF6914000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7D16000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xEC42C000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys
Address: 0xF6689000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7736000 Size: 92928 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7D62000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF7C0E000 Size: 30080 File Visible: - Signed: -
Status: -

Name: MODEMCSA.sys
Image Path: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Address: 0xF7CD6000 Size: 16128 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF7AD6000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xF6918000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7836000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xED83F000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xEE13A000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7B1E000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF7976000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF7CC2000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF764F000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7669000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF7CBA000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xEDF27000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF657C000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7906000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF7986000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xEE21F000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7B26000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7696000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7EAC000 Size: 2944 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xF66AC000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7A9E000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7D6A000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF77B6000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7DDE000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7A96000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF65F6000 Size: 147456 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF7ABE000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7876000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF7CE6000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF78C6000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF78D6000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF78E6000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF7AC6000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xEE1D2000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7D64000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF6F27000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF79E6000 Size: 49152 File Visible: No Signed: -
Status: -

Name: Rtlnic51.sys
Image Path: C:\WINDOWS\System32\DRIVERS\Rtlnic51.sys
Address: 0xF6F67000 Size: 65280 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xF7607000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF6F57000 Size: 64512 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF774D000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xED1C0000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF7D54000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xEDC27000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xEE247000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF7AB6000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF78F6000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF651E000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF7B36000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF7D58000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF7BFE000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF7926000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Address: 0xF7C06000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF67F6000 Size: 147456 File Visible: - Signed: -
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbprint.sys
Address: 0xF7B4E000 Size: 25856 File Visible: - Signed: -
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbscan.sys
Address: 0xF7D0E000 Size: 15104 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF7BF6000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7B16000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xF681A000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7846000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wacommousefilter.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
Address: 0xF7AE6000 Size: 32768 File Visible: - Signed: -
Status: -

Name: wacomvhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
Address: 0xF7D50000 Size: 7168 File Visible: - Signed: -
Status: -

Name: WacomVKHid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
Address: 0xF7D52000 Size: 5760 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF79B6000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7B9E000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xEDAF2000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7D18000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xF7723000 Size: 76544 File Visible: - Signed: -
Status: -


MBAM LOG

Malwarebytes' Anti-Malware 1.40
Database version: 2724
Windows 5.1.2600 Service Pack 3

01/09/2009 23:44:34
mbam-log-2009-09-01 (23-44-34).txt

Scan type: Full Scan (C:\|D:\|E:\|G:\|)
Objects scanned: 238932
Time elapsed: 3 hour(s), 43 minute(s), 14 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 2
Registry Values Infected: 7
Registry Data Items Infected: 6
Folders Infected: 4
Files Infected: 23

Memory Processes Infected:
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe (Rogue.PC_AntiSpyware2010) -> Unloaded process successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro) -> Delete on reboot.
C:\Program Files\PC_Antispyware2010\AVEngn.dll (Rogue.PC_AntiSpyware2010) -> Delete on reboot.
C:\Program Files\PC_Antispyware2010\pthreadVC2.dll (Rogue.PC_AntiSpyware2010) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc_antispyware2010 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC_AntiSpyware2010 (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pc antispyware 2010 (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\PC_AntiSpyware2010 (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\data (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\Microsoft.VC80.CRT (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lise\Start Menu\Programs\PC_AntiSpyware2010 (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\PC_Antispyware2010\htmlayout.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Program Files\PC_Antispyware2010\Uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCCDEC69-6F0A-4A1F-93EF-1FB499906871}\RP1082\A0218958.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCCDEC69-6F0A-4A1F-93EF-1FB499906871}\RP1082\A0218944.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CCCDEC69-6F0A-4A1F-93EF-1FB499906871}\RP1082\A0218960.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\AVEngn.dll (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\PC_Antispyware2010.cfg (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\PC_Antispyware2010.exe (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\pthreadVC2.dll (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\data\daily.cvd (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Program Files\PC_AntiSpyware2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lise\Start Menu\Programs\PC_AntiSpyware2010\PC_Antispyware2010.lnk (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lise\Start Menu\Programs\PC_AntiSpyware2010\Uninstall.lnk (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lise\Desktop\PC_Antispyware2010.lnk (Rogue.PCAntispy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lise\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_AntiSpyware2010.lnk (Rogue.PC_AntiSpyware2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lise\Local Settings\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lise\Local Settings\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lise\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.


OTL LOG
OTL logfile created on: 02/09/2009 00:24:23 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Lise\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

759.48 Mb Total Physical Memory | 175.43 Mb Available Physical Memory | 23.10% Memory free
1.06 Gb Paging File | 0.46 Gb Available in Paging File | 43.66% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 10.16 Gb Free Space | 26.02% Space Free | Partition Type: NTFS
Drive D: | 26.93 Gb Total Space | 25.49 Gb Free Space | 94.65% Space Free | Partition Type: NTFS
Drive E: | 8.53 Gb Total Space | 6.87 Gb Free Space | 80.63% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 298.09 Gb Total Space | 199.91 Gb Free Space | 67.06% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-EU4C7VE7A5
Current User Name: Lise
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2005/06/21 16:48:18 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2005/06/21 16:44:34 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2004/04/22 17:04:00 | 00,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/06/29 10:06:38 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe
PRC - [2004/05/04 20:14:10 | 00,040,960 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe
PRC - [2004/03/31 17:32:30 | 00,053,248 | ---- | M] (TODO: <Company name>) -- C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
PRC - [2009/08/30 10:39:22 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/01/06 14:06:36 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/03/18 09:03:34 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/12/16 21:19:22 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/06/02 11:56:00 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/06/30 09:55:40 | 02,329,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/09/01 07:16:17 | 00,029,216 | ---- | M] () -- C:\Documents and Settings\Lise\sys32_nov.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/30 10:39:07 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2000/11/17 01:02:00 | 00,114,688 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2007/01/11 05:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/14 01:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe
PRC - [2007/03/30 17:06:00 | 01,189,424 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe
PRC - [2009/08/30 10:40:37 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2007/03/30 17:07:00 | 00,132,656 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\WTablet\TabUserW.exe
PRC - [2007/03/30 17:06:00 | 01,189,424 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe
PRC - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/02 11:56:00 | 00,077,360 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/04/21 22:34:24 | 12,314,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/08/03 19:01:02 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe
PRC - [2009/09/02 00:01:18 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lise\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/09/10 14:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2005/12/04 22:14:19 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/30 10:39:07 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - File not found -- -- (CA_LIC_CLNT [On_Demand | Stopped])
SRV - File not found -- -- (CA_LIC_SRVR [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
SRV - [2000/11/17 01:02:00 | 00,114,688 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Running])
SRV - [2007/01/11 05:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01 [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/01/06 14:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - File not found -- -- (LogWatch [Auto | Stopped])
SRV - File not found -- -- (MSSQL$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/11/11 10:38:06 | 00,620,544 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2008/04/14 01:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\snmp.exe -- (SNMP [Auto | Running])
SRV - File not found -- -- (SQLAgent$SONY_MEDIAMGR [On_Demand | Stopped])
SRV - [2009/04/12 19:19:32 | 00,120,168 | ---- | M] (stumbleupon.com) -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe -- (StumbleUponUpdateService [On_Demand | Stopped])
SRV - [2007/03/30 17:06:00 | 01,189,424 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\System32\Tablet.exe -- (TabletService [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co...e.php?ref=home"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: avg@igeared:2.506.026.001
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.8.7
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.28
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/29 09:32:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/07/22 08:25:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/15 09:22:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 21:05:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox 3 Beta 3\components [2009/08/03 19:01:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3 Beta 3\plugins [2009/08/03 19:01:10 | 00,000,000 | ---D | M]

[2009/01/24 11:16:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\mozilla\Extensions
[2008/03/05 09:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/01/24 11:16:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\mozilla\Extensions\uploadr@flickr.com
[2009/09/01 20:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\mozilla\Firefox\Profiles\0jypgd41.default\extensions
[2009/06/01 07:32:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\mozilla\Firefox\Profiles\0jypgd41.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2009/09/01 18:56:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\mozilla\Firefox\Profiles\0jypgd41.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/06/01 07:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\mozilla\Firefox\Profiles\0jypgd41.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/11/27 23:14:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\mozilla\Firefox\Profiles\0jypgd41.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/02/24 00:32:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/02/24 00:32:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/02/24 00:32:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/02/24 00:32:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/02/24 00:32:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/02/24 00:32:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/02/24 00:32:56 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/11/20 17:52:00 | 02,884,992 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll

O1 HOSTS File: (4102 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 46 more lines...
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A9CAB51B-0D46-49FC-9BE7-E72A18E80FBA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [braviax] File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MISSetup] F:\Mis\eng\setup.exe File not found
O4 - HKLM..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe (TODO: <Company name>)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nokia FastStart] C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe File not found
O4 - HKLM..\Run: [PC Antispyware 2010] C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [sys32_nov] C:\WINDOWS\System32\sys32_nov.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [braviax] File not found
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [sys32_nov] C:\Documents and Settings\Lise\sys32_nov.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\System32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O8 - Extra context menu item: Add to &Windows Live Favorites - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM File not found
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM File not found
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Lise\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Risk/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.ma...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} http://musicmix.mess.../Medialogic.CAB (CMediaMix Object)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://a516.g.akamai...cat-no-eula.cab (Citrix ICA Client)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zon...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {30CADB40-6FD7-433F-BF0D-4827CA7B5BDF} https://favorites.li...ab/ImportAx.cab (FavImport Class)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by110w.bay110...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.r...ip/RdxIE601.cab (RdxIE Class)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} http://proms.myphoto...yUploadTool.cab (Easy Upload Tool Combo Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1094052433687 (WUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} http://www.lostcherr...geUploader4.cab (Image Uploader Control)
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} http://zone.msn.com/...no.cab55579.cab (ZPA_DMNO Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory....ap/PhtPkMSN.cab (PhotoPickConvert Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...8178.2841319444 (Reg Error: Value error.)
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} http://appdirectory....ap/DigWXMSN.cab (BatchDownloader Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Risk/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/...fault/shapo.cab (TikGames Online Control)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zon...oF.cab31267.cab (WheelofFortune Object)
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} http://zone.msn.com/...WebLauncher.cab (SCEWebLauncherCtl Object)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/z...s/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zon...ss.cab31267.cab (ZoneChess Object)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by114fd.bay11...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zon...wn.cab31267.cab (Solitaire Showdown Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/07/10 21:56:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (SsiEfr.ex) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/09/02 00:01:16 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lise\Desktop\OTL.exe
[2009/09/01 23:54:27 | 00,019,338 | ---- | C] () -- C:\Program Files\Common Files\imyhe.reg
[2009/09/01 23:54:27 | 00,018,823 | ---- | C] () -- C:\WINDOWS\deguxasa.scr
[2009/09/01 23:54:27 | 00,018,741 | ---- | C] () -- C:\WINDOWS\System32\kipynuruz.inf
[2009/09/01 23:54:27 | 00,018,439 | ---- | C] () -- C:\WINDOWS\System32\vyqamaj.inf
[2009/09/01 23:54:27 | 00,018,333 | ---- | C] () -- C:\Documents and Settings\Lise\Application Data\manafic._dl
[2009/09/01 23:54:27 | 00,017,374 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xisi.vbs
[2009/09/01 23:54:27 | 00,016,719 | ---- | C] () -- C:\WINDOWS\dirar.com
[2009/09/01 23:54:27 | 00,016,557 | ---- | C] () -- C:\WINDOWS\baqobyno.db
[2009/09/01 23:54:27 | 00,016,179 | ---- | C] () -- C:\Documents and Settings\Lise\Application Data\cuhek.com
[2009/09/01 23:54:27 | 00,013,908 | ---- | C] () -- C:\WINDOWS\durecynuqa.scr
[2009/09/01 23:54:27 | 00,013,135 | ---- | C] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\qobo.vbs
[2009/09/01 23:54:27 | 00,011,914 | ---- | C] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\hotohyj.lib
[2009/09/01 23:54:27 | 00,011,881 | ---- | C] () -- C:\WINDOWS\ynumosej.com
[2009/09/01 23:54:27 | 00,011,408 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\emab.sys
[2009/09/01 23:54:27 | 00,010,772 | ---- | C] () -- C:\WINDOWS\System32\ipegalusi.inf
[2009/09/01 23:54:27 | 00,010,680 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cecuw.exe
[2009/09/01 23:53:49 | 00,001,690 | ---- | C] () -- C:\Documents and Settings\Lise\Desktop\PC_Antispyware2010.lnk
[2009/09/01 23:53:46 | 00,000,000 | ---D | C] -- C:\Program Files\PC_Antispyware2010
[2009/09/01 23:52:26 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Lise\Desktop\~$lware and Spyware Cleaning Guide.doc
[2009/09/01 23:52:05 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Lise\Desktop\settings.dat
[2009/09/01 23:49:33 | 00,191,159 | ---- | C] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/09/01 23:48:25 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009/09/01 23:48:25 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/09/01 23:48:25 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe
[2009/09/01 23:48:24 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\figaro.sys
[2009/09/01 19:57:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/01 19:56:43 | 00,000,615 | ---- | C] () -- C:\Documents and Settings\Lise\Desktop\NTREGOPT.lnk
[2009/09/01 19:56:43 | 00,000,596 | ---- | C] () -- C:\Documents and Settings\Lise\Desktop\ERUNT.lnk
[2009/09/01 19:56:37 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/01 19:55:48 | 00,019,998 | ---- | C] () -- C:\Documents and Settings\Lise\Application Data\ymicu.lib
[2009/09/01 19:55:48 | 00,018,563 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ohyneg.inf
[2009/09/01 19:55:48 | 00,018,299 | ---- | C] () -- C:\WINDOWS\System32\wopoc.bin
[2009/09/01 19:55:48 | 00,018,075 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\evikase.lib
[2009/09/01 19:55:48 | 00,017,944 | ---- | C] () -- C:\WINDOWS\System32\exosiri.lib
[2009/09/01 19:55:48 | 00,017,180 | ---- | C] () -- C:\WINDOWS\ymef.bat
[2009/09/01 19:55:48 | 00,016,895 | ---- | C] () -- C:\WINDOWS\ogujij.scr
[2009/09/01 19:55:48 | 00,016,606 | ---- | C] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\otepuqe.ban
[2009/09/01 19:55:48 | 00,015,899 | ---- | C] () -- C:\WINDOWS\ylug.inf
[2009/09/01 19:55:48 | 00,014,613 | ---- | C] () -- C:\WINDOWS\uryj.inf
[2009/09/01 19:55:48 | 00,014,609 | ---- | C] () -- C:\Program Files\Common Files\bujat.vbs
[2009/09/01 19:55:48 | 00,013,447 | ---- | C] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\oxuwyq._sy
[2009/09/01 19:55:48 | 00,012,491 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\yvuriv.lib
[2009/09/01 19:55:48 | 00,010,724 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\lyvojupy.com
[2009/09/01 19:55:48 | 00,010,706 | ---- | C] () -- C:\WINDOWS\orem._dl
[2009/09/01 19:11:00 | 00,076,800 | ---- | C] () -- C:\Documents and Settings\Lise\Desktop\Malware and Spyware Cleaning Guide.doc
[2009/09/01 19:04:36 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Lise\Desktop\RootRepeal.exe
[2009/09/01 19:02:32 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Lise\Desktop\erunt_setup.exe
[2009/09/01 19:01:56 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Lise\Desktop\SysRestorePoint.exe
[2009/09/01 19:01:23 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lise\Desktop\TFC.exe
[2009/09/01 08:43:29 | 00,018,485 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\qafud.dl
[2009/09/01 08:43:29 | 00,017,072 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atuwycyp.lib
[2009/09/01 08:43:29 | 00,010,314 | ---- | C] () -- C:\WINDOWS\System32\ijiro.dll
[2009/09/01 08:43:28 | 00,019,937 | ---- | C] () -- C:\Program Files\Common Files\amat.sys
[2009/09/01 08:43:28 | 00,019,472 | ---- | C] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\luveqafohi.ban
[2009/09/01 08:43:28 | 00,019,277 | ---- | C] () -- C:\Program Files\Common Files\sebotucat._sy
[2009/09/01 08:43:28 | 00,019,043 | ---- | C] () -- C:\Documents and Settings\Lise\Application Data\fojoporiwe.dl
[2009/09/01 08:43:28 | 00,016,433 | ---- | C] () -- C:\WINDOWS\kynaseciv.dl
[2009/09/01 08:43:28 | 00,015,752 | ---- | C] () -- C:\WINDOWS\izytab.ban
[2009/09/01 08:43:28 | 00,015,528 | ---- | C] () -- C:\WINDOWS\romyresudo.bat
[2009/09/01 08:43:28 | 00,015,210 | ---- | C] () -- C:\WINDOWS\yfida.com
[2009/09/01 08:43:28 | 00,013,843 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iqywive.scr
[2009/09/01 08:43:28 | 00,013,373 | ---- | C] () -- C:\WINDOWS\System32\zavizus.bin
[2009/09/01 08:43:28 | 00,013,325 | ---- | C] () -- C:\WINDOWS\vabibyruf.pif
[2009/09/01 08:43:28 | 00,012,883 | ---- | C] () -- C:\WINDOWS\asopamopen.ban
[2009/09/01 08:43:28 | 00,012,656 | ---- | C] () -- C:\WINDOWS\oleha.pif
[2009/09/01 08:43:28 | 00,012,278 | ---- | C] () -- C:\WINDOWS\System32\eqyc.sys
[2009/09/01 08:43:28 | 00,011,548 | ---- | C] () -- C:\Documents and Settings\Lise\Application Data\lexiduhuz.reg
[2009/09/01 08:43:28 | 00,010,978 | ---- | C] () -- C:\WINDOWS\System32\owufuzyhe.exe
[2009/09/01 08:43:28 | 00,010,068 | ---- | C] () -- C:\WINDOWS\iqacegila.lib
[2009/09/01 07:25:52 | 00,018,325 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\mypipydy.exe
[2009/09/01 07:25:52 | 00,017,583 | ---- | C] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\hicemyw.scr
[2009/09/01 07:25:52 | 00,016,392 | ---- | C] () -- C:\WINDOWS\System32\ehesiveda.pif
[2009/09/01 07:25:52 | 00,016,112 | ---- | C] () -- C:\WINDOWS\System32\okagitom.reg
[2009/09/01 07:25:52 | 00,015,884 | ---- | C] () -- C:\Program Files\Common Files\dyryhuhofi.dl
[2009/09/01 07:25:52 | 00,014,535 | ---- | C] () -- C:\Program Files\Common Files\koxix.pif
[2009/09/01 07:25:52 | 00,014,112 | ---- | C] () -- C:\Documents and Settings\Lise\Application Data\zoxewuwi.bin
[2009/09/01 07:25:52 | 00,013,480 | ---- | C] () -- C:\WINDOWS\System32\asecygeh._sy
[2009/09/01 07:25:52 | 00,012,623 | ---- | C] () -- C:\Documents and Settings\Lise\Application Data\ugaqybuja.ban
[2009/09/01 07:25:52 | 00,011,288 | ---- | C] () -- C:\Documents and Settings\Lise\Application Data\yzadej.lib
[2009/09/01 07:25:52 | 00,010,808 | ---- | C] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\kobakeme.ban
[2009/09/01 07:25:52 | 00,010,694 | ---- | C] () -- C:\WINDOWS\System32\zimetisiz.lib
[2009/09/01 07:25:52 | 00,010,399 | ---- | C] () -- C:\WINDOWS\uvecuzinu.ban
[2009/09/01 07:25:51 | 00,016,187 | ---- | C] () -- C:\WINDOWS\System32\egihahe.pif
[2009/09/01 07:25:51 | 00,014,932 | ---- | C] () -- C:\Documents and Settings\Lise\Application Data\kuwuly.ban
[2009/09/01 07:25:51 | 00,013,622 | ---- | C] () -- C:\WINDOWS\cafupeqe.db
[2009/09/01 07:25:51 | 00,013,183 | ---- | C] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\wuwyvah.bat
[2009/09/01 07:25:51 | 00,011,089 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ymycopa.com
[2009/08/23 12:56:48 | 00,003,532 | ---- | C] () -- C:\drmHeader.bin
[2009/08/23 01:47:07 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[2009/09/02 00:01:18 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lise\Desktop\OTL.exe
[2009/09/01 23:55:12 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Lise\Desktop\settings.dat
[2009/09/01 23:54:27 | 00,019,338 | ---- | M] () -- C:\Program Files\Common Files\imyhe.reg
[2009/09/01 23:54:27 | 00,018,823 | ---- | M] () -- C:\WINDOWS\deguxasa.scr
[2009/09/01 23:54:27 | 00,018,741 | ---- | M] () -- C:\WINDOWS\System32\kipynuruz.inf
[2009/09/01 23:54:27 | 00,018,439 | ---- | M] () -- C:\WINDOWS\System32\vyqamaj.inf
[2009/09/01 23:54:27 | 00,018,333 | ---- | M] () -- C:\Documents and Settings\Lise\Application Data\manafic._dl
[2009/09/01 23:54:27 | 00,017,374 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\xisi.vbs
[2009/09/01 23:54:27 | 00,016,719 | ---- | M] () -- C:\WINDOWS\dirar.com
[2009/09/01 23:54:27 | 00,016,557 | ---- | M] () -- C:\WINDOWS\baqobyno.db
[2009/09/01 23:54:27 | 00,016,179 | ---- | M] () -- C:\Documents and Settings\Lise\Application Data\cuhek.com
[2009/09/01 23:54:27 | 00,013,908 | ---- | M] () -- C:\WINDOWS\durecynuqa.scr
[2009/09/01 23:54:27 | 00,013,135 | ---- | M] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\qobo.vbs
[2009/09/01 23:54:27 | 00,011,914 | ---- | M] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\hotohyj.lib
[2009/09/01 23:54:27 | 00,011,881 | ---- | M] () -- C:\WINDOWS\ynumosej.com
[2009/09/01 23:54:27 | 00,011,408 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\emab.sys
[2009/09/01 23:54:27 | 00,010,772 | ---- | M] () -- C:\WINDOWS\System32\ipegalusi.inf
[2009/09/01 23:54:27 | 00,010,680 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cecuw.exe
[2009/09/01 23:53:49 | 00,001,690 | ---- | M] () -- C:\Documents and Settings\Lise\Desktop\PC_Antispyware2010.lnk
[2009/09/01 23:52:26 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Lise\Desktop\~$lware and Spyware Cleaning Guide.doc
[2009/09/01 23:50:08 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/01 23:49:35 | 00,191,159 | ---- | M] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/09/01 23:48:25 | 00,011,264 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2009/09/01 23:48:24 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009/09/01 23:48:24 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\dllcache\figaro.sys
[2009/09/01 23:48:24 | 00,029,184 | ---- | M] () -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/09/01 23:48:22 | 00,094,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\agp440.sys
[2009/09/01 23:48:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/01 23:47:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/01 23:47:35 | 79,644,6720 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/01 23:46:04 | 06,838,064 | -H-- | M] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\IconCache.db
[2009/09/01 23:36:41 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{01468D4A-634A-4383-B599-D7018E42C8DD}.job
[2009/09/01 19:56:43 | 00,000,615 | ---- | M] () -- C:\Documents and Settings\Lise\Desktop\NTREGOPT.lnk
[2009/09/01 19:56:43 | 00,000,596 | ---- | M] () -- C:\Documents and Settings\Lise\Desktop\ERUNT.lnk
[2009/09/01 19:55:48 | 00,019,998 | ---- | M] () -- C:\Documents and Settings\Lise\Application Data\ymicu.lib
[2009/09/01 19:55:48 | 00,018,563 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ohyneg.inf
[2009/09/01 19:55:48 | 00,018,299 | ---- | M] () -- C:\WINDOWS\System32\wopoc.bin
[2009/09/01 19:55:48 | 00,018,075 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\evikase.lib
[2009/09/01 19:55:48 | 00,017,944 | ---- | M] () -- C:\WINDOWS\System32\exosiri.lib
[2009/09/01 19:55:48 | 00,017,180 | ---- | M] () -- C:\WINDOWS\ymef.bat
[2009/09/01 19:55:48 | 00,016,895 | ---- | M] () -- C:\WINDOWS\ogujij.scr
[2009/09/01 19:55:48 | 00,016,606 | ---- | M] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\otepuqe.ban
[2009/09/01 19:55:48 | 00,015,899 | ---- | M] () -- C:\WINDOWS\ylug.inf
[2009/09/01 19:55:48 | 00,014,613 | ---- | M] () -- C:\WINDOWS\uryj.inf
[2009/09/01 19:55:48 | 00,014,609 | ---- | M] () -- C:\Program Files\Common Files\bujat.vbs
[2009/09/01 19:55:48 | 00,013,447 | ---- | M] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\oxuwyq._sy
[2009/09/01 19:55:48 | 00,012,491 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\yvuriv.lib
[2009/09/01 19:55:48 | 00,010,724 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\lyvojupy.com
[2009/09/01 19:55:48 | 00,010,706 | ---- | M] () -- C:\WINDOWS\orem._dl
[2009/09/01 19:40:31 | 00,076,800 | ---- | M] () -- C:\Documents and Settings\Lise\Desktop\Malware and Spyware Cleaning Guide.doc
[2009/09/01 19:30:36 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/01 19:22:03 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Lise\Desktop\erunt_setup.exe
[2009/09/01 19:04:36 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Lise\Desktop\RootRepeal.exe
[2009/09/01 19:01:57 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Lise\Desktop\SysRestorePoint.exe
[2009/09/01 19:01:34 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lise\Desktop\TFC.exe
[2009/09/01 16:13:04 | 40,462,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/01 16:13:04 | 00,074,621 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/01 08:43:29 | 00,018,485 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\qafud.dl
[2009/09/01 08:43:29 | 00,017,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\atuwycyp.lib
[2009/09/01 08:43:29 | 00,010,314 | ---- | M] () -- C:\WINDOWS\System32\ijiro.dll
[2009/09/01 08:43:28 | 00,019,937 | ---- | M] () -- C:\Program Files\Common Files\amat.sys
[2009/09/01 08:43:28 | 00,019,472 | ---- | M] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\luveqafohi.ban
[2009/09/01 08:43:28 | 00,019,277 | ---- | M] () -- C:\Program Files\Common Files\sebotucat._sy
[2009/09/01 08:43:28 | 00,019,043 | ---- | M] () -- C:\Documents and Settings\Lise\Application Data\fojoporiwe.dl
[2009/09/01 08:43:28 | 00,016,433 | ---- | M] () -- C:\WINDOWS\kynaseciv.dl
[2009/09/01 08:43:28 | 00,015,752 | ---- | M] () -- C:\WINDOWS\izytab.ban
[2009/09/01 08:43:28 | 00,015,528 | ---- | M] () -- C:\WINDOWS\romyresudo.bat
[2009/09/01 08:43:28 | 00,015,210 | ---- | M] () -- C:\WINDOWS\yfida.com
[2009/09/01 08:43:28 | 00,013,843 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iqywive.scr
[2009/09/01 08:43:28 | 00,013,373 | ---- | M] () -- C:\WINDOWS\System32\zavizus.bin
[2009/09/01 08:43:28 | 00,013,325 | ---- | M] () -- C:\WINDOWS\vabibyruf.pif
[2009/09/01 08:43:28 | 00,012,883 | ---- | M] () -- C:\WINDOWS\asopamopen.ban
[2009/09/01 08:43:28 | 00,012,656 | ---- | M] () -- C:\WINDOWS\oleha.pif
[2009/09/01 08:43:28 | 00,012,278 | ---- | M] () -- C:\WINDOWS\System32\eqyc.sys
[2009/09/01 08:43:28 | 00,011,548 | ---- | M] () -- C:\Documents and Settings\Lise\Application Data\lexiduhuz.reg
[2009/09/01 08:43:28 | 00,010,978 | ---- | M] () -- C:\WINDOWS\System32\owufuzyhe.exe
[2009/09/01 08:43:28 | 00,010,068 | ---- | M] () -- C:\WINDOWS\iqacegila.lib
[2009/09/01 07:25:52 | 00,018,325 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\mypipydy.exe
[2009/09/01 07:25:52 | 00,017,583 | ---- | M] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\hicemyw.scr
[2009/09/01 07:25:52 | 00,016,392 | ---- | M] () -- C:\WINDOWS\System32\ehesiveda.pif
[2009/09/01 07:25:52 | 00,016,112 | ---- | M] () -- C:\WINDOWS\System32\okagitom.reg
[2009/09/01 07:25:52 | 00,015,884 | ---- | M] () -- C:\Program Files\Common Files\dyryhuhofi.dl
[2009/09/01 07:25:52 | 00,014,535 | ---- | M] () -- C:\Program Files\Common Files\koxix.pif
[2009/09/01 07:25:52 | 00,014,112 | ---- | M] () -- C:\Documents and Settings\Lise\Application Data\zoxewuwi.bin
[2009/09/01 07:25:52 | 00,013,480 | ---- | M] () -- C:\WINDOWS\System32\asecygeh._sy
[2009/09/01 07:25:52 | 00,012,623 | ---- | M] () -- C:\Documents and Settings\Lise\Application Data\ugaqybuja.ban
[2009/09/01 07:25:52 | 00,011,288 | ---- | M] () -- C:\Documents and Settings\Lise\Application Data\yzadej.lib
[2009/09/01 07:25:52 | 00,011,089 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ymycopa.com
[2009/09/01 07:25:52 | 00,010,808 | ---- | M] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\kobakeme.ban
[2009/09/01 07:25:52 | 00,010,694 | ---- | M] () -- C:\WINDOWS\System32\zimetisiz.lib
[2009/09/01 07:25:52 | 00,010,399 | ---- | M] () -- C:\WINDOWS\uvecuzinu.ban
[2009/09/01 07:25:51 | 00,016,187 | ---- | M] () -- C:\WINDOWS\System32\egihahe.pif
[2009/09/01 07:25:51 | 00,014,932 | ---- | M] () -- C:\Documents and Settings\Lise\Application Data\kuwuly.ban
[2009/09/01 07:25:51 | 00,013,622 | ---- | M] () -- C:\WINDOWS\cafupeqe.db
[2009/09/01 07:25:51 | 00,013,183 | ---- | M] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\wuwyvah.bat
[2009/08/30 10:40:37 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/08/30 10:40:36 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/30 10:40:35 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/27 23:57:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/23 21:21:42 | 00,133,928 | ---- | M] () -- C:\Documents and Settings\Lise\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/23 13:10:44 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/23 13:10:29 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2009/08/23 12:08:11 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/22 21:41:11 | 00,422,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/22 09:40:32 | 00,594,486 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/22 09:40:32 | 00,504,892 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/22 09:40:32 | 00,098,342 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/21 09:15:55 | 00,081,920 | ---- | M] () -- C:\Documents and Settings\Lise\Desktop\Halifax Bank Statments From 01-10-08.xls

========== LOP Check ==========

[2009/09/01 23:54:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/02/02 22:02:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/06/29 09:31:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2007/09/25 14:32:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\billeo
[2008/10/22 20:35:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/03/13 18:03:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2006/11/21 17:40:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/01/05 19:25:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/03/15 13:26:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/08/10 22:16:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2007/09/15 19:32:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2005/12/04 22:14:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2006/10/16 22:53:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/04/20 18:16:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mevo
[2006/07/24 17:51:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2004/07/10 17:16:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/03/15 13:22:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2009/03/15 13:43:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2006/08/09 19:52:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/07/28 08:04:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2008/01/01 17:14:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/06/11 15:15:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2008/01/05 19:29:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/09/01 23:54:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Lise\Application Data
[2008/01/08 20:37:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\Ambient Design
[2008/01/09 19:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\ArcSoft
[2008/08/23 10:49:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\AVGTOOLBAR
[2009/09/01 08:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\BitTorrent
[2008/03/12 20:41:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\BitTorrent DNA
[2006/06/06 12:38:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\BSplayer
[2006/11/21 17:41:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\CyberLink
[2007/09/22 19:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\Desktop Sidebar
[2009/09/02 00:28:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\DNA
[2009/08/10 16:25:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\DVD Flick
[2008/01/07 16:23:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\EPSON
[2009/01/24 11:16:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\Flickr
[2006/10/13 14:28:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\Flock
[2007/08/01 07:40:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\FoxyTunes
[2009/08/10 16:25:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\fretsonfire
[2008/01/11 23:37:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\ICAClient
[2007/10/23 12:12:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\ieSpell
[2007/04/07 11:27:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\IMVU
[2006/11/20 19:48:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\InterVideo
[2009/08/10 19:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\IObit
[2008/01/01 16:12:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\iWin
[2007/03/17 10:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\MSN6
[2009/03/15 13:33:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\Nokia
[2006/12/21 21:05:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\Opera
[2007/09/20 14:56:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\Participatory Culture Foundation
[2009/03/15 13:33:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\PC Suite
[2007/09/20 15:26:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\PCF-VLC
[2007/04/16 18:33:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\Publish Providers
[2007/12/08 23:31:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\Screenshot Sender
[2007/11/01 15:05:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\SecondLife
[2008/07/27 16:18:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\Skinux
[2009/04/20 18:41:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\Slam Dunk Studios, LLC
[2006/11/04 12:30:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\SmartDraw
[2007/04/18 20:31:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\Sony
[2008/01/01 16:11:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\SpinTop
[2009/06/01 07:35:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\StumbleUpon
[2008/08/01 22:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\Teleca
[2006/11/05 22:02:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\Template
[2006/07/08 20:30:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\uTorrent
[2009/08/10 16:25:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\Vso
[2009/09/01 23:48:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\WTablet
[2006/07/20 16:37:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\yoclient
[2006/09/25 11:03:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lise\Application Data\ZangoToolbar
[2009/08/27 23:57:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/01 23:48:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/17 16:48:52 | 00,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2009/09/01 23:36:41 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{01468D4A-634A-4383-B599-D7018E42C8DD}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3F2F06F2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D7DEAA30
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA34E08F
< End of report >

OTL Extras logfile created on: 02/09/2009 00:24:23 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Lise\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

759.48 Mb Total Physical Memory | 175.43 Mb Available Physical Memory | 23.10% Memory free
1.06 Gb Paging File | 0.46 Gb Available in Paging File | 43.66% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 10.16 Gb Free Space | 26.02% Space Free | Partition Type: NTFS
Drive D: | 26.93 Gb Total Space | 25.49 Gb Free Space | 94.65% Space Free | Partition Type: NTFS
Drive E: | 8.53 Gb Total Space | 6.87 Gb Free Space | 80.63% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 298.09 Gb Total Space | 199.91 Gb Free Space | 67.06% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-EU4C7VE7A5
Current User Name: Lise
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM -- (Last.fm)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\full pipe demo\Fullpipe.exe" = C:\Program Files\Steam\steamapps\common\full pipe demo\Fullpipe.exe:*:Enabled:Full Pipe Demo -- ()
"C:\Program Files\Steam\steamapps\common\eets\Eets.exe" = C:\Program Files\Steam\steamapps\common\eets\Eets.exe:*:Enabled:Eets -- ()
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\wik and the fable of souls\Wik.exe" = C:\Program Files\Steam\steamapps\common\wik and the fable of souls\Wik.exe:*:Enabled:Wik and the Fable of Souls Demo -- (Reflexive Entertainment, Inc.)
"C:\Program Files\Steam\steamapps\common\world of goo demo\WorldOfGoo.exe" = C:\Program Files\Steam\steamapps\common\world of goo demo\WorldOfGoo.exe:*:Enabled:World of Goo Demo -- ()
"C:\Program Files\Steam\steamapps\common\raycatcher demo\Raycatcher.exe" = C:\Program Files\Steam\steamapps\common\raycatcher demo\Raycatcher.exe:*:Enabled:Raycatcher Demo -- (GarageGames)
"C:\Program Files\Steam\steamapps\common\mevo and the grooveriders demo\Mevo.exe" = C:\Program Files\Steam\steamapps\common\mevo and the grooveriders demo\Mevo.exe:*:Enabled:Mevo and The Grooveriders Demo -- (RedRocketGames)
"C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe" = C:\Program Files\Mozilla Firefox 3 Beta 3\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0AB149EB-2AE0-466C-9BA4-3A718CF06432}" = Informations about your PC
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{30C10EE3-EFB3-4B7A-9CDC-50790C2B5200}" = CA Licensing
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{57383270-6F61-4DC8-A9B8-C1745FC29F38}" = My-Cam USB Camera(MY-352)
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70C1B926-EFC7-4ED2-AB73-B3A994ADD351}" = muvee autoProducer 3.5 magicMoments_CE - Medion
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7646-A70000000000}" = Adobe Reader 7.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE6397C1-CECA-4EC3-B064-42AED7676898}" = Sony Ericsson PC Suite
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.42
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced Sound Recorder_is1" = Advanced Sound Recorder v6.0
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"ArtRage_is1" = ArtRage 2.2
"AVG8Uninstall" = AVG Free 8.5
"Citrix ICA Web Client" = MetaFrame Presentation Server Web Client for Win32
"CX4300_5500_DX4400 manual" = CX4300_5500_DX4400 manual
"dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 2280] [2008-11-02]
"Flickr Uploadr" = Flickr Uploadr 3.1.3
"Frets on Fire" = Frets On Fire
"gen_msn_adv" = gen_msn_adv 1.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"LastFM_is1" = Last.fm 1.5.4.24567
"LDC Theory Test 2004_is1" = Ver 4.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC_Antispyware2010" = PC Antispyware 2010
"RealPlayer 6.0" = RealPlayer
"Smart Defrag_is1" = Smart Defrag 1.20
"Steam App 22010" = World of Goo Demo
"Steam App 27610" = Mevo and The Grooveriders Demo
"Steam App 32010" = Raycatcher Demo
"Steam App 4610" = Full Pipe Demo
"Steam App 6100" = Eets
"Steam App 7430" = Wik and the Fable of Souls Demo
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"Tablet Driver" = Tablet
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Live Safety Scanner" = Windows Live Safety Scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/07/2009 06:37:01 | Computer Name = YOUR-EU4C7VE7A5 | Source = ESENT | ID = 489
Description = wuauclt (3708) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 18/07/2009 06:37:01 | Computer Name = YOUR-EU4C7VE7A5 | Source = ESENT | ID = 455
Description = wuaueng.dll (3708) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 18/07/2009 06:37:11 | Computer Name = YOUR-EU4C7VE7A5 | Source = ESENT | ID = 489
Description = wuauclt (3708) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 18/07/2009 06:37:11 | Computer Name = YOUR-EU4C7VE7A5 | Source = ESENT | ID = 455
Description = wuaueng.dll (3708) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 19/07/2009 18:39:26 | Computer Name = YOUR-EU4C7VE7A5 | Source = Application Hang | ID = 1002
Description = Hanging application ImageReady.exe, version 8.0.0.117, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/08/2009 17:23:50 | Computer Name = YOUR-EU4C7VE7A5 | Source = MsiInstaller | ID = 11905
Description = Product: ESSgui -- Error 1905.Module C:\Program Files\Kodak\Kodak
EasyShare software\bin\ESCom.dll failed to unregister. HRESULT -2147220472. Contact
your support personnel.

Error - 01/09/2009 03:17:53 | Computer Name = YOUR-EU4C7VE7A5 | Source = Application Error | ID = 1000
Description = Faulting application pc_antispyware2010.exe, version 3.1.7.102, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 01/09/2009 14:30:45 | Computer Name = YOUR-EU4C7VE7A5 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 01/09/2009 16:01:03 | Computer Name = YOUR-EU4C7VE7A5 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office XP Professional with FrontPage -- Error
1706. Setup cannot find the required files. Check your connection to the network,
or CD-ROM drive. For other potential solutions to this problem, see C:\Program
Files\Microsoft Office\Office10\1033\SETUP.HLP.

Error - 01/09/2009 16:01:10 | Computer Name = YOUR-EU4C7VE7A5 | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office XP Professional with FrontPage - Update
'{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}' could not be installed. Error code 1603.
Windows Installer can create logs to help troubleshoot issues with installing software
packages. Use the following link for instructions on turning on logging support:
http://go.microsoft....k/?LinkId=23127

[ System Events ]
Error - 01/09/2009 14:41:04 | Computer Name = YOUR-EU4C7VE7A5 | Source = Service Control Manager | ID = 7034
Description = The EPSON V3 Service4(01) service terminated unexpectedly. It has
done this 1 time(s).

Error - 01/09/2009 14:41:04 | Computer Name = YOUR-EU4C7VE7A5 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 01/09/2009 14:41:05 | Computer Name = YOUR-EU4C7VE7A5 | Source = Service Control Manager | ID = 7034
Description = The SNMP Service service terminated unexpectedly. It has done this
1 time(s).

Error - 01/09/2009 14:41:05 | Computer Name = YOUR-EU4C7VE7A5 | Source = Service Control Manager | ID = 7034
Description = The TabletService service terminated unexpectedly. It has done this
1 time(s).

Error - 01/09/2009 14:41:05 | Computer Name = YOUR-EU4C7VE7A5 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 01/09/2009 14:49:11 | Computer Name = YOUR-EU4C7VE7A5 | Source = Service Control Manager | ID = 7000
Description = The Event Log Watch service failed to start due to the following error:
%%2

Error - 01/09/2009 14:49:20 | Computer Name = YOUR-EU4C7VE7A5 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep

Error - 01/09/2009 16:01:16 | Computer Name = YOUR-EU4C7VE7A5 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8024002d: Office XP Service Pack 3.

Error - 01/09/2009 18:48:42 | Computer Name = YOUR-EU4C7VE7A5 | Source = Service Control Manager | ID = 7000
Description = The Event Log Watch service failed to start due to the following error:
%%2

Error - 01/09/2009 18:48:47 | Computer Name = YOUR-EU4C7VE7A5 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep IntelIde


< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP