Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Continuously receive Error box (SOLVED)

Started by sweetascandy , Jun 15 2010 01:29 PM

  • Please log in to reply

#1
sweetascandy
Posted 15 June 2010 - 01:29 PM

sweetascandy

    Member

  • Member
  • PipPip
  • 31 posts
Continuously receive Error box stating: Error. Cannot find import; DLL may be missing, corrupt, or wrong version. File rtl70.bpl.Error l26. HOW DO I STOP THIS HAPPENING OR RESOLVE THIS PROBLEM,MY PC SEEMS TO BE RUNNING LIKE A SNAIL ALSO,ON START UP EVERYTHING TAKES AGES TO LOAD UP ETC,DONT KNOW IF THIS IS LINKED BUT ANY HELP HERE WOULD BE VERY MUCH APPRECIATED ITS DRIVING ME INSANE.THANKYOU IN ADVANCE FOR ANY HELP I RECEIVE. SWEETASCANDY X

Edited by RKinner, 13 July 2010 - 09:43 AM.

  • 0

Advertisements

#2
RKinner
Posted 19 June 2010 - 07:20 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Do as much of

http://www.geekstogo...uide-t2852.html

as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.

If you lose internet access after running MBAM or if you are not able to get to the downloads:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Ron
  • 0

#3
sweetascandy
Posted 28 June 2010 - 01:20 PM

sweetascandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4238

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25/06/2010 14:51:15
mbam-log-2010-06-25 (14-51-15).txt

Scan type: Quick scan
Objects scanned: 138598
Time elapsed: 23 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
RKinner
Posted 28 June 2010 - 06:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OTL logs?

Ron
  • 0

#5
sweetascandy
Posted 01 July 2010 - 04:24 AM

sweetascandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
OTL logfile created on: 01/07/2010 10:56:47 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Emma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 168.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 40.63 Gb Free Space | 54.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWEETASCANDY
Current User Name: Emma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/01 10:54:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\OTL.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/01 10:54:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\OTL.exe
MOD - [2010/02/02 09:13:54 | 000,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/19 19:42:40 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 09:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 09:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 09:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/12/07 12:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/08/24 14:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/12/18 14:33:48 | 000,044,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dptrackerd.sys -- (dptrackerd)
DRV - [2005/06/08 19:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
DRV - [2005/01/17 14:48:34 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/01/13 15:20:36 | 000,012,500 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2004/12/16 16:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004/11/05 11:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/10/19 13:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/10/19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/19 11:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004/09/21 18:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2004/09/17 15:05:00 | 000,084,512 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2004/09/17 15:05:00 | 000,006,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2004/09/17 15:04:00 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) Samsung Mobile USB Device 1.0 driver (WDM)
DRV - [2004/07/07 07:59:44 | 002,185,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/04/12 01:35:22 | 001,301,080 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/04/11 13:42:56 | 000,095,800 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/04/11 13:40:38 | 000,635,280 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/04/02 15:21:52 | 000,013,840 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/03/22 18:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 18:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/03/17 22:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/03/01 04:00:10 | 000,230,584 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/03/01 03:38:52 | 000,180,592 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/03/01 03:27:58 | 000,013,248 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rover.ebay.co.....w.ebay.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.co.uk/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/iat/us_gb.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us,en-gb;q=0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 24 FC 26 7E BB CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..keyword.URL: "http://search.bearsh...web?src=ffb&q="


[2008/11/02 20:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Mozilla\Extensions
[2009/09/16 18:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Mozilla\Firefox\Profiles\s4g1l7s4.default\extensions
[2010/06/15 16:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/11/09 16:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2006/07/08 22:45:16 | 000,073,728 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npvideoegg-loader.dll

O1 HOSTS File: ([2006/01/06 22:05:10 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PCTools.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - Reg Error: Value error. File not found
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -1
O8 - Extra context menu item: &Google Search - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Backward Links - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: autoregister.net ([autoreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ebay.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: faceparty.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: msnmessenger.com ([www] * in Trusted sites)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....009/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} http://download.zone...ee/cm/ICSCM.cab (ICSScannerLight Class)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink...geUploader5.cab (Image Uploader Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (HouseCall Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.myheritag...geUploader3.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab31267.cab (CBreakshotControl Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.c...oad/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by102fd.bay10...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/html - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\req: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Emma\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Emma\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/02 03:43:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/09/20 17:47:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.SP55 - SP5X_32.DLL File not found
Drivers32: VIDC.SP56 - SP5X_32.DLL File not found
Drivers32: VIDC.SP57 - SP5X_32.DLL File not found
Drivers32: VIDC.SP58 - SP5X_32.DLL File not found
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (92900353065877504)

========== Files/Folders - Created Within 90 Days ==========

[2010/07/01 10:54:31 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\OTL.exe
[2010/06/28 20:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/25 14:25:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/25 14:25:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/24 11:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\ErrorExpert
[2010/06/23 22:17:45 | 000,000,000 | ---D | C] -- C:\c585502097def85a4b84cb6a07de
[2010/06/19 19:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\Motive
[2010/06/19 19:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2010/06/19 19:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/06/19 19:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\BT Broadband Desktop Help
[2010/06/19 19:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\BTHomeHub
[2010/06/18 11:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Local Settings\Application Data\Threat Expert
[2010/06/18 11:15:02 | 000,000,000 | ---D | C] -- C:\a673205e80bc288f42b303e20432f6
[2010/06/17 21:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/06/17 10:13:08 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/06/17 10:13:08 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/06/17 10:13:06 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/06/17 10:12:19 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/17 10:12:15 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/17 10:12:15 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/17 10:12:14 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/17 10:08:08 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/17 10:07:55 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/17 10:07:55 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/17 10:07:25 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/17 10:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\PC Tools
[2010/06/17 09:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\My Documents\Winks & Moods
[2010/06/17 09:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\My Documents\Downloads
[2010/06/17 09:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/17 09:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Local Settings\Application Data\Temp
[2010/06/16 10:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/06/16 10:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\Auslogics
[2010/06/16 10:17:57 | 004,377,048 | ---- | C] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\Emma\My Documents\disk-defrag-setup.exe
[2010/06/16 10:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010/06/16 10:03:54 | 004,179,293 | ---- | C] (Lavalys, Inc. ) -- C:\Documents and Settings\Emma\My Documents\everesthome220.exe
[2010/06/15 21:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/06/15 21:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\Malwarebytes
[2010/06/15 21:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/15 21:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/15 21:01:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/15 20:55:43 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Emma\My Documents\erunt_setup.exe
[2010/06/15 20:54:41 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Emma\My Documents\mbam-setup.exe
[2010/06/15 20:33:50 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\TFC.exe
[2010/06/15 18:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\Registry Mechanic
[2010/06/15 17:58:30 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2010/06/15 17:58:30 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2010/06/15 17:58:30 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2010/06/15 17:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\RegistryFix8
[2010/06/15 17:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\ErrorTeck
[2010/06/11 16:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive(2)
[2010/06/10 17:03:06 | 000,000,000 | ---D | C] -- C:\96ced1ecda9c15bff5a37cb25dca46
[2010/06/03 15:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2010/06/03 13:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/03 13:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/06/03 13:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/06/03 13:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/06/03 12:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/06/01 16:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Local Settings\Application Data\Canon Easy-PhotoPrint EX
[2010/05/30 18:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/30 18:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2004/09/02 11:29:25 | 000,095,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2004/09/02 11:29:25 | 000,013,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2004/09/02 11:29:24 | 001,301,080 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2004/09/02 11:29:24 | 000,635,280 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2004/09/02 11:29:24 | 000,230,584 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2004/09/02 11:29:24 | 000,180,592 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2004/09/02 11:29:24 | 000,013,840 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2004/09/02 04:38:12 | 000,014,968 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys

========== Files - Modified Within 90 Days ==========

[2010/07/01 10:54:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\OTL.exe
[2010/07/01 10:40:57 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/01 10:35:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/01 10:35:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/01 10:35:03 | 527,220,736 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/01 10:29:28 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Emma\Desktop\gmer.exe
[2010/06/30 19:04:57 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/06/30 19:04:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Emma\ntuser.ini
[2010/06/30 19:04:38 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Emma\ntuser.dat
[2010/06/30 17:30:02 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/30 14:04:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/28 20:21:42 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Emma\Desktop\NTREGOPT.lnk
[2010/06/28 20:21:42 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Emma\Desktop\ERUNT.lnk
[2010/06/27 23:25:21 | 000,464,610 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/27 23:25:21 | 000,081,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/27 23:25:20 | 000,553,292 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/25 14:25:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/25 13:39:53 | 001,095,780 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\Auslogics System Information Report.mht
[2010/06/25 13:30:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/25 12:57:36 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\Emma\Desktop\Auslogics BoostSpeed.lnk
[2010/06/25 11:16:23 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\geeks to go - checking file system on C.wps
[2010/06/25 10:21:14 | 005,418,926 | -H-- | M] () -- C:\Documents and Settings\Emma\Local Settings\Application Data\IconCache.db
[2010/06/19 19:39:28 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT Broadband Life.LNK
[2010/06/19 19:39:27 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT Yahoo! Online.LNK
[2010/06/18 11:51:28 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/18 11:50:09 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\TFC.exe
[2010/06/18 11:24:33 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Emma\ntuser.bak
[2010/06/17 10:07:38 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/17 09:48:07 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\WinZip.lnk
[2010/06/17 09:16:40 | 014,497,096 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\winzip145.exe
[2010/06/16 10:22:37 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\Emma\Desktop\Auslogics Disk Defrag.lnk
[2010/06/16 10:18:14 | 004,377,048 | ---- | M] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\Emma\My Documents\disk-defrag-setup.exe
[2010/06/16 10:04:03 | 004,179,293 | ---- | M] (Lavalys, Inc. ) -- C:\Documents and Settings\Emma\My Documents\everesthome220.exe
[2010/06/15 20:55:45 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Emma\My Documents\erunt_setup.exe
[2010/06/15 20:54:41 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Emma\My Documents\mbam-setup.exe
[2010/06/15 20:07:46 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/15 20:05:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/15 18:50:11 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/15 18:32:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/06/15 18:29:18 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Emma\ntuser.dat.rmbak
[2010/06/15 17:58:30 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/06/08 03:16:01 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/08 01:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/03 12:51:14 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\npmcfg.dat
[2010/06/03 12:48:00 | 000,000,414 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\PasswordManager1.Product
[2010/06/03 12:47:58 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\ppplugin.nsi
[2010/05/29 11:20:51 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\CV RICHARD JONES.wps
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys

========== Files Created - No Company Name ==========

[2010/06/30 17:36:51 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/28 20:21:42 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Emma\Desktop\NTREGOPT.lnk
[2010/06/28 20:21:42 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Emma\Desktop\ERUNT.lnk
[2010/06/25 14:25:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/25 13:39:45 | 001,095,780 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\Auslogics System Information Report.mht
[2010/06/25 12:57:36 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\Emma\Desktop\Auslogics BoostSpeed.lnk
[2010/06/25 11:16:22 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\geeks to go - checking file system on C.wps
[2010/06/19 19:39:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT Broadband Life.LNK
[2010/06/19 19:39:26 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT Yahoo! Online.LNK
[2010/06/18 11:20:23 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Emma\ntuser.tmp.LOG
[2010/06/17 10:12:24 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/17 10:12:24 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/17 10:08:08 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/17 10:07:55 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/17 10:07:55 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/06/17 10:07:38 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/17 10:07:25 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/17 09:47:44 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\WinZip.lnk
[2010/06/17 09:16:39 | 014,497,096 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\winzip145.exe
[2010/06/16 10:22:37 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\Emma\Desktop\Auslogics Disk Defrag.lnk
[2010/06/15 21:43:57 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/15 18:32:30 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/06/15 18:29:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Emma\S-1-5-21-2615656514-1672843986-1922784247-1005.rrr.LOG
[2010/06/15 17:58:30 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/06/03 13:33:15 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/06/03 13:33:15 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/06/03 13:33:15 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/06/03 13:33:15 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/06/03 12:47:58 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\ppplugin.nsi
[2010/02/04 10:27:02 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2010/02/04 10:27:01 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/04/23 18:05:51 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/11/19 14:00:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/06/06 14:40:47 | 000,000,174 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/03/25 13:09:43 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2007/03/25 13:09:43 | 000,012,500 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2005/10/26 12:08:33 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/24 09:25:04 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/06/14 17:25:49 | 000,000,138 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/24 12:31:00 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/01/17 15:32:34 | 000,000,512 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2005/01/14 17:36:47 | 000,000,064 | ---- | C] () -- C:\WINDOWS\sysdat.dll
[2005/01/14 16:05:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\wutil.dll
[2005/01/12 11:44:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/01/12 11:43:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/01/10 00:38:47 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wisemsg.dll
[2005/01/10 00:23:52 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/09/02 11:29:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2004/09/02 11:29:24 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2004/09/02 11:29:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/09/02 11:29:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/09/02 11:29:02 | 000,001,432 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/02 11:29:02 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/09/02 04:38:12 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2004/09/02 04:38:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2004/09/02 04:38:12 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2004/09/02 04:25:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/02 03:54:14 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/09/02 03:54:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/09/02 03:50:20 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2002/11/01 17:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/02/13 02:40:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxallcnp.dll
[2001/12/14 14:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/01/21 11:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2007/06/06 14:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/09/24 13:39:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/11/06 10:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2008/11/03 18:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2008/11/03 12:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/02/03 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2008/02/19 10:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2007/10/04 11:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OD2
[2006/01/22 01:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2008/11/03 18:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/06/03 15:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2008/10/18 09:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/07/01 11:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/13 10:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/06/17 09:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/01/21 11:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\ACD Systems
[2010/06/25 13:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Auslogics
[2005/12/26 15:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\CamTrack
[2008/10/05 11:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Canon
[2010/06/15 16:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\CheckPoint
[2007/12/19 17:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\eBay
[2008/11/03 18:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\eGames
[2010/06/24 11:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\ErrorExpert
[2010/06/15 17:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\ErrorTeck
[2005/11/01 14:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Free Download Manager
[2008/11/03 12:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\iWinArcade
[2005/01/10 16:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Kazaa Lite
[2005/01/10 13:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Leadertech
[2005/08/15 12:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\MSNInstaller
[2006/11/24 15:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\OD2
[2010/02/24 14:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Opera
[2008/11/03 18:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\PlayFirst
[2010/06/15 18:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Registry Mechanic
[2005/01/12 11:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Template
[2010/07/01 10:40:57 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/09/02 03:43:09 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/07/22 16:26:13 | 000,000,192 | ---- | M] () -- C:\BcBtRmv.log
[2009/08/29 15:32:48 | 000,000,182 | RHS- | M] () -- C:\boot.ini
[2004/09/02 03:43:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/01/14 18:54:40 | 000,000,188 | ---- | M] () -- C:\CtDrvIns.log
[2005/01/24 16:47:37 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2010/07/01 10:35:03 | 527,220,736 | -HS- | M] () -- C:\hiberfil.sys
[2008/07/30 13:25:19 | 000,001,565 | ---- | M] () -- C:\InstallHelper.log
[2005/09/19 12:03:00 | 000,000,285 | ---- | M] () -- C:\INSTMLF.LOG
[2004/09/02 03:43:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/01/12 10:25:33 | 000,001,682 | -H-- | M] () -- C:\IPH.PH
[2005/01/17 15:32:20 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2007/11/22 12:24:59 | 000,000,107 | ---- | M] () -- C:\lxal.log
[2006/11/24 14:58:03 | 000,000,884 | ---- | M] () -- C:\lxby.log
[2006/11/24 14:51:14 | 000,006,762 | ---- | M] () -- C:\lxbyscan.log
[2006/02/19 21:31:51 | 000,024,578 | ---- | M] (Aapie.Net) -- C:\mcoinstall.exe
[2004/09/02 03:43:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/02 13:15:01 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/01 10:35:02 | 790,720,512 | -HS- | M] () -- C:\pagefile.sys
[2009/08/25 21:00:15 | 000,058,781 | ---- | M] () -- C:\rollback.ini
[2004/09/02 03:50:38 | 000,000,391 | ---- | M] () -- C:\RtlAudio_Result.txt
[2008/02/15 14:06:48 | 000,000,512 | ---- | M] () -- C:\ScanSectorLog.dat
[2007/06/06 14:47:25 | 000,000,169 | ---- | M] () -- C:\setupfax.log
[2005/10/31 16:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/03/18 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8T.DLL
[2007/03/18 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP8T.DLL
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2002/02/13 02:32:54 | 000,077,824 | ---- | M] (Lexmark International) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXALPP5C.DLL

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/09/02 04:35:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/09/02 04:35:05 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/09/02 04:35:05 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 01:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-30 16:32:27

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Emma\Desktop\TFC.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Emma\Desktop\gmer.exe:SummaryInformation
@Alternate Data Stream - 275 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE53E4F7
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A1DAE9E
< End of report >


OTL Extras logfile created on: 01/07/2010 10:56:47 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Emma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 168.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 40.63 Gb Free Space | 54.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWEETASCANDY
Current User Name: Emma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series" = Canon MP220 series
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{92022F8E-2E55-4A16-88EB-B4778B35E942}" = ACDSee for PENTAX 3.0
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Browser Defender_is1" = Browser Defender 2.0.6.15
"BTHomeHub" = BTHomeHub
"CanonMyPrinter" = Canon My Printer
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"GoToAssist" = GoToAssist Corporate
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Adapters and Drivers
"Registry Mechanic_is1" = Registry Mechanic 9.0
"SLAMRNTV" = Smart Link 56K Voice Modem
"Spyware Doctor" = Spyware Doctor 7.0
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = BT Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/06/2010 14:47:45 | Computer Name = SWEETASCANDY | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 6794, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 15/06/2010 14:47:45 | Computer Name = SWEETASCANDY | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The Error code is the first DWORD in Data section.

Error - 15/06/2010 14:47:46 | Computer Name = SWEETASCANDY | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 6794, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 15/06/2010 16:52:17 | Computer Name = SWEETASCANDY | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 24/06/2010 03:02:34 | Computer Name = SWEETASCANDY | Source = MsiInstaller | ID = 11705
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Error 1705.A
previous installation for this product is in progress. You must undo the changes
made by that installation to continue. Do you want to undo those changes?

Error - 24/06/2010 06:58:49 | Computer Name = SWEETASCANDY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2147550906, P2 unspecified, P3 scanfile,
P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 25/06/2010 07:51:53 | Computer Name = SWEETASCANDY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759331, P2 unspecified, P3 scanfile,
P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 30/06/2010 10:25:01 | Computer Name = SWEETASCANDY | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 30/06/2010 12:29:40 | Computer Name = SWEETASCANDY | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 30/06/2010 12:31:07 | Computer Name = SWEETASCANDY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2147550906, P2 unspecified, P3 scanfile,
P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 25/06/2010 11:05:49 | Computer Name = SWEETASCANDY | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 25/06/2010 11:05:49 | Computer Name = SWEETASCANDY | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 25/06/2010 11:21:09 | Computer Name = SWEETASCANDY | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 27/06/2010 04:14:19 | Computer Name = SWEETASCANDY | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 27/06/2010 18:23:43 | Computer Name = SWEETASCANDY | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 28/06/2010 14:08:01 | Computer Name = SWEETASCANDY | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 30/06/2010 09:06:51 | Computer Name = SWEETASCANDY | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 30/06/2010 10:01:26 | Computer Name = SWEETASCANDY | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 01/07/2010 02:36:47 | Computer Name = SWEETASCANDY | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 01/07/2010 05:38:06 | Computer Name = SWEETASCANDY | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.


< End of report >
  • 0

#6
sweetascandy
Posted 01 July 2010 - 07:35 AM

sweetascandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-01 13:56:24
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Emma\LOCALS~1\Temp\fwlorpow.sys


---- System - GMER 1.0.15 ----

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF85A4AC2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF85CC2D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF85CC4C8]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF85A4CB6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF85A4D5C]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF85A49B2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF85EE020]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF85A4EF8]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF85A6BD6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAcceptConnectPort [0x80597012]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheck [0x80581B82]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckAndAuditAlarm [0x8058A3B1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByType [0x805E0ADA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeAndAuditAlarm [0x8058A438]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultList [0x80640000]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarm [0x80642191]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAccessCheckByTypeResultListAndAuditAlarmByHandle [0x806421DA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAddAtom [0x8057FA34]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAddBootEntry [0x8064FEEB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustGroupsToken [0x8063F7BF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAdjustPrivilegesToken [0x80589C03]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlertResumeThread [0x80637AD6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAlertThread [0x8058395D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateLocallyUniqueId [0x805E28DD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUserPhysicalPages [0x8062E76A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateUuids [0x805DE611]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAllocateVirtualMemory [0x80570BC5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAreMappedFilesTheSame [0x805E7CEE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwAssignProcessToJobObject [0x805E8E34]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCallbackReturn [0x804E4EE4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelDeviceWakeupRequest [0x80633F02]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelIoFile [0x805D22DF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCancelTimer [0x804EC842]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwClearEvent [0x805706C3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwClose [0x8056F8D7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCloseObjectAuditAlarm [0x80589FE1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompactKeys [0x80656040]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompareTokens [0x8058596E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompleteConnectPort [0x80594EDC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCompressKey [0x806562AD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwConnectPort [0x80584D73]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwContinue [0x804E123F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDebugObject [0x80661712]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateDirectoryObject [0x805AF5B7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEvent [0x805744F6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateEventPair [0x8065053C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateFile [0x80573DFB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateIoCompletion [0x805E04F5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobObject [0x805DBB66]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateJobSet [0x80637F7D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMailslotFile [0x805DCD0F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateMutant [0x80582EA8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateNamedPipeFile [0x8058DA4C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePagingFile [0x805BA5CF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreatePort [0x8059EE6E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateProfile [0x80650B73]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSection [0x8056DB66]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSemaphore [0x8057F95B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateSymbolicLinkObject [0x805E78DA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateThread [0x805959DF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateTimer [0x8059DAF7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateToken [0x805AC926]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateWaitablePort [0x805B039E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDebugActiveProcess [0x80662889]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDebugContinue [0x806629E3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDelayExecution [0x8056EB03]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteAtom [0x8058771C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteFile [0x805DB33C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteObjectAuditAlarm [0x80642231]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDeviceIoControlFile [0x8058D747]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDisplayString [0x805BBA82]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateObject [0x8057EDE5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwDuplicateToken [0x8058C373]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x8057EC5A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateSystemEnvironmentValuesEx [0x8064FED7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x80594DB6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwExtendSection [0x8062D729]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFilterToken [0x805D422D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFindAtom [0x805E480C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushBuffersFile [0x805836A7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushInstructionCache [0x8058C99A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushKey [0x805DF24B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushVirtualMemory [0x805E954C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFlushWriteBuffer [0x8062EFC7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFreeUserPhysicalPages [0x8062EB1D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFreeVirtualMemory [0x805710BF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwFsControlFile [0x8058274A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetContextThread [0x80635A5D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetDevicePowerState [0x80633F33]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetPlugPlayEvent [0x805A12E4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwGetWriteWatch [0x8053F737]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateAnonymousToken [0x8059EA22]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateClientOfPort [0x805852E1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwImpersonateThread [0x8058D42E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwInitializeRegistry [0x805AFB71]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwInitiatePowerAction [0x80633CE7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwIsProcessInJob [0x80637E33]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwIsSystemResumeAutomatic [0x80633F17]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwListenPort [0x805AF9E0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadDriver [0x805AEDE2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey [0x805D45C5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLoadKey2 [0x805D4724]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockFile [0x80587AE9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockProductActivationKeys [0x805D3AA2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockRegistryKey [0x805CCEFD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwLockVirtualMemory [0x805B3F21]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMakePermanentObject [0x805E7AE2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMakeTemporaryObject [0x805E7BA9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPages [0x8062DDC6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapUserPhysicalPagesScatter [0x8062E21F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwMapViewOfSection [0x8057A879]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeDirectoryFile [0x80587D80]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeKey [0x805E2166]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwNotifyChangeMultipleKeys [0x805E1F78]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenDirectoryObject [0x8058EE56]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEvent [0x8058E7F1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenEventPair [0x8065062F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenFile [0x80579CF1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenIoCompletion [0x80621403]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenJobObject [0x806381D5]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenMutant [0x80582F56]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenObjectAuditAlarm [0x805E3140]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcess [0x8057F592]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessToken [0x80578148]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenProcessTokenEx [0x8057809F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSection [0x80578DEE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSemaphore [0x805E7C60]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenSymbolicLinkObject [0x8058EDD9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThread [0x80584849]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadToken [0x805746D2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenThreadTokenEx [0x805745CF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenTimer [0x80650465]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPlugPlayControl [0x8059CA7D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPowerInformation [0x805AA1F0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeCheck [0x8059CD78]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegeObjectAuditAlarm [0x805DE757]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPrivilegedServiceAuditAlarm [0x805D36C7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwProtectVirtualMemory [0x8057F1C3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwPulseEvent [0x805B02F6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryAttributesFile [0x80579F20]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDebugFilterState [0x804FAB99]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultLocale [0x8056F0D0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDefaultUILanguage [0x8058E227]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryFile [0x8057B814]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryDirectoryObject [0x8059480A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEaFile [0x8062164C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryEvent [0x8058EBC0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryFullAttributesFile [0x80580A06]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationAtom [0x805B065E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationFile [0x8057AB98]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationJobObject [0x80590C74]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationPort [0x8062B3D3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationProcess [0x805747B6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationThread [0x80576860]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInformationToken [0x80576F36]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryInstallUILanguage [0x8058E95A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIntervalProfile [0x80651023]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryIoCompletion [0x806214C4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryKey [0x8057E85A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMultipleValueKey [0x80655A23]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryMutant [0x806509A8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryObject [0x8058F010]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryOpenSubKeys [0x80655C2D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPerformanceCounter [0x805708A6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryQuotaInformationFile [0x80621F03]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySection [0x8058CDE7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySecurityObject [0x805DFD3E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySemaphore [0x8064F7AF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySymbolicLinkObject [0x8058EC4A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValue [0x8064FF13]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemEnvironmentValueEx [0x8064FEC1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemInformation [0x8058B41A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQuerySystemTime [0x8058F990]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimer [0x805E3F41]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryTimerResolution [0x80591B9D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryValueKey [0x80572F19]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVirtualMemory [0x8057C940]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryVolumeInformationFile [0x8057A03C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueueApcThread [0x805E3E9C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseException [0x804E1287]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRaiseHardError [0x8064F4EB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadFile [0x8057495D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadFileScatter [0x806227D7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadRequestData [0x805857F9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReadVirtualMemory [0x8058D26B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRegisterThreadTerminatePort [0x80596130]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseMutant [0x8056EB6E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseSemaphore [0x80583298]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveIoCompletion [0x8056F54C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRemoveProcessDebug [0x8066295E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplaceKey [0x806567FE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyPort [0x8058C06C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePort [0x80576817]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReceivePortEx [0x8057632F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReplyWaitReplyPort [0x8062B4B2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestDeviceWakeup [0x80633E8F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestPort [0x805E33BE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWaitReplyPort [0x8057CD93]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRequestWakeupLatency [0x80633C88]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetEvent [0x8059DE63]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResetWriteWatch [0x8053FBB2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwRestoreKey [0x80656395]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResumeProcess [0x80637A76]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwResumeThread [0x80596056]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKey [0x80656496]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveKeyEx [0x80656581]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSaveMergedKeys [0x806566AE]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSecureConnectPort [0x80596848]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetContextThread [0x80635C83]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDebugFilterState [0x80664340]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultHardErrorPort [0x805B5BB1]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultLocale [0x805DC1D3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetDefaultUILanguage [0x805DC17A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEaFile [0x80621B91]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEvent [0x80570634]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetEventBoostPriority [0x80576CA0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighEventPair [0x8065092F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetHighWaitLowEventPair [0x8065084F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationDebugObject [0x806622FF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationFile [0x8058A47C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationJobObject [0x805DBCBA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationKey [0x80655586]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationObject [0x8058E8D9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationProcess [0x80574B1F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationThread [0x80576AB3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetInformationToken [0x805ABFC0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetIntervalProfile [0x80650B4F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetIoCompletion [0x80576DE6]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLdtEntries [0x8063698F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowEventPair [0x806508C3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetLowWaitHighEventPair [0x806507DB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetQuotaInformationFile [0x80621ED9]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSecurityObject [0x805DFB3F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemEnvironmentValue [0x806501B0]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemInformation [0x805B0A14]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemPowerState [0x8066F0E7]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetSystemTime [0x8064F19F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetThreadExecutionState [0x805EB1D2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimer [0x804E7A55]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetTimerResolution [0x805EB498]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetUuidSeed [0x805D3873]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSetVolumeInformationFile [0x80622417]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwShutdownSystem [0x8064E8EB]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSignalAndWaitForSingleObject [0x8051C391]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwStartProfile [0x80650DBA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwStopProfile [0x80650F73]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendProcess [0x80637A1B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSuspendThread [0x80637937]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwSystemDebugControl [0x806510D3]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateJobObject [0x80638353]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTerminateThread [0x8059560C]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTestAlert [0x80595B3E]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTraceEvent [0x805499B8]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwTranslateFilePath [0x8064FEFF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadDriver [0x80624AC4]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKey [0x806550EA]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnloadKeyEx [0x8065531B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockFile [0x80587C49]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnlockVirtualMemory [0x8062F03B]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwUnmapViewOfSection [0x8057A401]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwVdmControl [0x805B3552]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForDebugEvent [0x8066204A]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForMultipleObjects [0x8056EC49]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForSingleObject [0x8056DF62]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitHighEventPair [0x8065076F]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitLowEventPair [0x80650703]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFile [0x8058A6FD]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteFileGather [0x805D25CC]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteRequestData [0x8058587D]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWriteVirtualMemory [0x8058D363]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwYieldExecution [0x80515A92]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKeyedEvent [0x805C86C2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKeyedEvent [0x805907BF]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwReleaseKeyedEvent [0x80651547]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwWaitForKeyedEvent [0x806517B2]
SSDT \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) ZwQueryPortInformationProcess [0x80635291]

INT 0x00 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE51E
INT 0x01 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE69D
INT 0x03 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DEAB1
INT 0x04 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DEC34
INT 0x05 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DED99
INT 0x06 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DEF1A
INT 0x07 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF593
INT 0x09 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DF998
INT 0x0A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DFAB6
INT 0x0B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DFBF3
INT 0x0C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DFE50
INT 0x0D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E014C
INT 0x0E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0889
INT 0x0F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x10 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0CDC
INT 0x11 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0E16
INT 0x12 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x13 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0F7B
INT 0x14 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x15 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x16 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x17 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x18 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x19 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x1A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x1B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x1C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x1D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x1E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x1F \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8070110C
INT 0x2A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDD51
INT 0x2B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DDE54
INT 0x2C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE000
INT 0x2D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DE990
INT 0x2E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD7D1
INT 0x2F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804E0BBE
INT 0x30 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCE90
INT 0x31 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCE9A
INT 0x32 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEA4
INT 0x33 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEAE
INT 0x34 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEB8
INT 0x35 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEC2
INT 0x36 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCECC
INT 0x37 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 80700864
INT 0x38 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEE0
INT 0x39 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEEA
INT 0x3A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEF4
INT 0x3B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCEFE
INT 0x3C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF08
INT 0x3D \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 80701E2C
INT 0x3E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF1C
INT 0x3F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF26
INT 0x40 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF30
INT 0x41 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 80701C88
INT 0x42 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF44
INT 0x43 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF4E
INT 0x44 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF58
INT 0x45 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF62
INT 0x46 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF6C
INT 0x47 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF76
INT 0x48 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF80
INT 0x49 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF8A
INT 0x4A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF94
INT 0x4B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCF9E
INT 0x4C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFA8
INT 0x4D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFB2
INT 0x4E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFBC
INT 0x4F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFC6
INT 0x50 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8070093C
INT 0x51 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFDA
INT 0x52 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFE4
INT 0x53 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFEE
INT 0x54 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DCFF8
INT 0x55 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD002
INT 0x56 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD00C
INT 0x57 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD016
INT 0x58 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD020
INT 0x59 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD02A
INT 0x5A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD034
INT 0x5B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD03E
INT 0x5C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD048
INT 0x5D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD052
INT 0x5E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD05C
INT 0x5F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD066
INT 0x60 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD070
INT 0x61 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD07A
INT 0x62 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F861167E
INT 0x63 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F7864E54
INT 0x64 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD098
INT 0x65 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0A2
INT 0x66 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0AC
INT 0x67 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0B6
INT 0x68 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0C0
INT 0x69 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0CA
INT 0x6A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0D4
INT 0x6B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0DE
INT 0x6C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0E8
INT 0x6D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0F2
INT 0x6E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD0FC
INT 0x6F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD106
INT 0x70 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD110
INT 0x71 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD11A
INT 0x72 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD124
INT 0x73 ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) F86D92F0
INT 0x74 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD138
INT 0x75 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD142
INT 0x76 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD14C
INT 0x77 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD156
INT 0x78 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD160
INT 0x79 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD16A
INT 0x7A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD174
INT 0x7B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD17E
INT 0x7C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD188
INT 0x7D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD192
INT 0x7E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD19C
INT 0x7F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD1A6
INT 0x80 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD1B0
INT 0x81 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD1BA
INT 0x82 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F861167E
INT 0x83 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) F7897CB8
INT 0x83 \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver v1.0a/Windows ® Server 2003 DDK provider) F7870DFC
INT 0x83 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F7864E54
INT 0x83 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) F7897CB8
INT 0x84 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD1D8
INT 0x85 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD1E2
INT 0x86 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD1EC
INT 0x87 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD1F6
INT 0x88 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD200
INT 0x89 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD20A
INT 0x8A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD214
INT 0x8B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD21E
INT 0x8C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD228
INT 0x8D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD232
INT 0x8E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD23C
INT 0x8F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD246
INT 0x90 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD250
INT 0x91 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD25A
INT 0x92 \SystemRoot\system32\DRIVERS\serial.sys (Serial Device Driver/Microsoft Corporation) F88D39C0
INT 0x93 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) F88C3495
INT 0x94 NDIS.sys (NDIS 5.1 wrapper driver/Microsoft Corporation) F84E6E10
INT 0x95 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD282
INT 0x96 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD28C
INT 0x97 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD296
INT 0x98 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2A0
INT 0x99 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2AA
INT 0x9A \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2B4
INT 0x9B \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2BE
INT 0x9C \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2C8
INT 0x9D \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2D2
INT 0x9E \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2DC
INT 0x9F \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2E6
INT 0xA0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2F0
INT 0xA1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD2FA
INT 0xA2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD304
INT 0xA3 \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) F88CAC90
INT 0xA4 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F7864E54
INT 0xA5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD322
INT 0xA6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD32C
INT 0xA7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD336
INT 0xA8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD340
INT 0xA9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD34A
INT 0xAA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD354
INT 0xAB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD35E
INT 0xAC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD368
INT 0xAD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD372
INT 0xAE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD37C
INT 0xAF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD386
INT 0xB0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD390
INT 0xB1 ACPI.sys (ACPI Driver for NT/Microsoft Corporation) F865F31E
INT 0xB2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3A4
INT 0xB3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3AE
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F861167E
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F861167E
INT 0xB4 \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) F7864E54
INT 0xB4 atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) F861167E
INT 0xB5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3C2
INT 0xB6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3CC
INT 0xB7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3D6
INT 0xB8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3E0
INT 0xB9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3EA
INT 0xBA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3F4
INT 0xBB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD3FE
INT 0xBC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD408
INT 0xBD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD412
INT 0xBE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD41C
INT 0xBF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD426
INT 0xC0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD430
INT 0xC1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 80700AC0
INT 0xC2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD444
INT 0xC3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD44E
INT 0xC4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD458
INT 0xC5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD462
INT 0xC6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD46C
INT 0xC7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD476
INT 0xC8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD480
INT 0xC9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD48A
INT 0xCA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD494
INT 0xCB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD49E
INT 0xCC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4A8
INT 0xCD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4B2
INT 0xCE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4BC
INT 0xCF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4C6
INT 0xD0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4D0
INT 0xD1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 806FFE54
INT 0xD2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4E4
INT 0xD3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4EE
INT 0xD4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD4F8
INT 0xD5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD502
INT 0xD6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD50C
INT 0xD7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD516
INT 0xD8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD520
INT 0xD9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD52A
INT 0xDA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD534
INT 0xDB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD53E
INT 0xDC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD548
INT 0xDD \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD552
INT 0xDE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD55C
INT 0xDF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD566
INT 0xE0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD570
INT 0xE1 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 80701048
INT 0xE2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD584
INT 0xE3 \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 80700DAC
INT 0xE4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD598
INT 0xE5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5A2
INT 0xE6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5AC
INT 0xE7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5B6
INT 0xE8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5C0
INT 0xE9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5CA
INT 0xEA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5D4
INT 0xEB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5DE
INT 0xEC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5E8
INT 0xED \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5F2
INT 0xEE \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD5F9
INT 0xEF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD600
INT 0xF0 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD607
INT 0xF1 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD60E
INT 0xF2 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD615
INT 0xF3 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD61C
INT 0xF4 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD623
INT 0xF5 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD62A
INT 0xF6 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD631
INT 0xF7 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD638
INT 0xF8 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD63F
INT 0xF9 \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD646
INT 0xFA \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD64D
INT 0xFB \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD654
INT 0xFC \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD65B
INT 0xFD \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 807015A8
INT 0xFE \WINDOWS\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 80701748
INT 0xFF \WINDOWS\system32\ntoskrnl.exe (NT Kernel & System/Microsoft Corporation) 804DD670

SYSENTER \WINDOWS\system32\ntoskrnl.exe 804DD89F

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KiDispatchInterrupt + 2C0 804DCB22 18 Bytes [E0, 25, 7F, FF, FF, FF, 0F, ...]
.text ntoskrnl.exe!KiDispatchInterrupt + 2D8 804DCB3A 1 Byte [00]
.text ntoskrnl.exe!KiDeliverApc + C9C 804DDA9D 1 Byte [06]
.text ntoskrnl.exe!ZwYieldExecution + 11A 804E4974 4 Bytes [C2, 4A, 5A, F8] {RET 0x5a4a; CLC }
.text ntoskrnl.exe!ZwYieldExecution + 132 804E498C 8 Bytes [D6, C2, 5C, F8, C8, C4, 5C, ...] {SALC ; RET 0xf85c; ENTER 0x5cc4, 0xf8}
.text ntoskrnl.exe!ZwYieldExecution + 172 804E49CC 4 Bytes [B6, 4C, 5A, F8] {MOV DH, 0x4c; POP EDX; CLC }
.text ntoskrnl.exe!ZwYieldExecution + 17A 804E49D4 4 Bytes [5C, 4D, 5A, F8] {POP ESP; DEC EBP; POP EDX; CLC }
.text ntoskrnl.exe!ZwYieldExecution + 252 804E4AAC 4 Bytes [B2, 49, 5A, F8] {MOV DL, 0x49; POP EDX; CLC }
.text ...
.text ntoskrnl.exe!RtlPrefetchMemoryNonTemporal 804E5531 1 Byte [90]
.text hal.dll!HalBeginSystemInterrupt + 998 80702900 7 Bytes [D4, 03, 70, 3A, 80, E3, 11] {AAM 0x3; JO 0x3e; AND BL, 0x11}
.text hal.dll!HalBeginSystemInterrupt + 9A0 80702908 10 Bytes [D4, 03, 38, 33, 02, E3, 20, ...] {AAM 0x3; CMP [EBX], DH; ADD AH, BL; AND [EBX], AL; MOV BH, [ECX]}
.text hal.dll!HalBeginSystemInterrupt + 9AB 80702913 11 Bytes [F0, 5E, 0A, 6C, 09, 22, 09, ...]
.text hal.dll!HalBeginSystemInterrupt + 9B8 80702920 4 Bytes [C0, 03, 78, 24]
.text hal.dll!HalBeginSystemInterrupt + 9BD 80702925 1 Byte [C0]
.text ...
  • 0

#7
RKinner
Posted 01 July 2010 - 10:05 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c
********************************************************************************
*******************
:OTL
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - Reg Error: Value error. File not found
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - File not found
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Filter\text/html - No CLSID value found
O20 - Winlogon\Notify\req: DllName - Reg Error: Value error. - Reg Error: Value error. File not found


:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

OTL is showing a problem with these
Drivers32: VIDC.SP55 - SP5X_32.DLL File not found
Drivers32: VIDC.SP56 - SP5X_32.DLL File not found
Drivers32: VIDC.SP57 - SP5X_32.DLL File not found
Drivers32: VIDC.SP58 - SP5X_32.DLL File not found

Try downloading and running this file:

http://www.lnwbackup...s/AviDecode.exe

and also

http://rs408.rapidsh...5/BLP_FILES.exe
Rapidshare is kind of a funny thing. You can get the file without paying them just have to click on the free button then wait 30 seconds until the timer counts down and then hit the Download button.

I'm also seeing a problem with wia:
See if this applies
http://support.micro...p;Product=winxp

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
1. Double-click My Computer, and then right-click the hard disk that you want to check.
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. (In Vista, next select Windows Logs) Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.



Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Ron
  • 0

#8
sweetascandy
Posted 01 July 2010 - 01:00 PM

sweetascandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
ComboFix 10-07-01.02 - Emma 01/07/2010 19:37:47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.503.235 [GMT 1:00]
Running from: c:\documents and settings\Emma\Desktop\george.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\acrsec.fon
c:\windows\patch.exe
c:\windows\system\MSWINSCK.OCX
c:\windows\system32\system.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-07-01 17:28 . 2010-07-01 17:28 -------- dc----w- C:\_OTL
2010-06-28 19:21 . 2010-06-28 19:22 -------- d-----w- c:\program files\ERUNT
2010-06-25 13:25 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 13:25 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-24 10:18 . 2010-06-24 10:18 -------- d-----w- c:\documents and settings\Emma\Application Data\ErrorExpert
2010-06-23 21:17 . 2010-06-23 21:17 -------- dc----w- C:\c585502097def85a4b84cb6a07de
2010-06-19 18:55 . 2010-06-19 18:55 -------- d-----w- c:\documents and settings\Emma\Application Data\Motive
2010-06-19 18:43 . 2010-06-19 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2010-06-19 18:43 . 2010-06-19 18:44 -------- d-----w- c:\program files\Common Files\Motive
2010-06-19 18:43 . 2010-06-19 18:43 -------- d-----w- c:\program files\BT Broadband Desktop Help
2010-06-19 18:39 . 2010-06-19 18:39 -------- d-----w- c:\program files\BTHomeHub
2010-06-18 10:52 . 2010-06-18 10:52 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Threat Expert
2010-06-18 10:15 . 2010-06-18 10:20 -------- dc----w- C:\a673205e80bc288f42b303e20432f6
2010-06-17 20:25 . 2010-06-17 20:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-17 09:13 . 2010-02-02 08:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-06-17 09:13 . 2010-02-02 08:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-06-17 09:13 . 2010-02-02 08:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-06-17 09:12 . 2010-06-08 02:16 763832 ----a-w- c:\windows\BDTSupport.dll
2010-06-17 09:12 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-17 09:12 . 2010-06-08 00:21 1652664 ----a-w- c:\windows\PCTBDCore.dll
2010-06-17 09:12 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-06-17 09:08 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-06-17 09:07 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-06-17 09:07 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-06-17 09:07 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-06-17 09:06 . 2010-06-17 09:06 -------- d-----w- c:\documents and settings\Emma\Application Data\PC Tools
2010-06-17 08:45 . 2010-06-17 08:52 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-06-17 08:41 . 2010-06-17 08:41 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Temp
2010-06-16 09:22 . 2010-06-25 11:57 -------- d-----w- c:\program files\Auslogics
2010-06-16 09:22 . 2010-06-25 12:35 -------- d-----w- c:\documents and settings\Emma\Application Data\Auslogics
2010-06-16 09:05 . 2010-06-16 09:05 -------- d-----w- c:\program files\Lavalys
2010-06-15 20:46 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-15 20:43 . 2010-06-30 16:32 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-06-15 20:03 . 2010-06-15 20:03 -------- d-----w- c:\documents and settings\Emma\Application Data\Malwarebytes
2010-06-15 20:03 . 2010-06-25 13:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-15 20:03 . 2010-06-15 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-15 17:17 . 2010-06-15 17:17 -------- d-----w- c:\documents and settings\Emma\Application Data\Registry Mechanic
2010-06-15 16:33 . 2010-06-15 16:54 -------- d-----w- c:\program files\RegistryFix8
2010-06-15 16:11 . 2010-06-15 16:34 -------- d-----w- c:\documents and settings\Emma\Application Data\ErrorTeck
2010-06-15 15:51 . 2010-06-15 15:51 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-11 15:02 . 2010-06-11 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive(2)
2010-06-10 16:03 . 2010-06-15 15:41 -------- dc----w- C:\96ced1ecda9c15bff5a37cb25dca46
2010-06-10 13:29 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-07 17:57 . 2010-06-07 17:57 -------- d-----w- c:\documents and settings\LocalService\PrivacIE
2010-06-07 17:56 . 2010-06-07 17:56 -------- d-----w- c:\documents and settings\LocalService\IECompatCache
2010-06-03 14:06 . 2010-06-03 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ReviverSoft
2010-06-03 12:33 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-06-03 12:33 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-06-03 12:30 . 2010-06-17 09:12 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-03 12:30 . 2010-06-17 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-06-03 12:05 . 2010-06-03 12:05 -------- d-----w- c:\program files\Citrix
2010-06-03 12:05 . 2010-06-19 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-06-03 11:47 . 2010-06-03 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 18:47 . 2008-11-03 17:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-01 18:46 . 2005-01-23 17:40 12 ----a-w- c:\windows\bthservsdp.dat
2010-07-01 18:22 . 2005-04-09 14:23 -------- d-----w- c:\program files\Spyware Doctor
2010-06-25 12:54 . 2004-09-02 02:59 -------- d-----w- c:\program files\Microsoft Works
2010-06-25 12:30 . 2007-05-28 16:01 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-25 10:48 . 2004-09-02 03:03 -------- d-----w- c:\program files\Java
2010-06-19 18:41 . 2005-06-14 18:09 -------- d-----w- c:\documents and settings\Emma\Application Data\Yahoo!
2010-06-18 11:10 . 2008-09-24 13:08 -------- d-----w- c:\program files\Canon
2010-06-18 10:51 . 2005-03-19 09:02 -------- d-----w- c:\program files\Google
2010-06-15 19:07 . 2010-02-17 12:41 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-15 18:41 . 2010-02-24 13:25 -------- d-----w- c:\program files\Opera
2010-06-15 17:50 . 2005-01-09 23:26 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-15 15:47 . 2010-02-01 21:18 -------- d-----w- c:\documents and settings\Emma\Application Data\CheckPoint
2010-06-15 15:46 . 2007-12-04 09:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-03 12:05 . 2007-02-27 09:28 -------- d--h--r- c:\documents and settings\All Users\Application Data\yahoo!
2010-06-03 12:05 . 2005-03-06 17:56 -------- d-----w- c:\program files\Yahoo!
2010-05-30 17:39 . 2004-09-02 03:03 -------- d-----w- c:\program files\Common Files\Java
2010-05-06 10:41 . 2004-09-20 16:46 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-09-20 16:46 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-09-20 16:42 285696 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-06-19 18:42 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
path=
backup=
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FBSearch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISStart
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogiTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mnyexpr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwsoemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SGPUpdater
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-02 18:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2004-07-03 09:49 57344 -c--a-w- c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2004-07-06 08:05 2550272 -c--a-w- c:\windows\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2004-05-18 00:30 543232 -c--a-w- c:\windows\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-17 21:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-06-07 01:45 155648 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jusched]
2006-11-09 15:07 49263 -c--a-w- c:\program files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 17:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qttask]
2007-06-29 05:24 286720 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 05:24 286720 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
2003-09-19 15:09 36864 -c--a-w- c:\windows\ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-07-02 01:58 73728 -c--a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
2004-01-26 10:38 866816 -c--a-w- c:\program files\Virgin Net Broadband\dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 04:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
2004-03-11 21:18 135168 -c--a-w- c:\program files\Digital Media Reader\shwiconEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"SLService"=2 (0x2)
"Diskeeper"=2 (0x2)
"ssoftservice"=2 (0x2)
"BlueSoleil Hid Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [17/06/2010 10:07 218592]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [17/06/2010 10:13 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [17/06/2010 10:13 59664]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [17/06/2010 10:08 233136]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [17/06/2010 10:12 112592]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [15/06/2010 17:58 632792]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [17/06/2010 10:06 366840]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [17/06/2010 10:07 63360]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [17/06/2010 10:13 33552]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
.
Contents of the 'Scheduled Tasks' folder

2010-07-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/uk/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &AOL Toolbar search -
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: eBay Search -
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: autoregister.net\autoreg
Trusted Zone: ebay.co.uk\www
Trusted Zone: faceparty.com\www
Trusted Zone: msnmessenger.com\www
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 19:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2010-07-01 19:54:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-01 18:54

Pre-Run: 43,882,536,960 bytes free
Post-Run: 43,824,898,048 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

- - End Of File - - 6C90CB267F36982B5827F9E7B220CE69
  • 0

#9
sweetascandy
Posted 01 July 2010 - 01:47 PM

sweetascandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
OTL logfile created on: 01/07/2010 20:34:14 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Emma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 163.00 Mb Available Physical Memory | 33.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 40.77 Gb Free Space | 54.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWEETASCANDY
Current User Name: Emma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/01 10:54:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\OTL.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/01 10:54:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/19 19:42:40 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 09:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 09:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 09:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/12/07 12:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/08/24 14:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/12/18 14:33:48 | 000,044,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dptrackerd.sys -- (dptrackerd)
DRV - [2005/06/08 19:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
DRV - [2005/01/17 14:48:34 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/01/13 15:20:36 | 000,012,500 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2004/12/16 16:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004/11/05 11:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/10/19 13:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/10/19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/19 11:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004/09/21 18:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2004/09/17 15:05:00 | 000,084,512 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2004/09/17 15:05:00 | 000,006,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2004/09/17 15:04:00 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) Samsung Mobile USB Device 1.0 driver (WDM)
DRV - [2004/07/07 07:59:44 | 002,185,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/04/12 01:35:22 | 001,301,080 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/04/11 13:42:56 | 000,095,800 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/04/11 13:40:38 | 000,635,280 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/04/02 15:21:52 | 000,013,840 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/03/22 18:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 18:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/03/17 22:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/03/01 04:00:10 | 000,230,584 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/03/01 03:38:52 | 000,180,592 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/03/01 03:27:58 | 000,013,248 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.co.uk/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/iat/us_gb.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us,en-gb;q=0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 24 FC 26 7E BB CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..keyword.URL: "http://search.bearsh...web?src=ffb&q="


[2008/11/02 20:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Mozilla\Extensions
[2009/09/16 18:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Mozilla\Firefox\Profiles\s4g1l7s4.default\extensions
[2010/06/15 16:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/11/09 16:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2006/07/08 22:45:16 | 000,073,728 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npvideoegg-loader.dll

O1 HOSTS File: ([2010/07/01 19:47:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PCTools.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Backward Links - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: autoregister.net ([autoreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ebay.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: faceparty.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: msnmessenger.com ([www] * in Trusted sites)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....009/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} http://download.zone...ee/cm/ICSCM.cab (ICSScannerLight Class)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink...geUploader5.cab (Image Uploader Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (HouseCall Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.myheritag...geUploader3.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab31267.cab (CBreakshotControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.c...oad/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by102fd.bay10...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Emma\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Emma\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/02 03:43:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/07/01 20:21:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/01 19:36:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/01 19:32:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/01 19:32:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/01 19:32:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/01 19:32:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/01 19:26:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/01 18:28:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/01 10:54:31 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\OTL.exe
[2010/06/28 20:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/25 14:25:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/25 14:25:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/24 11:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\ErrorExpert
[2010/06/23 22:17:45 | 000,000,000 | ---D | C] -- C:\c585502097def85a4b84cb6a07de
[2010/06/19 19:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\Motive
[2010/06/19 19:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2010/06/19 19:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/06/19 19:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\BT Broadband Desktop Help
[2010/06/19 19:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\BTHomeHub
[2010/06/18 11:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Local Settings\Application Data\Threat Expert
[2010/06/18 11:15:02 | 000,000,000 | ---D | C] -- C:\a673205e80bc288f42b303e20432f6
[2010/06/17 21:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/06/17 10:13:08 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/06/17 10:13:08 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/06/17 10:13:06 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/06/17 10:12:19 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/17 10:12:15 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/17 10:12:15 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/17 10:12:14 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/17 10:08:08 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/17 10:07:55 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/17 10:07:55 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/17 10:07:25 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/17 10:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\PC Tools
[2010/06/17 09:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\My Documents\Winks & Moods
[2010/06/17 09:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\My Documents\Downloads
[2010/06/17 09:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/17 09:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Local Settings\Application Data\Temp
[2010/06/16 10:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/06/16 10:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\Auslogics
[2010/06/16 10:17:57 | 004,377,048 | ---- | C] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\Emma\My Documents\disk-defrag-setup.exe
[2010/06/16 10:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010/06/16 10:03:54 | 004,179,293 | ---- | C] (Lavalys, Inc. ) -- C:\Documents and Settings\Emma\My Documents\everesthome220.exe
[2010/06/15 21:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/06/15 21:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\Malwarebytes
[2010/06/15 21:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/15 21:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/15 21:01:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/15 20:55:43 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Emma\My Documents\erunt_setup.exe
[2010/06/15 20:54:41 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Emma\My Documents\mbam-setup.exe
[2010/06/15 20:33:50 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\TFC.exe
[2010/06/15 18:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\Registry Mechanic
[2010/06/15 17:58:30 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2010/06/15 17:58:30 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2010/06/15 17:58:30 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2010/06/15 17:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\RegistryFix8
[2010/06/15 17:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\ErrorTeck
[2010/06/11 16:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive(2)
[2010/06/10 17:03:06 | 000,000,000 | ---D | C] -- C:\96ced1ecda9c15bff5a37cb25dca46
[2010/06/03 15:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2010/06/03 13:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/03 13:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/06/03 13:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/06/03 13:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/06/03 12:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/06/01 16:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Local Settings\Application Data\Canon Easy-PhotoPrint EX
[2010/05/30 18:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/30 18:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2004/09/02 11:29:25 | 000,095,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2004/09/02 11:29:25 | 000,013,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2004/09/02 11:29:24 | 001,301,080 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2004/09/02 11:29:24 | 000,635,280 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2004/09/02 11:29:24 | 000,230,584 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2004/09/02 11:29:24 | 000,180,592 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2004/09/02 11:29:24 | 000,013,840 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2004/09/02 04:38:12 | 000,014,968 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys

========== Files - Modified Within 90 Days ==========

[2010/07/01 20:28:13 | 000,083,495 | ---- | M] () -- C:\WINDOWS\System32\Uninstal.exe
[2010/07/01 19:52:38 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/01 19:49:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/01 19:48:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/01 19:47:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/01 19:47:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/01 19:47:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/01 19:47:09 | 527,220,736 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/01 19:46:22 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/07/01 19:46:19 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Emma\ntuser.dat
[2010/07/01 19:46:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Emma\ntuser.ini
[2010/07/01 19:36:37 | 000,000,253 | RHS- | M] () -- C:\boot.ini
[2010/07/01 19:31:12 | 003,725,496 | R--- | M] () -- C:\Documents and Settings\Emma\Desktop\george.exe
[2010/07/01 19:13:44 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\geeks to go help.wps
[2010/07/01 10:54:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\OTL.exe
[2010/07/01 10:29:28 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Emma\Desktop\gmer.exe
[2010/06/30 17:30:02 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/28 20:21:42 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Emma\Desktop\NTREGOPT.lnk
[2010/06/28 20:21:42 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Emma\Desktop\ERUNT.lnk
[2010/06/27 23:25:21 | 000,464,610 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/27 23:25:21 | 000,081,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/27 23:25:20 | 000,553,292 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/25 14:25:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/25 13:39:53 | 001,095,780 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\Auslogics System Information Report.mht
[2010/06/25 13:30:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/25 12:57:36 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\Emma\Desktop\Auslogics BoostSpeed.lnk
[2010/06/25 11:16:23 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\geeks to go - checking file system on C.wps
[2010/06/25 10:21:14 | 005,418,926 | -H-- | M] () -- C:\Documents and Settings\Emma\Local Settings\Application Data\IconCache.db
[2010/06/21 20:29:59 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/19 19:39:28 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT Broadband Life.LNK
[2010/06/19 19:39:27 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT Yahoo! Online.LNK
[2010/06/18 11:51:28 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/18 11:50:09 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\TFC.exe
[2010/06/18 11:24:33 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Emma\ntuser.bak
[2010/06/17 10:07:38 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/17 09:48:07 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\WinZip.lnk
[2010/06/17 09:16:40 | 014,497,096 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\winzip145.exe
[2010/06/16 10:22:37 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\Emma\Desktop\Auslogics Disk Defrag.lnk
[2010/06/16 10:18:14 | 004,377,048 | ---- | M] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\Emma\My Documents\disk-defrag-setup.exe
[2010/06/16 10:04:03 | 004,179,293 | ---- | M] (Lavalys, Inc. ) -- C:\Documents and Settings\Emma\My Documents\everesthome220.exe
[2010/06/15 20:55:45 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Emma\My Documents\erunt_setup.exe
[2010/06/15 20:54:41 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Emma\My Documents\mbam-setup.exe
[2010/06/15 20:07:46 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/15 18:50:11 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/15 18:32:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/06/15 18:29:18 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Emma\ntuser.dat.rmbak
[2010/06/15 17:58:30 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/06/08 03:16:01 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/08 01:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/03 12:51:14 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\npmcfg.dat
[2010/06/03 12:48:00 | 000,000,414 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\PasswordManager1.Product
[2010/06/03 12:47:58 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\ppplugin.nsi
[2010/05/29 11:20:51 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\CV RICHARD JONES.wps
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys

========== Files Created - No Company Name ==========

[2010/07/01 20:28:09 | 000,083,495 | ---- | C] () -- C:\WINDOWS\System32\Uninstal.exe
[2010/07/01 19:36:37 | 000,000,182 | ---- | C] () -- C:\Boot.bak
[2010/07/01 19:36:33 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/01 19:32:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/01 19:32:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/01 19:32:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/01 19:32:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/01 19:32:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/01 19:19:41 | 003,725,496 | R--- | C] () -- C:\Documents and Settings\Emma\Desktop\george.exe
[2010/07/01 19:13:43 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\geeks to go help.wps
[2010/06/30 17:36:51 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/28 20:21:42 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Emma\Desktop\NTREGOPT.lnk
[2010/06/28 20:21:42 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Emma\Desktop\ERUNT.lnk
[2010/06/25 14:25:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/25 13:39:45 | 001,095,780 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\Auslogics System Information Report.mht
[2010/06/25 12:57:36 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\Emma\Desktop\Auslogics BoostSpeed.lnk
[2010/06/25 11:16:22 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\geeks to go - checking file system on C.wps
[2010/06/19 19:39:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT Broadband Life.LNK
[2010/06/19 19:39:26 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT Yahoo! Online.LNK
[2010/06/18 11:20:23 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Emma\ntuser.tmp.LOG
[2010/06/17 10:12:24 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/17 10:12:24 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/17 10:08:08 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/17 10:07:55 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/17 10:07:55 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/06/17 10:07:38 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/17 10:07:25 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/17 09:47:44 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\WinZip.lnk
[2010/06/17 09:16:39 | 014,497,096 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\winzip145.exe
[2010/06/16 10:22:37 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\Emma\Desktop\Auslogics Disk Defrag.lnk
[2010/06/15 21:43:57 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/15 18:32:30 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/06/15 18:29:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Emma\S-1-5-21-2615656514-1672843986-1922784247-1005.rrr.LOG
[2010/06/15 17:58:30 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/06/03 13:33:15 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/06/03 13:33:15 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/06/03 13:33:15 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/06/03 13:33:15 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/06/03 12:47:58 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\ppplugin.nsi
[2010/02/04 10:27:02 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2010/02/04 10:27:01 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/04/23 18:05:51 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/11/19 14:00:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/06/06 14:40:47 | 000,000,174 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/03/25 13:09:43 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2007/03/25 13:09:43 | 000,012,500 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2005/10/26 12:08:33 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/24 09:25:04 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/06/14 17:25:49 | 000,000,138 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/24 12:31:00 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/01/17 15:32:34 | 000,000,512 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2005/01/14 17:36:47 | 000,000,064 | ---- | C] () -- C:\WINDOWS\sysdat.dll
[2005/01/14 16:05:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\wutil.dll
[2005/01/12 11:44:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/01/12 11:43:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/01/10 00:38:47 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wisemsg.dll
[2005/01/10 00:23:52 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/09/02 11:29:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2004/09/02 11:29:24 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2004/09/02 11:29:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/09/02 11:29:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/09/02 11:29:02 | 000,001,432 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/02 11:29:02 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/09/02 04:38:12 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2004/09/02 04:38:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2004/09/02 04:38:12 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2004/09/02 04:25:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/02 03:54:14 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/09/02 03:54:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/09/02 03:50:20 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2002/11/01 17:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/02/13 02:40:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxallcnp.dll
[2001/12/14 14:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/01/21 11:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2007/06/06 14:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/09/24 13:39:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/11/06 10:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2008/11/03 18:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2008/11/03 12:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/02/03 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2008/02/19 10:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2007/10/04 11:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OD2
[2006/01/22 01:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2008/11/03 18:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/06/03 15:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2008/10/18 09:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/07/01 19:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/13 10:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/06/17 09:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/01/21 11:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\ACD Systems
[2010/06/25 13:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Auslogics
[2005/12/26 15:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\CamTrack
[2008/10/05 11:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Canon
[2010/06/15 16:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\CheckPoint
[2007/12/19 17:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\eBay
[2008/11/03 18:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\eGames
[2010/06/24 11:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\ErrorExpert
[2010/06/15 17:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\ErrorTeck
[2005/11/01 14:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Free Download Manager
[2008/11/03 12:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\iWinArcade
[2005/01/10 16:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Kazaa Lite
[2005/01/10 13:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Leadertech
[2005/08/15 12:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\MSNInstaller
[2006/11/24 15:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\OD2
[2010/02/24 14:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Opera
[2008/11/03 18:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\PlayFirst
[2010/06/15 18:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Registry Mechanic
[2005/01/12 11:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Template
[2010/07/01 19:52:38 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Emma\Desktop\TFC.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Emma\Desktop\gmer.exe:SummaryInformation
@Alternate Data Stream - 252 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE53E4F7
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A1DAE9E
< End of report >
  • 0

#10
RKinner
Posted 01 July 2010 - 01:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

RegLock::
[HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2]

Registry::
[-HKEY_LOCAL_MACHINE\software\Swearware]


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before.

Post the new log.

If you have problems getting on the internet afterwards then:

Start, All Programs, Accessories, Command Prompt then type (with an Enter after each line)

netsh  winsock  reset  catalog

netsh  int  ip  reset  reset.log
(I use two spaces in the code box so you can see where one space goes)
and reboot.

Ron
  • 0

Advertisements

#11
sweetascandy
Posted 02 July 2010 - 11:11 AM

sweetascandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 02/07/2010 18:10:23

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/07/2010 17:32:17
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Image Acquisition (WIA) service hung on starting.

Log: 'System' Date/Time: 01/07/2010 21:47:11
Type: error Category: 0
Event: 7022 Source: Service Control Manager
The Windows Image Acquisition (WIA) service hung on starting.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#12
sweetascandy
Posted 02 July 2010 - 11:12 AM

sweetascandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 02/07/2010 18:11:44

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#13
sweetascandy
Posted 02 July 2010 - 11:25 AM

sweetascandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
OTL logfile created on: 02/07/2010 18:13:42 - Run 3
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Emma\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 151.00 Mb Available Physical Memory | 30.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 2 1024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 40.57 Gb Free Space | 54.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SWEETASCANDY
Current User Name: Emma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/01 10:54:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\OTL.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/07/25 05:23:07 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaws.exe
PRC - [2009/07/25 05:23:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/07/01 10:54:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/19 19:42:40 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/02 09:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 09:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 09:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 09:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/12/07 12:50:48 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/07 12:50:46 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/08/24 14:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2005/12/18 14:33:48 | 000,044,416 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dptrackerd.sys -- (dptrackerd)
DRV - [2005/06/08 19:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
DRV - [2005/01/17 14:48:34 | 000,023,000 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2005/01/13 15:20:36 | 000,012,500 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vbtenum.sys -- (BTHidEnum)
DRV - [2004/12/16 16:32:54 | 000,013,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BTNetFilter.sys -- (BTNetFilter)
DRV - [2004/11/05 11:39:08 | 000,082,148 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/10/19 13:40:56 | 000,028,207 | ---- | M] (IVT Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr)
DRV - [2004/10/19 13:37:38 | 000,061,312 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2004/10/19 11:39:26 | 000,020,096 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2004/09/21 18:15:34 | 000,010,804 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BtNetDrv.sys -- (BT)
DRV - [2004/09/17 15:05:00 | 000,084,512 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2004/09/17 15:05:00 | 000,006,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2004/09/17 15:04:00 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) Samsung Mobile USB Device 1.0 driver (WDM)
DRV - [2004/07/07 07:59:44 | 002,185,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/04/12 01:35:22 | 001,301,080 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2004/04/11 13:42:56 | 000,095,800 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/04/11 13:40:38 | 000,635,280 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/04/02 15:21:52 | 000,013,840 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/03/22 18:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/22 18:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/03/17 22:10:40 | 000,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/03/01 04:00:10 | 000,230,584 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/03/01 03:38:52 | 000,180,592 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/03/01 03:27:58 | 000,013,248 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.co.uk/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/iat/us_gb.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us,en-gb;q=0.5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 24 FC 26 7E BB CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.bearshare.com/"
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..keyword.URL: "http://search.bearsh...web?src=ffb&q="


[2008/11/02 20:57:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Mozilla\Extensions
[2009/09/16 18:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Mozilla\Firefox\Profiles\s4g1l7s4.default\extensions
[2010/06/15 16:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/11/09 16:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2006/07/08 22:45:16 | 000,073,728 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npvideoegg-loader.dll

O1 HOSTS File: ([2010/07/01 19:47:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PCTools.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Google Search - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Backward Links - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - c:\program files\google\GoogleToolbar2.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: autoregister.net ([autoreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ebay.co.uk ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: faceparty.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: msnmessenger.com ([www] * in Trusted sites)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative....009/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} http://download.zone...ee/cm/ICSCM.cab (ICSScannerLight Class)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.c...eUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink...geUploader5.cab (Image Uploader Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (HouseCall Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.myheritag...geUploader3.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab31267.cab (CBreakshotControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.c...oad/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} http://by102fd.bay10...ex/HMAtchmt.ocx (Hotmail Attachments Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Emma\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Emma\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/02 03:43:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 90 Days ==========

[2010/07/02 18:09:11 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Emma\Desktop\VEW.exe
[2010/07/01 22:19:11 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010/07/01 22:19:07 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010/07/01 22:18:51 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2010/07/01 22:18:46 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2010/07/01 22:18:18 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2010/07/01 22:18:14 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010/07/01 22:18:02 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2010/07/01 22:17:44 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010/07/01 22:17:29 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2010/07/01 22:17:25 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2010/07/01 22:17:21 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2010/07/01 22:17:16 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2010/07/01 22:17:11 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2010/07/01 22:17:07 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2010/07/01 22:17:03 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2010/07/01 22:16:47 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2010/07/01 22:16:30 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2010/07/01 22:16:26 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2010/07/01 22:16:22 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2010/07/01 22:16:18 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2010/07/01 22:15:56 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010/07/01 22:15:40 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2010/07/01 22:15:36 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2010/07/01 22:15:19 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2010/07/01 22:15:16 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2010/07/01 22:15:12 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2010/07/01 22:15:08 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2010/07/01 22:15:04 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2010/07/01 22:15:01 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2010/07/01 22:14:27 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2010/07/01 22:14:21 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010/07/01 22:14:17 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2010/07/01 22:14:16 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2010/07/01 22:14:11 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010/07/01 22:14:08 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2010/07/01 22:13:55 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010/07/01 22:13:51 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010/07/01 22:13:05 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2010/07/01 22:13:01 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2010/07/01 22:12:58 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2010/07/01 22:12:54 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2010/07/01 22:12:48 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010/07/01 22:12:25 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2010/07/01 22:11:51 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2010/07/01 22:11:47 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2010/07/01 22:11:43 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010/07/01 22:11:40 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2010/07/01 22:11:36 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2010/07/01 22:10:46 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010/07/01 22:10:43 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2010/07/01 22:10:39 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010/07/01 22:10:32 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2010/07/01 22:10:03 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010/07/01 22:09:59 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2010/07/01 22:09:56 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010/07/01 22:09:53 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2010/07/01 22:09:26 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2010/07/01 22:09:19 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010/07/01 22:09:15 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010/07/01 22:08:58 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010/07/01 22:08:55 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2010/07/01 22:08:51 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010/07/01 22:08:48 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010/07/01 22:08:45 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010/07/01 22:08:42 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010/07/01 22:08:38 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010/07/01 22:08:35 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010/07/01 22:08:32 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2010/07/01 22:08:25 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2010/07/01 22:08:21 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2010/07/01 22:08:21 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/07/01 22:08:21 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/07/01 22:08:20 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2010/07/01 22:08:19 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2010/07/01 22:08:16 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2010/07/01 22:08:13 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2010/07/01 22:08:04 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010/07/01 22:07:58 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2010/07/01 22:07:54 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2010/07/01 22:07:50 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2010/07/01 22:07:36 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010/07/01 22:07:33 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010/07/01 22:07:02 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2010/07/01 22:06:58 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2010/07/01 22:06:55 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2010/07/01 22:06:42 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2010/07/01 22:05:52 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2010/07/01 22:05:49 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2010/07/01 22:05:36 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010/07/01 22:05:35 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2010/07/01 22:05:32 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2010/07/01 22:04:51 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2010/07/01 22:04:48 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2010/07/01 22:04:45 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2010/07/01 22:04:41 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2010/07/01 22:04:18 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2010/07/01 22:04:03 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010/07/01 22:03:59 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010/07/01 22:03:53 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2010/07/01 22:03:52 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2010/07/01 22:03:42 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2010/07/01 22:03:38 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2010/07/01 22:03:29 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010/07/01 22:03:26 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2010/07/01 22:03:23 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010/07/01 22:03:20 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010/07/01 22:03:17 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2010/07/01 22:03:14 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2010/07/01 22:03:04 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2010/07/01 22:03:01 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2010/07/01 22:02:58 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2010/07/01 22:02:55 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2010/07/01 22:02:52 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2010/07/01 22:02:48 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2010/07/01 22:01:56 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2010/07/01 22:01:25 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010/07/01 22:01:04 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2010/07/01 22:01:01 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2010/07/01 22:01:00 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010/07/01 22:00:57 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010/07/01 22:00:57 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010/07/01 22:00:54 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2010/07/01 22:00:45 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2010/07/01 22:00:42 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010/07/01 22:00:39 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2010/07/01 22:00:36 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2010/07/01 22:00:31 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2010/07/01 22:00:28 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2010/07/01 22:00:00 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2010/07/01 21:59:52 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2010/07/01 21:59:21 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010/07/01 21:57:33 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010/07/01 21:57:23 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010/07/01 21:56:52 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/07/01 21:56:49 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010/07/01 21:56:47 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010/07/01 21:56:30 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010/07/01 21:56:14 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010/07/01 21:56:11 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010/07/01 21:56:07 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010/07/01 21:56:04 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010/07/01 21:56:02 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010/07/01 21:56:00 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010/07/01 21:55:45 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010/07/01 21:55:41 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010/07/01 21:55:39 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010/07/01 21:55:09 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2010/07/01 21:54:12 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010/07/01 21:54:06 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010/07/01 21:53:56 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/07/01 21:53:54 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010/07/01 21:53:53 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010/07/01 21:53:48 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010/07/01 21:53:47 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010/07/01 21:53:45 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010/07/01 21:53:44 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010/07/01 21:53:42 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010/07/01 21:53:18 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010/07/01 21:53:17 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010/07/01 21:53:13 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010/07/01 21:52:48 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010/07/01 21:52:47 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010/07/01 21:52:46 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010/07/01 21:52:45 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010/07/01 21:52:44 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010/07/01 21:52:42 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010/07/01 21:52:41 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010/07/01 21:52:39 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/07/01 21:52:32 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010/07/01 21:52:31 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010/07/01 21:52:18 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010/07/01 21:52:10 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010/07/01 21:52:04 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/07/01 21:52:04 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/07/01 21:52:03 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/07/01 21:52:02 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/07/01 21:52:01 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/07/01 21:51:59 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/07/01 21:51:58 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010/07/01 21:51:57 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010/07/01 21:51:57 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010/07/01 21:51:55 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/07/01 21:51:53 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010/07/01 21:51:53 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/07/01 21:51:27 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/07/01 21:51:27 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/07/01 21:51:26 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/07/01 21:51:26 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/07/01 21:51:25 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/07/01 21:51:24 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/07/01 21:51:23 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/07/01 21:51:23 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/07/01 21:51:21 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/07/01 21:51:21 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/07/01 21:51:20 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/07/01 21:51:19 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/07/01 21:51:18 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/07/01 21:51:17 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/07/01 21:51:17 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/07/01 21:51:16 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/07/01 21:51:15 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/07/01 21:51:15 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/07/01 21:51:11 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/07/01 21:51:07 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/07/01 21:51:07 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/07/01 21:51:06 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/07/01 21:51:05 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/07/01 21:51:04 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/07/01 21:51:04 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/07/01 21:51:03 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/07/01 21:50:45 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/07/01 21:50:44 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/07/01 21:50:39 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/07/01 21:50:28 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/07/01 21:50:27 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/07/01 21:50:27 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/07/01 21:50:26 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/07/01 21:50:26 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/07/01 21:50:25 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/07/01 21:50:23 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/07/01 21:50:22 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/07/01 21:50:20 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/07/01 21:50:19 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/07/01 21:50:17 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/07/01 21:50:17 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/07/01 21:50:16 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/07/01 20:21:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/01 19:36:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/01 19:32:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/01 19:32:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/01 19:32:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/01 19:32:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/01 19:26:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/01 18:28:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/01 10:54:31 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\OTL.exe
[2010/06/28 20:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/25 14:25:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/25 14:25:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/24 11:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\ErrorExpert
[2010/06/23 22:17:45 | 000,000,000 | ---D | C] -- C:\c585502097def85a4b84cb6a07de
[2010/06/19 19:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\Motive
[2010/06/19 19:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2010/06/19 19:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2010/06/19 19:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\BT Broadband Desktop Help
[2010/06/19 19:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\BTHomeHub
[2010/06/18 11:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Local Settings\Application Data\Threat Expert
[2010/06/18 11:15:02 | 000,000,000 | ---D | C] -- C:\a673205e80bc288f42b303e20432f6
[2010/06/17 21:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/06/17 10:13:08 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/06/17 10:13:08 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/06/17 10:13:06 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/06/17 10:12:19 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/06/17 10:12:15 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010/06/17 10:12:15 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/17 10:12:14 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/06/17 10:08:08 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/06/17 10:07:55 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/06/17 10:07:55 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/06/17 10:07:25 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/06/17 10:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\PC Tools
[2010/06/17 09:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\My Documents\Winks & Moods
[2010/06/17 09:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\My Documents\Downloads
[2010/06/17 09:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/06/17 09:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Local Settings\Application Data\Temp
[2010/06/16 10:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010/06/16 10:22:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\Auslogics
[2010/06/16 10:17:57 | 004,377,048 | ---- | C] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\Emma\My Documents\disk-defrag-setup.exe
[2010/06/16 10:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010/06/16 10:03:54 | 004,179,293 | ---- | C] (Lavalys, Inc. ) -- C:\Documents and Settings\Emma\My Documents\everesthome220.exe
[2010/06/15 21:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/06/15 21:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\Malwarebytes
[2010/06/15 21:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/15 21:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/15 21:01:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/15 20:55:43 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Emma\My Documents\erunt_setup.exe
[2010/06/15 20:54:41 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Emma\My Documents\mbam-setup.exe
[2010/06/15 20:33:50 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\TFC.exe
[2010/06/15 18:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\Registry Mechanic
[2010/06/15 17:58:30 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox210.ocx
[2010/06/15 17:58:30 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBox10.ocx
[2010/06/15 17:58:30 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\WINDOWS\System32\UniBoxVB12.ocx
[2010/06/15 17:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\RegistryFix8
[2010/06/15 17:11:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Application Data\ErrorTeck
[2010/06/11 16:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive(2)
[2010/06/10 17:03:06 | 000,000,000 | ---D | C] -- C:\96ced1ecda9c15bff5a37cb25dca46
[2010/06/03 15:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2010/06/03 13:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/06/03 13:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/06/03 13:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/06/03 13:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/06/03 12:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/06/01 16:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Emma\Local Settings\Application Data\Canon Easy-PhotoPrint EX
[2010/05/30 18:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/30 18:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2004/09/02 11:29:25 | 000,095,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2004/09/02 11:29:25 | 000,013,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2004/09/02 11:29:24 | 001,301,080 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2004/09/02 11:29:24 | 000,635,280 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2004/09/02 11:29:24 | 000,230,584 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2004/09/02 11:29:24 | 000,180,592 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2004/09/02 11:29:24 | 000,013,840 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2004/09/02 04:38:12 | 000,014,968 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys

========== Files - Modified Within 90 Days ==========

[2010/07/02 18:09:12 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Emma\Desktop\VEW.exe
[2010/07/02 17:36:05 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/02 17:32:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/02 17:30:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/02 17:30:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/02 17:30:39 | 527,220,736 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/01 22:21:13 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/07/01 22:21:11 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Emma\ntuser.dat
[2010/07/01 22:21:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Emma\ntuser.ini
[2010/07/01 20:28:13 | 000,083,495 | ---- | M] () -- C:\WINDOWS\System32\Uninstal.exe
[2010/07/01 19:48:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/01 19:47:58 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/01 19:36:37 | 000,000,253 | RHS- | M] () -- C:\boot.ini
[2010/07/01 19:31:12 | 003,725,496 | R--- | M] () -- C:\Documents and Settings\Emma\Desktop\george.exe
[2010/07/01 19:13:44 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\geeks to go help.wps
[2010/07/01 10:54:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\OTL.exe
[2010/07/01 10:29:28 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Emma\Desktop\gmer.exe
[2010/06/30 17:30:02 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/28 20:21:42 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Emma\Desktop\NTREGOPT.lnk
[2010/06/28 20:21:42 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Emma\Desktop\ERUNT.lnk
[2010/06/27 23:25:21 | 000,464,610 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/27 23:25:21 | 000,081,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/27 23:25:20 | 000,553,292 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/25 14:25:40 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/25 13:39:53 | 001,095,780 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\Auslogics System Information Report.mht
[2010/06/25 13:30:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/25 12:57:36 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\Emma\Desktop\Auslogics BoostSpeed.lnk
[2010/06/25 11:16:23 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\geeks to go - checking file system on C.wps
[2010/06/25 10:21:14 | 005,418,926 | -H-- | M] () -- C:\Documents and Settings\Emma\Local Settings\Application Data\IconCache.db
[2010/06/21 20:29:59 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/19 19:39:28 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT Broadband Life.LNK
[2010/06/19 19:39:27 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BT Yahoo! Online.LNK
[2010/06/18 11:51:28 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Emma\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/06/18 11:50:09 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Emma\Desktop\TFC.exe
[2010/06/18 11:24:33 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Emma\ntuser.bak
[2010/06/17 10:07:38 | 000,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/17 09:48:07 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\WinZip.lnk
[2010/06/17 09:16:40 | 014,497,096 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\winzip145.exe
[2010/06/16 10:22:37 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\Emma\Desktop\Auslogics Disk Defrag.lnk
[2010/06/16 10:18:14 | 004,377,048 | ---- | M] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\Emma\My Documents\disk-defrag-setup.exe
[2010/06/16 10:04:03 | 004,179,293 | ---- | M] (Lavalys, Inc. ) -- C:\Documents and Settings\Emma\My Documents\everesthome220.exe
[2010/06/15 20:55:45 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Emma\My Documents\erunt_setup.exe
[2010/06/15 20:54:41 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Emma\My Documents\mbam-setup.exe
[2010/06/15 20:07:46 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/15 18:50:11 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/15 18:32:31 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/06/15 18:29:18 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\Emma\ntuser.dat.rmbak
[2010/06/15 17:58:30 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/06/08 03:16:01 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/08 01:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/06/03 12:51:14 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\npmcfg.dat
[2010/06/03 12:48:00 | 000,000,414 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\PasswordManager1.Product
[2010/06/03 12:47:58 | 000,000,016 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\ppplugin.nsi
[2010/05/29 11:20:51 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Emma\My Documents\CV RICHARD JONES.wps
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys

========== Files Created - No Company Name ==========

[2010/07/01 22:19:05 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010/07/01 22:19:01 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010/07/01 22:06:49 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/07/01 22:06:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/07/01 22:02:05 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/07/01 21:57:31 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010/07/01 21:57:26 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/07/01 21:57:21 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010/07/01 21:57:16 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010/07/01 21:57:10 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010/07/01 21:53:52 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010/07/01 21:53:51 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010/07/01 21:53:49 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010/07/01 21:51:45 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/07/01 21:51:45 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/07/01 21:51:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/07/01 21:51:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/07/01 21:51:43 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/07/01 21:51:43 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/07/01 21:51:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/07/01 21:51:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/07/01 21:51:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/07/01 21:51:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/07/01 21:51:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/07/01 21:51:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/07/01 21:51:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/07/01 21:51:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/07/01 21:51:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/07/01 21:51:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/07/01 21:51:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/07/01 21:51:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/07/01 21:51:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/07/01 21:51:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/07/01 21:51:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/07/01 21:51:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/07/01 21:51:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/07/01 21:51:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/07/01 21:51:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/07/01 21:51:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/07/01 21:51:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/07/01 21:51:36 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/07/01 21:51:36 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/07/01 21:51:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/07/01 21:51:35 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/07/01 21:51:35 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/07/01 21:51:35 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/07/01 21:51:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/07/01 21:51:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/07/01 21:51:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/07/01 21:51:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/07/01 21:51:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/07/01 21:51:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/07/01 21:51:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/07/01 21:51:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/07/01 21:51:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/07/01 21:51:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/07/01 21:51:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/07/01 21:51:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/07/01 21:51:31 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/07/01 21:51:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/07/01 21:50:58 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/07/01 21:50:57 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/07/01 21:50:57 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/07/01 21:50:56 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/07/01 21:50:55 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/07/01 21:50:55 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/07/01 21:50:54 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/07/01 21:50:54 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/07/01 21:50:52 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/07/01 21:50:47 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/07/01 20:28:09 | 000,083,495 | ---- | C] () -- C:\WINDOWS\System32\Uninstal.exe
[2010/07/01 19:36:37 | 000,000,182 | ---- | C] () -- C:\Boot.bak
[2010/07/01 19:36:33 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/01 19:32:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/01 19:32:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/01 19:32:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/01 19:32:29 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/01 19:32:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/01 19:19:41 | 003,725,496 | R--- | C] () -- C:\Documents and Settings\Emma\Desktop\george.exe
[2010/07/01 19:13:43 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\geeks to go help.wps
[2010/06/30 17:36:51 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/28 20:21:42 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Emma\Desktop\NTREGOPT.lnk
[2010/06/28 20:21:42 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Emma\Desktop\ERUNT.lnk
[2010/06/25 14:25:40 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/25 13:39:45 | 001,095,780 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\Auslogics System Information Report.mht
[2010/06/25 12:57:36 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\Emma\Desktop\Auslogics BoostSpeed.lnk
[2010/06/25 11:16:22 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\geeks to go - checking file system on C.wps
[2010/06/19 19:39:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT Broadband Life.LNK
[2010/06/19 19:39:26 | 000,001,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BT Yahoo! Online.LNK
[2010/06/18 11:20:23 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Emma\ntuser.tmp.LOG
[2010/06/17 10:12:24 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
[2010/06/17 10:12:24 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/06/17 10:08:08 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/06/17 10:07:55 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/06/17 10:07:55 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/06/17 10:07:38 | 000,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/06/17 10:07:25 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/06/17 09:47:44 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\WinZip.lnk
[2010/06/17 09:16:39 | 014,497,096 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\winzip145.exe
[2010/06/16 10:22:37 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\Emma\Desktop\Auslogics Disk Defrag.lnk
[2010/06/15 21:43:57 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/06/15 18:32:30 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/06/15 18:29:08 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Emma\S-1-5-21-2615656514-1672843986-1922784247-1005.rrr.LOG
[2010/06/15 17:58:30 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/06/03 13:33:15 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/06/03 13:33:15 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/06/03 13:33:15 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/06/03 13:33:15 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/06/03 12:47:58 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\Emma\My Documents\ppplugin.nsi
[2010/02/04 10:27:02 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2010/02/04 10:27:01 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/04/23 18:05:51 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/11/19 14:00:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/06/06 14:40:47 | 000,000,174 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007/03/25 13:09:43 | 000,013,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\BTNetFilter.sys
[2007/03/25 13:09:43 | 000,012,500 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbtenum.sys
[2005/10/26 12:08:33 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/24 09:25:04 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2005/06/14 17:25:49 | 000,000,138 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/24 12:31:00 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/01/17 15:32:34 | 000,000,512 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2005/01/14 17:36:47 | 000,000,064 | ---- | C] () -- C:\WINDOWS\sysdat.dll
[2005/01/14 16:05:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\wutil.dll
[2005/01/12 11:44:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/01/12 11:43:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/01/10 00:38:47 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\wisemsg.dll
[2005/01/10 00:23:52 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/09/02 11:29:24 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2004/09/02 11:29:24 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2004/09/02 11:29:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2004/09/02 11:29:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2004/09/02 11:29:02 | 000,001,432 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/09/02 11:29:02 | 000,000,456 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/09/02 04:38:12 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2004/09/02 04:38:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2004/09/02 04:38:12 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2004/09/02 04:25:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/02 03:54:14 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2004/09/02 03:54:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/09/02 03:50:20 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2002/11/01 17:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 16:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/02/13 02:40:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\lxallcnp.dll
[2001/12/14 14:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/01/21 11:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2007/06/06 14:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/09/24 13:39:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2007/11/06 10:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2008/11/03 18:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eGames
[2008/11/03 12:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/02/03 11:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK
[2008/02/19 10:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2007/10/04 11:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OD2
[2006/01/22 01:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pixelStorm
[2008/11/03 18:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/06/03 15:06:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2008/10/18 09:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/07/02 17:30:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/13 10:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2010/06/17 09:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/01/21 11:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\ACD Systems
[2010/06/25 13:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Auslogics
[2005/12/26 15:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\CamTrack
[2008/10/05 11:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Canon
[2010/06/15 16:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\CheckPoint
[2007/12/19 17:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\eBay
[2008/11/03 18:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\eGames
[2010/06/24 11:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\ErrorExpert
[2010/06/15 17:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\ErrorTeck
[2005/11/01 14:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Free Download Manager
[2008/11/03 12:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\iWinArcade
[2005/01/10 16:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Kazaa Lite
[2005/01/10 13:36:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Leadertech
[2005/08/15 12:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\MSNInstaller
[2006/11/24 15:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\OD2
[2010/02/24 14:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Opera
[2008/11/03 18:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\PlayFirst
[2010/06/15 18:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Registry Mechanic
[2005/01/12 11:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Emma\Application Data\Template
[2010/07/02 17:36:05 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Emma\Desktop\TFC.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Emma\Desktop\gmer.exe:SummaryInformation
@Alternate Data Stream - 252 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE53E4F7
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7A1DAE9E
< End of report >
  • 0

#14
RKinner
Posted 02 July 2010 - 11:26 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Start, Run, services.msc , OK to bring up the Services window. Click on the Standard tab.

Find Windows Image Acquisition and right click on it and select Properties. Does the Status show it is Started? If not click on the START button and see if it will start. Do you get an error message?

If Started, try to STOP it then once it stops, START it. Do you get an error message. Does it take a long time to start?

This service "Provides image acquisition services for scanners and cameras. " Do you use it for anything? If not change the Startup Type to Disabled. There are reports of conflicts with HP scanners and printers. If you have any check the http://www.hp.com/#Support for newer drivers for any you may have.

How is the computer running these days? Are you still seeing your errors?

Ron
  • 0

#15
sweetascandy
Posted 02 July 2010 - 12:01 PM

sweetascandy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hi ron thankyou for all your help so far its very much appreciated.I just checked Windows Image Acquisition and it stops and starts fine with no delay and no error message.

I do have a printer/scanner/copier but i mainly use for printing.I do use my digital camera on here to upload my pictures from it but thats all.If i disabled this would it cause a problem for my digital camera?

Im not getting the error message no more and things have speeded up a little but still seems to be a delay in start up.Ive not checked using web pages and other activities as yet but will post once tried.The one error that does come up alot is the virtual memory minnimum too low.

emma :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP