Hi again,
I've done the requested actions.
OTL.txt ReportOTL logfile created on: 08/09/2010 13:55:26 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\abigail babess.x\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,012.00 Mb Total Physical Memory | 598.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 135.22 Gb Free Space | 93.79% Space Free | Partition Type: NTFS
Drive D: | 1005.72 Mb Total Space | 858.30 Mb Free Space | 85.34% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ABILAPTOP
Current User Name: abigail babess.x
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\abigail babess.x\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2)
PRC - C:\Documents and Settings\abigail babess.x\Local Settings\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\abigail babess.x\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (BecHelperService) -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (mdvrmng) -- C:\WINDOWS\system32\drivers\mdvrmng.sys ()
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (JMCR) -- C:\WINDOWS\system32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (TSWLAN) -- C:\WINDOWS\system32\drivers\TsWlan.sys ()
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://global.acer.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.acer.com/rdr.aspx?b=ACA ... 8&m=aoa150 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2561310773-2289098188-3330951242-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.bbc.co.uk"
FF - prefs.js..extensions.enabledItems: {26EB2355-46D8-4EFD-98C2-E5D6988C24AA}:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30
FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{26EB2355-46D8-4EFD-98C2-E5D6988C24AA}: C:\Documents and Settings\abigail babess.x\Local Settings\Application Data\{26EB2355-46D8-4EFD-98C2-E5D6988C24AA} [2009/02/10 22:49:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2002/11/04 03:59:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2002/11/03 06:04:43 | 000,000,000 | ---D | M]
[2008/12/26 20:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abigail babess.x\Application Data\Mozilla\Extensions
[2002/11/04 08:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abigail babess.x\Application Data\Mozilla\Firefox\Profiles\7hecdypb.default\extensions
[2002/11/04 08:36:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\abigail babess.x\Application Data\Mozilla\Firefox\Profiles\7hecdypb.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2001/04/27 16:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\abigail babess.x\Application Data\Mozilla\Firefox\Profiles\7hecdypb.default\extensions\ChoiceGuard@Microsoft
[2009/02/01 22:14:09 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\abigail babess.x\Application Data\Mozilla\Firefox\Profiles\7hecdypb.default\searchplugins\live-search.xml
[2002/11/03 06:04:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2008/04/15 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [O2Start] C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe File not found
O4 - HKU\S-1-5-21-2561310773-2289098188-3330951242-1006..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - Startup: C:\Documents and Settings\abigail babess.x\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2561310773-2289098188-3330951242-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2561310773-2289098188-3330951242-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://www.update.microsoft.com/windows ... 0323523968 (WUWebControl Class)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\abigail babess.x\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\abigail babess.x\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\iifGAsTN) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 18:37:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{07cb01fc-eb19-11dd-b93e-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{07cb01fc-eb19-11dd-b93e-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07cb01fc-eb19-11dd-b93e-00234d458edd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{07cb01fd-eb19-11dd-b93e-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{07cb01fd-eb19-11dd-b93e-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{07cb01fd-eb19-11dd-b93e-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{12631c08-d2fa-11dd-b925-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{12631c08-d2fa-11dd-b925-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{12631c08-d2fa-11dd-b925-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{127115fe-5aae-11d6-b974-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{127115fe-5aae-11d6-b974-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{127115fe-5aae-11d6-b974-00234d458edd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{20651862-5aaf-11d6-b976-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{20651862-5aaf-11d6-b976-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{20651862-5aaf-11d6-b976-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{243393db-ed3d-11d6-b985-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{243393db-ed3d-11d6-b985-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{243393db-ed3d-11d6-b985-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{44278435-e66b-11dd-b939-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{44278435-e66b-11dd-b939-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{44278435-e66b-11dd-b939-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{477a340d-9df9-11d5-b95f-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{477a340d-9df9-11d5-b95f-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{477a340d-9df9-11d5-b95f-00234d458edd}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- File not found
O33 - MountPoints2\{8067fa9e-3b1c-11d5-b955-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{8067fa9e-3b1c-11d5-b955-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8067fa9e-3b1c-11d5-b955-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{9137e35c-7167-11d6-b97f-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{9137e35c-7167-11d6-b97f-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9137e35c-7167-11d6-b97f-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{98236022-9fd6-11d6-b980-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{98236022-9fd6-11d6-b980-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98236022-9fd6-11d6-b980-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{98236027-9fd6-11d6-b980-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{98236027-9fd6-11d6-b980-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98236027-9fd6-11d6-b980-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{99e285ea-f16f-11dd-b941-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{99e285ea-f16f-11dd-b941-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{99e285ea-f16f-11dd-b941-00234d458edd}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- File not found
O33 - MountPoints2\{9a7767e1-da73-11dd-b934-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{9a7767e1-da73-11dd-b934-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a7767e1-da73-11dd-b934-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{9a7767e2-da73-11dd-b934-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{9a7767e2-da73-11dd-b934-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a7767e2-da73-11dd-b934-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{9a7767e3-da73-11dd-b934-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{9a7767e3-da73-11dd-b934-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a7767e3-da73-11dd-b934-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{ad18bdfa-e59e-11dd-b937-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{ad18bdfa-e59e-11dd-b937-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad18bdfa-e59e-11dd-b937-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{ad18bdfe-e59e-11dd-b937-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{ad18bdfe-e59e-11dd-b937-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad18bdfe-e59e-11dd-b937-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{ceb0d69a-3688-11d6-b96b-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{ceb0d69a-3688-11d6-b96b-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ceb0d69a-3688-11d6-b96b-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{ceb0d69b-3688-11d6-b96b-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{ceb0d69b-3688-11d6-b96b-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ceb0d69b-3688-11d6-b96b-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{ceb0d69c-3688-11d6-b96b-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{ceb0d69c-3688-11d6-b96b-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ceb0d69c-3688-11d6-b96b-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{dff7a0ae-d37b-11dd-b928-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{dff7a0ae-d37b-11dd-b928-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dff7a0ae-d37b-11dd-b928-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{dff7a0b0-d37b-11dd-b928-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{dff7a0b0-d37b-11dd-b928-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dff7a0b0-d37b-11dd-b928-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{dff7a0b1-d37b-11dd-b928-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{dff7a0b1-d37b-11dd-b928-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dff7a0b1-d37b-11dd-b928-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{dff7a0b2-d37b-11dd-b928-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{dff7a0b2-d37b-11dd-b928-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dff7a0b2-d37b-11dd-b928-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{ed9a04bd-d28c-11dd-b927-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{ed9a04bd-d28c-11dd-b927-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ed9a04bd-d28c-11dd-b927-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{f947e1c9-6bdf-11d6-b97e-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{f947e1c9-6bdf-11d6-b97e-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f947e1c9-6bdf-11d6-b97e-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{fecdc0f0-e332-11dd-b935-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{fecdc0f0-e332-11dd-b935-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fecdc0f0-e332-11dd-b935-00234d458edd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\{fecdc0f2-e332-11dd-b935-00234d458edd}\Shell - "" = AutoRun
O33 - MountPoints2\{fecdc0f2-e332-11dd-b935-00234d458edd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fecdc0f2-e332-11dd-b935-00234d458edd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/09/08 13:54:43 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\abigail babess.x\Desktop\OTL.exe
[2010/09/08 13:51:51 | 000,621,056 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2010/09/08 13:51:51 | 000,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbfake.sys
[2010/09/08 13:51:51 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2010/09/08 13:51:51 | 000,100,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2010/09/08 13:51:51 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2010/09/08 13:51:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/09/08 13:12:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/09/08 13:09:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/09/08 13:09:30 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/09/08 13:09:30 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/09/08 13:09:30 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/09/08 13:09:30 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/09/08 13:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/09/08 13:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2007/04/02 05:40:54 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2005/11/23 00:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/09/08 13:54:37 | 000,473,400 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/08 13:54:37 | 000,402,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/08 13:54:37 | 000,063,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/08 13:50:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\abigail babess.x\Desktop\OTL.exe
[2010/09/08 13:50:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/08 13:50:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/08 13:50:25 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/08 13:49:43 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\abigail babess.x\NTUSER.DAT
[2010/09/08 13:49:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\abigail babess.x\ntuser.ini
[2010/09/08 13:31:27 | 008,555,228 | -H-- | M] () -- C:\Documents and Settings\abigail babess.x\Local Settings\Application Data\IconCache.db
[2010/09/08 13:28:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/08 13:09:46 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/09/06 17:22:10 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\abigail babess.x\Desktop\HijackThis.exe
[2010/09/06 11:33:56 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\abigail babess.x\Desktop\eXplorer.exe
[2010/09/05 13:40:38 | 007,516,167 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\abigail babess.x\Desktop\stinger1010995.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/09/08 13:09:46 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/01/23 22:55:41 | 000,402,377 | -HS- | C] () -- C:\WINDOWS\System32\NTsAGfii.ini2
[2009/01/23 22:55:41 | 000,010,100 | -HS- | C] () -- C:\WINDOWS\System32\NTsAGfii.ini
[2008/12/26 01:10:52 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\abigail babess.x\Local Settings\Application Data\fusioncache.dat
[2008/12/25 21:19:02 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\abigail babess.x\Application Data\wklnhst.dat
[2008/08/15 21:37:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/31 03:37:26 | 000,006,782 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/05/16 09:12:30 | 000,000,036 | ---- | C] () -- C:\WINDOWS\PidList.ini
[2008/04/15 04:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/15 04:00:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\webcl32.dll
[2008/02/15 06:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2007/10/01 07:59:46 | 001,769,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/06/29 10:25:12 | 000,033,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\TsWlan.sys
[2007/05/09 08:16:40 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2005/03/28 23:45:26 | 000,000,225 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2002/11/22 10:57:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2002/11/22 10:57:26 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2002/11/22 10:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2002/11/22 10:57:26 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2002/11/22 10:57:26 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2002/11/22 10:57:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2002/11/04 09:07:23 | 000,001,685 | ---- | C] () -- C:\WINDOWS\ozotevok.dll
[2002/11/04 08:41:21 | 000,001,689 | ---- | C] () -- C:\WINDOWS\axubucudi.dll
[2002/11/01 03:01:30 | 000,001,689 | ---- | C] () -- C:\WINDOWS\ehawinaqa.dll
[2002/07/25 14:59:21 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2002/06/13 02:42:44 | 000,001,026 | ---- | C] () -- C:\WINDOWS\ajibohoj.dll
[2002/05/23 11:29:44 | 000,001,026 | ---- | C] () -- C:\WINDOWS\olavakul.dll
[2002/05/08 14:13:07 | 000,001,026 | ---- | C] () -- C:\WINDOWS\ipecavalegacu.dll
[2002/05/05 05:58:54 | 000,001,026 | ---- | C] () -- C:\WINDOWS\upuputuy.dll
[2002/05/04 14:12:21 | 000,001,026 | ---- | C] () -- C:\WINDOWS\ilireyil.dll
[2002/05/03 19:57:38 | 000,001,026 | ---- | C] () -- C:\WINDOWS\ukabidov.dll
[2002/05/03 18:51:31 | 000,001,026 | ---- | C] () -- C:\WINDOWS\adovakad.dll
[2002/05/03 17:45:03 | 000,001,026 | ---- | C] () -- C:\WINDOWS\eruzedesuvarukur.dll
[2002/05/03 16:39:06 | 000,001,026 | ---- | C] () -- C:\WINDOWS\edumodor.dll
[2002/05/02 18:17:54 | 000,001,026 | ---- | C] () -- C:\WINDOWS\ucatuxof.dll
[2002/05/02 17:11:54 | 000,001,026 | ---- | C] () -- C:\WINDOWS\asuviqohu.dll
[2002/04/29 09:45:44 | 000,001,026 | ---- | C] () -- C:\WINDOWS\osuzifowasi.dll
[2002/04/29 08:40:18 | 000,001,026 | ---- | C] () -- C:\WINDOWS\ilojalaf.dll
[2002/04/29 07:33:46 | 000,001,026 | ---- | C] () -- C:\WINDOWS\efavafiyupade.dll
[2002/04/29 06:27:47 | 000,001,026 | ---- | C] () -- C:\WINDOWS\ecogologiwabaf.dll
[2002/04/29 05:21:45 | 000,001,026 | ---- | C] () -- C:\WINDOWS\ifefuvahohilof.dll
[2002/04/29 04:15:44 | 000,001,026 | ---- | C] () -- C:\WINDOWS\afaqemaq.dll
[2002/04/29 03:09:44 | 000,001,026 | ---- | C] () -- C:\WINDOWS\avixegirifadufod.dll
[2002/04/29 02:03:44 | 000,001,026 | ---- | C] () -- C:\WINDOWS\atamafux.dll
[2002/04/29 00:57:44 | 000,001,026 | ---- | C] () -- C:\WINDOWS\elasifadu.dll
[2002/04/28 23:51:44 | 000,001,026 | ---- | C] () -- C:\WINDOWS\uvicozisij.dll
[2002/04/28 22:45:44 | 000,001,026 | ---- | C] () -- C:\WINDOWS\otarefoz.dll
[2002/04/28 21:39:44 | 000,001,026 | ---- | C] () -- C:\WINDOWS\edeyazamilab.dll
[2002/04/28 20:33:44 | 000,001,026 | ---- | C] () -- C:\WINDOWS\exebozeyesogufut.dll
[2002/04/28 19:28:25 | 000,001,026 | ---- | C] () -- C:\WINDOWS\iruharucu.dll
[2002/04/28 18:21:44 | 000,001,026 | ---- | C] () -- C:\WINDOWS\ogivozujitifef.dll
[2002/04/28 17:15:48 | 000,001,026 | ---- | C] () -- C:\WINDOWS\abujafec.dll
[2002/04/28 16:10:04 | 000,001,026 | ---- | C] () -- C:\WINDOWS\apogaror.dll
[2002/04/28 15:03:55 | 000,001,026 | ---- | C] () -- C:\WINDOWS\amexizux.dll
[2002/04/25 12:37:58 | 000,001,026 | ---- | C] () -- C:\WINDOWS\uqodukeq.dll
[2002/04/25 11:44:17 | 000,001,026 | ---- | C] () -- C:\WINDOWS\ajenuqavefogutu.dll
[2002/03/24 15:46:31 | 000,001,048 | ---- | C] () -- C:\WINDOWS\odumulopocitalu.dll
[2002/03/24 15:29:11 | 000,001,048 | ---- | C] () -- C:\WINDOWS\idumulopoci.dll
[2002/03/15 16:27:09 | 000,001,048 | ---- | C] () -- C:\WINDOWS\etibebaxixoyen.dll
[2002/02/26 14:46:50 | 000,001,048 | ---- | C] () -- C:\WINDOWS\ekeruqazejowe.dll
[2001/05/04 03:07:17 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\abigail babess.x\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
< End of report >
OTL Extras.txt ReportOTL Extras logfile created on: 08/09/2010 13:55:26 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\abigail babess.x\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1,012.00 Mb Total Physical Memory | 598.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 135.22 Gb Free Space | 93.79% Space Free | Partition Type: NTFS
Drive D: | 1005.72 Mb Total Space | 858.30 Mb Free Space | 85.34% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ABILAPTOP
Current User Name: abigail babess.x
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-2561310773-2289098188-3330951242-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Huawei Modems" = Huawei modem
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"web'n'walk stick manager" = web'n'walk stick manager
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 08/09/2010 08:13:18 | Computer Name = ABILAPTOP | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).
Error - 08/09/2010 08:13:46 | Computer Name = ABILAPTOP | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).
Error - 08/09/2010 08:14:20 | Computer Name = ABILAPTOP | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).
Error - 08/09/2010 08:14:45 | Computer Name = ABILAPTOP | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070015 (converted
to 0x800423f3).
[ System Events ]
Error - 04/11/2002 00:08:29 | Computer Name = ABILAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 04/11/2002 00:08:41 | Computer Name = ABILAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 04/11/2002 00:08:56 | Computer Name = ABILAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 04/11/2002 00:08:58 | Computer Name = ABILAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 04/11/2002 00:09:25 | Computer Name = ABILAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 04/11/2002 00:09:27 | Computer Name = ABILAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 08/09/2010 08:08:47 | Computer Name = ABILAPTOP | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.
Error - 08/09/2010 08:08:47 | Computer Name = ABILAPTOP | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error
message: The referenced assembly is not installed on your system. .
Error - 08/09/2010 08:08:47 | Computer Name = ABILAPTOP | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\DOCUME~1\ABIGAI~1.X\LOCALS~1\Temp\RarSFX0\redist.dll.
Reference
error message: The operation completed successfully. .
Error - 08/09/2010 08:15:00 | Computer Name = ABILAPTOP | Source = Removable Storage Service | ID = 262159
Description = RSM cannot manage library PhysicalDrive1. The database is corrupt.
< End of report >
RKUnHooker ReportRkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF6C0E000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xAA303000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4968448 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2260992 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2260992 bytes
0x804D7000 RAW 2260992 bytes
0x804D7000 WMIxWDM 2260992 bytes
0xBF800000 Win32k 1847296 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1847296 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA9E1C000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 1773568 bytes (-, UVC Camera Streaming Driver)
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0xF6A76000 C:\WINDOWS\system32\DRIVERS\athw.sys 1314816 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)
0xF731D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA9FCD000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF694A000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA150000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9685000 C:\WINDOWS\system32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xA9194000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6A1B000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 225280 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xF7498000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA9957000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF72F0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF73F3000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA8E9A000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAA03D000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6BD2000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAA100000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA0DA000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA8EC5000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAA2DF000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6A52000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF69A8000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA0B8000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA9DFA000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x806FF000 ACPI_HAL 134400 bytes
0x806FF000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73D3000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7468000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF6BB7000 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 110592 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xF72D6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF741F000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xF7438000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF7450000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF73AA000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6A04000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9CA5000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xA9984000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA9C19000 C:\WINDOWS\system32\drivers\mdvrmng.sys 81920 bytes (-, SmartRoaming Client)
0xF6BFA000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA1A9000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF73C1000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7487000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF69CB000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF71F4000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xA9D42000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7204000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7547000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF7517000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xF75A7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7717000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7727000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7647000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7507000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7587000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7577000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7747000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF75F7000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF7607000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF75D7000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF75E7000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF7637000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF74F7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7737000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF75C7000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF74E7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7224000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7567000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7537000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF75B7000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF7234000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7597000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7677000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7707000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7757000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF71C4000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA972F000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7527000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xA90CC000 C:\WINDOWS\system32\drivers\TsWlan.sys 36864 bytes
0xF7557000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xF71B4000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF780F000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7797000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF77A7000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF78A7000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF777F000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF7827000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF77CF000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF7767000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77C7000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF781F000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (-, USBCAMD for Sonix UVC)
0xF779F000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xAA068000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF77AF000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF77B7000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF78B7000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78BF000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7817000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF789F000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF77FF000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF78AF000 C:\WINDOWS\system32\DRIVERS\DKbFltr.sys 20480 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0xF77BF000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF778F000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF7787000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF7807000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF776F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78CF000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78D7000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7777000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF78C7000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7837000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF790B000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF791B000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xF78FF000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7923000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF79BB000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7907000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF7913000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF791F000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xF79CF000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9CC6000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF790F000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xF7903000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7917000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF78F7000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF78FB000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAA21B000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF69E4000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF726A000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF69E0000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF79C3000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7266000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79BF000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF79EB000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7A21000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7A17000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79F5000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF79ED000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xF7A15000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF79F3000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF79E7000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A19000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79F7000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF7A1B000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A11000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79EF000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xF7A0B000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF79F1000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF79E9000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C3A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7ADD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7BDB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7AB0000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7AAF000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0xAA1BEBEF Unknown page with executable code, 1041 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x858286E8 ] PID: 728, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x85828248 ] PID: 772, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x85851860 ] PID: 784, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x869B8DA0 ] PID: 960, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x86965478 ] PID: 1012, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x86934DA0 ] PID: 1056, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x85122378 ] PID: 1172, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x86967978 ] PID: 1200, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x86904AC8 ] PID: 1384, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x8698B890 ] PID: 1468, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x869FE960 ] PID: 1688, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x8690C4F8 ] PID: 1732, 40960 bytes
0x00B00000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x86A08830 ] PID: 1772, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x868DB3D8 ] PID: 1832, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x8586FDA0 ] PID: 1852, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x869C0A98 ] PID: 1980, 40960 bytes
0x00910000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x850FE570 ] PID: 480, 40960 bytes
0x00910000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x850EF410 ] PID: 508, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x8678CDA0 ] PID: 532, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x869AE818 ] PID: 564, 40960 bytes
0x00C40000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x86ACA6A8 ] PID: 648, 40960 bytes
0x01540000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x869735C8 ] PID: 124, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x8512F9F8 ] PID: 908, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x85707630 ] PID: 972, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x84B69AE8 ] PID: 1080, 40960 bytes
0x01260000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x85119408 ] PID: 1088, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x86A9BB00 ] PID: 1100, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x850F84D0 ] PID: 1296, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x857C4340 ] PID: 2056, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x857BE020 ] PID: 2280, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x857878D0 ] PID: 2592, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x866B3DA0 ] PID: 2676, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x85105990 ] PID: 2868, 40960 bytes
0x10000000 Hidden Image-->UACtqhutxwa.dll [ EPROCESS 0x86A16020 ] PID: 3224, 40960 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\abigail babess.x\Local Settings\Temp\UACabd2.tmp
!-->[Hidden] C:\WINDOWS\system32\drivers\UACexjxfmqp.sys
!-->[Hidden] C:\WINDOWS\system32\UACbirlubrf.dll
!-->[Hidden] C:\WINDOWS\system32\UAChkymycir.dat
!-->[Hidden] C:\WINDOWS\system32\UAChvtypdqg.log
!-->[Hidden] C:\WINDOWS\system32\uacinit.dll
!-->[Hidden] C:\WINDOWS\system32\UACorjolwgo.dll
!-->[Hidden] C:\WINDOWS\system32\UACtqhutxwa.dll
!-->[Hidden] C:\WINDOWS\system32\UACuyxmttki.dll
!-->[Hidden] C:\WINDOWS\system32\UACxmpfulvv.dll
!-->[Hidden] C:\WINDOWS\Temp\UAC1caa.tmp
!-->[Hidden] C:\WINDOWS\Temp\UAC21f5.tmp
!-->[Hidden] C:\WINDOWS\Temp\UAC3d64.tmp
!-->[Hidden] C:\WINDOWS\Temp\UAC4aea.tmp
!-->[Hidden] C:\WINDOWS\Temp\UAC513d.tmp
!-->[Hidden] C:\WINDOWS\Temp\UAC5d2.tmp
!-->[Hidden] C:\WINDOWS\Temp\UAC8c2a.tmp
!-->[Hidden] C:\WINDOWS\Temp\UAC940c.tmp
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00005B22, Type: Inline - RelativeJump 0x804DCB22-->804DCB29 [ntoskrnl.exe]
ntoskrnl.exe-->IofCallDriver, Type: Inline - RelativeJump 0x804E13A7-->8677277B [unknown_code_page]
ntoskrnl.exe-->IofCompleteRequest, Type: Inline - RelativeJump 0x804E17BD-->8694A873 [unknown_code_page]
ntoskrnl.exe-->NtEnumerateKey, Type: Inline - RelativeJump 0x80578E14-->8676FE5C [unknown_code_page]
ntoskrnl.exe-->NtFlushInstructionCache, Type: Inline - RelativeJump 0x80587BFB-->86799E5C [unknown_code_page]
[1080]ctfmon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[1080]ctfmon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[1088]AWC.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[1088]AWC.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[1100]WinCinemaMgr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[1100]WinCinemaMgr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[124]tscui.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[124]tscui.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[124]tscui.exe-->user32.dll-->EnableScrollBar, Type: Inline - RelativeJump 0x7E468005-->00000000 [tscui.exe]
[124]tscui.exe-->user32.dll-->EnableScrollBar, Type: Inline - SEH 0x7E46800A [unknown_code_page]
[124]tscui.exe-->user32.dll-->EnableScrollBar, Type: Inline - SEH 0x7E46800B [unknown_code_page]
[124]tscui.exe-->user32.dll-->GetScrollInfo, Type: Inline - RelativeJump 0x7E42DFE2-->00000000 [tscui.exe]
[124]tscui.exe-->user32.dll-->GetScrollInfo, Type: Inline - SEH 0x7E42DFE7 [unknown_code_page]
[124]tscui.exe-->user32.dll-->GetScrollInfo, Type: Inline - SEH 0x7E42DFE8 [unknown_code_page]
[124]tscui.exe-->user32.dll-->GetScrollPos, Type: Inline - RelativeJump 0x7E42F704-->00000000 [tscui.exe]
[124]tscui.exe-->user32.dll-->GetScrollRange, Type: Inline - RelativeJump 0x7E42F787-->00000000 [tscui.exe]
[124]tscui.exe-->user32.dll-->GetSysColor, Type: Inline - RelativeJump 0x7E418E78-->00000000 [tscui.exe]
[124]tscui.exe-->user32.dll-->GetSysColorBrush, Type: Inline - RelativeJump 0x7E418EAB-->00000000 [tscui.exe]
[124]tscui.exe-->user32.dll-->SetScrollInfo, Type: Inline - RelativeJump 0x7E419056-->00000000 [tscui.exe]
[124]tscui.exe-->user32.dll-->SetScrollInfo, Type: Inline - SEH 0x7E41905B [unknown_code_page]
[124]tscui.exe-->user32.dll-->SetScrollInfo, Type: Inline - SEH 0x7E41905C [unknown_code_page]
[124]tscui.exe-->user32.dll-->SetScrollPos, Type: Inline - RelativeJump 0x7E42F750-->00000000 [tscui.exe]
[124]tscui.exe-->user32.dll-->SetScrollRange, Type: Inline - RelativeJump 0x7E42F99B-->00000000 [tscui.exe]
[124]tscui.exe-->user32.dll-->ShowScrollBar, Type: Inline - RelativeJump 0x7E42F2F2-->00000000 [tscui.exe]
[1296]ONENOTEM.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[1296]ONENOTEM.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[1384]spoolsv.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[1384]spoolsv.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[1468]sched.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[1468]sched.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[1688]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1688]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1688]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1688]explorer.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[1688]explorer.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[1688]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1688]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1688]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x78051488-->00000000 [shimeng.dll]
[1688]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[1732]avguard.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[1732]avguard.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[1772]BecHelperService.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[1772]BecHelperService.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[1832]iviRegMgr.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[1832]iviRegMgr.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[1852]avshadow.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[1852]avshadow.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[2056]igfxext.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[2056]igfxext.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[2280]alg.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[2280]alg.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[2592]RtkBtMnt.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[2592]RtkBtMnt.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[2868]rundll32.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[2868]rundll32.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[480]igfxtray.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[480]igfxtray.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[508]hkcmd.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[508]hkcmd.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[532]RTHDCPL.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[532]RTHDCPL.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[564]SynTPEnh.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[564]SynTPEnh.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[648]QtZgAcer.EXE-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[648]QtZgAcer.EXE-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[728]winlogon.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[728]winlogon.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[772]services.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[772]services.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[784]lsass.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[784]lsass.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[908]igfxsrvc.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[908]igfxsrvc.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
[972]avgnt.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163A3-->00000000 [unknown_code_page]
[972]avgnt.exe-->ntdll.dll-->LdrUnloadDll, Type: Inline - RelativeJump 0x7C91736B-->00000000 [unknown_code_page]
Computer PerformanceAfter running the above scans I switched off. The Acer boots up fine. Avira warns me I am working with Administrator Rights. Connecting via 3G modem, Avira found and installed updates, Adobe Flash Player found and asked to install updates, Mozilla Firefox
appears to be functioning normally
BUT Google isn't. The same problem of searching and just coming up with a blank screen is still there. Ditto Yahoo! searches. I've switched it off again.