Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rogue.sysCleaner and Disabled.securitycenter


  • Please log in to reply

#1
bigtop

bigtop

    New Member

  • Member
  • Pip
  • 1 posts
This happened when I Shift/Clicked on .wav files in WMP11 to select & drag/drop multiple songs to burn to CD. WMP11 went blank except for its border & the hourglass prevented closing; Hit C/A/D to open ProcExp, which took forever to come up; killed WMP process & got BSD; used computer front switch to shut down. Rebooted fine, but DOS box popped up that looked like it was trying to open my other hard drive, so I "x"ed out of it immediately. Everything was very slow.

FOR BOTH HDDs: Updated & ran MWBytes - showed Rogue.sysCleaner removed. Updated and ran SpybotS&D - got long list of cookies, checked all & removed all, as usual. Updated & ran AVGFree - lots of "contains macros" and "locked, not scanned", but no infections. MS Update found NET Framework 3.5 update, but it wouldn't install, even after I removed NET 3.5 and tried to reinstall with the update. Searched for more info & solutions, found ya'll. THANKS FOR ALL YOU'RE DOING!

Followed your Removal Guide procedure, but feel that my user account is still under control of malware. User Accounts has 2 new icons labeled "Mail" and "Windows CardSpace", along with the normal "User Accounts" icon. The 4 User Accounts appear the same, but it seems to me the computer name now has a much shorter string of alphanumerics than before.



Malwarebytes' Anti-Malware 1.44
Database version: 3607
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/21/2010 5:09:40 AM
mbam-log-2010-01-21 (05-09-40).txt

Scan type: Quick Scan
Objects scanned: 126575
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-21 06:27:46
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\RUTHMA~1\LOCALS~1\Temp\fgnyiaoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


OTL logfile created on: 1/21/2010 6:32:47 AM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\Ruth Mary\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 602.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 119.46 Gb Free Space | 80.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 31.48 Gb Total Space | 23.30 Gb Free Space | 73.99% Space Free | Partition Type: NTFS
Drive G: | 7.50 Gb Total Space | 7.12 Gb Free Space | 95.02% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WESTON-D22F5F93
Current User Name: Ruth Mary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/21 06:29:18 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ruth Mary\Desktop\OTL.exe
PRC - [2009/12/31 07:58:37 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/11 14:48:11 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/11 14:48:11 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/12 15:14:15 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/11/12 15:14:14 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/29 08:54:55 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/29 08:54:55 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/29 08:54:53 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/10/29 08:54:53 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 00:56:58 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2001/09/07 15:18:28 | 00,045,056 | ---- | M] (Kensington Technology Group) -- C:\WINDOWS\system32\exshow95.exe


========== Modules (SafeList) ==========

MOD - [2010/01/21 06:29:18 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ruth Mary\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NMSAccess)
SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - [2009/11/12 15:14:14 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/29 08:54:53 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/10/29 08:54:53 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2006/10/22 11:22:00 | 00,159,810 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2004/08/04 00:56:58 | 00,032,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ixquick.c...ng/?th=daybreak
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Startpage"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ixquick.c...g/?th=daybreak"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/15 14:33:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/16 05:48:56 | 00,000,000 | ---D | M]

[2010/01/15 14:33:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\Mozilla\Extensions
[2010/01/20 11:02:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\Mozilla\Firefox\Profiles\81xen8xv.default\extensions
[2010/01/15 14:39:35 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Ruth Mary\Application Data\Mozilla\Firefox\Profiles\81xen8xv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/20 17:19:48 | 00,001,589 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Application Data\Mozilla\Firefox\Profiles\81xen8xv.default\searchplugins\ixquick.xml
[2010/01/20 17:19:48 | 00,005,471 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Application Data\Mozilla\Firefox\Profiles\81xen8xv.default\searchplugins\startpage.xml
[2010/01/20 11:02:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/20 06:18:37 | 00,416,382 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.abx4.com # [Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 acezip.net # [SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net # [Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net # [eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtb5.acecounter.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com # [eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 acestats.com
O1 - Hosts: 127.0.0.1 www.acestats.com
O1 - Hosts: 14023 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.1\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EXSHOW95.EXE] C:\WINDOWS\System32\exshow95.exe (Kensington Technology Group)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft....k/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} http://zone.msn.com/...pcaploader1.cab (Reg Error: Key error.)
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} http://www.xblock.co...clean_micro.exe (Reg Error: Key error.)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1228421602890 (MUCatalogWebControl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1263386570671 (WUWebControl Class)
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} http://zone.msn.com/...t/atomaders.cab (AtlAtomadersCtlAttrib Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1258041374406 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://zone.msn.com/...mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} http://zone.msn.com/...undLauncher.cab (AstoundLauncher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} http://91.199.104.31...ActiveQscan.cab (Confirmation)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Program) - File not found
O20 - AppInit_DLLs: (Files\RelevantKnowledge\rlai.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\PROGRAM FILES\PROCESSEXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/22 13:39:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/03/22 13:38:31 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (53765113575899136)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/21 06:29:15 | 00,546,816 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ruth Mary\Desktop\OTL.exe
[2010/01/21 05:12:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ruth Mary\Desktop\gmer
[2010/01/21 05:01:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/21 05:01:11 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/21 04:59:54 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Ruth Mary\Desktop\erunt_setup.exe
[2010/01/21 04:52:36 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ruth Mary\Desktop\TFC.exe
[2010/01/20 19:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ruth Mary\My Documents\HOSPITAL DESKTOP
[2010/01/20 19:47:51 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Ruth Mary\Recent
[2010/01/19 09:20:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ruth Mary\Application Data\dvdcss
[2010/01/19 05:14:15 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2010/01/19 04:48:48 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2010/01/19 04:09:49 | 00,000,000 | ---D | C] -- C:\Program Files\Solveig Multimedia
[2010/01/18 10:29:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ruth Mary\Local Settings\Application Data\PackageAware
[2010/01/18 10:19:31 | 00,000,000 | ---D | C] -- C:\Program Files\plugins
[2010/01/18 10:19:31 | 00,000,000 | ---D | C] -- C:\Program Files\aviproxy
[2010/01/18 05:15:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ruth Mary\My Documents\Downloads
[2010/01/18 04:20:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ruth Mary\Application Data\vlc
[2010/01/18 04:03:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ruth Mary\Desktop\SuBo
[2010/01/16 12:49:07 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/01/16 09:35:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ruth Mary\My Documents\dvd
[2010/01/16 09:04:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ruth Mary\My Documents\DVD Flick Manual
[2010/01/16 08:59:14 | 00,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\ssubtmr6.dll
[2010/01/16 08:59:13 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2010/01/15 14:55:24 | 00,000,000 | ---D | C] -- C:\Program Files\ConvertHelper
[2010/01/15 14:33:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ruth Mary\Application Data\Mozilla
[2010/01/13 09:04:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ruth Mary\Local Settings\Application Data\PCHealth
[2009/10/29 08:52:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/10/29 08:52:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/29 08:52:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/29 08:52:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/12 06:06:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/09/24 05:26:44 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ruth Mary\Application Data\pcouffin.sys
[2007/12/13 03:56:15 | 02,228,534 | ---- | C] ( ) -- C:\Program Files\audacity-win-1.2.6.exe

========== Files - Modified Within 14 Days ==========

[2010/01/21 06:29:18 | 00,546,816 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ruth Mary\Desktop\OTL.exe
[2010/01/21 05:12:04 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\gmer.zip
[2010/01/21 05:01:17 | 00,000,614 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\NTREGOPT.lnk
[2010/01/21 05:01:15 | 00,000,595 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\ERUNT.lnk
[2010/01/21 04:59:54 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Ruth Mary\Desktop\erunt_setup.exe
[2010/01/21 04:55:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/21 04:54:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/21 04:53:47 | 08,912,896 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\ntuser.dat
[2010/01/21 04:53:47 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Ruth Mary\ntuser.ini
[2010/01/21 04:52:37 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ruth Mary\Desktop\TFC.exe
[2010/01/21 04:35:46 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/20 22:50:27 | 00,091,860 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\AVGscan.csv
[2010/01/20 18:56:44 | 00,524,414 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/20 18:56:44 | 00,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/20 18:56:44 | 00,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/20 17:53:07 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/20 17:53:07 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/20 17:53:05 | 00,000,683 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/20 16:57:29 | 54,428,785 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/20 11:48:51 | 00,000,171 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/01/20 07:33:07 | 00,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/20 06:18:37 | 00,416,382 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/01/20 05:23:28 | 24,431,874 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\Susan Boyle and Oprah Part 3.mp4
[2010/01/20 05:18:38 | 17,691,061 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\Susan Boyle and Oprah Part 2.mp4
[2010/01/20 05:17:26 | 39,970,816 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\100739748.mpg
[2010/01/20 05:14:01 | 17,097,544 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\Susan Boyle and Oprah Part 1.mp4
[2010/01/19 19:06:21 | 31,732,461 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\20100113_tows_susan-boyle-performs.mp4
[2010/01/19 14:58:57 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/19 11:12:53 | 18,168,680 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\Susan Boyle Versão Completa Legendado PT BR.mp4
[2010/01/19 11:07:33 | 10,235,450 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\erviewed on Good Morning America - Singer Reacts to Web Fame.mp4
[2010/01/19 11:05:02 | 05,519,062 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\Susan Boyle Interview Britain_s Got Talent 2009.mp4
[2010/01/19 10:52:38 | 26,280,687 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\Full Version. Susan Boyle - Britain_s Got Talent..mp4
[2010/01/19 06:19:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/19 05:14:15 | 00,356,352 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2010/01/19 04:05:26 | 03,618,761 | ---- | M] () -- C:\Program Files\SolveigMM AVI Trimmer 1.6.912.18.exe
[2010/01/18 10:07:45 | 00,416,246 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100120-061836.backup
[2010/01/18 07:35:10 | 29,368,320 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\san Boyle on France 2 Roumanoff c_est rigolo- Cry Me A River.mpg
[2010/01/18 04:18:06 | 00,000,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/01/17 13:57:32 | 19,431,695 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\Memory BGT Live Tour Wembley Arena June 21th 2009.mp4
[2010/01/16 15:35:11 | 29,709,625 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\BGT Final Performance.mp4
[2010/01/16 15:28:34 | 47,029,550 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\BGT Final Results.mp4
[2010/01/16 15:16:09 | 47,873,026 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\SemiFinalBGTSegment.mp4
[2010/01/16 14:36:26 | 00,119,445 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\The Susan Boyle Story2.dfproj
[2010/01/13 11:32:46 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2010/01/13 10:15:50 | 00,000,441 | -HS- | M] () -- C:\boot.ini
[2010/01/13 08:51:22 | 00,001,605 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/13 08:13:10 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/01/11 06:14:55 | 00,001,551 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\CCleaner.lnk
[2010/01/10 04:16:08 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Ruth Mary\Desktop\Microsoft Office Word 2003.lnk
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/01/21 05:12:03 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\gmer.zip
[2010/01/21 05:01:17 | 00,000,614 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\NTREGOPT.lnk
[2010/01/21 05:01:15 | 00,000,595 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\ERUNT.lnk
[2010/01/20 22:50:27 | 00,091,860 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\AVGscan.csv
[2010/01/20 18:56:04 | 00,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2010/01/20 18:56:04 | 00,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2010/01/20 18:56:04 | 00,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2010/01/20 18:56:04 | 00,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2010/01/20 18:56:04 | 00,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2010/01/20 18:56:04 | 00,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2010/01/20 18:56:04 | 00,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2010/01/20 18:56:04 | 00,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2010/01/20 18:56:04 | 00,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2010/01/20 18:56:04 | 00,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2010/01/20 18:56:04 | 00,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2010/01/20 18:56:03 | 00,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2010/01/20 18:56:03 | 00,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2010/01/20 18:56:03 | 00,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2010/01/20 18:56:03 | 00,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2010/01/20 18:56:03 | 00,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2010/01/20 18:56:03 | 00,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2010/01/20 05:18:55 | 24,431,874 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\Susan Boyle and Oprah Part 3.mp4
[2010/01/20 05:15:08 | 17,691,061 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\Susan Boyle and Oprah Part 2.mp4
[2010/01/20 05:10:58 | 17,097,544 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\Susan Boyle and Oprah Part 1.mp4
[2010/01/20 05:04:52 | 39,970,816 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\100739748.mpg
[2010/01/19 19:05:11 | 31,732,461 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\20100113_tows_susan-boyle-performs.mp4
[2010/01/19 11:05:20 | 10,235,450 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\erviewed on Good Morning America - Singer Reacts to Web Fame.mp4
[2010/01/19 11:04:02 | 05,519,062 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\Susan Boyle Interview Britain_s Got Talent 2009.mp4
[2010/01/19 11:01:06 | 18,168,680 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\Susan Boyle Versão Completa Legendado PT BR.mp4
[2010/01/19 10:47:07 | 26,280,687 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\Full Version. Susan Boyle - Britain_s Got Talent..mp4
[2010/01/19 04:48:48 | 00,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/19 04:48:48 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/19 04:48:48 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2010/01/18 07:27:05 | 29,368,320 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\san Boyle on France 2 Roumanoff c_est rigolo- Cry Me A River.mpg
[2010/01/18 04:18:06 | 00,000,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/01/17 13:54:30 | 19,431,695 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\Memory BGT Live Tour Wembley Arena June 21th 2009.mp4
[2010/01/16 15:30:33 | 29,709,625 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\BGT Final Performance.mp4
[2010/01/16 15:21:00 | 47,029,550 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\BGT Final Results.mp4
[2010/01/16 15:08:21 | 47,873,026 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\SemiFinalBGTSegment.mp4
[2010/01/16 14:36:26 | 00,119,445 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Desktop\The Susan Boyle Story2.dfproj
[2010/01/13 08:51:22 | 00,001,605 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/13 08:13:10 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/12/18 16:23:36 | 03,618,761 | ---- | C] () -- C:\Program Files\SolveigMM AVI Trimmer 1.6.912.18.exe
[2009/12/06 07:21:53 | 00,000,171 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/16 19:14:14 | 00,000,036 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Local Settings\Application Data\housecall.guid.cache
[2008/09/25 10:27:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2008/09/24 05:27:12 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Application Data\vso_ts_preview.xml
[2008/09/24 05:26:52 | 00,000,033 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Application Data\pcouffin.log
[2008/09/24 05:26:44 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Application Data\inst.exe
[2008/09/24 05:26:44 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Application Data\pcouffin.cat
[2008/09/24 05:26:44 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Application Data\pcouffin.inf
[2008/05/25 08:23:23 | 47,787,248 | ---- | C] () -- C:\Program Files\avg_free_stf_en_8_100a1295.exe
[2008/05/09 07:08:10 | 01,604,124 | ---- | C] () -- C:\Program Files\ProcessExplorer.zip
[2008/04/02 06:38:03 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/12/18 13:48:38 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/18 13:46:42 | 00,000,044 | ---- | C] () -- C:\WINDOWS\EPCX8400.ini
[2007/07/13 06:08:33 | 00,018,944 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/25 09:52:53 | 00,000,066 | ---- | C] () -- C:\Documents and Settings\Ruth Mary\Application Data\Setup.txt
[2007/03/24 08:41:16 | 00,150,192 | ---- | C] () -- C:\Program Files\TweakUiPowertoySetup.exe
[2007/03/24 07:29:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\STMMain.INI
[2007/03/24 07:19:41 | 00,000,018 | ---- | C] () -- C:\WINDOWS\Epson440.ini
[2007/03/23 04:53:01 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/22 13:52:46 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2007/03/22 13:52:01 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2007/03/05 12:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/06 23:58:00 | 00,000,846 | ---- | C] () -- C:\WINDOWS\xxclone.ini
[2006/10/22 11:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 11:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 11:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 11:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 11:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2003/07/28 14:19:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/07/28 14:19:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/05/29 10:23:34 | 00,002,918 | ---- | C] () -- C:\WINDOWS\System32\kid_inst.dll

========== LOP Check ==========

[2009/10/29 08:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/12/08 07:16:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/05/25 08:28:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/05/30 11:03:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2009/12/05 08:15:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/02/07 18:25:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/09/24 04:56:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/07/25 09:06:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2007/09/09 09:01:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/07/25 09:13:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/12/05 08:16:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2008/05/30 12:01:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/09/17 17:43:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2009/12/21 06:46:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoConverter
[2008/05/01 15:57:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\abelhadigital.com
[2009/12/17 10:28:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\Ashampoo
[2009/12/25 21:12:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\Audacity
[2008/06/30 11:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\Canneverbe_Limited
[2008/08/19 06:34:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/12/18 14:10:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\EPSON
[2008/03/12 03:53:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\funkitron
[2009/12/21 16:30:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\HandBrake
[2007/12/18 14:06:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\Leadertech
[2008/09/24 05:41:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\NCH Swift Sound
[2007/08/24 02:46:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\Nvu
[2008/02/07 08:42:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\OfficeUpdate12
[2008/07/28 17:24:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\PlayFirst
[2009/03/31 04:27:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\QuickScan
[2007/03/25 09:52:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\Simple Star
[2009/12/21 16:31:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\Uniblue
[2008/09/24 05:34:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ruth Mary\Application Data\Vso
[2010/01/19 06:19:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/02/28 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2006/02/28 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Driver Export\hdc\primary_ide_channel\atapi.sys
[2006/02/28 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Driver Export\hdc\secondary_ide_channel\atapi.sys
[2006/02/28 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2006/02/28 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2006/02/28 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2006/02/28 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/02/28 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2006/02/28 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2006/02/28 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54CB420C
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:00C31200
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CE0A077E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91EA783C
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B203B914
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981884E7
< End of report >


OTL Extras logfile created on: 1/21/2010 6:32:47 AM - Run 1
OTL by OldTimer - Version 3.1.25.3 Folder = C:\Documents and Settings\Ruth Mary\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 602.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 119.46 Gb Free Space | 80.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 31.48 Gb Total Space | 23.30 Gb Free Space | 73.99% Space Free | Partition Type: NTFS
Drive G: | 7.50 Gb Total Space | 7.12 Gb Free Space | 95.02% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WESTON-D22F5F93
Current User Name: Ruth Mary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:MSI starter -- File not found
"C:\Documents and Settings\Ruth Mary\Local Settings\Temp\Nero Web\SetupXu.exe" = C:\Documents and Settings\Ruth Mary\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:MSI starter -- File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\Temp\~os2.tmp\ossproxy.exe" = C:\WINDOWS\Temp\~os2.tmp\ossproxy.exe:*:Enabled:ossproxy.exe -- File not found
"C:\Program Files\Lavasoft\Ad-Aware\lsupdatemanager.exe" = C:\Program Files\Lavasoft\Ad-Aware\lsupdatemanager.exe:*:Enabled:Software update -- File not found
"C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe:*:Enabled:Update Spybot-S&D -- (Safer Networking Limited)
"C:\Program Files\K-Lite Codec Pack\Filters\ac3config.exe" = C:\Program Files\K-Lite Codec Pack\Filters\ac3config.exe:*:Enabled:AC3Filter -- File not found
"C:\Program Files\Selectsoft\Best Game Hits 3\Pool Champ 3D\PoolChamp.exe" = C:\Program Files\Selectsoft\Best Game Hits 3\Pool Champ 3D\PoolChamp.exe:*:Disabled:PoolCham Application -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe:*:Disabled:Adobe Reader and Acrobat Manager -- (Adobe Systems Incorporated)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX8400 Series Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"AddressBook" =
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"AVG9Uninstall" = AVG Free 9.0
"Branding" =
"CCleaner" = CCleaner
"Connection Manager" =
"DirectAnimation" =
"DirectDrawEx" =
"DXM_Runtime" =
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Fontcore" =
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie8" = Windows Internet Explorer 8
"IEData" =
"InstallShield Uninstall Information" =
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MobileOptionPack" =
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OutlookExpress" =
"SchedulingAgent" =
"Silent Package Run-Time Sample" = EPSON CX8400 User's Guide
"VLC media player" = VLC media player 1.0.3
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"XXClone" = XXClone ver 0.58.0
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/16/2009 8:37:34 PM | Computer Name = WESTON-D22F5F93 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/5/2009 9:07:18 AM | Computer Name = WESTON-D22F5F93 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application mspview.exe, version 11.0.8166.2, stamp 4616c203,
faulting module kernel32.dll, version 5.1.2600.3541, stamp 49c4f751, debug? 0,
fault address 0x00012a6b.

Error - 12/5/2009 9:11:30 AM | Computer Name = WESTON-D22F5F93 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application mspview.exe, version 11.0.8166.2, stamp 4616c203,
faulting module kernel32.dll, version 5.1.2600.3541, stamp 49c4f751, debug? 0,
fault address 0x00012a6b.

Error - 1/13/2010 9:01:28 AM | Computer Name = WESTON-D22F5F93 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 1/13/2010 9:44:27 AM | Computer Name = WESTON-D22F5F93 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 1/20/2010 5:55:57 PM | Computer Name = WESTON-D22F5F93 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 1/21/2010 5:25:50 AM | Computer Name = WESTON-D22F5F93 | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 2064 ,Logged: Success: C:\Program Files\Windows Installer Clean
Up\msizap.exe TW! {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Error - 1/21/2010 5:26:43 AM | Computer Name = WESTON-D22F5F93 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 1/21/2010 5:34:13 AM | Computer Name = WESTON-D22F5F93 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 1/21/2010 5:34:19 AM | Computer Name = WESTON-D22F5F93 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb958484,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

[ Application Events ]
Error - 11/16/2009 8:37:34 PM | Computer Name = WESTON-D22F5F93 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/5/2009 9:07:18 AM | Computer Name = WESTON-D22F5F93 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application mspview.exe, version 11.0.8166.2, stamp 4616c203,
faulting module kernel32.dll, version 5.1.2600.3541, stamp 49c4f751, debug? 0,
fault address 0x00012a6b.

Error - 12/5/2009 9:11:30 AM | Computer Name = WESTON-D22F5F93 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application mspview.exe, version 11.0.8166.2, stamp 4616c203,
faulting module kernel32.dll, version 5.1.2600.3541, stamp 49c4f751, debug? 0,
fault address 0x00012a6b.

Error - 1/13/2010 9:01:28 AM | Computer Name = WESTON-D22F5F93 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 1/13/2010 9:44:27 AM | Computer Name = WESTON-D22F5F93 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 1/20/2010 5:55:57 PM | Computer Name = WESTON-D22F5F93 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,
P2 1033, P3 1635, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 1/21/2010 5:25:50 AM | Computer Name = WESTON-D22F5F93 | Source = VBRuntime | ID = 1
Description = The VB Application identified by the event source logged this Application
MSICUU: Thread ID: 2064 ,Logged: Success: C:\Program Files\Windows Installer Clean
Up\msizap.exe TW! {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Error - 1/21/2010 5:26:43 AM | Computer Name = WESTON-D22F5F93 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 1/21/2010 5:34:13 AM | Computer Name = WESTON-D22F5F93 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 1/21/2010 5:34:19 AM | Computer Name = WESTON-D22F5F93 | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb958484,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

[ System Events ]
Error - 1/21/2010 6:03:04 AM | Computer Name = WESTON-D22F5F93 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/21/2010 6:03:04 AM | Computer Name = WESTON-D22F5F93 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/21/2010 6:03:05 AM | Computer Name = WESTON-D22F5F93 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/21/2010 6:03:05 AM | Computer Name = WESTON-D22F5F93 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/21/2010 6:03:05 AM | Computer Name = WESTON-D22F5F93 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/21/2010 6:03:05 AM | Computer Name = WESTON-D22F5F93 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/21/2010 6:03:05 AM | Computer Name = WESTON-D22F5F93 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/21/2010 6:12:04 AM | Computer Name = WESTON-D22F5F93 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/21/2010 6:12:04 AM | Computer Name = WESTON-D22F5F93 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/21/2010 7:30:33 AM | Computer Name = WESTON-D22F5F93 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >

AVG log available on request. Thank you so, so much!
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP