Hi Everyone.

Something really weird happened with my Laptop yesterday.

It was running fine up until I switched it on to check my emails.

I opened my email client (Windows Live Mail) and for some reason I had to re-enter all my passwords and re-download all my emails again.

This worries me because there was no reason for these processes to take place.

I also can NO longer run windows live mail.

I would appreciate if somebody here would check my latest HijackThis Logfile please
to see if there is any malware present that might have caused this!

Also does anyone know why the above could have happened with my email client!

Cheers for now guys

scrypt

Here is my HJT L/f :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:40:42, on 12/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\isposure\IsposureAgent.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.e xe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\w lsetup-web.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [tbbMeter] C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {4944924A-64E4-49C1-AC97-ABA3927262FE} (StWbUsa Control) - http://channel.dontblynk.com/Launcher/StWbUsa.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/...npkcx_inca.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - C:\Program Files\isposure\IsposureAgent.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Norton Internet Security. (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 9392 bytes

Scrypt can you please click the prework link in my signature and come back with the required logs.

Okay will do.

Cheers for taking the time to check these for me!

Here is my Rootrepeal.txt L/File :

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/12 19:45
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x92912000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x9291D000 Size: 40960 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA13BE000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spwq.sys
Image Path: C:\Windows\System32\Drivers\spwq.sys
Address: 0x8268A000 Size: 1048576 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\programdata\epitiro\ag 2009-10-12.lgf
Status: Allocation size mismatch (API: 458752, Raw: 434176)

Path: C:\System Volume Information\EfaData\SYMEFA.DB-journal
Status: Visible to the Windows API, but not on disk.

Path: C:\Program Files\Windows Media Player\Network Sharing\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\PLA\System\System Diagnostics.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\System32\wbem\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6b d6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.c at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_ 1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf .cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_ 1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf 3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_ 1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91 .cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6 bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_ 1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578 ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_ 1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7 ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_5 8843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_ 1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada .cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c40 03bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e0 53e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.open mp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218 504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcl oc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd 3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7a b8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6b d6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.c at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7 658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_ abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a1 4c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_ 1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24a d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6b d6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.c at
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_81 8f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_919 3a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c1 1df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_ 1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a 2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e 0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_51 6953ad0f4d16c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b1 9c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4d dfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsof t.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031 cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsof t.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_ 8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcl oc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e1 6e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.open mp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547 f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25 f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6 bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcl oc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf1783 1d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0 efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_ 1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef 17b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microso ft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6 920e9f98fc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c 6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_ 1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e .cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.open mp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e50 7087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_ 1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76 806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5d f56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microso ft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5 dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_ 1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8 f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_ 1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af 1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005 _none_04642e8a80bb8b27\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005 _none_04642e8a80bb8b27\MIC237~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a25 4f52777a\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_non e_29a6eeebde589a97\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_non e_2a3e34a2f76b9db7\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_non e_2b9dff39db71a7a1\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.22389_non e_2be9bd5af4bd3b16\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6002.18005_non e_2d991295d888a8b3\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.1 8000_none_b3dc8e9f30720cdd\System Diagnostics.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6002.1 8005_none_b5c807ab2d93d829\System Diagnostics.xml:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3 d90d406f6a60fcd\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3 d90d406f6a60fcd\SE3B5D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3 d90d406f6a60fcd\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_ none_48e0ac03ef0db56a\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_ none_48e0ac03ef0db56a\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_ none_48e0ac03ef0db56a\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_ none_4979e8d10820826f\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_ none_4979e8d10820826f\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_ none_4979e8d10820826f\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_ none_4abfe8a3ec3a94fa\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_ none_4abfe8a3ec3a94fa\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_ none_4abfe8a3ec3a94fa\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_ none_4b2b163f056ebb45\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_ none_4b2b163f056ebb45\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_ none_4b2b163f056ebb45\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_ none_4cec3f51e92bbb79\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_ none_4cec3f51e92bbb79\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_ none_4cec3f51e92bbb79\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16 708_en-us_b9851a92245b1b73\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20 864_en-us_b9c9d6ad3dacfd87\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_non e_9b31bbe79077558b\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.16720_none_a5 4ef540d05f91fc\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.20883_none_8e 870be4ea01d6ef\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.18111_none_a5 29d9f6d0b19e9d\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.22230_none_8e 5e4a92ea5717b0\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_non e_8469d28baa199a7e\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.secu rity.azroles_31bf3856ad364e35_6.0.6000.16386_none_ ea83414c2e75b887\Microsoft.Interop.Security.AzRole s.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_6.0.6002.18005_none_fe396 815d7e3cf11\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391 163f08d7422\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f4 3a7f094a691\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b628 6870146b\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18005_none_0d553c2b 4c3b84e1\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca3 4c6c2c87\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a4 65949c3d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.167 20_none_38b929534b68462d\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.208 83_none_21f13ff7650a8b20\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.181 11_none_38940e094bba52ce\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.222 30_none_21c87ea5655fcbe1\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.16720_ none_7c654fdc62654993\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.20883_ none_659d66807c078e86\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.18111_ none_7c40349262b75634\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.22230_ none_6574a52e7c5ccf47\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 00.16720_none_48d018cce81ec9cb\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 00.16720_none_48d018cce81ec9cb\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 00.20883_none_32082f7101c10ebe\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 00.20883_none_32082f7101c10ebe\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 01.18111_none_48aafd82e870d66c\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 01.18111_none_48aafd82e870d66c\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 01.22230_none_31df6e1f02164f7f\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_personalization_sql_b03f5f7f11d50a3a_6.0.60 01.22230_none_31df6e1f02164f7f\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6 000.16720_none_b898612ecd927be5\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6 000.20883_none_a1d077d2e734c0d8\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6 001.18111_none_b87345e4cde48886\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6 001.22230_none_a1a7b680e78a0199\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.1672 0_none_7b4eba45cecd6936\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.2088 3_none_6486d0e9e86fae29\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.1811 1_none_7b299efbcf1f75d7\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.2223 0_none_645e0f97e8c4eeea\IEEXEC~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.16720_non e_0bca521ee450d037\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6000.20883_non e_0c16103ffd9c63ac\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.18111_non e_0dbc60fae16e5e8e\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-netfxsbs12_hkf_31bf3856ad364e35_6.0.6001.22230_non e_0e2f5da3fa9d1ce3\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.18111_non e_9b0ca09d90c9622c\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6001.22230_non e_84411139aa6edb3f\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b 05f09aa2a6a\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18 096_en-us_bb08077221cc7808\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22 208_en-us_bbf4f6033a9f4c2e\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6002.18 005_en-us_bd4ece0e1eaaafd1\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57 522f812d\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb0 6b4f218b\RENDER~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ASPN ET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\SYST EM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MIC237~1.MA N
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MI2095~1.MA N
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: c:\programdata\norton\00000082\00000109\000003c3\c ltlms1.dat
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\programdata\norton\00000082\00000109\000003c3\c ltlms2.dat
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\logs\dadown.dat
Status: Allocation size mismatch (API: 16384, Raw: 12288)

Path: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\logs\nco2.dat
Status: Allocation size mismatch (API: 8192, Raw: 4096)

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.In terop.Security.AzRoles\6.0.6000.16386__31bf3856ad3 64e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serial ization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\ SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE3B5D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: c:\windows\serviceprofiles\localservice\appdata\lo cal\temp\wer4241.tmp.hdmp
Status: Allocation size mismatch (API: 10485760, Raw: 0)

Path: c:\windows\serviceprofiles\localservice\appdata\lo cal\temp\werbaf7.tmp.hdmp
Status: Allocation size mismatch (API: 9895936, Raw: 0)

Path: c:\windows\serviceprofiles\localservice\appdata\lo cal\temp\wer7003.tmp.hdmp
Status: Allocation size mismatch (API: 10092544, Raw: 0)

Path: c:\programdata\microsoft\search\data\applications\ windows\gatherlogs\systemindex\systemindex.1.crwl
Status: Allocation size mismatch (API: 528, Raw: 216)

Path: C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\mark.hogan@ d0a\Inbox\3ECA34~1.EML:OEStandardProperty
Status: Visible to the Windows API, but not on disk.

Path: c:\programdata\microsoft\search\data\applications\ windows\projects\systemindex\propmap\cipt0000.000
Status: Allocation size mismatch (API: 240, Raw: 0)

Path: c:\programdata\microsoft\search\data\applications\ windows\projects\systemindex\propmap\used0000.000
Status: Allocation size mismatch (API: 240, Raw: 0)

Path: c:\programdata\microsoft\search\data\applications\ windows\projects\systemindex\secstore\cist0000.000
Status: Allocation size mismatch (API: 240, Raw: 0)

Path: c:\programdata\microsoft\search\data\applications\ windows\projects\systemindex\indexer\cifiles\index .000
Status: Allocation size mismatch (API: 240, Raw: 0)

Path: C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 004.ci
Status: Visible to the Windows API, but not on disk.

Path: C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 004.dir
Status: Visible to the Windows API, but not on disk.

Path: C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 004.wid
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\Storage Folders (4)\Recovered items\10-12-2009 823\mark.hogan@ 47d\Inbox\7C0A65~1.EML:OEStandardProperty
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\Storage Folders (4)\Recovered items\10-12-2009 823\mark.hogan@ 47d\Inbox\362E0B~1.EML:OEStandardProperty
Status: Visible to the Windows API, but not on disk.

Path: C:\Users\Mark\AppData\Local\Microsoft\Windows Live Mail\Storage Folders (4)\Recovered items\10-12-2009 823\Sky (m.a.r.k)\Inbox\5B3B3E~1.EML:OEStandardProperty
Status: Visible to the Windows API, but not on disk.

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1124 Status: Locked to the Windows API!

SSDT
-------------------
#: 013 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x88571768

#: 014 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8843a048

#: 018 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x883eb5b8

#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "<unknown>" at address 0x86f90eb0

#: 042 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x883fb840

#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x9227343a

#: 067 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x883ed8d8

#: 072 Function Name: NtCreateProcess
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x8a6fe282

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "C:\Windows\system32\drivers\PCTCore.sys" at address 0x8a6fe474

#: 077 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x883f31c8

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x883ebce0

#: 116 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x883f6070

#: 122 Function Name: NtDeleteFile
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x92273586

#: 123 Function Name: NtDeleteKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x92276a36

#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0x92276a68

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x883eb790

#: 147 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x883ec0e0

#: 156 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x886ef048

#: 158 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x885e19d0

#: 165 Function Name: NtLoadDriver
Status: Hooked by "<unkStealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x859261f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x859241f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x859241f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x859241f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x859241f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x859241f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x859241f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x859241f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8689d1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8689d1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System Address: 0x8689d1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8689d1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8689d1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8689d1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8689d1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8689d1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System Address: 0x8689d1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8689d1f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System Address: 0x8689d1f8 Size: 121

Object: Hidden Code [Driver: usbuhci蚅Џ䅓䍓, IRP_MJ_CREATE]
Process: System Address: 0x8685d500 Size: 121

Object: Hidden Code [Driver: usbuhci蚅Џ䅓䍓, IRP_MJ_CLOSE]
Process: System Address: 0x8685d500 Size: 121

Object: Hidden Code [Driver: usbuhci蚅Џ䅓䍓, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8685d500 Size: 121

Object: Hidden Code [Driver: usbuhci蚅Џ䅓䍓, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8685d500 Size: 121

Object: Hidden Code [Driver: usbuhci蚅Џ䅓䍓, IRP_MJ_POWER]
Process: System Address: 0x8685d500 Size: 121

Object: Hidden Code [Driver: usbuhci蚅Џ䅓䍓, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8685d500 Size: 121

Object: Hidden Code [Driver: usbuhci蚅Џ䅓䍓, IRP_MJ_PNP]
Process: System Address: 0x8685d500 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System Address: 0x86f8d1f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System Address: 0x86f8d1f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f8d1f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f8d1f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System Address: 0x86f8d1f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System Address: 0x86f8d1f8 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE]
Process: System Address: 0x87a4d500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE]
Process: System Address: 0x87a4d500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87a4d500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87a4d500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP]
Process: System Address: 0x87a4d500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_PNP]
Process: System Address: 0x87a4d500 Size: 121

Object: Hidden Code [Driver: iScsiPrtЇ扏楃ɀ, IRP_MJ_CREATE]
Process: System Address: 0x8698c1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЇ扏楃ɀ, IRP_MJ_CLOSE]
Process: System Address: 0x8698c1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЇ扏楃ɀ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8698c1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЇ扏楃ɀ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8698c1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЇ扏楃ɀ, IRP_MJ_POWER]
Process: System Address: 0x8698c1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЇ扏楃ɀ, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8698c1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtЇ扏楃ɀ, IRP_MJ_PNP]
Process: System Address: 0x8698c1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x859221f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x859221f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x859221f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x859221f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x859221f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x859221f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x859221f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x859221f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x859221f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x859221f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x859221f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x868591f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x868591f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x868591f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x868591f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x868591f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x868591f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x868591f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_POWER]
Process: System Address: 0x859251f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x859251f8 Size: 121

Object: Hidden Code [Driver: msahci, IRP_MJ_PNP]
Process: System Address: 0x859251f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]
Process: System Address: 0x87a71500 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤�襺⧰襴襼ᔰᔰ
蘀, IRP_MJ_CREATE]
Process: System Address: 0x8982f1f8 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤�襺⧰襴襼ᔰᔰ
蘀, IRP_MJ_CLOSE]
Process: System Address: 0x8982f1f8 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤�襺⧰襴襼ᔰᔰ
蘀, IRP_MJ_READ]
Process: System Address: 0x8982f1f8 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤�襺⧰襴襼ᔰᔰ
蘀, IRP_MJ_WRITE]
Process: System Address: 0x8982f1f8 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤�襺⧰襴襼ᔰᔰ
蘀, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8982f1f8 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤�襺⧰襴襼ᔰᔰ
蘀, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8982f1f8 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤�襺⧰襴襼ᔰᔰ
蘀, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8982f1f8 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤�襺⧰襴襼ᔰᔰ
蘀, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8982f1f8 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤�襺⧰襴襼ᔰᔰ
蘀, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8982f1f8 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤�襺⧰襴襼ᔰᔰ
蘀, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8982f1f8 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤�襺⧰襴襼ᔰᔰ
蘀, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8982f1f8 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤�襺⧰襴襼ᔰᔰ
蘀, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8982f1f8 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤�襺⧰襴襼ᔰᔰ
蘀, IRP_MJ_CLEANUP]
Process: System Address: 0x8982f1f8 Size: 121

Object: Hidden Code [Driver: cdfsЅ慖卤�襺⧰襴襼ᔰᔰ
蘀, IRP_MJ_PNP]
Process: System Address: 0x8982f1f8 Size: 121

==EOF==

Here is my DDS.txt L/File :


DDS (Ver_09-10-12.01) - NTFSx86
Run by Mark at 20:30:36.11 on 12/10/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3066.1586 [GMT 1:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\isposure\IsposureAgent.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\thinkbroadband.com\tbbMeter\tbbMeter.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.e xe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mark\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\norton internet security\engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\norton internet security\engine\17.0.0.136\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\norton internet security\engine\17.0.0.136\coIEPlg.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {23B0D39A-E245-41B7-BF86-1238CF62625E} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
mRun: [Broadcom Wireless Manager UI] "c:\windows\system32\WLTRAY.exe"
mRun: [tbbMeter] c:\program files\thinkbroadband.com\tbbmeter\tbbmeter.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\sta rtm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
DPF: {4944924A-64E4-49C1-AC97-ABA3927262FE} - hxxp://channel.dontblynk.com/Launcher/StWbUsa.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - hxxp://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\prof iles\6r8uq9l6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\c oFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\ IPSFFPl.dll
FF - component: c:\users\mark\appdata\roaming\mozilla\firefox\prof iles\6r8uq9l6.default\extensions\keyscrambler@qfx. software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dl l
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\users\mark\appdata\roaming\mozilla\firefox\prof iles\6r8uq9l6.default\extensions\kos@dontblynk.com \platform\winnt_x86-msvc\plugins\NPSting.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\ 20090921.001\BHDrvx86.sys [2009-9-22 507440]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1100000.0 88\ccHPx86.sys [2009-10-7 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\2 0090911.001\IDSvix86.sys [2009-10-7 342576]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-10 102448]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-13 29736]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-10-5 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-10-5 3072]

=============== Created Last 30 ================

2009-10-12 14:06 <DIR> --d----- c:\users\mark\Tracing
2009-10-10 21:41 222,225 a------- c:\windows\system32\drivers\sfi.dat
2009-10-10 21:36 <DIR> --d----- c:\program files\COMODO
2009-10-08 17:25 <DIR> --d----- c:\program files\SimBin
2009-10-08 17:25 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2009-10-08 17:25 452,440 a------- c:\windows\system32\d3dx10_40.dll
2009-10-08 17:25 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2009-10-08 16:45 <DIR> --d----- c:\program files\ESET
2009-10-08 15:46 <DIR> --d----- c:\program files\ThreatExpert Memory Scanner
2009-10-08 15:32 524,288 a------- c:\windows\system32\Symantec Threat Monitor, Powered By DeepSight.scr
2009-10-08 15:32 <DIR> --d----- c:\programdata\Screentime
2009-10-08 15:32 <DIR> --d----- c:\progra~2\Screentime
2009-10-07 19:58 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-10-07 19:58 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-10-07 19:57 <DIR> --d----- c:\users\mark\appdata\roaming\SUPERAntiSpyware.com
2009-10-07 19:57 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-10-07 18:46 44,080 a----r-- c:\windows\system32\drivers\SymIMV.sys
2009-10-07 18:39 <DIR> --d----- c:\users\mark\appdata\roaming\Tific
2009-10-06 23:09 <DIR> --d----- c:\program files\ATI
2009-10-06 01:46 596 a---hr-- c:\windows\EPMBatch.ept
2009-10-05 21:25 40,560 a------- c:\windows\system32\drivers\hotcore3.sys
2009-10-05 21:25 <DIR> --d----- c:\program files\Paragon Software
2009-10-05 19:54 1,663,488 a------- c:\windows\system32\BootMan.exe
2009-10-05 19:54 14,848 a------- c:\windows\system32\EuEpmGdi.dll
2009-10-05 19:54 86,408 a------- c:\windows\system32\setupempdrv03.exe
2009-10-05 19:54 9,728 a------- c:\windows\system32\epmntdrv.sys
2009-10-05 19:54 3,072 a------- c:\windows\system32\EuGdiDrv.sys
2009-10-05 19:53 <DIR> --d----- c:\program files\EASEUS
2009-10-05 19:28 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2009-10-05 07:30 <DIR> --d----- c:\program files\AeriaGames
2009-10-05 04:23 <DIR> --d----- C:\AeriaGames
2009-10-05 03:41 <DIR> --d----- c:\program files\common files\Akamai
2009-10-04 21:58 191,008 a------- c:\windows\system32\npkcmsvc.exe
2009-10-04 21:58 22,952 a------- c:\windows\system32\cabal_key.bmp
2009-10-04 21:05 <DIR> --d----- c:\program files\Games-Masters.com
2009-10-04 20:46 <DIR> --d----- C:\kos
2009-10-04 20:37 65,536 a------- c:\windows\IFinst27.exe
2009-10-04 20:00 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-10-03 19:15 2,796,956 a------- c:\windows\system32\GameMon.des
2009-10-03 19:14 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-10-03 19:14 4,682 a------- c:\windows\system32\npptNT2.sys
2009-10-03 19:14 <DIR> --d----- c:\program files\common files\INCA Shared
2009-10-03 18:54 <DIR> --d----- c:\program files\KeyToPlay
2009-10-03 18:47 <DIR> --d----- c:\program files\Conduit
2009-10-03 16:58 98,304 a------- c:\windows\system32\CmdLineExt.dll
2009-10-03 16:57 <DIR> --d----- c:\program files\GameSpy Arcade
2009-10-03 15:08 <DIR> --d----- c:\program files\Runes of Magic
2009-10-03 14:33 <DIR> --d----- c:\users\mark\appdata\roaming\GrabPro
2009-10-03 14:33 <DIR> --d----- C:\downloads
2009-10-03 14:32 <DIR> --d----- c:\program files\Orbitdownloader
2009-10-03 13:08 124,976 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-03 13:08 7,443 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-10-03 13:08 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-03 13:08 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-10-03 13:08 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-10-03 00:25 <DIR> --d-h--- c:\windows\msdownld.tmp
2009-10-03 00:25 <DIR> --d----- c:\windows\system32\directx
2009-10-02 23:34 <DIR> --d----- c:\users\mark\appdata\roaming\FOG Downloader
2009-10-02 23:34 <DIR> --d----- c:\users\mark\Game Clients (Various)
2009-10-02 17:49 <DIR> --d----- c:\program files\Sierra
2009-10-02 13:22 <DIR> --dsh--- C:\$RECYCLE(3).BIN
2009-10-02 00:24 45 a------- c:\users\mark\jagex_runescape_preferences2.dat
2009-10-02 00:23 38 a------- c:\users\mark\jagex_runescape_preferences.dat
2009-10-02 00:23 <DIR> --d----- C:\.jagex_cache_32
2009-10-01 21:09 <DIR> --d----- c:\windows\system32\logs
2009-10-01 20:59 <DIR> --d----- c:\program files\ThreatFire
2009-09-30 17:50 <DIR> --d----- c:\program files\Mozilla Thunderbird(348)
2009-09-29 11:36 <DIR> --d----- c:\program files\Windows Live(362)
2009-09-29 05:19 <DIR> --d----- c:\users\mark\appdata\roaming\iolo
2009-09-29 05:19 <DIR> --d----- c:\programdata\iolo
2009-09-29 05:19 <DIR> --d----- c:\progra~2\iolo
2009-09-25 22:21 <DIR> --d----- c:\program files\Curse
2009-09-25 19:02 <DIR> --d----- c:\programdata\Blizzard Entertainment
2009-09-25 19:02 <DIR> --d----- c:\progra~2\Blizzard Entertainment
2009-09-25 18:54 <DIR> --d----- c:\programdata\page
2009-09-25 18:54 <DIR> --d----- c:\progra~2\page
2009-09-25 10:29 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-25 09:25 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-09-25 09:25 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-24 11:33 <DIR> --d----- c:\users\mark\appdata\roaming\Ashampoo
2009-09-24 11:33 <DIR> --d----- c:\programdata\ashampoo
2009-09-24 11:33 <DIR> --d----- c:\progra~2\ashampoo
2009-09-24 11:33 <DIR> --d----- c:\program files\Ashampoo
2009-09-23 14:44 33,552 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-09-23 14:44 59,664 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-09-23 14:44 51,984 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-09-20 13:02 <DIR> --d----- c:\programdata\CyberLink
2009-09-20 12:07 <DIR> --d----- c:\program files\DivX
2009-09-19 13:24 <DIR> --d----- c:\program files\common files\Symantec Shared(159)
2009-09-18 17:37 <DIR> --d----- c:\program files\iPod
2009-09-18 17:37 <DIR> --d----- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-18 17:37 <DIR> --d----- c:\program files\iTunes
2009-09-18 17:37 <DIR> --d----- c:\progra~2\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-18 17:34 <DIR> --d----- c:\programdata\Apple Computer
2009-09-15 12:38 130,088 a---h--- c:\windows\system32\7b835c91.stf
2009-09-15 12:38 130,088 a---h--- c:\windows\system32\634612c5.stf
2009-09-15 12:38 130,088 a---h--- c:\windows\system32\35b91406.stf
2009-09-15 12:38 130,088 a---h--- c:\windows\system32\06f051e3.stf
2009-09-15 12:34 <DIR> --d----- C:\stdtsa
2009-09-15 03:20 <DIR> --d----- c:\program files\Sophos
2009-09-13 21:58 <DIR> --d----- c:\programdata\Skype
2009-09-13 14:20 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-13 14:18 <DIR> -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-13 14:18 <DIR> -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-13 13:45 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-13 13:44 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-13 13:44 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-13 13:44 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-13 13:44 64,392 a------- c:\windows\system32\drivers\pctplsg.sys

==================== Find3M ====================

2009-10-07 18:46 51,200 a------- c:\windows\inf\infpub.dat
2009-10-07 18:46 143,360 a------- c:\windows\inf\infstrng.dat
2009-10-07 18:46 86,016 a------- c:\windows\inf\infstor.dat
2009-10-04 22:33 115,312 a------- c:\windows\system32\drivers\keyscrambler.sys
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-04 17:44 515,416 a------- c:\windows\system32\XAudio2_5.dll
2009-09-04 17:44 238,936 a------- c:\windows\system32\xactengine3_5.dll
2009-09-04 17:44 69,464 a------- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 17:29 453,456 a------- c:\windows\system32\d3dx10_42.dll
2009-09-04 17:29 235,344 a------- c:\windows\system32\d3dx11_42.dll
2009-09-04 17:29 5,501,792 a------- c:\windows\system32\d3dcsx_42.dll
2009-09-04 17:29 1,974,616 a------- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 17:29 1,892,184 a------- c:\windows\system32\D3DX9_42.dll
2009-09-01 23:01 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-29 03:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-29 03:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-29 03:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-29 03:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-29 01:27 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 01:14 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-15 04:41 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01 005.Wdf
2009-08-15 01:24 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-08-14 17:27 904,776 a------- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:53 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 14:49 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:49 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 14:49 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 14:49 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:49 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 14:49 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:49 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 14:48 30,720 a------- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 14:48 105,984 a------- c:\windows\system32\netiohlp.dll
2009-08-13 15:03 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-21 22:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 22:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 22:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 21:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 14:54 71,680 a------- c:\windows\system32\atl.dll
2009-07-15 13:40 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-15 13:39 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-15 13:39 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-15 13:39 7,680 a------- c:\windows\system32\spwmp.dll
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:34:20.78 ===============

Here is my checkup.txt L/File :

Results of screen317's Security Check version 0.99.0
Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
Norton Internet Security
Antivirus up to date! (On Access scanning disabled!)
``````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
CA Yahoo! Anti-Spy (remove only)
SUPERAntiSpyware Professional
ThreatFire
Secunia PSI
Sophos Anti-Rootkit 1.5.0
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 16
Adobe Flash Player 10
Adobe Reader 9.1.3
``````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
ThreatFire TFTray.exe
ThreatFire TFService.exe
``````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

I understand the risks of running any P2P programs
and I have installed games which used this procedure.
But I read on there sites that the games are downloaded from completely safe sources.

I hope this is true!

Is this correct?

scrypt