ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/29 20:07
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS
Address: 0xF77AB000 Size: 57344 File Visible: - Signed: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF773C000 Size: 187776 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -
Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF7BA7000 Size: 11648 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF3236000 Size: 138496 File Visible: - Signed: -
Status: -
Name: aliide.sys
Image Path: aliide.sys
Address: 0xF7C8F000 Size: 5248 File Visible: - Signed: -
Status: -
Name: amdk7.sys
Image Path: C:\WINDOWS\System32\DRIVERS\amdk7.sys
Address: 0xF799B000 Size: 37760 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF76D6000 Size: 96512 File Visible: - Signed: -
Status: -
Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA0B000 Size: 229376 File Visible: - Signed: -
Status: -
Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D5000 Size: 221184 File Visible: - Signed: -
Status: -
Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF67FA000 Size: 815104 File Visible: - Signed: -
Status: -
Name: ati3d1ag.dll
Image Path: C:\WINDOWS\System32\ati3d1ag.dll
Address: 0xBFA43000 Size: 872448 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF7DA9000 Size: 3072 File Visible: - Signed: -
Status: -
Name: BATTC.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\BATTC.SYS
Address: 0xF7BA3000 Size: 16384 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7B9B000 Size: 12288 File Visible: - Signed: -
Status: -
Name: caliaud.sys
Image Path: C:\WINDOWS\system32\drivers\caliaud.sys
Address: 0xF673E000 Size: 291328 File Visible: - Signed: -
Status: -
Name: calihal.sys
Image Path: C:\WINDOWS\system32\drivers\calihal.sys
Address: 0xF6786000 Size: 244608 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF01E9000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF79FB000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF77EB000 Size: 53248 File Visible: - Signed: -
Status: -
Name: CmBatt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\CmBatt.sys
Address: 0xF7C87000 Size: 13952 File Visible: - Signed: -
Status: -
Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF7B9F000 Size: 10240 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF77DB000 Size: 36352 File Visible: - Signed: -
Status: -
Name: DP83815.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\DP83815.SYS
Address: 0xF7AD3000 Size: 18432 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF79BB000 Size: 61440 File Visible: - Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF6333000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7EAF000 Size: 4096 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF7AC3000 Size: 27392 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF785B000 Size: 44544 File Visible: - Signed: -
Status: -
Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF7B6B000 Size: 20480 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF76B6000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7D07000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF76EE000 Size: 125056 File Visible: - Signed: -
Status: -
Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xF783B000 Size: 40960 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EE000 Size: 81152 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF7B8B000 Size: 28672 File Visible: - Signed: -
Status: -
Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xF6506000 Size: 703232 File Visible: - Signed: -
Status: -
Name: HSF_DPV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
Address: 0xF65B2000 Size: 1038208 File Visible: - Signed: -
Status: -
Name: HSFHWALI.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWALI.sys
Address: 0xF66B0000 Size: 205696 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xEF443000 Size: 264832 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF79CB000 Size: 52480 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xF79EB000 Size: 42112 File Visible: - Signed: -
Status: -
Name: ip6fw.sys
Image Path: C:\WINDOWS\system32\drivers\ip6fw.sys
Address: 0xF798B000 Size: 36608 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xF32EB000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xF33CA000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF778B000 Size: 37248 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF7AB3000 Size: 24576 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7C8B000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xEE8F7000 Size: 172416 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xF66F7000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF768D000 Size: 92928 File Visible: - Signed: -
Status: -
Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xF77FB000 Size: 57472 File Visible: - Signed: -
Status: -
Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xEFF8F000 Size: 12672 File Visible: - Signed: -
Status: -
Name: mfeapfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeapfk.sys
Address: 0xEFEC7000 Size: 57376 File Visible: - Signed: -
Status: -
Name: mfeavfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeavfk.sys
Address: 0xF3CAA000 Size: 65280 File Visible: - Signed: -
Status: -
Name: mfebopk.sys
Image Path: C:\WINDOWS\system32\drivers\mfebopk.sys
Address: 0xF2145000 Size: 27168 File Visible: - Signed: -
Status: -
Name: mfehidk.sys
Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys
Address: 0xEFD0F000 Size: 163424 File Visible: - Signed: -
Status: -
Name: mferkdk.sys
Image Path: C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
Address: 0xF7A4B000 Size: 24960 File Visible: - Signed: -
Status: -
Name: mfetdik.sys
Image Path: C:\WINDOWS\system32\drivers\mfetdik.sys
Address: 0xF797B000 Size: 45152 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7D09000 Size: 4224 File Visible: - Signed: -
Status: -
Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF7ACB000 Size: 30080 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF7ABB000 Size: 23040 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF77BB000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xF02D9000 Size: 180608 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xF3106000 Size: 455296 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7A33000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF78CB000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF7560000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF75A5000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF75D3000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF7570000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xF047A000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF6498000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF6DF6000 Size: 40576 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF79AB000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xF32C3000 Size: 162816 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7A3B000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7600000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7E50000 Size: 2944 File Visible: - Signed: -
Status: -
Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF779B000 Size: 61696 File Visible: - Signed: -
Status: -
Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7D53000 Size: 4096 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xF66E3000 Size: 80128 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7A13000 Size: 19712 File Visible: - Signed: -
Status: -
Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF7D23000 Size: 6784 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF772B000 Size: 68224 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7A0B000 Size: 28672 File Visible: - Signed: -
Status: -
Name: pcmcia.sys
Image Path: pcmcia.sys
Address: 0xF770D000 Size: 120192 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF671A000 Size: 147456 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xF6487000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF7AE3000 Size: 17792 File Visible: - Signed: -
Status: -
Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF780B000 Size: 37056 File Visible: - Signed: -
Status: -
Name: RapportKELL.sys
Image Path: C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys
Address: 0xF784B000 Size: 51968 File Visible: - Signed: -
Status: -
Name: RapportPG.sys
Image Path: C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
Address: 0xF3176000 Size: 233728 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF68D5000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF789B000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF78AB000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF78BB000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF7AEB000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xF31B0000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7D0B000 Size: 4224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF782B000 Size: 57600 File Visible: - Signed: -
Status: -
Name: RootMdm.sys
Image Path: C:\WINDOWS\System32\Drivers\RootMdm.sys
Address: 0xF7CD3000 Size: 5888 File Visible: - Signed: -
Status: -
Name: rootrepeal[1].sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal[1].sys
Address: 0xEE922000 Size: 49152 File Visible: No Signed: -
Status: -
Name: RT61.sys
Image Path: C:\WINDOWS\system32\DRIVERS\RT61.sys
Address: 0xF64AF000 Size: 352768 File Visible: - Signed: -
Status: -
Name: SCDEmu.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCDEmu.SYS
Address: 0xF7A43000 Size: 30560 File Visible: - Signed: -
Status: -
Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xF7C7F000 Size: 15744 File Visible: - Signed: -
Status: -
Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xF79DB000 Size: 64512 File Visible: - Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF76A4000 Size: 73472 File Visible: - Signed: -
Status: -
Name: srescan.sys
Image Path: srescan.sys
Address: 0xF75BF000 Size: 81920 File Visible: No Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xF0147000 Size: 333952 File Visible: - Signed: -
Status: -
Name: ss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ss.sys
Address: 0xF7AF3000 Size: 19968 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF7CD5000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF2FDC000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xF3371000 Size: 361600 File Visible: - Signed: -
Status: -
Name: tcpip6.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip6.sys
Address: 0xF3339000 Size: 225856 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF7ADB000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF78DB000 Size: 40704 File Visible: - Signed: -
Status: -
Name: truecrypt.sys
Image Path: C:\WINDOWS\System32\drivers\truecrypt.sys
Address: 0xF3203000 Size: 208512 File Visible: - Signed: -
Status: -
Name: tunmp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tunmp.sys
Address: 0xF7C7B000 Size: 12288 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF6429000 Size: 384768 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF7CFD000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF790B000 Size: 59520 File Visible: - Signed: -
Status: -
Name: usbohci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbohci.sys
Address: 0xF7AAB000 Size: 17152 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF67C2000 Size: 147456 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7B93000 Size: 20992 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF67E6000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF77CB000 Size: 52352 File Visible: - Signed: -
Status: -
Name: vsdatant.sys
Image Path: C:\WINDOWS\System32\vsdatant.sys
Address: 0xF3258000 Size: 438272 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF786B000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7B7B000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xEF6B2000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7C8D000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189056 File Visible: - Signed: -
Status: -
Malwarebytes' Anti-Malware 1.40
Database version: 2712
Windows 5.1.2600 Service Pack 3
29/08/2009 20:28:44
mbam-log-2009-08-29 (20-28-44).txt
Scan type: Quick Scan
Objects scanned: 110448
Time elapsed: 12 minute(s), 21 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\kbiwkmhoymodqb.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\kbiwkmwtgenmod.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\kbiwkmxoyibqux.sys (Trojan.TDSS) -> Delete on reboot.
OTL logfile created on: 29/08/2009 20:11:46 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = D:\My Documents\Technical
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1014.48 Mb Total Physical Memory | 359.46 Mb Available Physical Memory | 35.43% Memory free
919.56 Mb Paging File | 387.72 Mb Available in Paging File | 42.16% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 4.81 Gb Free Space | 24.04% Space Free | Partition Type: NTFS
Drive D: | 17.25 Gb Total Space | 16.30 Gb Free Space | 94.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NICHOLAS-8H08K5
Current User Name: Nick
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2004/05/15 18:27:50 | 00,397,312 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/02/16 01:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2009/06/29 12:43:25 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2007/09/11 01:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/11/23 09:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2009/07/25 06:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/20 11:52:13 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/02/22 21:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/02/22 21:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/12/19 12:27:54 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/06/29 14:23:32 | 00,053,248 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe
PRC - [2009/06/25 12:35:08 | 00,664,808 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2002/08/29 14:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/02/06 12:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/14 02:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/06/25 12:35:08 | 01,135,848 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2006/07/20 07:55:42 | 01,617,920 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D9010\Belkinwcui.exe
PRC - [2005/01/19 11:05:48 | 00,221,184 | ---- | M] (Labtec Inc.) -- C:\WINDOWS\System32\LVCOMSX.EXE
PRC - [2009/01/13 15:48:24 | 00,632,048 | ---- | M] (eBay Inc.) -- C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
PRC - [2009/06/29 12:43:35 | 00,520,024 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/02/16 01:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/10/25 12:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/02/22 21:50:00 | 00,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2006/12/19 12:27:00 | 00,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/07/25 06:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/06/23 17:05:46 | 00,176,128 | ---- | M] () -- C:\Documents and Settings\Nick\Application Data\Transcend\SJelite3\SJelite3Launch.exe
PRC - [2006/12/19 16:06:00 | 00,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/29 10:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/08/29 20:10:55 | 00,514,048 | ---- | M] (OldTimer Tools) -- D:\My Documents\Technical\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2007/06/25 17:28:08 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2007/09/11 01:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0 [Auto | Running])
SRV - File not found -- -- (AdobeAdobeActiveFileMonitor6.0 [Auto | Stopped])
SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/05/15 18:27:50 | 00,397,312 | ---- | M] () -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - File not found -- -- (BOCore [Disabled | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/11/23 09:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2005/09/29 18:02:26 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\System32\dlcfcoms.exe -- (dlcf_device [On_Demand | Stopped])
SRV - [2008/03/22 14:57:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/20 11:52:13 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate [Auto | Stopped])
SRV - [2008/04/14 02:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/07/25 06:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/06/29 12:43:25 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2006/12/19 12:24:50 | 00,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Running])
SRV - [2007/02/22 21:50:00 | 00,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/02/22 21:50:00 | 00,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [Unknown | Running])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/10/25 12:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/11/04 02:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/06/29 14:23:32 | 00,053,248 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
SRV - [2003/03/09 22:31:02 | 00,065,795 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2009/06/25 12:35:08 | 00,664,808 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService [Auto | Running])
SRV - [2007/02/10 06:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Stopped])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2009/02/16 01:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.1.1:8080
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/11 09:36:26 | 00,000,000 | ---D | M]
O1 HOSTS File: (288070 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 9953 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4dfb-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (eBay Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (eBay Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)
O4 - HKLM..\Run: [F5D9010] C:\Program Files\Belkin\F5D9010\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE (Labtec Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SJelite3Launch] C:\Documents and Settings\Nick\Application Data\Transcend\SJelite3\SJelite3Launch.exe ()
O4 - Startup: C:\Documents and Settings\Nick\Start Menu\Programs\Startup\AutorunsDisabled [2009/08/02 11:44:50 | 00,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} http://h30155.www3.h...tallMgr_v01.cab (FixController Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1161077009831 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1161078116030 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://kaplanprofes...ing/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/17 10:15:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1b6255e0-600c-11db-b27d-000bcd34573b}\Shell - "" = AutoRun
O33 - MountPoints2\{1b6255e0-600c-11db-b27d-000bcd34573b}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/08/29 20:04:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\settings.dat
[2009/08/29 20:00:45 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\NTREGOPT.lnk
[2009/08/29 20:00:45 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\ERUNT.lnk
[2009/08/29 19:34:24 | 00,000,468 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\Geeks-to-Go!.url
[2009/08/29 19:20:20 | 10,638,33600 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/29 16:59:48 | 00,000,960 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/28 10:26:29 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/08/28 10:25:52 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/08/16 17:44:40 | 00,000,284 | ---- | C] () -- C:\Documents and Settings\Nick\Desktop\SJelite3.lnk
[2009/08/16 17:42:52 | 00,053,248 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe
[2009/08/16 17:03:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Nick\Application Data\Transcend
========== Files - Modified Within 14 Days ==========
[2009/08/29 20:08:15 | 00,000,468 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Geeks-to-Go!.url
[2009/08/29 20:04:41 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\settings.dat
[2009/08/29 20:00:45 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\NTREGOPT.lnk
[2009/08/29 20:00:45 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\ERUNT.lnk
[2009/08/29 19:57:41 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/29 19:45:37 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/29 19:45:20 | 00,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/29 19:43:56 | 00,350,197 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/08/29 19:41:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/29 19:40:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/29 19:40:53 | 10,638,33600 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/29 19:18:47 | 00,000,960 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/08/29 17:33:31 | 00,000,356 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\ViaMichelin.url
[2009/08/29 10:13:54 | 00,000,276 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\Yahoo! Mail.url
[2009/08/28 09:59:42 | 00,000,194 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\KOL WELCOME.url
[2009/08/24 12:42:42 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/23 13:00:02 | 00,000,386 | ---- | M] () -- C:\WINDOWS\tasks\GBM - Easy Layout Backup Job-Full.job
[2009/08/23 12:08:35 | 00,000,392 | ---- | M] () -- C:\WINDOWS\tasks\Schedule Task Weekly.job
[2009/08/16 19:33:06 | 00,120,832 | ---- | M] () -- C:\Documents and Settings\Nick\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/16 17:44:40 | 00,000,284 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\SJelite3.lnk
[2009/08/16 17:00:41 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Nick\Desktop\ccleaner.lnk
========== LOP Check ==========
[2009/07/28 20:01:02 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/13 15:25:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/01/11 08:51:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/03/15 12:28:43 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/12 13:52:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/10 23:29:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
[2007/10/07 19:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2007/05/24 23:01:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOC423
[2009/01/04 11:59:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/10/26 17:46:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2009/01/11 08:54:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2007/11/11 21:54:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2007/08/19 22:20:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2008/03/22 15:09:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/03/19 14:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genie-Soft
[2007/05/17 19:13:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2007/10/17 10:00:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/03/21 12:34:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2008/10/11 10:26:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2007/05/05 21:17:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2009/01/04 12:28:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/08/24 01:07:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/26 16:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/12/07 19:40:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\USBSRService
[2009/01/17 22:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2007/01/20 18:56:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/08/18 23:43:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Nick\Application Data
[2007/03/12 11:33:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\ArcSoft
[2009/08/19 17:43:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Azureus
[2009/04/01 14:29:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Canon
[2009/02/22 22:59:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/02/21 10:36:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\eBay
[2007/06/22 16:36:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\FreeCommander
[2009/03/19 14:23:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Genie-soft
[2006/10/20 11:08:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\InterVideo
[2009/04/18 10:32:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\JGoodies
[2006/10/17 14:27:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Leadertech
[2008/10/11 10:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\NCH Swift Sound
[2007/06/27 18:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Opera
[2007/05/05 21:17:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\r2 Studios
[2009/01/04 12:28:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\ScanSoft
[2009/08/16 17:03:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Transcend
[2009/02/02 23:41:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\TrueCrypt
[2009/06/26 16:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Trusteer
[2009/01/11 08:51:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Uniblue
[2008/12/07 19:40:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\USBSafelyRemove
[2007/05/05 13:36:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\Video DVD Maker FREE
[2009/07/30 21:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\webex
[2007/02/26 12:37:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Nick\Application Data\WholeSecurity
[2009/08/24 12:42:42 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2002/08/29 14:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/23 13:00:02 | 00,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\GBM - Easy Layout Backup Job-Full.job
[2009/08/29 19:45:20 | 00,000,878 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/08/29 19:57:41 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/08/29 19:41:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/23 12:08:35 | 00,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\Schedule Task Weekly.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2008/09/07 19:34:53 | 00,261,542 | ---- | M] () -- C:\LISTool.exe
< %systemroot%\system32\eventlog.dll >
[2008/04/14 02:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
< %systemroot%\system32\scecli.dll >
[2008/04/14 02:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
========== Alternate Data Streams ==========
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 29/08/2009 20:11:46 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = D:\My Documents\Technical
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1014.48 Mb Total Physical Memory | 359.46 Mb Available Physical Memory | 35.43% Memory free
919.56 Mb Paging File | 387.72 Mb Available in Paging File | 42.16% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 4.81 Gb Free Space | 24.04% Space Free | Partition Type: NTFS
Drive D: | 17.25 Gb Total Space | 16.30 Gb Free Space | 94.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NICHOLAS-8H08K5
Current User Name: Nick
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"14097:TCP" = 14097:TCP:*:Enabled:BitComet 14097 TCP
"14097:UDP" = 14097:UDP:*:Enabled:BitComet 14097 UDP
"50001:TCP" = 50001:TCP:*:Enabled:BitComet 50001 TCP
"50001:UDP" = 50001:UDP:*:Enabled:BitComet 50001 UDP
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03B1BBDC-7FAA-4A03-9988-A85428BAD382}" = Sun ODF Plugin for Microsoft Office 3.0
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP810" = Canon MP810
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1965C9BB-9114-4A50-AEC7-E62414BB117B}" = EASEUS Data Recovery Wizard Professional 4.3.6
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}" = Diskeeper Professional Premier Edition
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 15
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}" = eBay Toolbar
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4915A273-16A5-42E7-B258-65BD92862D2E}_is1" = Genie Backup Manager Pro 8.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97480A25-F284-42B6-A453-7F39E30D6DB0}" = EASEUS Photo Recovery 2.1.1
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43D5F06-45CC-4040-B85E-AB993D13D73D}" = Belkin Wireless G Plus MIMO Notebook Card
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.82
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BF45F502-D3F2-4E7C-91D8-9AA5A8141D08}" = Labtec WebCam Software
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E5E200BA-B573-4F3F-A1DE-DC034A907F04}" = Network Recording Player
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BBC The French Experience" = BBC The French Experience
"Canon MP810 User Registration" = Canon MP810 User Registration
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C" = Conexant 56K ACLink Modem
"Conexant PCI Audio" = Conexant AC-Link Audio
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Dell Color Printer 725" = Dell Color Printer 725
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"filehippo.com" = filehippo.com Update Checker
"FLAC" = FLAC 1.2.0a (remove only)
"FlashDiskManager" = FlashDiskManager V1.2.3
"HP OfficeJet-PSC Scrubber" = HP OfficeJet/PSC Scrubber
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"JDiskReport 1.3.1" = JGoodies JDiskReport 1.3.1
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Money2005b" = Microsoft Money
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PowerISO" = PowerISO
"Prism" = Prism Video Converter
"QcDrv" = Labtec® Camera Driver
"Rapport_is1" = Rapport
"RealPlayer 6.0" = RealPlayer
"Switch" = Switch Sound File Converter
"Total Uninstall 5_is1" = Total Uninstall 5.0.1
"TrueCrypt" = TrueCrypt
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"UNINSTALL KEY" = Font Installer
"Vuze" = Vuze
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Anti-Spy" = Yahoo! Anti-Spy
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoneAlarm" = ZoneAlarm
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29/08/2009 10:47:41 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =
Error - 29/08/2009 10:57:49 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =
Error - 29/08/2009 11:22:58 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =
Error - 29/08/2009 11:26:23 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =
Error - 29/08/2009 11:57:45 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =
Error - 29/08/2009 13:22:18 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =
Error - 29/08/2009 13:31:43 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =
Error - 29/08/2009 13:44:23 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =
Error - 29/08/2009 13:50:01 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =
Error - 29/08/2009 13:57:41 | Computer Name = NICHOLAS-8H08K5 | Source = Google Update | ID = 20
Description =
[ OSession Events ]
Error - 29/07/2009 11:17:41 | Computer Name = NICHOLAS-8H08K5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29/08/2009 13:39:25 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7034
Description = The PLFlash DeviceIoControl Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 29/08/2009 13:39:25 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7034
Description = The Rapport Management Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 29/08/2009 13:39:25 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).
Error - 29/08/2009 13:39:25 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).
Error - 29/08/2009 13:39:37 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the dlcf_device service to
connect.
Error - 29/08/2009 13:39:37 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7000
Description = The dlcf_device service failed to start due to the following error:
%%1053
Error - 29/08/2009 13:39:37 | Computer Name = NICHOLAS-8H08K5 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service dlcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}
Error - 29/08/2009 13:39:44 | Computer Name = NICHOLAS-8H08K5 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service dlcf_device
with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}
Error - 29/08/2009 13:42:20 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the SQL Server VSS Writer
service to connect.
Error - 29/08/2009 13:42:20 | Computer Name = NICHOLAS-8H08K5 | Source = Service Control Manager | ID = 7000
Description = The SQL Server VSS Writer service failed to start due to the following
error: %%1053
< End of report >
Edited by NickH, 30 August 2009 - 01:00 AM.