OTL logfile created on: 31/05/2010 17:43:07 - Run 2
OTL by OldTimer - Version 3.2.1.1     Folder = C:\Documents and Settings\EBC\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.75 Gb Total Space | 163.07 Gb Free Space | 70.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: D5W7KD4J
Current User Name: EBC
Logged in as Administrator.
 
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/04/14 12:56:53 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\EBC\My Documents\Downloads\OTL.exe
PRC - [2009/12/15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\EBC\My Documents\Downloads\gmer.exe
PRC - [2008/04/14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/04/14 12:56:53 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\EBC\My Documents\Downloads\OTL.exe
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/04/10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/03/18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/09/04 16:22:22 | 000,098,304 | ---- | M] (WDC) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/08/22 09:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/06/16 10:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/12/04 14:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/02/05 18:22:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/02/05 18:20:42 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/02/05 18:18:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/08/09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/05/28 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/10 10:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100530.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/10 10:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100530.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/02/02 10:02:47 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/10/29 00:37:24 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100520.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/13 21:56:03 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/22 09:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 09:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 09:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 09:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 09:21:19 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 09:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 09:21:19 | 000,036,400 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/08/22 09:21:19 | 000,033,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/22 09:21:06 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/22 09:21:06 | 000,036,400 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/05 07:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/06/04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/02/13 13:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/08/19 00:21:20 | 000,110,080 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/08/19 00:20:58 | 006,044,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/08/19 00:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/14 14:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 14:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/06 04:21:48 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/02/06 04:21:37 | 004,658,456 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam S5500(UVC)
DRV - [2008/02/06 04:21:25 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/02/06 04:20:40 | 000,628,760 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/02/05 18:20:08 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/02/05 18:18:12 | 000,689,176 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/12/03 12:13:48 | 000,011,264 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2007/11/20 02:14:08 | 000,016,640 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2007/11/20 02:04:50 | 000,008,960 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 15:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/23 15:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/03 20:27:55 | 000,490,784 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2001/08/18 04:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/18 04:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 04:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 04:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 04:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 03:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/18 03:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/18 03:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/18 03:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/18 03:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/18 03:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/18 03:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/18 03:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/18 03:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/18 03:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.uk.msn.com/USSMB/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.uk.msn.com/USSMB/4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..extensions.enabledItems: filtersetg@updater:0.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: fr-FR@dictionaries.addons.mozilla.org:2.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: pl@dictionaries.addons.mozilla.org:1.0.20090810
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
 
FF - HKLM\software\mozilla\Firefox\extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/16 12:26:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/26 10:39:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/26 10:39:39 | 000,000,000 | ---D | M]
 
[2009/08/04 16:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Extensions
[2010/04/16 15:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\27rx04bb.Guest\extensions
[2009/08/11 17:28:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\27rx04bb.Guest\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/31 13:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\pss7c4mc.work\extensions
[2010/05/20 10:07:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\pss7c4mc.work\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/30 17:16:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\pss7c4mc.work\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}
[2009/11/25 10:08:45 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\pss7c4mc.work\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2010/05/20 10:07:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\pss7c4mc.work\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/20 10:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\pss7c4mc.work\extensions\bettergmail2@ginatrapani.org
[2009/09/30 17:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\pss7c4mc.work\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/01/05 11:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\pss7c4mc.work\extensions\filtersetg@updater
[2010/04/30 16:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\pss7c4mc.work\extensions\foxmarks@kei.com
[2010/03/23 10:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\pss7c4mc.work\extensions\foxyproxy@eric.h.jung
[2010/02/11 10:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\pss7c4mc.work\extensions\fr@dictionaries.addons.mozilla.org
[2010/04/30 16:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\pss7c4mc.work\extensions\gliider@gliider.com
[2010/04/13 22:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\pss7c4mc.work\extensions\pl@dictionaries.addons.mozilla.org
[2009/10/01 10:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\pss7c4mc.work\extensions\smartbookmarksbar@remy.juteau
[2009/09/30 17:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\quxqm1vw.default\extensions
[2009/08/05 09:36:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\quxqm1vw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/14 09:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\quxqm1vw.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2009/09/26 18:42:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\quxqm1vw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/05 09:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\quxqm1vw.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009/09/26 18:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\quxqm1vw.default\extensions\filtersetg@updater
[2009/08/19 09:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\quxqm1vw.default\extensions\fr-FR@dictionaries.addons.mozilla.org
[2009/08/19 09:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\quxqm1vw.default\extensions\pl@dictionaries.addons.mozilla.org
[2009/09/17 13:30:04 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Profiles\quxqm1vw.default\searchplugins\icqplugin.xml
[2010/05/31 13:37:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/12 16:11:06 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
 
O1 HOSTS File: ([2010/04/16 12:37:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\EBC\Application Data\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKCU..\Run: [3RVX.exe] C:\Program Files\3RVX\3RVX.exe (matt.malensek.net)
O4 - Startup: C:\Documents and Settings\EBC\Start Menu\Programs\Startup\Microsoft Office Outlook.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248281998750 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/EBC/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\EBC\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 23:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7482b1f8-d9a3-11de-8b94-0024e81c378b}\Shell - "" = AutoRun
O33 - MountPoints2\{7482b1f8-d9a3-11de-8b94-0024e81c378b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7482b1f8-d9a3-11de-8b94-0024e81c378b}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{8da2bf74-1a48-11df-8ba6-0024e81c378b}\Shell\AutoRun\command - "" = J:\PMBP_Win.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/05/30 15:01:46 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/05/30 14:54:52 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2010/05/30 14:54:52 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2010/05/30 14:54:52 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2010/05/17 19:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EBC\Local Settings\Application Data\GHISLER
[2010/05/08 18:12:48 | 000,000,000 | ---D | C] -- C:\Program Files\totalcmd
[2010/05/08 18:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EBC\Application Data\GHISLER
[2010/05/03 09:35:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\EBC\Local Settings\Application Data\Threat Expert
[2010/04/13 09:37:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/07 11:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/12/11 17:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ServiceTest
[2009/12/07 10:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2009/08/04 15:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2009/07/15 14:43:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/25 23:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/04/25 23:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006/02/19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2 C:\Documents and Settings\EBC\Desktop\*.tmp files -> C:\Documents and Settings\EBC\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/05/31 17:41:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/31 17:41:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/31 17:39:58 | 006,291,456 | ---- | M] () -- C:\Documents and Settings\EBC\ntuser.dat
[2010/05/31 17:39:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/31 17:34:28 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\ser.doc
[2010/05/31 16:59:01 | 000,000,968 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3653118110-2426424307-4076071904-1008UA.job
[2010/05/31 13:38:19 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3653118110-2426424307-4076071904-1008.job
[2010/05/31 09:19:12 | 000,000,637 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/31 09:19:12 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/31 09:19:12 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/30 09:59:00 | 000,000,916 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3653118110-2426424307-4076071904-1008Core.job
[2010/05/29 17:16:54 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\EBC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/29 16:18:12 | 000,000,099 | ---- | M] () -- C:\rb_config.js
[2010/05/29 16:18:12 | 000,000,034 | ---- | M] () -- C:\history.js
[2010/05/28 18:14:44 | 000,288,899 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\Résumé.pdf
[2010/05/26 19:09:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Weekly Backup.job
[2010/05/24 10:40:00 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3653118110-2426424307-4076071904-1008.job
[2010/05/20 21:27:38 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\NO.doc
[2010/05/20 21:06:19 | 002,890,886 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\osl.bmp
[2010/05/17 17:28:14 | 000,223,905 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\Pfizer2.jpg
[2010/05/17 16:35:35 | 000,101,774 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\invoice IT.jpg
[2010/05/17 16:35:30 | 000,170,347 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\Ministry of Finance.jpg
[2010/05/16 18:46:35 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\recommendation Hector.doc
[2010/05/14 10:45:35 | 002,966,598 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\1111.bmp
[2010/05/14 10:45:34 | 002,888,566 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\111.bmp
[2010/05/13 17:40:19 | 000,012,428 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\recommendation Hector.docx
[2010/05/13 12:41:06 | 000,107,818 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\www 1.JPG
[2010/05/13 12:40:52 | 000,101,972 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\www 2.JPG
[2010/05/13 12:40:19 | 000,102,826 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\www 3.JPG
[2010/05/13 12:39:58 | 000,107,270 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\www original.JPG
[2010/05/13 03:01:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/12 14:28:54 | 002,807,190 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\11.bmp
[2010/05/12 14:28:54 | 002,731,902 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\12.bmp
[2010/05/12 13:34:49 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\PR IG.doc
[2010/05/11 18:50:13 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\EBC\Desktop\~$NO.doc
[2010/05/11 15:27:25 | 002,905,286 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\3.bmp
[2010/05/11 15:27:24 | 002,896,614 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\2.bmp
[2010/05/11 15:27:24 | 002,787,750 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\1.bmp
[2010/05/10 13:38:07 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\EBC\Desktop\~$commendation Hector.docx
[2010/05/08 17:47:38 | 000,000,105 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\OenHG69.mrtzcmp3
[2010/05/06 09:36:06 | 000,021,185 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\belgiumholidays2008-2012.ics
[2010/05/05 09:47:08 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\Reply form - MH workshop.doc
[2010/05/02 16:23:25 | 000,200,057 | ---- | M] () -- C:\Documents and Settings\EBC\Desktop\bookmarks-2010-05-02.json
[2 C:\Documents and Settings\EBC\Desktop\*.tmp files -> C:\Documents and Settings\EBC\Desktop\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/05/31 17:34:27 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\ser.doc
[2010/05/29 16:18:12 | 000,000,099 | ---- | C] () -- C:\rb_config.js
[2010/05/29 16:18:12 | 000,000,034 | ---- | C] () -- C:\history.js
[2010/05/28 18:14:44 | 000,288,899 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\Résumé.pdf
[2010/05/20 21:05:47 | 002,890,886 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\osl.bmp
[2010/05/17 16:54:57 | 000,223,905 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\Pfizer2.jpg
[2010/05/17 16:06:01 | 000,101,774 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\invoice IT.jpg
[2010/05/17 16:05:38 | 000,170,347 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\Ministry of Finance.jpg
[2010/05/16 18:46:35 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\recommendation Hector.doc
[2010/05/14 10:42:14 | 002,966,598 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\1111.bmp
[2010/05/14 10:40:09 | 002,888,566 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\111.bmp
[2010/05/13 15:51:03 | 000,107,270 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\www original.JPG
[2010/05/13 15:51:01 | 000,102,826 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\www 3.JPG
[2010/05/13 15:51:00 | 000,101,972 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\www 2.JPG
[2010/05/13 15:50:58 | 000,107,818 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\www 1.JPG
[2010/05/12 14:28:22 | 002,731,902 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\12.bmp
[2010/05/12 14:25:20 | 002,807,190 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\11.bmp
[2010/05/12 13:34:49 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\PR IG.doc
[2010/05/11 18:50:13 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\EBC\Desktop\~$NO.doc
[2010/05/11 15:25:07 | 002,905,286 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\3.bmp
[2010/05/11 15:24:35 | 002,896,614 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\2.bmp
[2010/05/11 15:24:05 | 002,787,750 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\1.bmp
[2010/05/10 13:38:07 | 000,012,428 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\recommendation Hector.docx
[2010/05/10 13:38:07 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\EBC\Desktop\~$commendation Hector.docx
[2010/05/08 18:12:49 | 000,000,545 | ---- | C] () -- C:\WINDOWS\UC.PIF
[2010/05/08 18:12:49 | 000,000,545 | ---- | C] () -- C:\WINDOWS\RAR.PIF
[2010/05/08 18:12:49 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKZIP.PIF
[2010/05/08 18:12:49 | 000,000,545 | ---- | C] () -- C:\WINDOWS\PKUNZIP.PIF
[2010/05/08 18:12:49 | 000,000,545 | ---- | C] () -- C:\WINDOWS\NOCLOSE.PIF
[2010/05/08 18:12:49 | 000,000,545 | ---- | C] () -- C:\WINDOWS\LHA.PIF
[2010/05/08 18:12:49 | 000,000,545 | ---- | C] () -- C:\WINDOWS\ARJ.PIF
[2010/05/08 17:47:38 | 000,000,105 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\OenHG69.mrtzcmp3
[2010/05/07 11:21:10 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\NO.doc
[2010/05/06 09:36:06 | 000,021,185 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\belgiumholidays2008-2012.ics
[2010/05/03 10:40:46 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\Reply form - MH workshop.doc
[2010/05/02 16:23:25 | 000,200,057 | ---- | C] () -- C:\Documents and Settings\EBC\Desktop\bookmarks-2010-05-02.json
[2010/04/30 17:26:01 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/01/26 17:46:04 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\EBC\clip_image002.gif
[2010/01/06 23:12:36 | 006,291,456 | ---- | C] () -- C:\Documents and Settings\EBC\ntuser.dat
[2009/12/17 18:59:43 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\winsdengzs.dll
[2009/09/22 18:25:10 | 000,000,872 | ---- | C] () -- C:\WINDOWS\System32\PCProxy.ini
[2009/09/22 18:25:06 | 000,173,384 | ---- | C] () -- C:\WINDOWS\System32\AVLibrary.dll
[2009/08/11 11:56:10 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/08/05 11:18:40 | 000,058,880 | ---- | C] () -- C:\Documents and Settings\EBC\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/04 16:22:17 | 002,118,114 | ---- | C] () -- C:\Documents and Settings\EBC\ProductContextC6100.log
[2009/08/04 16:15:01 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/08/04 16:04:03 | 000,000,687 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/08/04 15:46:25 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\EBC\Local Settings\Application Data\fusioncache.dat
[2009/08/04 15:29:42 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/08/04 15:29:41 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2009/08/04 15:19:24 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/24 10:32:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/07/22 18:45:30 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\EBC\ntuser.dat.LOG
[2009/07/22 18:45:30 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\EBC\ntuser.ini
[2009/07/22 18:45:19 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2009/07/22 18:45:19 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2009/07/15 23:16:11 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/07/15 23:16:09 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4977.dll
[2009/07/15 23:14:50 | 000,001,165 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/07/15 14:47:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/15 14:32:01 | 000,000,232 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/25 23:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/02/05 18:20:08 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/12/16 14:02:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\HPPAPR01.DLL
[2001/03/29 02:37:14 | 000,000,033 | ---- | C] () -- C:\WINDOWS\hppcap.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/10/15 21:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009/12/17 15:14:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/07/15 14:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/05/31 17:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/12/07 10:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/09/29 13:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/03/26 16:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/08/05 11:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/30 20:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\9DA95882E43FCCAD0C7C07D493ED1C7E
[2009/09/29 13:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\CopyTrans
[2010/01/12 16:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Foxit
[2010/03/18 12:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\GetRightToGo
[2010/05/08 18:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\GHISLER
[2009/09/09 19:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Leadertech
[2009/08/05 12:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\NCH Swift Sound
[2009/08/05 11:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Nowe Gadu-Gadu
[2010/03/25 12:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\TeamViewer
[2009/12/07 10:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Western Digital
[2009/07/15 14:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Windows Desktop Search
[2009/07/22 18:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\Windows Search
[2009/09/29 13:07:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\EBC\Application Data\WindSolutions
[2010/05/26 19:09:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\Tasks\Weekly Backup.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C176AF6C
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >