trojan.win32.buzus.eglu

Hi.

How is your computer running?

Hi

sorry missed page 2 my bad

yes everything seems to be running A ok now appart from google chrome which is got alot of glitches now but im going to uninstall it and download a new one once i have saved bookmarks

Thank you so much for all your help i was drowning in stuff maleware etc

thanks to you all

Tazzy

Hi.

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE.

You now have a clean restore point.

To get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do a calculation of temporary/old files, and then display a dialogue box.
  
• Select the More Options Tab.
  
• At the bottom will be a System Restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done.

========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

============

Service Pack upgrade
Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: Here

=====

Update Programs
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=========

Here are some prevention tips I have provided:

1. Don't download files from untrusted websites or websites that seem suspious.

2. Don't use torrents they are a good way to get lots of malware.

3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

4. Disable autorun XP or Vista/7

5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

6. Don't ever click on the links inside of a popup.

7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

8. Use a Site Advisor so you don't go to sites that will infect you. Mcafee Siteadvisor

9. Also there are many holes and flaws in Internet Explorer I recommend using Firefox 3 to keep you more safe.

10. Always keep your Java and Adobe updated.

11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

12. Always have a Firewall and a Antivirus.

Thanks for choosing GeekPolice, see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information please visit Here

hi there

i wonder if you can still help me. i recently had over 50 infected files on my computer, they were maleware and viruses and Trojons etc

I Had this help on here to clean them and for a few days the computer seemed to be ok but now it has started playing up again and not the same issues.

I have a lot of applications crashing and hanging half way through or not even starting sometimes also when i try using task manager to end task it wont kill the process.
If i want to shutdown with a process still running it wont let me shut down. I have to turn off the computer manually by the button. (which i know is not good)

When i look at the processes that are running sometimes there are 2 of the same process running and i have only opened 1 process - which leads me to the assumption that may have a virus/maleware hiding in the system.

i also have started today to get a pop up telling me there is a trojon in qoobox ?

Can you help please thanks Tazzy

Hi,

Lets start over.

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\*.exe /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.sys
  %systemroot%\system32\drivers\*.dll
  %systemroot%\system32\drivers\*.ini
  %systemroot%\system32\drivers\*.exe
  %SYSTEMDRIVE%\*.*
  %PROGRAMFILES%\*.
  %appdata%\*.*
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  /md5start
  eventlog.dll
  scecli.dll
  netlogon.dll
  cngaudit.dll
  sceclt.dll
  ntelogon.dll
  logevent.dll
  iaStor.sys
  nvstor.sys
  atapi.sys
  IdeChnDr.sys
  viasraid.sys
  AGP440.sys
  vaxscsi.sys
  nvatabus.sys
  viamraid.sys
  nvata.sys
  nvgts.sys
  iastorv.sys
  ViPrt.sys
  eNetHook.dll
  ahcix86.sys
  KR10N.sys
  disk.sys
  nvstor32.sys
  ahcix86s.sys
  nvrd32.sys
  symmpi.sys
  adp3132.sys
  mv61xx.sys
  usbstor.sys
  /md5stop
  CREATERESTOREPOINT
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

Hi
As i read through these log files i notice it said network under stress but it is early hours of the morning here and nothing was running unless in the back ground ie processes that cant be shut down as per this error. so i will shut down the whole computer and re run this again. the sirst 2 log files are without rebooting system just as i use it after a whole day. the last 2 will be immediatly on restart of computer.

OTL logfile created on: 10/09/2010 04:29:42 - Run 1 ...........part 1 as was too big
OTL by OldTimer - Version 3.2.11.0 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.65 Gb Total Space | 11.50 Gb Free Space | 28.30% Space Free | Partition Type: NTFS
Drive D: | 65.87 Gb Total Space | 6.97 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
Drive E: | 581.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 3.73 Gb Total Space | 3.63 Gb Free Space | 97.46% Space Free | Partition Type: FAT32
Drive H: | 970.13 Mb Total Space | 393.44 Mb Free Space | 40.56% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: TANIA-82363
Current User Name: Tania Wood
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/10 04:24:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
PRC - [2010/08/31 11:40:43 | 000,975,928 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/06/29 09:02:55 | 000,551,424 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
PRC - [2009/06/29 09:02:55 | 000,434,176 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
PRC - [2008/12/29 19:47:06 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/11/07 19:26:44 | 001,945,688 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
PRC - [2007/11/07 19:18:28 | 000,148,760 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/11/07 19:14:04 | 001,165,120 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2007/08/24 11:24:00 | 000,174,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
PRC - [2007/05/25 14:13:52 | 000,596,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
PRC - [2007/05/25 14:13:04 | 000,232,360 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
PRC - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
PRC - [2007/05/25 14:12:38 | 000,125,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
PRC - [2007/05/25 14:12:36 | 000,392,048 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
PRC - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
PRC - [2007/05/25 14:08:28 | 000,043,952 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
PRC - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
PRC - [2007/05/25 14:07:58 | 000,319,856 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
PRC - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
PRC - [2007/05/24 13:41:10 | 000,188,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav.exe
PRC - [2007/05/11 10:06:50 | 000,143,360 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2007/04/26 11:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2007/04/18 13:34:40 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2007/04/18 13:34:26 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2007/04/09 23:01:02 | 000,166,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
PRC - [2006/08/07 12:58:10 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/04/11 02:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMESRV31.exe
PRC - [2006/03/06 16:30:04 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMEEJME.exe
PRC - [2005/08/31 14:46:04 | 000,102,400 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.exe
PRC - [2005/08/05 15:54:58 | 000,155,648 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
PRC - [2005/05/17 11:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
PRC - [2005/04/11 11:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/09/10 04:24:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
MOD - [1999/12/07 21:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Texthelp Systems\Read And Write 8\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/10/09 14:47:42 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/06/13 17:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/05/31 17:30:53 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/02/10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)
SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/31 19:58:35 | 006,608,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2010/03/26 00:59:22 | 000,243,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/06/29 09:02:56 | 000,077,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2008/11/22 15:15:24 | 000,051,072 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2008/11/22 15:15:16 | 000,041,184 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys -- (F-Secure HIPS)
DRV - [2008/08/25 13:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 13:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 13:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/07 14:39:21 | 000,400,864 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/12/07 14:39:21 | 000,040,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/12/07 14:39:18 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/08/08 11:12:40 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/05/25 14:09:16 | 000,025,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2007/05/25 14:09:10 | 000,040,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2007/04/05 07:19:20 | 000,546,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/03/30 22:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/03/30 17:19:08 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/03/26 12:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/03/22 13:07:00 | 000,020,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/03/13 03:32:40 | 004,486,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/09 15:23:18 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/03/01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/25 14:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/02/22 19:56:24 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/02/22 15:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/21 18:20:36 | 000,435,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2007/02/19 12:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007/02/15 16:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/01/24 22:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006/11/28 23:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/05/05 18:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 17:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 17:43:38 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/05/05 17:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/06/10 21:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/06/16 11:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/05/09 04:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,FirstHomePage = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {AA1ACB70-B5F1-4037-909E-1F725B04D2A8}:1.7.0.3990
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {5909FC3D-7F8B-415d-A5D1-7C7E941E536E}:2.7.0.4370
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0

FF - HKLM\software\mozilla\Firefox\extensions\\{AA1ACB70-B5F1-4037-909E-1F725B04D2A8}: C:\Program Files\Contextual Content Manager\1.7.0.3990\FF [2010/06/04 13:25:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{5909FC3D-7F8B-415d-A5D1-7C7E941E536E}: C:\Program Files\Textual Content Enhancer\2.7.0.4370\FF [2010/06/04 13:26:00 | 000,000,000 | ---D | M]

[2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions
[2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/09/06 03:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions
[2009/09/03 15:34:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/08 18:21:43 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/09/29 12:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\foxmarks@kei.com
[2009/09/29 12:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\isreaditlater@ideashower.com
[2009/09/29 12:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\smarterwiki@wikiatic.com
[2010/09/05 03:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 14:58:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/11/11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2010/09/06 03:43:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (txthlpBHO Class) - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\Program Files\Texthelp Systems\Read And Write 8\texthelpbho.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tania Wood\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192731469078 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192731515546 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\TosBtNP: DllName - TosBtNP.dll - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O24 - Desktop WallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/30 10:22:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/03/10 01:34:10 | 000,022,528 | R--- | M] () - E:\AutoRunLauncher.exe -- [ CDFS ]
O32 - AutoRun File - [2004/03/10 01:34:10 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)



Last edited by Tazzy on 10th September 2010, 4:05 am; edited 1 time in total

OTL logfile created on: 10/09/2010 04:29:42 - Run 1 .......Part 2 as was too big

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/07 00:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Phoenix Viewer
[2010/09/07 00:21:39 | 000,567,680 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Desktop\ChromeSetup.exe
[2010/09/06 23:59:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010/09/06 23:59:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/09/06 23:59:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/09/06 23:59:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/06 22:05:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tania Wood\Recent
[2010/09/06 03:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/09/05 22:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/09/05 22:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/09/05 21:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2010/09/05 17:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Application Data\Uniblue
[2010/09/05 04:35:38 | 000,000,000 | ---D | C] -- C:\d2bf15400392b349be9432
[2010/09/05 04:25:27 | 048,643,144 | ---- | C] ( ) -- C:\Documents and Settings\Tania Wood\Desktop\AppFix.exe
[2010/09/05 03:57:14 | 003,427,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Tania Wood\Desktop\ccsetup235.exe
[2010/09/05 03:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\SecondLife
[2010/09/05 02:31:31 | 049,718,955 | ---- | C] (PhoenixViewer.com ) -- C:\Documents and Settings\Tania Wood\Desktop\Phoenix_Viewer_1.5.0.1.exe
[2010/08/19 19:31:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/08/19 18:50:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/19 16:44:05 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/08/19 16:02:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/19 15:53:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/19 15:27:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/16 14:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Desktop\basic
[2010/08/12 17:35:37 | 000,026,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlinst.exe
[2010/08/12 17:35:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/08/12 17:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[1996/11/18 22:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/10 01:41:38 | 000,002,342 | ---- | M] () -- C:\error.htm
[2010/09/10 01:32:23 | 000,000,230 | ---- | M] () -- C:\infect.htm
[2010/09/10 01:00:55 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/09/10 00:27:00 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
[2010/09/09 23:34:59 | 000,195,441 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wave at verandas.jpg
[2010/09/09 23:34:55 | 000,181,145 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\at verandas.jpg
[2010/09/09 23:34:48 | 000,208,459 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\team at trapp.jpg
[2010/09/09 23:34:46 | 000,141,051 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\jump.jpg
[2010/09/09 20:17:40 | 000,150,424 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\beach.JPG
[2010/09/09 13:09:22 | 000,016,304 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry comp.JPG
[2010/09/09 05:34:30 | 000,108,265 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry loves us all.jpg
[2010/09/09 05:24:47 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ22.png
[2010/09/09 05:24:36 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS602.png
[2010/09/09 05:24:25 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS601.png
[2010/09/09 05:24:05 | 000,114,401 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\great team.jpg
[2010/09/09 05:23:49 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ21.png
[2010/09/09 05:22:26 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS60.png
[2010/09/09 05:22:04 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ2.png
[2010/09/09 05:22:02 | 000,099,645 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\the wall.jpg
[2010/09/09 05:20:25 | 000,774,881 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\mary's 2.PNG
[2010/09/09 05:17:33 | 000,095,097 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\come ave a piccy.JPG
[2010/09/09 05:16:40 | 000,179,631 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 1.jpg
[2010/09/09 05:16:05 | 000,248,340 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 2.jpg
[2010/09/09 05:12:38 | 000,171,720 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down1.jpg
[2010/09/09 05:11:35 | 000,151,179 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\woot love ya.JPG
[2010/09/09 05:09:26 | 000,235,398 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down 2.jpg
[2010/09/09 05:07:46 | 000,639,718 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\ahhhhh 3.png
[2010/09/09 05:07:41 | 000,171,720 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down.jpg
[2010/09/09 05:06:13 | 000,110,093 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\last ones standing.JPG
[2010/09/08 20:26:56 | 000,174,149 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\tree.JPG
[2010/09/08 20:26:41 | 000,198,562 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fireworks.JPG
[2010/09/08 20:26:25 | 000,174,195 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\hill.JPG
[2010/09/08 04:25:29 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2007.lnk
[2010/09/08 03:27:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
[2010/09/07 22:36:57 | 000,085,064 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/07 21:57:41 | 000,125,640 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\swan.JPG
[2010/09/07 21:56:30 | 000,140,030 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy 2.JPG
[2010/09/07 21:54:01 | 000,139,431 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\landscape.JPG
[2010/09/07 21:52:57 | 000,139,783 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy.JPG
[2010/09/07 21:52:41 | 000,135,536 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lady2.JPG
[2010/09/07 21:52:26 | 000,139,929 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lady.JPG
[2010/09/07 00:45:12 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Phoenix Viewer.lnk
[2010/09/07 00:42:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/07 00:22:34 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Google Chrome.lnk
[2010/09/07 00:22:34 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/07 00:21:47 | 000,567,680 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Desktop\ChromeSetup.exe
[2010/09/07 00:18:15 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/09/07 00:18:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/07 00:16:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/07 00:16:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/07 00:14:38 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\Tania Wood\NTUSER.DAT
[2010/09/07 00:14:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tania Wood\ntuser.ini
[2010/09/07 00:10:42 | 000,625,550 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/07 00:10:42 | 000,533,818 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/07 00:10:42 | 000,099,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/07 00:00:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/06 22:55:31 | 000,332,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/06 22:07:02 | 000,004,868 | ---- | M] () -- D:\My Documents\cc_20100906_220659.reg
[2010/09/06 20:34:11 | 140,309,118 | ---- | M] () -- D:\My Documents\regbackup.reg
[2010/09/06 06:26:36 | 000,122,532 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\JENEDY~1.JPG
[2010/09/06 06:25:32 | 000,011,803 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\41RT83VEX2L__SL500_AA300_.jpg
[2010/09/06 03:59:54 | 000,030,226 | ---- | M] () -- D:\My Documents\cc_20100906_035949.reg
[2010/09/06 03:43:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/06 03:37:02 | 000,511,968 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\sdsetup.exe
[2010/09/05 21:44:04 | 142,646,658 | ---- | M] () -- D:\My Documents\EFRbackup.reg
[2010/09/05 21:39:08 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Eusing Free Registry Cleaner.lnk
[2010/09/05 21:38:57 | 000,963,827 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\EFRCSetup.exe
[2010/09/05 17:47:57 | 000,001,352 | ---- | M] () -- D:\My Documents\cc_20100905_174753.reg
[2010/09/05 10:36:50 | 000,000,745 | ---- | M] () -- D:\My Documents\xp_exe_fix.zip
[2010/09/05 04:29:38 | 048,643,144 | ---- | M] ( ) -- C:\Documents and Settings\Tania Wood\Desktop\AppFix.exe
[2010/09/05 04:00:14 | 000,050,426 | ---- | M] () -- D:\My Documents\cc_20100905_040004.reg
[2010/09/05 03:59:32 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\CCleaner.lnk
[2010/09/05 03:57:21 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Tania Wood\Desktop\ccsetup235.exe
[2010/09/05 03:14:14 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/05 02:31:40 | 049,718,955 | ---- | M] (PhoenixViewer.com ) -- C:\Documents and Settings\Tania Wood\Desktop\Phoenix_Viewer_1.5.0.1.exe
[2010/09/05 02:29:24 | 000,700,144 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Second_Life_Setup.exe
[2010/09/03 04:03:06 | 000,173,835 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting to try.JPG
[2010/09/03 04:02:49 | 000,156,056 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\chery.JPG
[2010/09/03 03:48:51 | 000,160,887 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wicked.JPG
[2010/09/03 03:46:40 | 000,149,804 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rosestem.JPG
[2010/09/03 03:36:25 | 000,158,863 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\flower.JPG
[2010/09/03 03:31:18 | 000,139,443 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\purple storm.JPG
[2010/09/03 03:26:18 | 000,146,335 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\snakes eyes.JPG
[2010/09/03 03:25:47 | 000,152,181 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cards.JPG
[2010/09/03 03:24:03 | 000,138,825 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\vicks rose mwhahahah.JPG
[2010/09/02 06:54:18 | 000,142,799 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cove.JPG
[2010/09/02 06:53:46 | 000,162,927 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\blue rose.JPG
[2010/09/01 19:45:51 | 000,146,913 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\phoenix.jpg
[2010/09/01 15:51:56 | 000,025,808 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\invisible1.JPG
[2010/08/28 19:14:07 | 000,156,575 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wow.JPG
[2010/08/27 22:19:51 | 000,016,649 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\droplet-on-a-rose.jpg
[2010/08/27 06:44:58 | 000,188,091 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting.JPG
[2010/08/27 06:37:49 | 000,157,842 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\hoofy.JPG
[2010/08/26 06:16:40 | 000,112,869 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rose.JPG
[2010/08/25 20:18:45 | 000,146,069 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\orange sun.JPG
[2010/08/25 07:53:42 | 000,164,363 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\towers.JPG
[2010/08/25 02:08:54 | 000,182,647 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lighthouse.JPG
[2010/08/25 02:08:04 | 000,175,308 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\ocean.JPG
[2010/08/24 17:10:59 | 000,149,811 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\eeeeeeeeeeeeee.JPG
[2010/08/23 19:25:13 | 000,078,868 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\bboik.html
[2010/08/23 15:06:46 | 000,177,606 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rollingsea.JPG
[2010/08/23 15:04:55 | 000,151,841 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\sundown.JPG
[2010/08/23 14:49:35 | 000,168,380 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\romance.JPG
[2010/08/23 14:48:34 | 000,152,632 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\apples.JPG
[2010/08/23 14:25:51 | 000,152,149 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\mystical lights.JPG
[2010/08/23 14:19:14 | 000,147,404 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\footprints.JPG
[2010/08/23 06:34:38 | 000,153,601 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\tez.JPG
[2010/08/23 06:30:40 | 000,192,308 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\untitled.JPG
[2010/08/19 19:19:43 | 000,000,774 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/19 19:19:43 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2010/08/19 19:19:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/19 18:57:00 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\avira_antivir_personal_en.exe
[2010/08/19 15:19:57 | 000,000,226 | ---- | M] () -- C:\Boot.bak
[2010/08/19 12:46:30 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Open F-Secure Internet Security 2008 OEM.lnk
[2010/08/12 17:45:01 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Ubisoft Product Registration.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/10 00:59:41 | 000,002,342 | ---- | C] () -- C:\error.htm
[2010/09/10 00:59:41 | 000,000,230 | ---- | C] () -- C:\infect.htm
[2010/09/09 23:34:50 | 000,195,441 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wave at verandas.jpg
[2010/09/09 23:34:47 | 000,181,145 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\at verandas.jpg
[2010/09/09 23:34:44 | 000,208,459 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\team at trapp.jpg
[2010/09/09 23:34:34 | 000,141,051 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\jump.jpg
[2010/09/09 20:17:40 | 000,150,424 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\beach.JPG
[2010/09/09 13:09:22 | 000,016,304 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry comp.JPG
[2010/09/09 05:34:30 | 000,108,265 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry loves us all.jpg
[2010/09/09 05:24:35 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ22.png
[2010/09/09 05:24:24 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS602.png
[2010/09/09 05:24:15 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS601.png
[2010/09/09 05:24:04 | 000,114,401 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\great team.jpg
[2010/09/09 05:23:34 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ21.png
[2010/09/09 05:22:06 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS60.png
[2010/09/09 05:21:58 | 000,099,645 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\the wall.jpg
[2010/09/09 05:21:49 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ2.png
[2010/09/09 05:17:33 | 000,095,097 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\come ave a piccy.JPG
[2010/09/09 05:15:36 | 000,179,631 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 1.jpg
[2010/09/09 05:14:45 | 000,774,881 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\mary's 2.PNG
[2010/09/09 05:13:15 | 000,248,340 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 2.jpg
[2010/09/09 05:12:33 | 000,171,720 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down1.jpg
[2010/09/09 05:11:28 | 000,151,179 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\woot love ya.JPG
[2010/09/09 05:09:17 | 000,235,398 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down 2.jpg
[2010/09/09 05:07:37 | 000,171,720 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down.jpg
[2010/09/09 05:07:28 | 000,639,718 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\ahhhhh 3.png
[2010/09/09 05:06:13 | 000,110,093 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\last ones standing.JPG
[2010/09/08 20:26:56 | 000,174,149 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\tree.JPG
[2010/09/08 20:26:41 | 000,198,562 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fireworks.JPG
[2010/09/08 20:26:25 | 000,174,195 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\hill.JPG
[2010/09/07 21:57:41 | 000,125,640 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\swan.JPG
[2010/09/07 21:56:30 | 000,140,030 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy 2.JPG
[2010/09/07 21:54:01 | 000,139,431 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\landscape.JPG
[2010/09/07 21:52:57 | 000,139,783 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy.JPG
[2010/09/07 21:52:41 | 000,135,536 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lady2.JPG
[2010/09/07 21:52:26 | 000,139,929 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lady.JPG
[2010/09/07 00:45:12 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Phoenix Viewer.lnk
[2010/09/07 00:22:34 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Google Chrome.lnk
[2010/09/07 00:22:34 | 000,002,301 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/07 00:22:01 | 000,000,996 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
[2010/09/07 00:22:01 | 000,000,944 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
[2010/09/06 23:58:41 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/09/06 22:07:00 | 000,004,868 | ---- | C] () -- D:\My Documents\cc_20100906_220659.reg
[2010/09/06 20:33:50 | 140,309,118 | ---- | C] () -- D:\My Documents\regbackup.reg
[2010/09/06 06:26:44 | 000,122,532 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\JENEDY~1.JPG
[2010/09/06 06:25:46 | 000,011,803 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\41RT83VEX2L__SL500_AA300_.jpg
[2010/09/06 03:59:52 | 000,030,226 | ---- | C] () -- D:\My Documents\cc_20100906_035949.reg
[2010/09/06 03:31:07 | 000,511,968 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\sdsetup.exe
[2010/09/05 21:43:48 | 142,646,658 | ---- | C] () -- D:\My Documents\EFRbackup.reg
[2010/09/05 21:39:08 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Eusing Free Registry Cleaner.lnk
[2010/09/05 21:33:36 | 000,963,827 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\EFRCSetup.exe
[2010/09/05 18:34:42 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2010/09/05 17:47:55 | 000,001,352 | ---- | C] () -- D:\My Documents\cc_20100905_174753.reg
[2010/09/05 10:36:47 | 000,000,745 | ---- | C] () -- D:\My Documents\xp_exe_fix.zip
[2010/09/05 04:00:08 | 000,050,426 | ---- | C] () -- D:\My Documents\cc_20100905_040004.reg
[2010/09/05 02:29:16 | 000,700,144 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Second_Life_Setup.exe
[2010/09/03 04:03:06 | 000,173,835 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting to try.JPG
[2010/09/03 04:02:49 | 000,156,056 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\chery.JPG
[2010/09/03 03:48:51 | 000,160,887 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wicked.JPG
[2010/09/03 03:46:40 | 000,149,804 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rosestem.JPG
[2010/09/03 03:36:25 | 000,158,863 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\flower.JPG
[2010/09/03 03:31:18 | 000,139,443 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\purple storm.JPG
[2010/09/03 03:26:18 | 000,146,335 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\snakes eyes.JPG
[2010/09/03 03:25:47 | 000,152,181 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cards.JPG
[2010/09/03 03:24:03 | 000,138,825 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\vicks rose mwhahahah.JPG
[2010/09/02 06:54:18 | 000,142,799 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cove.JPG
[2010/09/02 06:53:46 | 000,162,927 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\blue rose.JPG
[2010/09/01 19:45:55 | 000,146,913 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\phoenix.jpg
[2010/09/01 15:51:55 | 000,025,808 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\invisible1.JPG
[2010/08/28 19:14:07 | 000,156,575 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wow.JPG
[2010/08/27 22:20:04 | 000,016,649 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\droplet-on-a-rose.jpg
[2010/08/27 06:44:56 | 000,188,091 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting.JPG
[2010/08/27 06:37:49 | 000,157,842 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\hoofy.JPG
[2010/08/26 06:16:40 | 000,112,869 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rose.JPG
[2010/08/25 20:18:45 | 000,146,069 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\orange sun.JPG
[2010/08/25 07:53:42 | 000,164,363 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\towers.JPG
[2010/08/25 02:08:53 | 000,182,647 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lighthouse.JPG
[2010/08/25 02:08:04 | 000,175,308 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\ocean.JPG
[2010/08/24 17:10:59 | 000,149,811 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\eeeeeeeeeeeeee.JPG
[2010/08/23 19:25:12 | 000,078,868 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\bboik.html
[2010/08/23 15:06:46 | 000,177,606 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rollingsea.JPG
[2010/08/23 15:04:55 | 000,151,841 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\sundown.JPG
[2010/08/23 14:49:35 | 000,168,380 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\romance.JPG
[2010/08/23 14:48:34 | 000,152,632 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\apples.JPG
[2010/08/23 14:25:51 | 000,152,149 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\mystical lights.JPG
[2010/08/23 14:19:14 | 000,147,404 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\footprints.JPG
[2010/08/23 06:34:37 | 000,153,601 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\tez.JPG
[2010/08/23 06:30:39 | 000,192,308 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\untitled.JPG
[2010/08/21 01:03:18 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/08/19 19:10:08 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\avira_antivir_personal_en.exe
[2010/08/19 16:02:36 | 000,000,226 | ---- | C] () -- C:\Boot.bak
[2010/08/19 16:02:32 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/19 15:53:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/19 15:53:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/19 13:17:49 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Open F-Secure Internet Security 2008 OEM.lnk
[2010/08/16 15:00:36 | 000,006,421 | ---- | C] () -- C:\Documents and Settings\Tania Wood\resetlog.txt
[2010/08/12 17:45:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Ubisoft Product Registration.lnk
[2010/08/12 17:35:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010/08/12 17:35:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010/08/12 17:35:38 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\comdlg32.oca
[2010/08/12 17:35:37 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\MSINET.oca
[2010/02/21 05:59:33 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Application Data\Smiley.ico
[2010/01/19 12:49:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2009/12/14 18:14:17 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/01 19:42:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/04/18 00:42:23 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2009/02/15 01:02:38 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\fusioncache.dat
[2009/01/19 18:40:54 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/22 20:17:31 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\setup.txt
[2007/12/07 13:40:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/09 11:49:09 | 000,000,440 | ---- | C] () -- C:\WINDOWS\yahoo.ini
[2007/06/01 09:29:31 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2007/05/31 16:04:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/05/31 16:04:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/05/31 16:04:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/05/31 16:04:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/05/30 16:26:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2007/05/30 14:00:12 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2007/05/30 14:00:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2007/05/30 14:00:12 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2007/05/30 14:00:12 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2007/05/30 12:44:07 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/30 12:44:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007/05/30 11:20:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/30 10:25:22 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2007/05/30 09:13:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2007/05/30 09:13:37 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[1998/05/31 00:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/11/18 22:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 22:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 22:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 22:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/05/30 11:17:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/05/30 11:17:56 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/05/30 11:17:56 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 13:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 13:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 13:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 13:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 13:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 13:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 13:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 13:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 13:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 13:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 13:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 19:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/23 14:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 01:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 01:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 01:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 01:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 01:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 01:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 01:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 01:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 01:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 01:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 01:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 01:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 01:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 01:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 01:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2007/05/30 10:22:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/19 15:19:57 | 000,000,226 | ---- | M] () -- C:\Boot.bak
[2010/08/19 19:19:43 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2007/05/30 10:22:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/02 15:27:07 | 000,005,619 | ---- | M] () -- C:\debug.txt
[2010/09/10 01:41:38 | 000,002,342 | ---- | M] () -- C:\error.htm
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/09/10 01:32:23 | 000,000,230 | ---- | M] () -- C:\infect.htm
[2009/02/15 02:23:56 | 000,000,164 | ---- | M] () -- C:\install.dat
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2007/05/30 10:22:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/05/30 10:22:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/01 02:25:13 | 000,000,439 | ---- | M] () -- C:\nsinst.log
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/26 04:09:02 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/07 00:15:57 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/06/11 16:59:32 | 000,000,706 | -H-- | M] () -- C:\SWSTAMP.TXT
[2010/07/20 19:16:13 | 000,237,568 | -H-- | M] () -- C:\SZKGFS.dat
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %PROGRAMFILES%\*. >
[2007/12/07 14:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2007/08/09 18:55:33 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/09/05 17:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/06/11 15:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
[2007/08/09 18:56:05 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros
[2009/09/03 20:39:27 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/02/09 15:38:47 | 000,000,000 | ---D | M] -- C:\Program Files\Babylon
[2010/09/06 03:45:37 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
[2009/12/26 21:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/12/25 18:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\BQNITW
[2008/12/07 21:30:40 | 000,000,000 | ---D | M] -- C:\Program Files\Bullzip
[2009/02/19 11:39:19 | 000,000,000 | ---D | M] -- C:\Program Files\Business Objects
[2007/12/07 20:53:03 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2010/09/05 03:57:36 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/02/15 20:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\CDBurnerXP
[2009/02/19 11:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\CE Remote Tools
[2010/09/05 17:46:47 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/05/30 10:20:49 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/04 13:24:43 | 000,000,000 | ---D | M] -- C:\Program Files\Computerized Content Operator
[2010/06/04 13:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Contextual Content Manager
[2010/06/04 13:25:04 | 000,000,000 | ---D | M] -- C:\Program Files\Customized Platform Services
[2008/11/22 15:49:54 | 000,000,000 | ---D | M] -- C:\Program Files\EditPlus 3
[2009/05/04 11:43:47 | 000,000,000 | ---D | M] -- C:\Program Files\Effexis Software
[2009/06/17 20:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/03/31 03:08:36 | 000,000,000 | ---D | M] -- C:\Program Files\Entriq
[2010/09/05 21:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\Eusing Free Registry Cleaner
[2009/06/29 09:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\F-Secure Internet Security
[2009/02/15 02:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/04/27 19:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2009/03/31 23:55:07 | 000,000,000 | ---D | M] -- C:\Program Files\Gamenext
[2009/03/31 22:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\GamesBar
[2009/02/18 16:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\glassfish-v2ur2
[2010/09/06 03:16:20 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/05/04 17:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\HandyGamez Toolbar
[2009/02/19 11:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
[2009/07/25 09:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\Huawei Modems
[2010/09/06 03:14:39 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/09/05 18:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/09/07 00:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/06/11 15:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/09/06 03:26:17 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/08/19 19:39:57 | 000,000,000 | ---D | M] -- C:\Program Files\iWin Games
[2010/05/04 17:36:36 | 000,000,000 | ---D | M] -- C:\Program Files\iWin.com
[2010/09/06 23:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/03/31 03:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\Kontiki
[2007/08/09 18:58:44 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2008/11/26 04:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/09/06 23:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/10/18 19:29:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/02/19 11:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Device Emulator
[2007/08/09 18:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/02/15 02:13:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/18 03:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/02/19 11:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2010/09/05 02:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/06/11 15:39:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/03/15 22:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/19 11:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2009/02/19 11:39:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/02/19 11:09:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Web Designer Tools
[2009/11/04 04:05:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/06/17 19:50:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2010/09/07 00:03:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/02/15 02:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/08/11 03:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/09/05 03:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/02/19 11:17:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/12/07 20:56:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/03/26 20:46:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/08/09 19:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/05/30 10:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/08/09 14:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/09/05 22:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\myBabylon_English
[2009/06/01 17:54:26 | 000,000,000 | ---D | M] -- C:\Program Files\NetBeans 6.1
[2009/02/18 03:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\NetBeans 6.5
[2008/11/26 04:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/05/04 17:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2007/12/07 13:40:45 | 000,000,000 | ---D | M] -- C:\Program Files\Olympus
[2007/08/09 19:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/13 03:03:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/09/07 00:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\Phoenix Viewer
[2009/06/05 19:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2007/06/11 15:39:42 | 000,000,000 | ---D | M] -- C:\Program Files\Protector Suite QL
[2007/12/07 13:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\QuickLink Desktop
[2010/09/06 23:45:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/08/09 19:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2007/08/09 14:22:29 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/02 00:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2008/12/29 19:44:07 | 000,000,000 | ---D | M] -- C:\Program Files\Retrospect
[2007/12/07 13:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\Scansoft
[2009/02/15 02:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/09/05 22:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\Security Task Manager
[2010/06/24 12:51:28 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/05/04 12:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 2009
[2009/07/04 17:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/06 05:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2009/08/13 13:13:11 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2009/08/14 12:27:48 | 000,000,000 | ---D | M] -- C:\Program Files\SwiftKit
[2010/09/05 18:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2007/12/07 13:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\Texthelp Systems
[2010/06/04 13:26:00 | 000,000,000 | ---D | M] -- C:\Program Files\Textual Content Enhancer
[2009/09/08 03:53:59 | 000,000,000 | ---D | M] -- C:\Program Files\The Budgerigar Program 2006
[2007/08/09 11:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2010/08/12 17:35:35 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2009/02/15 00:07:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/12/29 00:19:16 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/04/23 12:32:40 | 000,000,000 | ---D | M] -- C:\Program Files\VirginMedia
[2010/06/04 13:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Web Content Searcher
[2009/06/05 19:26:59 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2008/12/29 19:42:40 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2009/06/11 03:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/11/18 03:13:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/15 22:54:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2007/08/09 14:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/11/26 04:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/02/19 11:34:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2008/11/26 04:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/05/30 10:21:27 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/12/05 17:42:12 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2007/08/09 19:02:31 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/02/15 04:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/08/02 15:27:07 | 000,000,000 | ---D | M] -- C:\Program Files\ZTE_1.2059.0.8
[2010/05/04 17:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\Zylom Games

< %appdata%\*.* >
[2007/05/30 11:18:48 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\desktop.ini
[2009/11/04 12:49:48 | 000,076,407 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Smiley.ico


< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:disk.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2006/05/05 17:50:50 | 000,023,552 | ---- | M] (UPEK Inc.) MD5=885972DF728A6C0600C0133DCF7CDD78 -- C:\Program Files\Protector Suite QL\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 13:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\TOSAPINS\Intel Matrix Storage Manager\Inf Setup\iastor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\OemDir\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbstor.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\i386\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-03 02:01:42

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FEDA220
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79108DDD
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EB5B3D3
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4B264B5
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:755BD5CD
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA37E1F6
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCE8F703
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9B2111D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:362B7440
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBFD4E6F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29058F8B
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BD41AB7
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F8DACDA
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CD3B6D1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C462DAE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C8FE79B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67518200
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A61A6FCC
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFD52482
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB3AF287
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30ECA2C2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB2BD38
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D66B5EAE
< End of report >

OTL Extras logfile created on: 10/09/2010 04:29:42 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.65 Gb Total Space | 11.50 Gb Free Space | 28.30% Space Free | Partition Type: NTFS
Drive D: | 65.87 Gb Total Space | 6.97 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
Drive E: | 581.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 3.73 Gb Total Space | 3.63 Gb Free Space | 97.46% Space Free | Partition Type: FAT32
Drive H: | 970.13 Mb Total Space | 393.44 Mb Free Space | 40.56% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: TANIA-82363
Current User Name: Tania Wood
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"50000:TCP" = 50000:TCP:*:Enabled:BitComet 50000 TCP
"50000:UDP" = 50000:UDP:*:Enabled:BitComet 50000 UDP
"7375:TCP" = 7375:TCP:*:Enabled:BitComet 7375 TCP
"7375:UDP" = 7375:UDP:*:Enabled:BitComet 7375 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe -- File not found
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- File not found
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- ()
"C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe" = C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe:*:Enabled:3Connect -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0577A2AA-DEA0-4D40-8372-4211102D43E4}" = TOSHIBA Mic Effect
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Security Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2254E64C-D2B1-4478-BD7E-37457D09FF39}" = QuickLink Desktop
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24300A63-DD78-4AA5-A914-4D582C41D33A}" = TOSHIBA TouchPad On/Off Utility V2.5.1.0
"{26DB09BC-6EB5-4CE0-A05D-D4DECE60E189}_is1" = Phoenix Viewer 1.5.0.1
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AAA1310-1A77-472d-A7D2-A5E55B00EF8E}" = Intel(R) Network Connections 15.5.74.0
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B8D9FA4-745C-47C9-962D-4ABE6ACE136B}" = TOSHIBA Mobile Extension3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{4323A3CF-D66F-46BC-AD16-B94D7BF05CF1}" = TOSHIBA Dual Pointing Device Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C2E5A82-DA8B-4c72-91A6-EBB4E0463537}_is1" = V Stuff Backup v1.6.2.16478
"{503C0372-6161-4B3E-B4A6-AC0A15C44CBC}" = PL-2303 USB-to-Serial
"{50AD75E8-547E-4998-8C06-BF5CEEF30813}" = Acronis True Image
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"{5D652EC3-8AC0-41E7-B337-162BC7B01148}" = Retrospect Express HD 2.0
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4
"{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}" = Olympus DSS Player
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey
"{79756522-09EE-4CD9-9B66-308E7A8954C0}" = The Best Quiz Night In The World
"{7B569268-AB31-4156-BAA7-1330C6227217}" = Sequence Diagram Editor
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A10DA03B-9048-48B4-00A2-A71153C3F886}" = The Sims™ Pet Stories
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A59BB15D-51B7-F12B-4548-8C0368243441}" = EA Download Manager UI
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB9EBE84-1EA9-3053-8E3C-13BE147B36E2}" = Native x86 Runtime for Visual C++ 2008 Feature Pack (v.9.0.30411)
"{CB9EBE84-1EA9-3053-8E3C-13BE147B36E2}.vc_x86runtime_30411_00" = Visual C++ 2008 Feature Pack - x86 - v9.0.30411.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EFE9ACA6-6056-40CD-8325-0E0BE2CB622B}" = Read And Write 8.1 Gold
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FC4C645F-8EBC-4F1E-A517-D1505B43A374}" = TOSHIBA Wireless Key Logon
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.702
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Demand Five Player_is1" = Demand Five Player
"EA Download Manager" = EA Download Manager
"EditPlus 3" = EditPlus 3
"Entriq MediaSphere_is1" = Uninstall Entriq MediaSphere
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FileZilla Client" = FileZilla Client 3.2.4
"F-Secure Product 444" = F-Secure Internet Security 2008 OEM
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.63
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Huawei Modems" = Huawei Modems
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities
"InstallShield_{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}" = TOSHIBA Power Saver
"InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MSNINST" = MSN
"nbi-glassfish-2.0.2.4.20080515" = GlassFish V2 UR2
"nbi-nb-base-6.1.0.1.200805300101" = NetBeans IDE 6.1
"Security Task Manager" = Security Task Manager 1.7h
"Spyware Doctor" = Spyware Doctor 6.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ST6UNST #1" = The Budgerigar Program 2006
"STANDARDR" = Microsoft Office Standard 2007
"SwiftKit" = SwiftKit
"SystemRequirementsLab" = System Requirements Lab
"TDspBtn" = TOSHIBA Display Devices Change Utility
"TFNF5" = TOSHIBA Hotkey Utility for Display Devices
"TME" = Uninstall for TOSHIBA Mobile Extension3
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"SmartDraw 2009" = SmartDraw 2009
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/09/2010 20:46:53 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 6 2010-09-10 01:46:52+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
due to exceeded scanning time limit. The file may be in use or reading it was too
slow (e.g. network connection was under stress).

Error - 09/09/2010 21:17:27 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 7 2010-09-10 02:17:27+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000E61
was aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 09/09/2010 21:36:25 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 8 2010-09-10 02:36:23+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
due to exceeded scanning time limit. The file may be in use or reading it was too
slow (e.g. network connection was under stress).

Error - 09/09/2010 22:07:56 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 9 2010-09-10 03:07:55+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\PROGRAM
FILES\F-SECURE INTERNET SECURITY\FSAUA\SUBSCRIPTIONS\AVH_AVPE was aborted due to
exceeded scanning time limit. The file may be in use or reading it was too slow
(e.g. network connection was under stress).

Error - 09/09/2010 22:33:19 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 10 2010-09-10 03:33:18+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
due to exceeded scanning time limit. The file may be in use or reading it was too
slow (e.g. network connection was under stress).

Error - 09/09/2010 22:39:40 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 11 2010-09-10 03:39:39+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UCDGWWDE\CONTENT.SMALLWORLDS.COM\SMALLWORLDS_LOGIN_DATA.SXX
was aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 09/09/2010 22:57:23 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 12 2010-09-10 03:57:22+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\APPLICATION DATA\SKYPE\CHERRY.AID\MAIN.DB-JOURNAL was aborted
due to exceeded scanning time limit. The file may be in use or reading it was too
slow (e.g. network connection was under stress).

Error - 09/09/2010 23:27:48 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 13 2010-09-10 04:27:46+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Scanning of \DEVICE\HARDDISKVOLUME1\DOCUMENTS
AND SETTINGS\TANIA WOOD\DESKTOP\.LNK was aborted due to exceeded scanning time
limit. The file may be in use or reading it was too slow (e.g. network connection
was under stress).

Error - 09/09/2010 23:37:31 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 14 2010-09-10 04:37:30+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Malicious code found in file C:\WINDOWS\system32\f3PSSavr.0cr.
Infection: Adware:W32/MyWebSearch.H

Error - 09/09/2010 23:41:38 | Computer Name = TANIA-82363 | Source = Message from F-Secure Anti-Virus on | ID = 103
Description = 15 2010-09-10 04:41:38+01:00 tania-82363 TANIA-82363\Tania Wood
Message from F-Secure Anti-Virus on Malicious code found in file C:\WINDOWS\system32\f3PSSavr.0cr.
Infection: Adware:W32/MyWebSearch.H

[ OSession Events ]
Error - 18/06/2009 06:54:33 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/06/2009 06:54:51 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/06/2009 06:55:01 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19/10/2009 18:54:22 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 88
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19/10/2009 18:54:45 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/04/2010 06:41:39 | Computer Name = TANIA-82363 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06/09/2010 17:55:35 | Computer Name = TANIA-82363 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 001C7E49D31E has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 06/09/2010 17:55:57 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 06/09/2010 17:56:00 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7024
Description = The Windows Search service terminated with service-specific error
2147749155 (0x80040D23).

Error - 06/09/2010 17:57:38 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.

Error - 06/09/2010 17:57:39 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 06/09/2010 19:16:01 | Computer Name = TANIA-82363 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.100 for the Network Card with network
address 001C7E49D31E has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 06/09/2010 19:16:24 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 06/09/2010 19:18:05 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7022
Description = The SQL Server VSS Writer service hung on starting.

Error - 06/09/2010 19:18:07 | Computer Name = TANIA-82363 | Source = Service Control Manager | ID = 7034
Description = The SQL Server VSS Writer service terminated unexpectedly. It has
done this 1 time(s).

Error - 09/09/2010 20:30:37 | Computer Name = TANIA-82363 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_FSBL\0000 disappeared from the system without
first being prepared for removal.


< End of report >

OTL logfile created on: 10/09/2010 05:17:01 - Run 2 ....part 1
OTL by OldTimer - Version 3.2.11.0 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.65 Gb Total Space | 11.46 Gb Free Space | 28.20% Space Free | Partition Type: NTFS
Drive D: | 65.87 Gb Total Space | 6.97 Gb Free Space | 10.59% Space Free | Partition Type: NTFS
Drive E: | 581.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 3.73 Gb Total Space | 3.63 Gb Free Space | 97.46% Space Free | Partition Type: FAT32
Drive H: | 970.13 Mb Total Space | 393.44 Mb Free Space | 40.56% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: TANIA-82363
Current User Name: Tania Wood
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/10 04:24:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
PRC - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/06/29 09:02:55 | 000,551,424 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
PRC - [2009/06/29 09:02:55 | 000,434,176 | ---- | M] (F-Secure Corp.) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
PRC - [2008/12/29 19:47:06 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/11/07 19:26:44 | 001,945,688 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
PRC - [2007/11/07 19:18:28 | 000,148,760 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/11/07 19:14:04 | 001,165,120 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2007/08/24 11:24:00 | 000,174,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
PRC - [2007/05/25 14:13:52 | 000,596,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
PRC - [2007/05/25 14:13:04 | 000,232,360 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
PRC - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
PRC - [2007/05/25 14:12:38 | 000,125,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
PRC - [2007/05/25 14:12:36 | 000,392,048 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
PRC - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
PRC - [2007/05/25 14:08:28 | 000,043,952 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
PRC - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
PRC - [2007/05/25 14:07:58 | 000,319,856 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
PRC - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
PRC - [2007/05/11 10:06:50 | 000,143,360 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2007/04/26 11:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2007/04/18 13:34:40 | 000,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2007/04/18 13:34:26 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2007/04/09 23:01:02 | 000,166,680 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\ThpSrv.exe
PRC - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
PRC - [2006/08/07 12:58:10 | 000,253,952 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/04/11 02:14:52 | 000,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\TFNF5.exe
PRC - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMESRV31.exe
PRC - [2005/08/31 14:46:04 | 000,102,400 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.exe
PRC - [2005/08/05 15:54:58 | 000,155,648 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
PRC - [2005/05/17 11:42:02 | 000,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
PRC - [2005/04/11 11:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/09/10 04:24:35 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
MOD - [1999/12/07 21:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Texthelp Systems\Read And Write 8\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/09/02 18:30:28 | 000,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/10/09 14:47:42 | 001,079,176 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/06/13 17:29:14 | 000,356,920 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/04/09 12:39:08 | 003,068,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/11/07 19:18:22 | 000,406,808 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/11/07 09:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/05/31 17:30:53 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/05/25 14:12:54 | 000,113,576 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2007/05/25 14:10:08 | 000,453,488 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2007/05/25 14:08:20 | 000,048,072 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2007/05/25 14:07:06 | 000,457,584 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2007/04/02 10:34:36 | 000,562,744 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\ThpSrv.exe -- (Thpsrv)
SRV - [2007/02/25 21:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/16 20:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/02/10 06:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2006/10/05 20:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/09/11 18:32:12 | 000,094,208 | ---- | M] (EMC Corporation) [Auto | Running] -- C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe -- (RetroExpLauncher)
SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2006/03/06 16:30:58 | 000,114,688 | ---- | M] (TOSHIBA) [Auto | Running] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2005/01/18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/31 19:58:35 | 006,608,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2010/03/26 00:59:22 | 000,243,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/06/29 09:02:56 | 000,077,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2008/11/22 15:15:24 | 000,051,072 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2008/11/22 15:15:16 | 000,041,184 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys -- (F-Secure HIPS)
DRV - [2008/08/25 13:36:30 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2008/08/25 13:36:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2008/08/25 13:36:28 | 000,040,840 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/07 14:39:21 | 000,400,864 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2007/12/07 14:39:21 | 000,040,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2007/12/07 14:39:18 | 000,120,992 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2007/08/08 11:12:40 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/05/25 14:09:16 | 000,025,456 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2007/05/25 14:09:10 | 000,040,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2007/04/05 07:19:20 | 000,546,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/03/30 22:34:14 | 005,704,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/03/30 17:19:08 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/03/26 12:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/03/22 13:07:00 | 000,020,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv)
DRV - [2007/03/13 03:32:40 | 004,486,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/09 15:23:18 | 000,006,528 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm)
DRV - [2007/03/01 16:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/02/25 14:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/02/22 19:56:24 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/02/22 15:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/21 18:20:36 | 000,435,072 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2007/02/19 12:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007/02/15 16:44:06 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/01/24 22:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/22 10:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006/11/28 23:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/23 16:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/05/05 18:00:02 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/05/05 17:59:52 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/05/05 17:43:38 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/05/05 17:33:04 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/06/10 21:26:00 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/06/16 11:08:48 | 000,005,888 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2004/05/09 04:38:06 | 000,101,833 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/07/16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/01/29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,FirstHomePage = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {AA1ACB70-B5F1-4037-909E-1F725B04D2A8}:1.7.0.3990
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {5909FC3D-7F8B-415d-A5D1-7C7E941E536E}:2.7.0.4370
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0

FF - HKLM\software\mozilla\Firefox\extensions\\{AA1ACB70-B5F1-4037-909E-1F725B04D2A8}: C:\Program Files\Contextual Content Manager\1.7.0.3990\FF [2010/06/04 13:25:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{5909FC3D-7F8B-415d-A5D1-7C7E941E536E}: C:\Program Files\Textual Content Enhancer\2.7.0.4370\FF [2010/06/04 13:26:00 | 000,000,000 | ---D | M]

[2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions
[2010/02/21 06:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/09/06 03:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions
[2009/09/03 15:34:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/08 18:21:43 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/09/29 12:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\foxmarks@kei.com
[2009/09/29 12:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\isreaditlater@ideashower.com
[2009/09/29 12:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tania Wood\Application Data\Mozilla\Firefox\Profiles\os6m0tqw.default\extensions\smarterwiki@wikiatic.com
[2010/09/05 03:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 14:58:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/11/11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2010/09/06 03:43:53 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (txthlpBHO Class) - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\Program Files\Texthelp Systems\Read And Write 8\texthelpbho.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe ()
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe (TOSHIBA)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra 'Tools' menuitem : Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll (F-Secure Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tania Wood\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192731469078 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192731515546 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://d1ylr6sba64qi3.cloudfront.net/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\TosBtNP: DllName - TosBtNP.dll - C:\WINDOWS\System32\TosBtNP.dll (TOSHIBA CORPORATION)
O24 - Desktop WallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tania Wood\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/30 10:22:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/03/10 01:34:10 | 000,022,528 | R--- | M] () - E:\AutoRunLauncher.exe -- [ CDFS ]
O32 - AutoRun File - [2004/03/10 01:34:10 | 000,000,051 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootMin: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SafeBootNet: sdcoreservice - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471)
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

OTL logfile created on: 10/09/2010 05:17:01 - Run 2 ....part 2

[2010/09/07 00:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Phoenix Viewer
[2010/09/07 00:21:39 | 000,567,680 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Desktop\ChromeSetup.exe
[2010/09/06 23:59:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2010/09/06 23:59:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2010/09/06 23:59:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2010/09/06 23:59:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/06 22:05:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tania Wood\Recent
[2010/09/06 03:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/09/05 22:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/09/05 22:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/09/05 21:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2010/09/05 17:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Application Data\Uniblue
[2010/09/05 04:35:38 | 000,000,000 | ---D | C] -- C:\d2bf15400392b349be9432
[2010/09/05 04:25:27 | 048,643,144 | ---- | C] ( ) -- C:\Documents and Settings\Tania Wood\Desktop\AppFix.exe
[2010/09/05 03:57:14 | 003,427,248 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Tania Wood\Desktop\ccsetup235.exe
[2010/09/05 03:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\SecondLife
[2010/09/05 02:31:31 | 049,718,955 | ---- | C] (PhoenixViewer.com ) -- C:\Documents and Settings\Tania Wood\Desktop\Phoenix_Viewer_1.5.0.1.exe
[2010/08/19 19:31:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/08/19 18:50:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/19 16:44:05 | 000,000,000 | ---D | C] -- C:\Combo-Fix
[2010/08/19 16:02:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/19 15:53:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/19 15:27:22 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/16 14:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tania Wood\Desktop\basic
[2010/08/12 17:35:37 | 000,026,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmlinst.exe
[2010/08/12 17:35:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2010/08/12 17:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[1996/11/18 22:15:46 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/10 05:13:22 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2010/09/10 05:11:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/10 05:11:03 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
[2010/09/10 05:11:03 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/09/10 05:11:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/10 05:11:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/10 05:09:41 | 000,002,428 | ---- | M] () -- C:\error.htm
[2010/09/10 01:32:23 | 000,000,230 | ---- | M] () -- C:\infect.htm
[2010/09/10 00:27:00 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
[2010/09/09 23:34:59 | 000,195,441 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wave at verandas.jpg
[2010/09/09 23:34:55 | 000,181,145 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\at verandas.jpg
[2010/09/09 23:34:48 | 000,208,459 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\team at trapp.jpg
[2010/09/09 23:34:46 | 000,141,051 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\jump.jpg
[2010/09/09 20:17:40 | 000,150,424 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\beach.JPG
[2010/09/09 13:09:22 | 000,016,304 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry comp.JPG
[2010/09/09 05:34:30 | 000,108,265 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry loves us all.jpg
[2010/09/09 05:24:47 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ22.png
[2010/09/09 05:24:36 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS602.png
[2010/09/09 05:24:25 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS601.png
[2010/09/09 05:24:05 | 000,114,401 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\great team.jpg
[2010/09/09 05:23:49 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ21.png
[2010/09/09 05:22:26 | 000,376,467 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS60.png
[2010/09/09 05:22:04 | 000,396,147 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ2.png
[2010/09/09 05:22:02 | 000,099,645 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\the wall.jpg
[2010/09/09 05:20:25 | 000,774,881 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\mary's 2.PNG
[2010/09/09 05:17:33 | 000,095,097 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\come ave a piccy.JPG
[2010/09/09 05:16:40 | 000,179,631 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 1.jpg
[2010/09/09 05:16:05 | 000,248,340 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 2.jpg
[2010/09/09 05:12:38 | 000,171,720 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down1.jpg
[2010/09/09 05:11:35 | 000,151,179 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\woot love ya.JPG
[2010/09/09 05:09:26 | 000,235,398 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down 2.jpg
[2010/09/09 05:07:46 | 000,639,718 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\ahhhhh 3.png
[2010/09/09 05:07:41 | 000,171,720 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down.jpg
[2010/09/09 05:06:13 | 000,110,093 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\last ones standing.JPG
[2010/09/08 20:26:56 | 000,174,149 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\tree.JPG
[2010/09/08 20:26:41 | 000,198,562 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fireworks.JPG
[2010/09/08 20:26:25 | 000,174,195 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\hill.JPG
[2010/09/08 04:25:29 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2007.lnk
[2010/09/07 22:36:57 | 000,085,064 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/07 21:57:41 | 000,125,640 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\swan.JPG
[2010/09/07 21:56:30 | 000,140,030 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy 2.JPG
[2010/09/07 21:54:01 | 000,139,431 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\landscape.JPG
[2010/09/07 21:52:57 | 000,139,783 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy.JPG
[2010/09/07 21:52:41 | 000,135,536 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lady2.JPG
[2010/09/07 21:52:26 | 000,139,929 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lady.JPG
[2010/09/07 00:45:12 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Phoenix Viewer.lnk
[2010/09/07 00:42:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/07 00:22:34 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Google Chrome.lnk
[2010/09/07 00:22:34 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/07 00:21:47 | 000,567,680 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tania Wood\Desktop\ChromeSetup.exe
[2010/09/07 00:14:38 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\Tania Wood\NTUSER.DAT
[2010/09/07 00:14:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tania Wood\ntuser.ini
[2010/09/07 00:10:42 | 000,625,550 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/07 00:10:42 | 000,533,818 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/07 00:10:42 | 000,099,586 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/07 00:00:04 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/06 22:55:31 | 000,332,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/06 22:07:02 | 000,004,868 | ---- | M] () -- D:\My Documents\cc_20100906_220659.reg
[2010/09/06 20:34:11 | 140,309,118 | ---- | M] () -- D:\My Documents\regbackup.reg
[2010/09/06 06:26:36 | 000,122,532 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\JENEDY~1.JPG
[2010/09/06 06:25:32 | 000,011,803 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\41RT83VEX2L__SL500_AA300_.jpg
[2010/09/06 03:59:54 | 000,030,226 | ---- | M] () -- D:\My Documents\cc_20100906_035949.reg
[2010/09/06 03:43:53 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/09/06 03:37:02 | 000,511,968 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\sdsetup.exe
[2010/09/05 21:44:04 | 142,646,658 | ---- | M] () -- D:\My Documents\EFRbackup.reg
[2010/09/05 21:39:08 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Eusing Free Registry Cleaner.lnk
[2010/09/05 21:38:57 | 000,963,827 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\EFRCSetup.exe
[2010/09/05 17:47:57 | 000,001,352 | ---- | M] () -- D:\My Documents\cc_20100905_174753.reg
[2010/09/05 10:36:50 | 000,000,745 | ---- | M] () -- D:\My Documents\xp_exe_fix.zip
[2010/09/05 04:29:38 | 048,643,144 | ---- | M] ( ) -- C:\Documents and Settings\Tania Wood\Desktop\AppFix.exe
[2010/09/05 04:00:14 | 000,050,426 | ---- | M] () -- D:\My Documents\cc_20100905_040004.reg
[2010/09/05 03:59:32 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\CCleaner.lnk
[2010/09/05 03:57:21 | 003,427,248 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Tania Wood\Desktop\ccsetup235.exe
[2010/09/05 03:14:14 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/05 02:31:40 | 049,718,955 | ---- | M] (PhoenixViewer.com ) -- C:\Documents and Settings\Tania Wood\Desktop\Phoenix_Viewer_1.5.0.1.exe
[2010/09/05 02:29:24 | 000,700,144 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Second_Life_Setup.exe
[2010/09/03 04:03:06 | 000,173,835 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting to try.JPG
[2010/09/03 04:02:49 | 000,156,056 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\chery.JPG
[2010/09/03 03:48:51 | 000,160,887 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wicked.JPG
[2010/09/03 03:46:40 | 000,149,804 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rosestem.JPG
[2010/09/03 03:36:25 | 000,158,863 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\flower.JPG
[2010/09/03 03:31:18 | 000,139,443 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\purple storm.JPG
[2010/09/03 03:26:18 | 000,146,335 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\snakes eyes.JPG
[2010/09/03 03:25:47 | 000,152,181 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cards.JPG
[2010/09/03 03:24:03 | 000,138,825 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\vicks rose mwhahahah.JPG
[2010/09/02 06:54:18 | 000,142,799 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\cove.JPG
[2010/09/02 06:53:46 | 000,162,927 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\blue rose.JPG
[2010/09/01 19:45:51 | 000,146,913 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\phoenix.jpg
[2010/09/01 15:51:56 | 000,025,808 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\invisible1.JPG
[2010/08/28 19:14:07 | 000,156,575 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\wow.JPG
[2010/08/27 22:19:51 | 000,016,649 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\droplet-on-a-rose.jpg
[2010/08/27 06:44:58 | 000,188,091 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\painting.JPG
[2010/08/27 06:37:49 | 000,157,842 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\hoofy.JPG
[2010/08/26 06:16:40 | 000,112,869 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rose.JPG
[2010/08/25 20:18:45 | 000,146,069 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\orange sun.JPG
[2010/08/25 07:53:42 | 000,164,363 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\towers.JPG
[2010/08/25 02:08:54 | 000,182,647 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\lighthouse.JPG
[2010/08/25 02:08:04 | 000,175,308 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\ocean.JPG
[2010/08/24 17:10:59 | 000,149,811 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\eeeeeeeeeeeeee.JPG
[2010/08/23 19:25:13 | 000,078,868 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\bboik.html
[2010/08/23 15:06:46 | 000,177,606 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\rollingsea.JPG
[2010/08/23 15:04:55 | 000,151,841 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\sundown.JPG
[2010/08/23 14:49:35 | 000,168,380 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\romance.JPG
[2010/08/23 14:48:34 | 000,152,632 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\apples.JPG
[2010/08/23 14:25:51 | 000,152,149 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\mystical lights.JPG
[2010/08/23 14:19:14 | 000,147,404 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\footprints.JPG
[2010/08/23 06:34:38 | 000,153,601 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\tez.JPG
[2010/08/23 06:30:40 | 000,192,308 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\untitled.JPG
[2010/08/19 19:19:43 | 000,000,774 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/19 19:19:43 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2010/08/19 19:19:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/19 18:57:00 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\avira_antivir_personal_en.exe
[2010/08/19 15:19:57 | 000,000,226 | ---- | M] () -- C:\Boot.bak
[2010/08/19 12:46:30 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Open F-Secure Internet Security 2008 OEM.lnk
[2010/08/12 17:45:01 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Desktop\Ubisoft Product Registration.lnk
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/10 00:59:41 | 000,002,428 | ---- | C] () -- C:\error.htm
[2010/09/10 00:59:41 | 000,000,230 | ---- | C] () -- C:\infect.htm
[2010/09/09 23:34:50 | 000,195,441 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wave at verandas.jpg
[2010/09/09 23:34:47 | 000,181,145 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\at verandas.jpg
[2010/09/09 23:34:44 | 000,208,459 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\team at trapp.jpg
[2010/09/09 23:34:34 | 000,141,051 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\jump.jpg
[2010/09/09 20:17:40 | 000,150,424 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\beach.JPG
[2010/09/09 13:09:22 | 000,016,304 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry comp.JPG
[2010/09/09 05:34:30 | 000,108,265 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cherry loves us all.jpg
[2010/09/09 05:24:35 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ22.png
[2010/09/09 05:24:24 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS602.png
[2010/09/09 05:24:15 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS601.png
[2010/09/09 05:24:04 | 000,114,401 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\great team.jpg
[2010/09/09 05:23:34 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ21.png
[2010/09/09 05:22:06 | 000,376,467 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_V5JsoA1CaH2C3BpcWS60.png
[2010/09/09 05:21:58 | 000,099,645 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\the wall.jpg
[2010/09/09 05:21:49 | 000,396,147 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\741360_YRzDMezWHAzqmBIaqLQ2.png
[2010/09/09 05:17:33 | 000,095,097 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\come ave a piccy.JPG
[2010/09/09 05:15:36 | 000,179,631 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 1.jpg
[2010/09/09 05:14:45 | 000,774,881 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\mary's 2.PNG
[2010/09/09 05:13:15 | 000,248,340 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Group Hug 2.jpg
[2010/09/09 05:12:33 | 000,171,720 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down1.jpg
[2010/09/09 05:11:28 | 000,151,179 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\woot love ya.JPG
[2010/09/09 05:09:17 | 000,235,398 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down 2.jpg
[2010/09/09 05:07:37 | 000,171,720 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Count Down.jpg
[2010/09/09 05:07:28 | 000,639,718 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\ahhhhh 3.png
[2010/09/09 05:06:13 | 000,110,093 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\last ones standing.JPG
[2010/09/08 20:26:56 | 000,174,149 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\tree.JPG
[2010/09/08 20:26:41 | 000,198,562 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fireworks.JPG
[2010/09/08 20:26:25 | 000,174,195 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\hill.JPG
[2010/09/07 21:57:41 | 000,125,640 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\swan.JPG
[2010/09/07 21:56:30 | 000,140,030 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy 2.JPG
[2010/09/07 21:54:01 | 000,139,431 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\landscape.JPG
[2010/09/07 21:52:57 | 000,139,783 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\fairy.JPG
[2010/09/07 21:52:41 | 000,135,536 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lady2.JPG
[2010/09/07 21:52:26 | 000,139,929 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lady.JPG
[2010/09/07 00:45:12 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Phoenix Viewer.lnk
[2010/09/07 00:22:34 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Google Chrome.lnk
[2010/09/07 00:22:34 | 000,002,301 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/07 00:22:01 | 000,000,996 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
[2010/09/07 00:22:01 | 000,000,944 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
[2010/09/06 23:58:41 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/09/06 22:07:00 | 000,004,868 | ---- | C] () -- D:\My Documents\cc_20100906_220659.reg
[2010/09/06 20:33:50 | 140,309,118 | ---- | C] () -- D:\My Documents\regbackup.reg
[2010/09/06 06:26:44 | 000,122,532 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\JENEDY~1.JPG
[2010/09/06 06:25:46 | 000,011,803 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\41RT83VEX2L__SL500_AA300_.jpg
[2010/09/06 03:59:52 | 000,030,226 | ---- | C] () -- D:\My Documents\cc_20100906_035949.reg
[2010/09/06 03:31:07 | 000,511,968 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\sdsetup.exe
[2010/09/05 21:43:48 | 142,646,658 | ---- | C] () -- D:\My Documents\EFRbackup.reg
[2010/09/05 21:39:08 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Eusing Free Registry Cleaner.lnk
[2010/09/05 21:33:36 | 000,963,827 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\EFRCSetup.exe
[2010/09/05 18:34:42 | 000,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2010/09/05 17:47:55 | 000,001,352 | ---- | C] () -- D:\My Documents\cc_20100905_174753.reg
[2010/09/05 10:36:47 | 000,000,745 | ---- | C] () -- D:\My Documents\xp_exe_fix.zip
[2010/09/05 04:00:08 | 000,050,426 | ---- | C] () -- D:\My Documents\cc_20100905_040004.reg
[2010/09/05 02:29:16 | 000,700,144 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Second_Life_Setup.exe
[2010/09/03 04:03:06 | 000,173,835 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting to try.JPG
[2010/09/03 04:02:49 | 000,156,056 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\chery.JPG
[2010/09/03 03:48:51 | 000,160,887 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wicked.JPG
[2010/09/03 03:46:40 | 000,149,804 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rosestem.JPG
[2010/09/03 03:36:25 | 000,158,863 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\flower.JPG
[2010/09/03 03:31:18 | 000,139,443 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\purple storm.JPG
[2010/09/03 03:26:18 | 000,146,335 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\snakes eyes.JPG
[2010/09/03 03:25:47 | 000,152,181 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cards.JPG
[2010/09/03 03:24:03 | 000,138,825 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\vicks rose mwhahahah.JPG
[2010/09/02 06:54:18 | 000,142,799 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\cove.JPG
[2010/09/02 06:53:46 | 000,162,927 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\blue rose.JPG
[2010/09/01 19:45:55 | 000,146,913 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\phoenix.jpg
[2010/09/01 15:51:55 | 000,025,808 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\invisible1.JPG
[2010/08/28 19:14:07 | 000,156,575 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\wow.JPG
[2010/08/27 22:20:04 | 000,016,649 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\droplet-on-a-rose.jpg
[2010/08/27 06:44:56 | 000,188,091 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\painting.JPG
[2010/08/27 06:37:49 | 000,157,842 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\hoofy.JPG
[2010/08/26 06:16:40 | 000,112,869 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rose.JPG
[2010/08/25 20:18:45 | 000,146,069 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\orange sun.JPG
[2010/08/25 07:53:42 | 000,164,363 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\towers.JPG
[2010/08/25 02:08:53 | 000,182,647 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\lighthouse.JPG
[2010/08/25 02:08:04 | 000,175,308 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\ocean.JPG
[2010/08/24 17:10:59 | 000,149,811 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\eeeeeeeeeeeeee.JPG
[2010/08/23 19:25:12 | 000,078,868 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\bboik.html
[2010/08/23 15:06:46 | 000,177,606 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\rollingsea.JPG
[2010/08/23 15:04:55 | 000,151,841 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\sundown.JPG
[2010/08/23 14:49:35 | 000,168,380 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\romance.JPG
[2010/08/23 14:48:34 | 000,152,632 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\apples.JPG
[2010/08/23 14:25:51 | 000,152,149 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\mystical lights.JPG
[2010/08/23 14:19:14 | 000,147,404 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\footprints.JPG
[2010/08/23 06:34:37 | 000,153,601 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\tez.JPG
[2010/08/23 06:30:39 | 000,192,308 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\untitled.JPG
[2010/08/21 01:03:18 | 000,000,526 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2010/08/19 19:10:08 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\avira_antivir_personal_en.exe
[2010/08/19 16:02:36 | 000,000,226 | ---- | C] () -- C:\Boot.bak
[2010/08/19 16:02:32 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/19 15:53:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/19 15:53:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/19 13:17:49 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Open F-Secure Internet Security 2008 OEM.lnk
[2010/08/16 15:00:36 | 000,006,421 | ---- | C] () -- C:\Documents and Settings\Tania Wood\resetlog.txt
[2010/08/12 17:45:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Desktop\Ubisoft Product Registration.lnk
[2010/08/12 17:35:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010/08/12 17:35:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010/08/12 17:35:38 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\comdlg32.oca
[2010/08/12 17:35:37 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\MSINET.oca
[2010/02/21 05:59:33 | 000,076,407 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Application Data\Smiley.ico
[2010/01/19 12:49:54 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll
[2009/12/14 18:14:17 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/06/01 19:42:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2009/04/18 00:42:23 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2009/02/15 01:02:38 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\fusioncache.dat
[2009/01/19 18:40:54 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/22 20:17:31 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Tania Wood\Local Settings\Application Data\setup.txt
[2007/12/07 13:40:43 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\DM1USBAPIVB.dll
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/09 11:49:09 | 000,000,440 | ---- | C] () -- C:\WINDOWS\yahoo.ini
[2007/06/01 09:29:31 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2007/05/31 16:04:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/05/31 16:04:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/05/31 16:04:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/05/31 16:04:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/05/31 16:04:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/05/30 16:26:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2007/05/30 14:00:12 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2007/05/30 14:00:12 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2007/05/30 14:00:12 | 000,010,150 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2007/05/30 14:00:12 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2007/05/30 12:44:07 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/30 12:44:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2007/05/30 11:20:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/30 10:25:22 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2007/05/30 09:13:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2007/05/30 09:13:37 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/05 13:05:06 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[1998/05/31 00:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[1996/11/18 22:15:52 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\p2sodbc.dll
[1996/11/18 22:15:50 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\p2irdao.dll
[1996/11/18 22:15:50 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\p2ctdao.dll
[1996/11/18 22:15:50 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\p2bbnd.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/05/30 11:17:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/05/30 11:17:56 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/05/30 11:17:56 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 13:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 13:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 13:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 13:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 13:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 13:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 13:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 13:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 13:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 13:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 13:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 19:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/23 14:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 01:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 01:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 01:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 01:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 01:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 01:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 01:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 01:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 01:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 01:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 01:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 01:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 01:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 01:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 01:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2007/05/30 10:22:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/19 15:19:57 | 000,000,226 | ---- | M] () -- C:\Boot.bak
[2010/08/19 19:19:43 | 000,000,296 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2007/05/30 10:22:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/02 15:27:07 | 000,005,619 | ---- | M] () -- C:\debug.txt
[2010/09/10 05:09:41 | 000,002,428 | ---- | M] () -- C:\error.htm
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/09/10 01:32:23 | 000,000,230 | ---- | M] () -- C:\infect.htm
[2009/02/15 02:23:56 | 000,000,164 | ---- | M] () -- C:\install.dat
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2007/05/30 10:22:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/05/30 10:22:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/01 02:25:13 | 000,000,439 | ---- | M] () -- C:\nsinst.log
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/11/26 04:09:02 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/10 05:10:58 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2007/06/11 16:59:32 | 000,000,706 | -H-- | M] () -- C:\SWSTAMP.TXT
[2010/07/20 19:16:13 | 000,237,568 | -H-- | M] () -- C:\SZKGFS.dat
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %PROGRAMFILES%\*. >
[2007/12/07 14:38:57 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2007/08/09 18:55:33 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/09/05 17:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/06/11 15:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
[2007/08/09 18:56:05 | 000,000,000 | ---D | M] -- C:\Program Files\Atheros
[2009/09/03 20:39:27 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/02/09 15:38:47 | 000,000,000 | ---D | M] -- C:\Program Files\Babylon
[2010/09/06 03:45:37 | 000,000,000 | ---D | M] -- C:\Program Files\BitComet
[2009/12/26 21:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/12/25 18:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\BQNITW
[2008/12/07 21:30:40 | 000,000,000 | ---D | M] -- C:\Program Files\Bullzip
[2009/02/19 11:39:19 | 000,000,000 | ---D | M] -- C:\Program Files\Business Objects
[2007/12/07 20:53:03 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2010/09/05 03:57:36 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/02/15 20:04:55 | 000,000,000 | ---D | M] -- C:\Program Files\CDBurnerXP
[2009/02/19 11:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\CE Remote Tools
[2010/09/05 17:46:47 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/05/30 10:20:49 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/04 13:24:43 | 000,000,000 | ---D | M] -- C:\Program Files\Computerized Content Operator
[2010/06/04 13:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Contextual Content Manager
[2010/06/04 13:25:04 | 000,000,000 | ---D | M] -- C:\Program Files\Customized Platform Services
[2008/11/22 15:49:54 | 000,000,000 | ---D | M] -- C:\Program Files\EditPlus 3
[2009/05/04 11:43:47 | 000,000,000 | ---D | M] -- C:\Program Files\Effexis Software
[2009/06/17 20:01:26 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/03/31 03:08:36 | 000,000,000 | ---D | M] -- C:\Program Files\Entriq
[2010/09/05 21:39:13 | 000,000,000 | ---D | M] -- C:\Program Files\Eusing Free Registry Cleaner
[2009/06/29 09:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\F-Secure Internet Security
[2009/02/15 02:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/04/27 19:02:08 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2009/03/31 23:55:07 | 000,000,000 | ---D | M] -- C:\Program Files\Gamenext
[2009/03/31 22:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\GamesBar
[2009/02/18 16:36:27 | 000,000,000 | ---D | M] -- C:\Program Files\glassfish-v2ur2
[2010/09/06 03:16:20 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/05/04 17:29:09 | 000,000,000 | ---D | M] -- C:\Program Files\HandyGamez Toolbar
[2009/02/19 11:18:28 | 000,000,000 | ---D | M] -- C:\Program Files\HTML Help Workshop
[2009/07/25 09:02:19 | 000,000,000 | ---D | M] -- C:\Program Files\Huawei Modems
[2010/09/06 03:14:39 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/09/05 18:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/09/07 00:02:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/06/11 15:38:26 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/09/06 03:26:17 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/08/19 19:39:57 | 000,000,000 | ---D | M] -- C:\Program Files\iWin Games
[2010/05/04 17:36:36 | 000,000,000 | ---D | M] -- C:\Program Files\iWin.com
[2010/09/06 23:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/03/31 03:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\Kontiki
[2007/08/09 18:58:44 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2008/11/26 04:19:20 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/09/06 23:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/10/18 19:29:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/02/19 11:35:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Device Emulator
[2007/08/09 18:58:45 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/02/15 02:13:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/11/18 03:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Outlook Connector
[2009/02/19 11:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SDKs
[2010/09/05 02:59:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/06/11 15:39:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/03/15 22:56:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/19 11:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Synchronization Services
[2009/02/19 11:39:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/02/19 11:09:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Web Designer Tools
[2009/11/04 04:05:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/06/17 19:50:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2010/09/07 00:03:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/02/15 02:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2010/08/11 03:03:15 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/09/05 03:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/02/19 11:17:50 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/12/07 20:56:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/03/26 20:46:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/08/09 19:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/05/30 10:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/08/09 14:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2010/09/05 22:21:15 | 000,000,000 | ---D | M] -- C:\Program Files\myBabylon_English
[2009/06/01 17:54:26 | 000,000,000 | ---D | M] -- C:\Program Files\NetBeans 6.1
[2009/02/18 03:35:30 | 000,000,000 | ---D | M] -- C:\Program Files\NetBeans 6.5
[2008/11/26 04:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/05/04 17:25:37 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2007/12/07 13:40:45 | 000,000,000 | ---D | M] -- C:\Program Files\Olympus
[2007/08/09 19:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/13 03:03:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/09/07 00:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\Phoenix Viewer
[2009/06/05 19:36:35 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2007/06/11 15:39:42 | 000,000,000 | ---D | M] -- C:\Program Files\Protector Suite QL
[2007/12/07 13:25:33 | 000,000,000 | ---D | M] -- C:\Program Files\QuickLink Desktop
[2010/09/06 23:45:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/08/09 19:01:48 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2007/08/09 14:22:29 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/07/02 00:45:04 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2008/12/29 19:44:07 | 000,000,000 | ---D | M] -- C:\Program Files\Retrospect
[2007/12/07 13:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\Scansoft
[2009/02/15 02:23:07 | 000,000,000 | ---D | M] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2010/09/05 22:20:22 | 000,000,000 | ---D | M] -- C:\Program Files\Security Task Manager
[2010/06/24 12:51:28 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/05/04 12:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 2009
[2009/07/04 17:28:32 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/06 05:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
[2009/08/13 13:13:11 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2009/08/14 12:27:48 | 000,000,000 | ---D | M] -- C:\Program Files\SwiftKit
[2010/09/05 18:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2007/12/07 13:44:52 | 000,000,000 | ---D | M] -- C:\Program Files\Texthelp Systems
[2010/06/04 13:26:00 | 000,000,000 | ---D | M] -- C:\Program Files\Textual Content Enhancer
[2009/09/08 03:53:59 | 000,000,000 | ---D | M] -- C:\Program Files\The Budgerigar Program 2006
[2007/08/09 11:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2010/08/12 17:35:35 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2009/02/15 00:07:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/12/29 00:19:16 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/04/23 12:32:40 | 000,000,000 | ---D | M] -- C:\Program Files\VirginMedia
[2010/06/04 13:24:33 | 000,000,000 | ---D | M] -- C:\Program Files\Web Content Searcher
[2009/06/05 19:26:59 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2008/12/29 19:42:40 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2009/06/11 03:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2009/11/18 03:13:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/15 22:54:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2007/08/09 14:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/11/26 04:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/02/19 11:34:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mobile 5.0 SDK R2
[2008/11/26 04:10:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/05/30 10:21:27 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/12/05 17:42:12 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2007/08/09 19:02:31 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009/02/15 04:04:48 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/08/02 15:27:07 | 000,000,000 | ---D | M] -- C:\Program Files\ZTE_1.2059.0.8
[2010/05/04 17:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\Zylom Games
< %appdata%\*.* >
[2007/05/30 11:18:48 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\desktop.ini
[2009/11/04 12:49:48 | 000,076,407 | ---- | M] () -- C:\Documents and Settings\Tania Wood\Application Data\Smiley.ico


< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:disk.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2006/05/05 17:50:50 | 000,023,552 | ---- | M] (UPEK Inc.) MD5=885972DF728A6C0600C0133DCF7CDD78 -- C:\Program Files\Protector Suite QL\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 13:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\TOSAPINS\Intel Matrix Storage Manager\Inf Setup\iastor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\OemDir\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbstor.sys
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/11/26 04:06:44 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\ReinstallBackups\0024\DriverFiles\i386\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-03 02:01:42

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1FEDA220
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:79108DDD
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EB5B3D3
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4B264B5
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:755BD5CD
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA37E1F6
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DCE8F703
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9B2111D
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:362B7440
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBFD4E6F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:29058F8B
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BD41AB7
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F8DACDA
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9CD3B6D1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C462DAE
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C8FE79B
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94124B85
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E36F5B57
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:67518200
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A61A6FCC
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0C4F47
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFD52482
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EB3AF287
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30ECA2C2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB2BD38
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D66B5EAE
< End of report >

Hi.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Hi
Thank you for getting back to me here is the log file
Tazzy


ComboFix 10-09-11.02 - Tania Wood 12/09/2010 8:07.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2039.1344 [GMT 1:00]
Running from: c:\documents and settings\Tania Wood\desktop\commy.exe
Command switches used :: /stepdel
AV: F-Secure Internet Security 2008 OEM 8.00 *On-access scanning enabled* (Outdated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: F-Secure Internet Security 2008 OEM 8.00 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
d:\my documents\EFRbackup.reg
d:\my documents\regbackup.reg

.
((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.

2010-09-06 23:43 . 2010-09-06 23:45 -------- d-----w- c:\program files\Phoenix Viewer
2010-09-06 22:59 . 2010-09-06 22:59 -------- d-----w- c:\windows\system32\winrm
2010-09-06 22:59 . 2010-09-06 22:59 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-09-06 02:48 . 2010-09-06 02:49 80767800 ----a-w- c:\documents and settings\All Users\Application Data\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe
2010-09-06 02:31 . 2010-09-06 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-05 21:04 . 2010-09-05 21:04 316 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0D756077321A70C3E844C138CE981581.dll
2010-09-05 20:39 . 2010-09-05 20:39 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-09-05 16:52 . 2010-09-05 16:52 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\Uniblue
2010-09-05 03:35 . 2010-09-05 03:35 -------- d-----w- C:\d2bf15400392b349be9432
2010-09-05 02:17 . 2010-09-06 01:25 -------- d-----w- c:\documents and settings\Tania Wood\Local Settings\Application Data\SecondLife
2010-08-19 18:31 . 2010-08-20 01:43 -------- d-----w- c:\windows\system32\NtmsData
2010-08-19 15:44 . 2010-08-19 15:54 -------- d-----w- C:\Combo-Fix
2010-08-19 14:28 . 2010-08-19 14:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-12 07:04 . 2009-12-14 02:57 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\Skype
2010-09-12 07:01 . 2009-12-14 03:00 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\skypePM
2010-09-07 21:36 . 2007-12-07 18:23 85064 ----a-w- c:\documents and settings\Tania Wood\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-06 23:03 . 2007-12-07 12:42 -------- d-----w- c:\program files\Microsoft.NET
2010-09-06 22:58 . 2009-03-15 21:54 -------- d-----w- c:\program files\Microsoft
2010-09-06 22:58 . 2007-05-31 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-06 22:45 . 2009-12-26 20:10 -------- d-----w- c:\program files\QuickTime
2010-09-06 22:44 . 2007-08-09 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-06 22:34 . 2007-05-30 09:46 -------- d-----w- c:\program files\Java
2010-09-06 21:26 . 2009-02-15 01:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-06 04:05 . 2009-02-15 01:43 -------- d-----w- c:\program files\Spyware Doctor
2010-09-06 02:45 . 2009-07-04 15:57 -------- d-----w- c:\program files\BitComet
2010-09-06 02:26 . 2009-12-26 20:12 -------- d-----w- c:\program files\iTunes
2010-09-06 02:26 . 2009-12-26 20:07 -------- d-----w- c:\program files\Common Files\Apple
2010-09-06 02:16 . 2009-12-17 23:24 -------- d-----w- c:\program files\Google
2010-09-06 02:14 . 2007-05-30 10:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-06 02:01 . 2009-07-25 08:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Birdstep Technology
2010-09-05 21:21 . 2010-02-09 14:38 -------- d-----w- c:\program files\myBabylon_English
2010-09-05 21:20 . 2010-09-05 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-09-05 21:20 . 2010-09-05 21:04 -------- d-----w- c:\program files\Security Task Manager
2010-09-05 21:04 . 2010-09-05 21:04 152 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
2010-09-05 17:35 . 2007-05-30 10:33 -------- d-----w- c:\program files\Intel
2010-09-05 17:31 . 2010-01-23 14:53 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-05 02:57 . 2009-02-15 03:06 -------- d-----w- c:\program files\CCleaner
2010-09-05 02:17 . 2010-02-19 18:35 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\SecondLife
2010-09-05 01:59 . 2009-01-04 17:19 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-19 18:39 . 2009-07-18 18:27 -------- d-----w- c:\program files\iWin Games
2010-08-16 13:01 . 2010-07-20 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-08-12 16:35 . 2010-08-12 16:35 -------- d-----w- c:\program files\Ubisoft
2010-08-09 12:21 . 2010-08-09 12:21 503808 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1dbe9b9f-n\msvcp71.dll
2010-08-09 12:21 . 2010-08-09 12:21 499712 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1dbe9b9f-n\jmc.dll
2010-08-09 12:21 . 2010-08-09 12:21 348160 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1dbe9b9f-n\msvcr71.dll
2010-08-09 12:21 . 2010-08-09 12:21 61440 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e2e1a75-n\decora-sse.dll
2010-08-09 12:21 . 2010-08-09 12:21 12800 ----a-w- c:\documents and settings\Tania Wood\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5e2e1a75-n\decora-d3d.dll
2010-08-08 18:38 . 2010-08-08 18:38 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\Malwarebytes
2010-08-08 18:38 . 2010-08-08 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-02 14:27 . 2010-08-02 14:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\Birdstep Technology
2010-08-02 14:27 . 2010-08-02 14:26 -------- d-----w- c:\program files\ZTE_1.2059.0.8
2010-07-20 18:54 . 2008-12-29 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\RetroExp
2010-07-20 18:16 . 2010-07-20 18:16 237568 ---ha-w- C:\SZKGFS.dat
2010-07-20 18:11 . 2010-07-20 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-07-20 18:10 . 2010-07-20 18:10 -------- d-----w- c:\program files\Common Files\iS3
2010-07-19 23:22 . 2009-12-28 23:21 -------- d-----w- c:\documents and settings\Tania Wood\Application Data\vlc
2010-07-15 10:23 . 2010-07-15 10:23 654456 ----a-w- c:\windows\system32\ncs2dmix.dll
2010-07-15 10:23 . 2010-07-15 10:23 506488 ----a-w- c:\windows\system32\accesor.dll
2010-07-14 09:16 . 2010-07-14 09:16 182784 ----a-w- c:\windows\system32\Ncs2Setp.dll
2010-07-14 08:39 . 2010-07-14 08:39 134264 ----a-w- c:\windows\system32\ncs2instutility.dll
2010-07-14 08:20 . 2010-07-14 08:20 1813112 ----a-w- c:\windows\system32\ncscolib.dll
2010-06-30 12:31 . 2007-05-30 08:13 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2007-05-30 08:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2007-05-30 08:13 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2007-05-30 08:13 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 13:43 . 2010-06-21 13:43 30880 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2010-06-17 14:03 . 2007-05-30 08:13 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2007-05-30 09:21 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2007-05-30 08:13 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"Google Update"="c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-06 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-09 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-13 16125440]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-08-07 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"DpUtil"="c:\program files\TOSHIBA\DualPointUtility\TEDTray.exe" [2005-08-05 155648]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-08-31 102400]
"TFNF5"="TFNF5.exe" [2006-04-11 622592]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"TPSODDCtl"="TPSODDCtl.exe" [2007-04-18 102400]
"TPSMain"="TPSMain.exe" [2007-04-18 299008]
"TOSDCR"="TOSDCR.EXE" [2005-12-12 57344]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2007-11-07 1165120]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImage\TimounterMonitor.exe" [2007-11-07 1945688]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-11-07 148760]
"WD Button Manager"="WDBtnMgr.exe" [2008-12-29 339968]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 16:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TosBtNP]
2006-07-22 02:54 65536 ----a-w- c:\windows\system32\TosBtNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:TCP"= 50000:TCP:BitComet 50000 TCP
"50000:UDP"= 50000:UDP:BitComet 50000 UDP
"7375:TCP"= 7375:TCP:BitComet 7375 TCP
"7375:UDP"= 7375:UDP:BitComet 7375 UDP
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [07/12/2007 13:48 51072]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [22/03/2007 13:07 20992]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [09/03/2007 15:23 6528]
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\F-Secure Internet Security\HIPS\fshs.sys [07/12/2007 13:47 41184]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [30/05/2007 16:23 5888]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [05/05/2006 18:00 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [05/05/2006 17:59 33024]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [02/09/2009 18:30 78104]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [05/05/2006 17:33 3456]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26/03/2007 12:22 105856]
R2 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\TMESRV31.exe [30/05/2007 16:23 114688]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19/02/2007 12:15 134016]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [07/12/2007 13:47 77824]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [31/05/2007 16:10 35968]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [30/05/2007 16:26 435072]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10:58 11336]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [02/08/2010 15:27 9216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [15/02/2009 02:43 356920]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [30/05/2007 09:13 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [07/12/2007 13:47 40048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [07/12/2007 13:47 25456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008Core.job
- c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-06 23:21]

2010-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3605395860-2466649076-873052810-1008UA.job
- c:\documents and settings\Tania Wood\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-06 23:21]

2007-12-07 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]

2007-12-07 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]

2007-12-07 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-05-30 00:12]

2010-09-12 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-SECU~1\ANTI-V~1\fsav.exe [2007-12-07 12:41]

2010-09-11 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-05-04 06:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Tania Wood\Start Menu\Programs\IMVU\Run IMVU.lnk
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\biokmd.dll

- - - - - - - > 'lsass.exe'(1112)
c:\windows\system32\relog_ap.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
Completion time: 2010-09-12 08:17:04
ComboFix-quarantined-files.txt 2010-09-12 07:17

Pre-Run: 11,641,454,592 bytes free
Post-Run: 12,090,286,080 bytes free

- - End Of File - - 1A8E8C76B79FC595B167AB6485389F37

Hi.

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4611

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

14/09/2010 09:00:21
mbam-log-2010-09-14 (09-00-21).txt

Scan type: Quick scan
Objects scanned: 149612
Time elapsed: 27 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\GamiePlay Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\{5909fc3d-7f8b-415d-a5d1-7c7e941e536e} (Adware.DoubleD) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\{aa1acb70-b5f1-4037-909e-1f725b04d2a8} (Adware.DoubleD) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\HandyGamez Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tania Wood\Local Settings\Application Data\HandyGamez Toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\f3PSSavr.0cr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tania Wood\Favorites\MyFastSearcher.url (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tania Wood\Favorites\MyMindSearcher.url (Hijack.Favorites) -> Quarantined and deleted successfully.

Hi.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a49e29b3e79025408a8a2741b4a20df9
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-17 12:39:15
# local_time=2010-09-17 01:39:15 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 16777214 0 2 32496789 32496789 0 0
# compatibility_mode=2304 16777179 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 29171 29171 0 0
# scanned=157056
# found=0
# cleaned=0
# scan_time=5113

Hi.

How is your computer running now?

hi well
i have just managed to get on the internet and find this as my intel 82566mc gigabit network connection (adapter) has stopped working.

i got a blue screen with alot of writing and then when the computer restarted the ethernet (lan) connection didnt show in my networks anymore
when i go to device manager i have the yellow triangle with the i and it says This device cannot start. (Code 10) i unistalled and re installed the rebooted to no change

any ideas please would be awesome
Thank you Tazzy

Hi.

Sorry for the delay.

Could you please navigate to C:\Windows\Minidump and zip those .dmp files up and attach them here?

Hi i managed to zip them but i cant attach them here?

i can email them or is there another way sorry let me know whats best thx

Tazzy

Hi.

Please go here and upload the zip file, then post the link here.

Thank you for that


http://www.mediafire.com/file/i64oghaajwct17c/Minidump.rar

Hi.

Try updating your graphics card driver in Device Manager and see if it still occurs.

no updates avalible
can not find newer version

Hi,

Try re-installing it in Device Manager, and see if it still occurs.

un installed and re installed
still have all applications hanging continuesly hard to used any browser except ie
chrome and mozzilla crash ie only one that works now have unistalled and reinstalled them office programs hang and now also the explorer application starting to hang or become non resposive for a while then works again cant do anything on the laptop hardley have just bought a external hard drive and saved stuff to it but it is still hanging

Hi,

I don't know why I didn't catch this earlier, but I noticed you have 2 Anti-virus programs.

I recommend removing both F-Secure and Norton and install one of these:

If you don't have a Antivirus I recommend to download these free Antivirus programs:
1. Microsoft Security Essentials
2. AVG Free
3. Avast!

After you install one of these see if the issues still occur.

ok norton was removed but only shows remnants that i cant remove I don't know why they wont go. Fsecure came with the computer and i have disabled it - i have down loaded avast that didnt find anything then i uninstalled avast and down loaded avg - that found 2 warnings and nothing more.

Hi,

Please download and run each of these:

1. ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

2. ftp://ftp.f-secure.com/support/tools/uitool/UninstallationTool.zip

3. http://files.avast.com/files/eng/aswclear5.exe

4. http://download.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

==================

After that; please download only this Anti-Virus:

http://www.microsoft.com/security_essentials/