Hello Sam
My name is Ally and thank you very much for your help!
I have attached the RootRepeal report to the post. I get a .dll error every time I turn on my computer "eyexavowiyel.dll", when I put it into google nothing came up. Strange.
Here is the first OLT scan:
OTL logfile created on: 26/11/2009 09:16:29 - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1013.89 Mb Total Physical Memory | 310.36 Mb Available Physical Memory | 30.61% Memory free
2.38 Gb Paging File | 1.71 Gb Available in Paging File | 71.93% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 84.24 Gb Free Space | 75.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-2D715D4B37
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2009/11/26 09:03:36 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/06 16:07:00 | 01,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/18 18:57:22 | 00,044,176 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
PRC - [2008/11/06 10:40:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/07/02 16:16:20 | 00,393,216 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2008/06/12 16:57:18 | 00,991,584 | ---- | M] (Vendio Services, Inc.) -- C:\Program Files\Search Settings\SearchSettings.exe
PRC - [2008/04/14 00:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 11:12:04 | 00,360,448 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2008/02/05 09:34:48 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2008/02/05 09:34:42 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008/02/05 09:34:38 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2008/02/05 09:34:28 | 00,162,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2008/01/29 13:47:50 | 16,859,648 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2007/12/06 15:20:56 | 01,024,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/11/21 16:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007/10/12 13:16:46 | 00,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2007/10/12 13:16:34 | 00,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2007/09/28 15:05:16 | 00,128,360 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/07/10 08:24:10 | 00,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
PRC - [2007/05/17 21:45:33 | 00,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/05/11 09:06:50 | 00,143,360 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2007/04/26 10:49:34 | 00,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2007/04/10 21:46:52 | 00,709,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2007/04/10 07:45:20 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/12/23 18:05:20 | 00,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 18:04:42 | 00,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
PRC - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/03/16 12:58:00 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005/04/11 10:26:06 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2002/12/31 13:00:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
========== Modules (SafeList) ========== MOD - [2009/11/26 09:03:36 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/14 00:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 00:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2008/04/14 00:11:56 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\linkinfo.dll
MOD - [2008/04/14 00:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
========== Win32 Services (SafeList) ========== SRV - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/09/28 09:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/11/06 10:40:44 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/14 00:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/11/21 16:23:32 | 00,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/09/28 15:05:16 | 00,128,360 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/05/17 21:45:33 | 00,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/04/10 07:45:20 | 00,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2006/12/23 17:54:04 | 00,262,144 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/05 11:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/01/17 15:38:00 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2002/12/31 13:00:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2286749949-960611568-3193331992-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2286749949-960611568-3193331992-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.co.uk
IE - HKU\S-1-5-21-2286749949-960611568-3193331992-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.plymouth.ac.uk/IE - HKU\S-1-5-21-2286749949-960611568-3193331992-1005\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2286749949-960611568-3193331992-1005\S-1-5-21-2286749949-960611568-3193331992-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.1
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.2.2
FF - prefs.js..extensions.enabledItems: {9D46456F-8289-4CB0-95CC-BDC3F1BBA5AA}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..network.proxy.autoconfig_url: "
http://www.abdn.ac.uk/local/autoproxy.php"FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/06 10:40:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 10:08:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{9D46456F-8289-4CB0-95CC-BDC3F1BBA5AA}: C:\Documents and Settings\Owner\Local Settings\Application Data\{9D46456F-8289-4CB0-95CC-BDC3F1BBA5AA} [2009/11/18 22:34:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/18 15:26:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/18 15:26:15 | 00,000,000 | ---D | M]
[2008/11/07 17:11:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2008/11/07 17:11:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/25 22:41:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pv6z2qkb.default\extensions
[2009/09/01 10:20:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pv6z2qkb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/26 20:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pv6z2qkb.default\extensions\illimitux@illimitux.net
[2009/09/11 09:09:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pv6z2qkb.default\extensions\personas@christopher.beard
[2009/09/11 09:09:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pv6z2qkb.default\extensions\piclens@cooliris.com
[2008/12/04 16:30:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pv6z2qkb.default\extensions\translator@dontfollowme.net
[2009/11/25 22:41:05 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/18 15:26:09 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/26 19:10:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/11/06 10:40:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/11/18 15:26:08 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/18 15:26:08 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/05/01 21:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project,
http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2008/11/06 10:40:44 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/12 18:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/05/18 22:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/11/18 15:26:10 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/08/03 14:07:42 | 00,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/07/05 21:42:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/07/05 21:42:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/07/05 21:42:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/07/05 21:42:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/07/05 21:42:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/07/05 21:42:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/07/05 21:42:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/05/01 21:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project,
http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009/09/01 10:20:36 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/01 10:20:36 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/09/01 10:20:36 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/01 10:20:36 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/01 10:20:36 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/11/18 22:29:50 | 00,001,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml
[2009/09/01 10:20:36 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/09/01 10:20:36 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: (353871 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12136 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2286749949-960611568-3193331992-1005\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Sbocigego] C:\WINDOWS\eyexavowiyel.DLL File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Vendio Services, Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2286749949-960611568-3193331992-1005..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-2286749949-960611568-3193331992-1005..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKU\S-1-5-21-2286749949-960611568-3193331992-1005..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2286749949-960611568-3193331992-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2286749949-960611568-3193331992-1005\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (hmmmgfdll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/07 08:55:16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{077f5dea-8b66-11de-be21-00225f021dce}\Shell\AutoRun\command - "" = G:\Toshiba\more4you.exe -- File not found
O33 - MountPoints2\{2236b612-a860-11de-be5b-001e334f75f7}\Shell\AutoRun\command - "" = E:\86.exe -- File not found
O33 - MountPoints2\{2236b612-a860-11de-be5b-001e334f75f7}\Shell\open\Command - "" = E:\86.exe -- File not found
O33 - MountPoints2\{436d064e-bd86-11dd-bc70-00225f021dce}\Shell - "" = AutoRun
O33 - MountPoints2\{436d064e-bd86-11dd-bc70-00225f021dce}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{436d064e-bd86-11dd-bc70-00225f021dce}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bcb089e5-5692-11de-bdc9-00225f021dce}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/05/07 09:47:19 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (68401979868577792)
========== Files/Folders - Created Within 14 Days ========== [2009/11/26 09:16:51 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/26 09:03:28 | 00,531,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/25 16:04:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.spss
[2009/11/25 16:02:04 | 00,000,000 | ---D | C] -- C:\KAV
[2009/11/25 15:59:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Data Dynamics
[2009/11/25 15:57:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\SafeNet Sentinel
[2009/11/25 15:56:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2009/11/25 15:52:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2009/11/25 15:52:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SPSS
[2009/11/25 15:51:58 | 00,000,000 | ---D | C] -- C:\Program Files\SPSSInc
[2009/11/24 15:47:00 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/22 14:49:44 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2009/11/22 11:09:11 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/22 11:09:09 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/22 11:09:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/21 16:48:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Evo Psych
[2009/11/21 16:21:30 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2009/11/21 16:21:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\a-squared Free
[2009/11/21 15:15:50 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/11/21 15:15:50 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/11/21 15:15:50 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/11/21 15:15:50 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/11/21 15:15:50 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/11/21 15:15:46 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/11/21 15:15:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/11/18 23:13:09 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2009/11/18 22:34:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\{9D46456F-8289-4CB0-95CC-BDC3F1BBA5AA}
[2009/11/18 22:29:25 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\92d9089
[2009/11/18 19:48:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Research Assmessment 2
[2009/11/18 16:51:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2009/11/18 16:47:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/11/18 16:47:32 | 00,230,912 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM9I.DLL
[2009/11/18 16:47:29 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2009/11/18 16:47:11 | 00,200,704 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC190L.DLL
[2009/11/18 16:47:11 | 00,188,416 | ---- | C] (Canon Inc.) -- C:\WINDOWS\System32\CNC190O.DLL
[2009/11/18 16:47:10 | 00,098,304 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC190I.DLL
[2009/11/18 16:47:09 | 01,323,008 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNC190C.DLL
[2009/11/18 16:46:47 | 00,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2009/11/18 16:45:47 | 00,000,000 | ---D | C] -- C:\Program Files\Canon
[2009/11/14 13:54:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\IPA
[2009/11/14 12:59:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Environmental Psych
[2009/05/24 17:45:08 | 00,090,112 | R--- | C] ( ) -- C:\WINDOWS\System32\SCCD3X02.DLL
[2008/05/07 09:50:52 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 14 Days ========== [2010/03/19 18:03:36 | 02,916,478 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WS_30003.WMA
[2009/11/26 09:16:56 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/26 09:16:54 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/26 09:06:01 | 12,845,056 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/26 09:03:36 | 00,531,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/26 08:56:35 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/26 08:56:01 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/11/26 08:56:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/26 08:55:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/26 08:55:56 | 10,632,11008 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/26 00:25:08 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/26 00:02:31 | 00,332,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/25 16:00:13 | 00,000,114 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.tgz
[2009/11/25 16:00:13 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\prsgrc.dll
[2009/11/25 16:00:13 | 00,000,014 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2009/11/25 16:00:04 | 00,001,024 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2009/11/25 16:00:04 | 00,001,024 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2009/11/25 16:00:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2009/11/25 16:00:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nsprs.tgz
[2009/11/25 16:00:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nsprs.dll
[2009/11/25 15:59:07 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2009/11/25 15:59:07 | 00,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/11/25 15:59:07 | 00,000,016 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm
[2009/11/25 15:58:40 | 00,000,000 | ---- | M] () -- C:\law.sp
[2009/11/25 15:56:39 | 00,001,024 | ---- | M] () -- C:\WINDOWS\System32\grcauth2.dll
[2009/11/25 15:56:39 | 00,001,024 | ---- | M] () -- C:\WINDOWS\System32\grcauth1.dll
[2009/11/25 15:51:42 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2009/11/25 15:51:42 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/11/24 21:09:16 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/24 16:23:31 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/11/24 16:23:31 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/11/24 15:47:00 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/22 19:07:55 | 00,016,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MSc_Psychology_Deadlines[1].docx
[2009/11/22 16:54:54 | 00,019,654 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Interview brief and debrief edit..docx
[2009/11/22 16:52:37 | 00,021,297 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Interpretative Phenomenological Analysis Assignment 2.docx
[2009/11/22 14:49:48 | 00,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2009/11/22 12:06:24 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/11/22 11:09:14 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/21 21:08:15 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/11/21 16:21:49 | 00,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2009/11/21 16:13:07 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/11/21 15:16:04 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/11/20 23:10:38 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Szoje.dat
[2009/11/20 20:39:11 | 00,000,090 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/11/20 20:39:10 | 00,353,871 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/20 20:39:09 | 00,353,910 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091120-203910.backup
[2009/11/20 08:26:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Ogevamalanunevi.bin
[2009/11/19 18:46:52 | 00,010,367 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Literature Review.docx
[2009/11/18 22:30:49 | 00,354,181 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091120-203909.backup
[2009/11/18 16:27:15 | 00,003,583 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ptsd data.sav
[2009/11/12 17:06:50 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/12 15:44:05 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$mmary table for IPA.docx
[2009/11/12 15:42:40 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\~$A Theme.docx
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ========== [2009/11/26 09:16:56 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/11/25 16:00:04 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/11/25 16:00:04 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/11/25 16:00:04 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2009/11/25 16:00:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/11/25 16:00:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.tgz
[2009/11/25 16:00:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2009/11/25 15:58:40 | 00,000,000 | ---- | C] () -- C:\law.sp
[2009/11/25 15:56:39 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2009/11/25 15:56:39 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2009/11/25 15:56:39 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.tgz
[2009/11/25 15:56:38 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2009/11/25 15:51:42 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2009/11/25 15:51:42 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/11/25 15:51:42 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2009/11/25 15:51:42 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/11/25 15:51:42 | 00,000,016 | -H-- | C] () -- C:\WINDOWS\System32\servdat.slm
[2009/11/24 21:09:13 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/11/24 16:23:31 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/11/24 16:23:31 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/11/24 15:47:00 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/22 19:07:54 | 00,016,272 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MSc_Psychology_Deadlines[1].docx
[2009/11/22 16:54:53 | 00,019,654 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Interview brief and debrief edit..docx
[2009/11/22 16:52:36 | 00,021,297 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Interpretative Phenomenological Analysis Assignment 2.docx
[2009/11/22 14:49:48 | 00,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2009/11/22 11:09:14 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/21 16:21:49 | 00,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\a-squared Free.lnk
[2009/11/21 15:16:04 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/11/20 20:39:11 | 00,000,090 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/11/19 18:46:52 | 00,010,367 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Literature Review.docx
[2009/11/18 22:34:32 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Szoje.dat
[2009/11/18 22:34:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Ogevamalanunevi.bin
[2009/11/18 16:27:15 | 00,003,583 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ptsd data.sav
[2009/11/12 15:44:05 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$mmary table for IPA.docx
[2009/11/12 15:42:40 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\~$A Theme.docx
[2009/09/26 12:27:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2009/08/26 20:45:58 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/05 21:31:02 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/05/24 17:45:08 | 00,131,072 | R--- | C] () -- C:\WINDOWS\System32\SCCD3X01.DLL
[2009/05/14 12:41:15 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/11/12 20:00:02 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/11/09 15:44:17 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/07 17:50:38 | 00,094,208 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/06 10:39:07 | 00,000,478 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/06 10:29:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2008/11/06 10:29:56 | 00,083,392 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/11/06 10:29:56 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2008/11/06 10:28:41 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2008/11/06 10:28:41 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2008/11/06 10:28:41 | 00,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2008/11/06 10:28:41 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2008/09/19 21:57:34 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/05/07 10:48:50 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/07 10:20:39 | 00,000,563 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2008/05/07 09:55:33 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/05/07 09:55:33 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/05/07 09:55:33 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/05/07 09:55:33 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/05/07 09:55:33 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/05/07 09:55:33 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/05/07 09:54:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2008/05/07 09:51:00 | 00,521,268 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/05/07 09:51:00 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/05/07 09:50:52 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2008/05/07 09:50:51 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/05/07 09:49:15 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/05/07 09:42:09 | 00,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/07 09:42:09 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2008/05/07 09:14:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2008/05/07 09:11:59 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008/05/07 09:11:20 | 00,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/05/07 08:55:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008/05/07 08:53:33 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008/05/07 08:53:33 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008/05/07 08:53:19 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008/05/07 08:53:18 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008/05/07 07:46:38 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2008/05/07 07:46:38 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2008/05/07 07:46:34 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2008/05/07 07:46:34 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/05/07 07:46:33 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2008/05/07 07:46:33 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2008/05/07 07:46:33 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/05/07 07:46:31 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2008/05/07 07:46:31 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2008/05/07 07:46:31 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2008/05/07 07:46:31 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2008/05/07 07:46:30 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2008/05/07 07:46:30 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2008/05/07 07:46:30 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2008/05/07 07:46:30 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2008/05/07 07:46:30 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2008/05/07 07:46:30 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2008/05/07 07:46:30 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2008/05/07 07:46:30 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2008/05/07 07:46:30 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2008/05/07 07:46:30 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2008/05/07 07:46:30 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2008/05/07 07:46:30 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2008/05/07 07:46:30 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2008/05/07 07:46:30 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2008/05/07 07:46:30 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2008/05/07 07:46:30 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2008/05/07 07:46:30 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2008/05/07 07:46:30 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2008/05/07 07:46:30 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2008/05/07 07:46:30 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2008/05/07 07:46:30 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2008/05/07 07:46:30 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2008/05/07 07:46:29 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2008/05/07 07:46:29 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2008/05/07 07:46:29 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2008/05/07 07:46:29 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2008/05/07 07:46:29 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2008/05/07 07:46:29 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2008/05/07 07:46:29 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2008/05/07 07:46:28 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2008/05/07 07:46:26 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2008/05/07 07:46:26 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2008/05/07 07:46:26 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2008/05/07 07:46:25 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2008/05/07 07:46:25 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2008/05/07 07:46:25 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2008/05/07 07:46:25 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2008/05/07 07:46:25 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2008/05/07 07:46:25 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2007/12/21 15:46:32 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/07/22 20:30:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2002/12/31 13:00:00 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/23 19:00:00 | 00,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/08/17 22:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
========== LOP Check ========== [2008/11/06 17:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/11/06 17:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/11/06 17:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2008/11/06 17:35:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2008/11/06 17:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2008/11/06 17:35:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2009/11/18 22:29:47 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\92d9089
[2008/11/06 17:35:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/09/07 16:56:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2008/12/21 00:38:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/07/05 21:42:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/07/09 14:42:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/11/21 15:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/12/21 00:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/11/18 16:47:44 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/11/12 19:47:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/01/09 20:06:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/30 11:41:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/11/12 17:05:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2008/11/07 14:52:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/09/30 11:25:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/11/25 15:56:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2008/11/06 17:35:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/08/26 19:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008/12/21 00:41:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/12/21 00:22:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2009/11/25 15:52:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS
[2009/11/21 16:15:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/11/21 16:29:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/24 15:58:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/11/06 17:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Adobe
[2008/11/06 17:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities
[2008/11/06 17:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InstallShield
[2008/11/06 17:35:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2008/11/06 17:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Sun
[2008/11/06 17:35:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2009/11/21 15:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/11/21 15:38:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2008/11/24 15:58:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/11/06 17:35:38 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/07 17:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2009/09/07 16:56:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ahead
[2009/07/17 16:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2009/07/05 22:11:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ArcSoft
[2009/10/05 20:49:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Audacity
[2008/11/21 23:22:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivX
[2009/06/29 21:57:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\dvdcss
[2009/09/20 13:29:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2008/11/06 17:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2008/11/06 17:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2009/02/10 18:24:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2008/11/07 17:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2009/01/09 20:06:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/10/22 12:53:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2008/11/07 17:11:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2009/09/30 11:25:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Office Genuine Advantage
[2009/07/05 21:44:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Panasonic
[2008/11/12 20:05:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Search Settings
[2009/11/21 23:11:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skype
[2009/11/21 21:08:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\skypePM
[2008/12/21 00:41:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2008/11/06 17:35:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2008/11/13 17:50:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thinstall
[2008/11/06 10:42:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\toshiba
[2009/03/08 18:47:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2009/01/22 18:46:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\vlc
[2008/11/08 18:55:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinRAR
[2008/01/15 07:49:18 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/26 08:56:01 | 00,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2009/11/26 08:56:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/01/09 10:08:01 | 00,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 >[2008/01/15 07:36:38 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\scecli.dll /s /md5 >[2008/01/15 07:56:51 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >[2008/01/15 07:50:53 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 >[2007/09/29 22:03:12 | 00,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/29 22:03:32 | 00,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2008/01/15 15:48:32 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\OemDir\iaStor.sys
[2007/09/29 22:03:12 | 00,308,248 | ---- | M] (Intel Corporation)
Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008/01/15 15:48:32 | 00,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\iaStor.sys
< %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 >[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 18:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/01/15 07:59:13 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 >[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > < %SYSTEMDRIVE%\nvatabus.sys /s /md5 > < %SYSTEMDRIVE%\viamraid.sys /s /md5 > < %SYSTEMDRIVE%\nvata.sys /s /md5 > < > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
Here is the extra scan:
OTL Extras logfile created on: 26/11/2009 09:16:29 - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1013.89 Mb Total Physical Memory | 310.36 Mb Available Physical Memory | 30.61% Memory free
2.38 Gb Paging File | 1.71 Gb Available in Paging File | 71.93% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 84.24 Gb Free Space | 75.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-2D715D4B37
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2286749949-960611568-3193331992-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.1 -- (Sony Creative Software Inc.)
"C:\Program Files\Eidos\Pyro Studios\Commandos 3 - Destination Berlin\commandos3.exe" = C:\Program Files\Eidos\Pyro Studios\Commandos 3 - Destination Berlin\commandos3.exe:*:Disabled:commandos3 -- File not found
"C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\patchget.dat" = C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\patchget.dat:*:Enabled:patchgrabber -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\All Users\Application Data\92d9089\WS92d9.exe" = C:\Documents and Settings\All Users\Application Data\92d9089\WS92d9.exe:*:Disabled:System Defender -- File not found
"C:\Program Files\SPSSInc\Statistics17\statistics.com" = C:\Program Files\SPSSInc\Statistics17\statistics.com:*:Disabled:Statistics17:com -- (SPSS Inc)
"C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe" = C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Program Files\SPSSInc\Statistics17\statistics.exe" = C:\Program Files\SPSSInc\Statistics17\statistics.exe:*:Disabled:Statistics17:exe -- (SPSS Inc)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0096A731-71DB-4969-AF1A-651698B246A5}" = Sony Ericsson Media Manager 1.1
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{07F58BB0-50D4-4477-B491-A97B2AD059B6}" = TOSHIBA Hotkey Utility
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{61B84435-7A82-4F5C-87EC-1071EC28D72D}" = TOSHIBA Utilities
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F7AC250-4D7D-431D-AC4E-94FB78EA3F8B}" = TOSHIBA Power Saver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO
"{9DB2E18E-2A1F-4D65-A258-9CB446903C3E}" = Amos 17.0
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C02A6D5F-0FE1-46DE-B483-2BD33A226BCF}" = TOSHIBA TouchPad ON/Off Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"a-squared Free_is1" = a-squared Free 4.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon MP190 series User Registration" = Canon MP190 series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WORD" = Microsoft Office Word 2007
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 24/11/2009 14:22:08 | Computer Name = YOUR-2D715D4B37 | Source = Application Hang | ID = 1001
Description = Fault bucket 1567219990.
Error - 24/11/2009 14:22:18 | Computer Name = YOUR-2D715D4B37 | Source = Application Hang | ID = 1002
Description = Hanging application avscan.exe, version 9.0.3.10, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 24/11/2009 16:49:40 | Computer Name = YOUR-2D715D4B37 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 24/11/2009 16:52:56 | Computer Name = YOUR-2D715D4B37 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.
Error - 24/11/2009 17:13:59 | Computer Name = YOUR-2D715D4B37 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 25/11/2009 06:00:59 | Computer Name = YOUR-2D715D4B37 | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 11.0.5721.5145, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 25/11/2009 12:01:19 | Computer Name = YOUR-2D715D4B37 | Source = Application Error | ID = 1005
Description = Windows cannot access the file D:\setup.exe for one of the following
reasons: there is a problem with the network connection, the disk that the file
is stored on, or the storage drivers installed on this computer; or the disk is
missing. Windows closed the program SPSS Statistics because of this error. Program:
SPSS Statistics File: D:\setup.exe The error value is listed in the Additional Data
section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C0000240 Disk type: 5
Error - 25/11/2009 12:01:23 | Computer Name = YOUR-2D715D4B37 | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 17.0.0.202, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000500b6.
Error - 25/11/2009 12:02:18 | Computer Name = YOUR-2D715D4B37 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: An internal certificate chaining error has occurred.
Error - 25/11/2009 14:23:25 | Computer Name = YOUR-2D715D4B37 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ OSession Events ]
Error - 14/11/2009 08:42:58 | Computer Name = YOUR-2D715D4B37 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 24/11/2009 18:14:09 | Computer Name = YOUR-2D715D4B37 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 24/11/2009 18:14:16 | Computer Name = YOUR-2D715D4B37 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 24/11/2009 19:15:18 | Computer Name = YOUR-2D715D4B37 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows CardSpace service
to connect.
Error - 24/11/2009 19:15:18 | Computer Name = YOUR-2D715D4B37 | Source = Service Control Manager | ID = 7000
Description = The Windows CardSpace service failed to start due to the following
error: %%1053
Error - 25/11/2009 05:57:53 | Computer Name = YOUR-2D715D4B37 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 25/11/2009 05:57:59 | Computer Name = YOUR-2D715D4B37 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 25/11/2009 06:00:39 | Computer Name = YOUR-2D715D4B37 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 25/11/2009 06:00:45 | Computer Name = YOUR-2D715D4B37 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 25/11/2009 06:00:52 | Computer Name = YOUR-2D715D4B37 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
Error - 25/11/2009 06:00:58 | Computer Name = YOUR-2D715D4B37 | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.
< End of report >
Sorry read on another topic that it is easier if it is all on one page rather than an attached document. Please find below my RootRepeal report:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/26 09:17
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x99D72000 Size: 819200 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9582E000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: c:\documents and settings\owner\local settings\temp\~df3475.tmp
Status: Allocation size mismatch (API: 49152, Raw: 16384)
Path: c:\documents and settings\owner\local settings\temp\~df3d58.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)
Path: c:\documents and settings\owner\local settings\temp\~df59a.tmp
Status: Allocation size mismatch (API: 540672, Raw: 24576)
Path: c:\documents and settings\owner\local settings\temp\~df669c.tmp
Status: Allocation size mismatch (API: 131072, Raw: 16384)
Path: c:\documents and settings\owner\local settings\temporary internet files\content.ie5\avx7tgal\bind[1].htm
Status: Size mismatch (API: 588, Raw: 515)
SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xa3d6d83e
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xa3d6d834
#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xa3d6d843
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xa3d6d84d
#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xa3d6d852
#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xa3d6d820
#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xa3d6d825
#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xa3d6d85c
#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xa3d6d857
#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xa3d6d848
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xa3d6d82f
==EOF==
Edited by sanscosm, 26 November 2009 - 02:21 PM.
This topic is locked
Back to top
