Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sudden onset of Advertising Popups


  • This topic is locked This topic is locked
19 replies to this topic

#1 RockVacirca

RockVacirca

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 13 February 2010 - 06:40 PM

Hi,

My name is Rock Vacirca, and I am a writer on Virtual Worlds (such as Second Life, Blue Mars, etc). I thought I would beef up my blog template and downloaded some freebie templates to try out and an image viewer and since then I have had a sudden onset of advertising popups, like this. In case it is related, just prior to seeing the first popup I found I could not right-click any file in Windows Explorer or right-click the desktop. I got a Windows message that said they were terminating a program (explorer.exe) before it could harm my machine). I then rebooted, and it paused on closedown for a while as it said AxWin had not terminated properly.

On restart I ran my AVG and it found two copies of Trojan Generic16.BGWZ in my Internet temporary files folder, and put them into the Vault. I then ran my Adaware and Spybot, and apart from tracking cookies they both said my machine was clean. However, the popups came back today after switch-on, and appear randomly when visiting the normal websites I go to (such as the BBC news site, several forums, and my blogsite).

I attach my DDS.txt, my Ark.txt, the RSIT Info and Log files and the zipped Attach.txt.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Colin at 20:29:18.87 on 13/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3327.2153 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\www\Apache22\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\www\Apache22\bin\httpd.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\PROGRA~2\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Temp\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Save Flash: {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\SaveFlash.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Dit] Dit.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MP10_EnsureFileVer] c:\windows\inf\unregmp2.exe /EnsureFileVersions
mRun: [ISUSPM Startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\fortem~1.lnk - c:\program files\lg soft india\fortemanager\bin\Monitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &Save Flash In This Page by Flash Saver - c:\progra~2\flashs~1\save.htm
IE: Download Flash with Flash Capture - c:\program files\flash capture\dl.htm
IE: {09EA1F80-F40A-11D1-B792-444553540001} - c:\progra~2\flashs~1\save.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: {01918E51-AEF1-49B4-86FB-EA882A40254D} = 208.67.220.220,208.67.222.222
TCP: {30793B5F-67E6-4A2B-8979-44D91B1AF537} = 208.67.220.220,208.67.222.222
TCP: {6C2CD447-55CB-4EA9-B5A0-84D0C09B7E01} = 192.168.0.1
Handler: AutorunsDisabled\linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: AutorunsDisabled - avgrsstx.dll
Notify: avgrsstarter - avgrsstx.dll
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\colin\applic~1\mozilla\firefox\profiles\hhelargf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\colin\application data\mozilla\firefox\profiles\hhelargf.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\colin\local settings\application data\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-20 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-3 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-11-15 28424]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-3 360584]
R2 Apache2.2;Apache2.2;c:\www\apache22\bin\httpd.exe [2008-9-26 24631]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-13 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-7-30 93320]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-9 65536]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [2007-7-14 426052]
R3 LGDDCDevice;LGDDCDevice;c:\program files\lg soft india\fortemanager\bin\I2CDriver.sys [2010-1-6 14336]
S3 BroadWaveService;BroadWave Audio Streaming Server;c:\program files\nch swift sound\broadwave\broadwave.exe [2009-8-17 593924]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2006-11-15 17408]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-28 30192]
S3 LGII2CDevice;LGII2CDevice;c:\program files\lg soft india\fortemanager\bin\PII2CDriver.sys [2010-1-6 17408]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 vgadrv;vgadrv;c:\windows\system32\drivers\vgadrv.sys [2006-6-10 8078]

=============== Created Last 30 ================

2010-02-13 19:29:02 524288 ----a-w- c:\temp\dds.scr
2010-02-13 19:16:00 0 d-----w- c:\program files\TrendMicro
2010-02-13 18:27:54 536825 ----a-w- C:\HaxFix.exe
2010-02-13 18:27:47 0 d-----w- c:\windows\HaxFix
2010-02-13 18:27:32 1029607 ----a-w- c:\temp\haxfix.exe
2010-02-13 13:15:32 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-02-13 12:35:21 0 d-sha-r- C:\cmdcons
2010-02-13 12:33:44 98816 ----a-w- c:\windows\sed.exe
2010-02-13 12:33:44 77312 ----a-w- c:\windows\MBR.exe
2010-02-13 12:33:44 261632 ----a-w- c:\windows\PEV.exe
2010-02-13 12:33:44 161792 ----a-w- c:\windows\SWREG.exe
2010-02-12 23:43:49 63417048 ----a-w- c:\temp\Artisteer.2.3.0.23326.exe
2010-02-12 22:37:03 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-12 19:03:34 0 d-----w- c:\program files\ImageShack Uploader
2010-02-11 22:29:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Spiral Graphics
2010-02-11 22:28:05 8721645 ----a-w- c:\temp\Genetica Viewer 3 Setup.exe
2010-02-10 20:09:01 0 d-----w- c:\docume~1\colin\applic~1\Artisteer
2010-02-10 20:07:07 0 d-----w- c:\program files\Artisteer 2
2010-02-10 20:03:38 63592624 ----a-w- c:\temp\Artisteer.2.3.0.21098.exe
2010-02-10 19:23:40 7174 ----a-w- c:\documents and settings\colin\.recently-used.xbel
2010-02-09 20:16:33 0 d-----w- c:\documents and settings\colin\.gstreamer-0.10
2010-02-09 20:14:36 0 d-----w- c:\program files\OpenAL
2010-02-09 20:14:07 0 d-----w- c:\program files\Naali0.1
2010-02-09 20:10:37 39419564 ----a-w- c:\temp\Naali-ExtraAvatars.zip
2010-02-09 20:09:39 61426098 ----a-w- c:\temp\Naali-0.1.exe
2010-02-08 19:34:36 54156 ---ha-w- c:\windows\QTFont.qfn
2010-02-08 19:34:36 1409 ----a-w- c:\windows\QTFont.for
2010-02-07 22:08:40 0 d-----w- c:\temp\House in Snow
2010-02-06 10:13:06 11644320 ----a-w- c:\temp\VVSetup.exe
2010-02-05 23:05:40 0 d-----w- c:\docume~1\colin\applic~1\Utherverse
2010-02-05 22:45:00 11750240 ----a-w- c:\temp\RLCSetup.exe
2010-02-01 22:45:32 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{77D5035B-97D7-4886-BE86-A7F9E26336CD}
2010-01-31 18:54:02 266828 ----a-w- c:\windows\system32\drivers\LVAFT.cfg
2010-01-31 18:53:39 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-01-31 18:53:39 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2010-01-31 18:53:03 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-01-31 18:34:27 47075528 ----a-w- c:\temp\qc1100.exe
2010-01-31 12:52:58 0 d-----w- c:\docume~1\colin\applic~1\Radegast
2010-01-31 12:52:39 0 d-----w- c:\program files\Radegast
2010-01-31 12:52:25 4701108 ----a-w- c:\temp\radegast-latest.exe
2010-01-30 11:28:01 0 d-sh--w- c:\documents and settings\colin\PrivacIE
2010-01-30 11:24:01 0 d-sh--w- c:\documents and settings\colin\IETldCache
2010-01-30 11:03:39 0 dc-h--w- c:\windows\ie8
2010-01-30 10:53:38 629288 ----a-w- c:\temp\WindowsXP-KB932823-v3-x86-ENU.exe
2010-01-30 01:39:24 178282 ----a-w- c:\temp\asfbin1.6.1.703.zip
2010-01-27 21:14:56 4384320 ----a-w- c:\temp\Shockwave_Installer_Slim.exe
2010-01-26 23:05:10 10734768 ----a-w- c:\temp\VizardFeatureTour.exe
2010-01-23 18:09:17 0 d-----w- c:\temp\Rockpics
2010-01-23 18:08:40 3966718 ----a-w- c:\temp\Rockpics.zip
2010-01-23 10:46:55 0 d-----w- c:\docume~1\colin\applic~1\Meta7
2010-01-23 10:45:55 0 d-----w- c:\program files\Meta7Viewer
2010-01-23 10:44:59 25788035 ----a-w- c:\temp\Meta7Viewer_Setup_1129_Optimised.exe
2010-01-17 20:38:48 0 d-----w- c:\temp\InworldzLogo
2010-01-17 20:38:37 30749 ----a-w- c:\temp\InworldzLogo.zip
2010-01-17 20:33:40 0 d-----w- c:\temp\InWorldzScreens
2010-01-17 20:33:18 2625956 ----a-w- c:\temp\InWorldzScreens.zip
2010-01-16 17:01:50 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{3DA406DB-27D8-4CD7-8DE2-65F86F83C7BB}
2010-01-16 17:01:29 0 d-----w- c:\program files\Openlife R17
2010-01-16 16:59:11 22744989 ----a-w- c:\temp\3DXOpenlifeR17.exe
2010-01-15 00:50:39 153 ----a-w- c:\windows\asfbinapp.INI
2010-01-15 00:32:32 178176 ----a-w- c:\windows\system32\unrar.dll
2010-01-15 00:32:31 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-01-15 00:32:31 414 ----a-w- c:\windows\system32\lame_acm.xml
2010-01-15 00:32:31 38 ----a-w- c:\windows\avisplitter.ini
2010-01-15 00:32:30 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-01-15 00:32:29 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-01-15 00:32:28 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-15 00:32:28 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-01-15 00:32:27 0 d-----w- c:\program files\K-Lite Codec Pack
2010-01-15 00:27:44 15442876 ----a-w- c:\temp\klcodec561f.exe

==================== Find3M ====================

2010-02-13 13:35:20 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2010-02-13 13:28:42 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-13 13:28:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-10 17:23:23 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-02-09 20:14:36 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2010-02-09 20:14:36 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-30 13:55:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 13:54:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 14:41:14 8701984 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-01 14:41:14 15648 --sha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 20:30:03.31 ===============



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-13 23:57:19
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Colin\LOCALS~1\Temp\uxroykog.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xB811887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xB8118BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\atapi \Device\Ide\IdePort0 [B7F149F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 [B7F149F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort1 [B7F149F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort2 [B7F149F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort3 [B7F149F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort4 [B7F149F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort5 [B7F149F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1f [B7F149F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [B7F149F2] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{781ACA49-F55D-8F49-0499-20BF507B8B5F}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{781ACA49-F55D-8F49-0499-20BF507B8B5F}@hapfmkpehljmjpik 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{781ACA49-F55D-8F49-0499-20BF507B8B5F}@hapfmkpemljeanfe 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BFF9A5C-4006-A086-48F7-5AC209DE1609}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BFF9A5C-4006-A086-48F7-5AC209DE1609}@oalmhdjfdkemncgbkfdgeindmjopbh 0x64 0x61 0x6C 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BFF9A5C-4006-A086-48F7-5AC209DE1609}@oapnpdmbcegpdklffnjfmjabmfgokl 0x6A 0x61 0x6D 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BFF9A5C-4006-A086-48F7-5AC209DE1609}@nafmngbldhnmbjafmmhboogikioo 0x69 0x61 0x61 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BFF9A5C-4006-A086-48F7-5AC209DE1609}@oalmhdjfdkemncgbkfdgeindakcabl 0x64 0x61 0x6D 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BFF9A5C-4006-A086-48F7-5AC209DE1609}@oapnpdmbcegpdklffnjfmjabaghihi 0x69 0x61 0x61 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BFF9A5C-4006-A086-48F7-5AC209DE1609}@nafmngbldhnmbjafmmhboocipdpl 0x69 0x61 0x61 0x70 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

info.txt logfile of random's system information tool 1.06 2010-02-14 01:40:10

======Uninstall list======

.NET Compact Framework-based Save Bitmap Sample-->MsiExec.exe /X{5F4239AB-7B6A-4B58-B490-C34C28D24C1F}
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
2007.11.11-->"C:\Program Files\VTP\unins000.exe"
3dem-->C:\Program Files\Visualization Software\3DEM\Uninst.exe /pid:{635C3D63-D901-4119-9AD2-852D10DCB937} /asd
3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
7-Zip 4.44 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Aaaaghh-->C:\UDK\Aaaaghh\Binaries\UnSetup.exe /uninstall /InstallGuid=05b87671-ea33-4bea-b295-3fbe67cd54fd
ActiveState ActivePython 2.5.0.0-->MsiExec.exe /I{A2E24BD9-085B-410F-AAD0-5EB5FA5D73D2}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2-->C:\PROGRA~2\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=i:\adobe creative suite 2.0/lang=0809
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced Archive Repair v1.0-->C:\PROGRA~2\AARCR\UNWISE.EXE C:\PROGRA~2\AARCR\INSTALL.LOG
Advanced DBF Repair v1.5-->C:\PROGRA~2\ADR\UNWISE.EXE C:\PROGRA~2\ADR\INSTALL.LOG
AGEIA GAME System Software 2.8.0-->MsiExec.exe /I{5C9530C0-957F-4CC4-ADA9-A7195BD9394C}
ALFTP-->"C:\Program Files\ESTsoft\ALFTP\unins000.exe"
AncestryView V2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A59E259E-5F1A-4F8F-A3DA-356137BE37F6}\setup.exe" -uninst
Animation Master v12.0d-->C:\PROGRA~2\HASHIN~1\V12.0\UNWISE.EXE C:\PROGRA~2\HASHIN~1\V12.0\INSTALL.LOG
Animation Master v12.0w-->C:\PROGRA~2\HASHIN~1\V12.0\UNWISE.EXE C:\PROGRA~2\HASHIN~1\V12.0\INSTALL.LOG
Any Video Converter 2.5.9-->"C:\Program Files\Any Video Converter\unins000.exe"
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Anywhere PE Viewer 0.1.7-->"C:\Program Files\Anywhere PE Viewer 0.1.7\unins000.exe"
AoA DVD Ripper-->"C:\Program Files\AoA DVD Ripper\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcGIS Explorer-->"C:\Program Files\Explorer\Support\ESRI.exe" msiexec.exe /i {7B18E7E2-AFCA-4CBE-8CD5-3613315AB262}
Artisteer 2-->"C:\Program Files\Artisteer 2\bin\Uninstall.exe"
ArtRage 2 Starter Edition-->MsiExec.exe /X{5B2029A4-1854-42BC-96B6-4ACE5F5414BD}
ASF-AVI-RM-WMV Repair 1.82-->"C:\Program Files\ASF-AVI-RM-WMV Repair\unins000.exe"
AsfTools 3.1 (remove only)-->C:\Program Files\AsfTools 3.1\Uninst.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Autodesk 3ds Max 9 32-bit-->MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
Autodesk 3ds Max Design 2009 32-bit Additional Maps and Material Libraries-->MsiExec.exe /I{F681200C-0446-0409-ABE4-EA9105E40EE4}
Autodesk 3ds Max Design 2009 32-bit Architectural Materials Library-->MsiExec.exe /I{C251E4E6-89BA-0409-9B42-1B3D01D34783}
Autodesk 3ds Max Design 2009 32-bit Movies-->MsiExec.exe /I{305D5417-E687-0409-AA09-53DE06E059F8}
Autodesk 3ds Max Design 2009 32-bit ProMaterials™ Library-->MsiExec.exe /I{2AB45FAF-2D92-0409-8D33-E2FE6172280E}
Autodesk 3ds Max Design 2009 32-bit Vault 2008 Plug-In-->MsiExec.exe /I{EFCBBB01-F876-0409-B91F-7B6132E8BB64}
Autodesk 3ds Max Design 2009 32-bit Vault 2009 Plug-In-->MsiExec.exe /I{744A5C19-AA4C-0409-BC07-9F4C73C8B247}
Autodesk 3ds Max Design 2009 32-bit-->MsiExec.exe /I{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AutoIt v3.3.0.0-->C:\Program Files\AutoIt3\Uninstall.exe
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Battle Master 3 GE-->"C:\Program Files\Battle Master 3\unins000.exe"
Belarc Advisor 7.2-->C:\PROGRA~2\Belarc\Advisor\Uninstall.exe C:\PROGRA~2\Belarc\Advisor\INSTALL.LOG
Bersirc 2.2.14-->C:\Program Files\Bersirc 2.2\uninst.exe
BlitzLatin141-->C:\PROGRA~2\BLITZL~1\Uninstall.exe
Blue Mars City Developer Tools-->"C:\Documents and Settings\All Users\Application Data\{77D5035B-97D7-4886-BE86-A7F9E26336CD}\BlueMarsCityDev_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Blue Mars City Developer Tools-->C:\Documents and Settings\All Users\Application Data\{77D5035B-97D7-4886-BE86-A7F9E26336CD}\BlueMarsCityDev_Setup.exe
Blue Mars Developer Tools-->"C:\Documents and Settings\All Users\Application Data\{8DD300B4-069A-4D2F-AFD2-855CD8B2021B}\BlueMarsDev_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Blue Mars Developer Tools-->C:\Documents and Settings\All Users\Application Data\{8DD300B4-069A-4D2F-AFD2-855CD8B2021B}\BlueMarsDev_Setup.exe
Blue Mars-->"C:\Documents and Settings\All Users\Application Data\{389CA931-53DB-458B-910D-CA3F60E14F0F}\BlueMars_StandaloneSetup.exe" REMOVE=TRUE MODIFY=FALSE
Blue Mars-->C:\Documents and Settings\All Users\Application Data\{389CA931-53DB-458B-910D-CA3F60E14F0F}\BlueMars_StandaloneSetup.exe
Bluerock Technologies Flight Studio 3ds Max Design 2009 32-bit-->MsiExec.exe /I{0B56244C-7B61-0409-A739-3E29DDE4DC3C}
BroadWave Audio Streaming Server-->C:\Program Files\NCH Swift Sound\BroadWave\uninst.exe
bvhacker-->MsiExec.exe /I{9834D148-2AB1-46B0-BD0E-26E8A4A9153A}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
Code Visual to Flowchart 5.0 Build 0515-->"C:\Program Files\Code Visual to Flowchart\unins000.exe"
COLLADA Refinery-->"C:\Program Files\COLLADA\COLLADA_Refinery\refinery-uninst.exe"
ColladaCGF (remove only)-->C:\Program Files\ColladaCGF\uninstall.exe
COLLADAMax (0.9.5)-->MsiExec.exe /I{BF1BDC10-4366-4221-0009-000501000000}
ColorPic-->C:\WINDOWS\ColorPic Uninstaller.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CryEngine®2 Sandbox™2-->MsiExec.exe /I{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}
Crysis ModSDK-->"C:\Program Files\InstallShield Installation Information\{566664F6-B34E-41A6-AD1D-4ED22DA334AE}\setup.exe" -runfromtemp -l0x0009 -removeonly
Crysis® SP Demo-->MsiExec.exe /I{92AF2F5A-4407-4A03-A80A-5A2582264746}
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Data Lifeguard Diagnostic for Windows-->MsiExec.exe /X{E40CE517-0D42-4198-96B4-C8232B257EB5}
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
DDS Converter 2.1-->C:\Program Files\DDS Converter 2\Uninstal.exe
Debugging Tools for Windows-->MsiExec.exe /I{D59967FF-4DCC-4695-BCD9-FA47B94047D6}
DeepBurner v1.5.1.192-->"C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
DevComponents BubbleBar Component-->MsiExec.exe /X{67361CC4-C64D-4980-8E6B-612C089B97DF}
Direct MP3 Splitter Joiner 2.3-->"C:\Program Files\Direct MP3 Splitter Joiner\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DM Thumbs 1.1-->C:\Program Files\Greenspot\DM Thumbs\UnstDMT.exe
doubleTwist desktop-->C:\Program Files\doubleTwist\uninst.exe
DVD Cutter 1.1-->"C:\Program Files\DVD Cutter\unins000.exe"
Dwyco Video Conferencing-->"c:\program files\dwyco2\unins000.exe"
eMusic - 50 Free MP3 offer-->"C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Envisioneer Express 5.0-->"C:\Program Files\InstallShield Installation Information\{BF6685DC-50F9-48EA-B2FF-99AF905D7660}\setup.exe" -runfromtemp -l0x0409 -removeonly
Envisioneer Express 5.0-->MsiExec.exe /X{BF6685DC-50F9-48EA-B2FF-99AF905D7660}
Etymonix SoftReel-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Etymonix\SoftReel\Uninst.isu"
EVEREST Ultimate Edition v4.20-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
ExamDiff Pro 3.5-->"C:\Program Files\ExamDiff Pro\unins000.exe"
Expat XML Parser 2.0.1-->"C:\Program Files\Expat 2.0.1\Uninstall\unins000.exe"
Expresso-->MsiExec.exe /I{EB3954B3-1E69-4CB5-B5C6-7BEDF3518125}
FBX Converter 2006.11.2-->C:\Program files\Autodesk\FBX\FBXConverter\2006.11.2\Uninstall.exe
FBX Plugin 2006.08 for Max 9.0-->C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe
FBX Plugin 2009.0 for Max 2009-->C:\Program Files\Autodesk\FBX\FbxPlugins\2009.0\Max2009\Uninstall.exe
First Galactic War-->C:\UDK\First Galactic War\Binaries\UnSetup.exe /uninstall /InstallGuid=c9637abd-f6e5-4533-919a-1746accfee8e
Flash Capture 1.20-->"C:\Program Files\Flash Capture\unins000.exe"
Flash saver 5.5-->C:\PROGRA~2\FLASHS~1\UNWISE.EXE C:\PROGRA~2\FLASHS~1\INSTALL.LOG
FLV Player-->"C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
FMOD Designer-->"C:\Program Files\FMOD SoundSystem\FMOD Designer\uninstall.exe"
forteManager-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2903F16-9A5A-4292-9D97-8328088086B6}\setup.exe" -l0x9 -removeonly
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FreeRIP v3.03-->"C:\Program Files\FreeRIP3\unins000.exe"
Fx WMV Indexer-->C:\PROGRA~2\FXWIND~1\UNWISE.EXE C:\PROGRA~2\FXWIND~1\INSTALL.LOG
Generic USB CardReader 2.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9 -wUninst
GeoControl Beta-->C:\WINDOWS\AKDeInstall.exe /x "C:\Program Files\GeoControl Beta\unins2.dat"
GIMP 2.4.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GLIntercept 0.5-->"C:\Program Files\GLIntercept0_5\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google SketchUp 7.1-->MsiExec.exe /X{AFD9E698-03C2-4E88-80A6-1496562D4304}
GreenLife Emerald Viewer 1.22.11 (112) ts-->"C:\Program Files\GreenLife Emerald Viewer\unins000.exe"
Hauppauge WinTV2000-->C:\PROGRA~2\WinTV\UNTV32.EXE C:\PROGRA~2\WinTV\WINTV2K.LOG
HelpMaker (Remove Only)-->"C:\Program Files\vahelp\unins000.exe"
Hide IP NG 1.47-->"C:\Program Files\Hide IP NG\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HiJackThis-->MsiExec.exe /X{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}
Hippo OpenSim Viewer (remove only)-->"C:\Program Files\Hippo_OpenSim_Viewer\uninst.exe" /P="Hippo_OpenSim_Viewer"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB916089)-->"C:\WINDOWS\$NtUninstallKB916089$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
IA 101-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FDAAEE85-A232-11D5-A6B4-0050BA724CB6}\Setup.exe"
IcoFX 1.5-->"C:\Program Files\IcoFX 1.5\unins000.exe"
Icon Restore 1.0-->C:\WINDOWS\unins001.exe
iMPEG Converter 2.15-->"C:\Program Files\Keronsoft\iMpeg Converter\unins000.exe"
InfoView-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MSI\InfoView\Uninst.isu"
Install Creator-->C:\Program Files\Install Creator\Uninstal.exe
Introduction to Visual Basic 2005-->MsiExec.exe /I{638C1D72-FFAD-4EC3-B1AD-ABA96BB15B0B}
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 3D 1.5.0-->MsiExec.exe /X{32A9C5B3-D166-4C6D-A11E-A54473150000}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 5.6.1 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 5.0.11-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech Legacy USB Camera Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.51.2023\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_10.51" /clone_wait /hide_progress
Logitech SetPoint-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
Logitech Webcam Software Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_12.10" /clone_wait /hide_progress
Logitech Webcam Software-->MsiExec.exe /I{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
Meerkat (remove only)-->"C:\Program Files\Meerkat\uninst.exe" /P="Meerkat"
Meta7Viewer (remove only)-->"C:\Program Files\Meta7Viewer\uninst.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync 3.7-->"C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Chart Controls for Microsoft .NET Framework 3.5-->MsiExec.exe /X{41785C66-90F2-40CE-8CB5-1C94BFC97280}
Microsoft File Transfer Manager-->MsiExec.exe /I{D6F7EA4B-B06B-4F39-8F65-AEDC3F3F1933}
Microsoft FxCop 1.35-->MsiExec.exe /I{846D9AAD-EA7D-4126-9177-F874FD389BE4}
Microsoft MSDN 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2005 Express Edition - ENU-->MsiExec.exe /X{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}
Microsoft Visual Basic 2005 Step by Step-->MsiExec.exe /I{54BD000B-A0BE-46C4-993C-ACEF21216E8A}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Splitter & Joiner Pro 3.47-->"C:\Program Files\MP3 Splitter & Joiner Pro\unins000.exe"
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
MySQL Server 5.0-->MsiExec.exe /I{E5AED31E-3474-4C85-B492-42149DE37891}
MySQL Service Center-->"C:\Program Files\SQL Maestro Group\MySQL Service Center\Uninstall.exe" "C:\Program Files\SQL Maestro Group\MySQL Service Center\install.log"
MySQL Tools for 5.0-->MsiExec.exe /I{EC561602-C0B9-4FAA-A175-1B3273639AC3}
Naali-->C:\Program Files\Naali0.1\uninstaller.exe
Navman SmartST Desktop for iCN530-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78DAD7A3-EA94-456A-8872-41FED394B87E}\expand.exe" -l0x9 -removeonly
NCH Toolbox-->C:\Program Files\NCH Swift Sound\ToolBox\uninst.exe
NetworkActiv Port Scanner 4.0-->C:\Program Files\NetworkActiv Port Scanner 4.0\NetworkActivPortScannerV4.0.exe UnInstall
Nintendo Wi-Fi USB Connector Registration Tool-->C:\Program Files\WiFiConnector\SoftAPUninst.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA Photoshop Plug-ins-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23F79416-CAD1-41BF-99A3-040F6C814AAA}\setup.exe" -l0x9
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Openlife R16-4 (R2)-->MsiExec.exe /I{7DFA3616-2BCB-4212-A1F6-0BFF1D271C27}
Openlife R17-->"C:\Documents and Settings\All Users\Application Data\{3DA406DB-27D8-4CD7-8DE2-65F86F83C7BB}\Openlife R17.exe" REMOVE=TRUE MODIFY=FALSE
Openlife R17-->C:\Documents and Settings\All Users\Application Data\{3DA406DB-27D8-4CD7-8DE2-65F86F83C7BB}\Openlife R17.exe
OpenOffice.org 2.0-->MsiExec.exe /I{686BB230-DE5B-44F4-8DB0-4F9BEE7310F7}
Paint Shop Pro 7-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Peggle Extreme-->"C:\Program Files\Steam\steam.exe" steam://uninstall/3483
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Pixcavator 2.2-->"C:\Program Files\Pixcavator 2.2\unins000.exe"
PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}
POP Peeper-->C:\Program Files\POP Peeper\Uninstall.exe
Portal: The First Slice-->"C:\Program Files\Steam\steam.exe" steam://uninstall/410
PowerDVD-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
Pure Sudoku 1.52-->"C:\Program Files\Pure Sudoku\unins000.exe"
PuzzLex6-->"C:\Program Files\PuzzLex6\unins000.exe"
Python 2.5 PyFFI-2.0.0-->C:\Program Files\PyFFI\uninstall.exe
Python 2.5.4-->MsiExec.exe /I{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}
Python 2.6.2-->MsiExec.exe /I{24AAB420-4E30-4496-9739-3E216F3DE6AE}
Quest Software Toad for MySQL Freeware 4.0-->MsiExec.exe /X{722C0D0B-7ABD-4995-A43F-82FDC15C7939}
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Radegast-->"C:\Program Files\Radegast\uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Recovery for PDF-->C:\Program Files\Recovery for PDF\GLF21.exe /handle:pdf
Red Light Center 3D Client-->C:\Program Files\Utherverse Digital Inc\Red Light Center 3D Client\Branding\{481E6383-B7DE-4333-A58F-51AD5BE57B71}\uninst.exe {481E6383-B7DE-4333-A58F-51AD5BE57B71}
RogueRemover 1.13-->C:\Program Files\RogueRemover\uninst.exe
Save Flash 3.0-->C:\Program Files\Save Flash\uninst.exe
SciTE-ez 1.61-6-->"C:\Program Files\SciTE-ez\unins000.exe"
Second Inventory-->C:\Program Files\Second Inventory\Uninstal.exe
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe"
SecondLifeOpenGrid (remove only)-->"C:\Program Files\SecondLifeOpenGrid\uninst.exe" /P="SecondLifeOpenGrid"
Serif DrawPlus 4.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Serif\dp40.isu"
Serif WebPlus 8.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA7E6911-A891-4D49-A897-F727C3F45886}\setup.exe"
SharpDevelop 3.0 Release Candidate-->MsiExec.exe /I{3FD07ECF-05DF-4892-9DD0-A0B1AC563141}
SkinBuilder 2.10.0-->MsiExec.exe /I{317CF3AA-F13A-42DB-862D-1CE39FA8E6F1}
SkinCrafter 3.3.3 Demo-->MsiExec.exe /I{FFE8603D-563F-4ECE-A1D7-A728BAB3A204}
SkinCrafter.Net VS2005 Light v2.1.0-->MsiExec.exe /I{B5E854D8-0004-46DA-94C8-537D69AF9BD7}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SL Friends Monitor v1.7-->"C:\Program Files\SLFriendsMonitor\unins000.exe"
SL My Inventory Viewer v2.7.0-->"C:\Program Files\SL My Inventory Viewer v2\unins000.exe"
Slice Uninstall-->C:\Program Files\NCH Swift Sound\Slice\uninst.exe
SMWLink3.0-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\SMWLink3.0\ST5UNST.LOG"
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
SoundTap Uninstall-->C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
Split and Tile-->"C:\Program Files\Split and Tile\unins000.exe"
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
SpreadsheetGear for .NET 2006-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8DC9E0F-E613-4F8C-BFFF-322160EB8D57}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
StarOSD-->"C:\WINDOWS\system32\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Suite Specific-->MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
SwirlX3DViewer 2.7.0-->"C:\Program Files\Pinecoast\SwirlViewer\unins000.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tao 2.0.0-->C:\Program Files\Tao\uninst.exe
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Terragen-->MsiExec.exe /I{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}
Terrain Generator 3.0.5-->"C:\Program Files\Terrain Generator\unins000.exe"
TerraMaker 1.3.56-->"C:\Program Files\TerraMaker\unins000.exe"
TerraPainter-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\TerraPainter\ST5UNST.LOG"
TortoiseSVN 1.5.5.14361 (32 bit)-->MsiExec.exe /X{49389932-51FA-4D26-8B4F-CE86B24302C2}
Tunebite-->MsiExec.exe /I{F1D2A514-E8D2-4F28-857D-B68854ED3706}
Turbo Squid Tentacles 3ds Max 2009 32-bit-->MsiExec.exe /X{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60}
TVAnts 1.0-->C:\PROGRA~2\TVAnts\UNWISE.EXE C:\PROGRA~2\TVAnts\INSTALL.LOG
Tweakui Powertoy for Windows XP-->MsiExec.exe /I{C7793EE8-F666-4E6B-9827-76468679480E}
Twinity (remove only)-->"C:\Program Files\Metaversum\Twinity\uninstall.exe"
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Unreal Development Kit: 2009-11-->C:\UDK\UDK-2009-11\Binaries\UnSetup.exe /uninstall /InstallGuid=a317293a-a582-40ed-9a8d-d1a645d5a4f8
Unreal Development Kit: 2009-11-2-->C:\UDK\UDK-2009-11-2\Binaries\UnSetup.exe /uninstall
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
UVMapper Professional Demo 3.5b-->"C:\Program Files\UVMapper Professional Demo\unins000.exe"
VastPark Browser 0.9 Alpha-->C:\Program Files\VastPark\Browser\uninst.exe
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Video Piggy-->MsiExec.exe /I{79FDB311-6FC2-4CE2-AD90-042AEC733C81}
Video Piggy-->MsiExec.exe /I{80BCADCC-377A-456F-A90B-CA095374042B}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
VideoReDo Plus Version 2.5.7.602-->"C:\Program Files\VideoReDoPlus\unins000.exe"
Virtual Earth 3D (Beta)-->MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}
Virtual Vancouver 3D Client-->C:\Program Files\Utherverse Digital Inc\Virtual Vancouver 3D Client\Branding\{D5AF69F0-B68C-4AE9-A36E-02D68BC9E6E6}\uninst.exe {D5AF69F0-B68C-4AE9-A36E-02D68BC9E6E6}
VistaShuttle-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Newsoft\VistaShuttle\Uninst.isu"
VNC Free Edition 4.1.3-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
Web Page Maker V2.5-->"C:\Program Files\Web Page Maker V2\unins000.exe"
Web Page Maker V3.0-->"C:\Program Files\Web Page Maker\unins000.exe"
Web-Developer Server Suite v2.00-->"C:\www\unins000.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows PowerShell™ 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinFormResizer v2.0 for .NET 2.0 [v2.0.0020.6]-->MsiExec.exe /I{AF1044EF-4699-4033-8B75-C853239FFB18}
WinMorph™ 3.01-->"C:\Program Files\Debugmode\WinMorph\unins000.exe"
WinPcap 4.0-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WM Recorder 12.1-->C:\Program Files\WMR11\Uninstal.exe
Wood Workshop-->MsiExec.exe /X{7AACE39E-A19F-468A-B130-6DBA27203075}
XnView 1.90.3-->"C:\Program Files\XnView\unins000.exe"
YouTube Downloader 2.5-->"C:\Program Files\FDRLab\YouTube Downloader\unins000.exe"
ZD Soft Screen Recorder-->"C:\Program Files\ZD Soft\Screen Recorder\Uninstall.exe"
ZD Soft Screen Video Decoder-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\scrvid.inf
ZD Soft Video Recorder-->"C:\Program Files\ZD Soft\Video Recorder\Uninstall.exe"
Zoom Search Engine 5.1-->"C:\Program Files\Zoom Search Engine 5.1\unins000.exe"

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: ACL-13C6F3E2EC1
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 38382
Source Name: Disk
Time Written: 20100212000750.000000+060
Event Type: error
User:

Computer Name: ACL-13C6F3E2EC1
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 38353
Source Name: Disk
Time Written: 20100211083805.000000+060
Event Type: error
User:

Computer Name: ACL-13C6F3E2EC1
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk4\D.

Record Number: 38229
Source Name: Disk
Time Written: 20100207225944.000000+060
Event Type: error
User:

Computer Name: ACL-13C6F3E2EC1
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk4\D.

Record Number: 38228
Source Name: Disk
Time Written: 20100207225113.000000+060
Event Type: error
User:

Computer Name: ACL-13C6F3E2EC1
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk4\D.

Record Number: 38227
Source Name: Disk
Time Written: 20100207224825.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: ACL-13C6F3E2EC1
Event Code: 2
Message:
Record Number: 9486
Source Name: RaySat_3dsmax9_32 Server
Time Written: 20091031095137.000000+060
Event Type: error
User:

Computer Name: ACL-13C6F3E2EC1
Event Code: 1517
Message: Windows saved user ACL-13C6F3E2EC1\Colin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 9482
Source Name: Userenv
Time Written: 20091031094940.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ACL-13C6F3E2EC1
Event Code: 1002
Message: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 9479
Source Name: Application Hang
Time Written: 20091031094147.000000+060
Event Type: error
User:

Computer Name: ACL-13C6F3E2EC1
Event Code: 2
Message:
Record Number: 9468
Source Name: RaySat_3dsmax9_32 Server
Time Written: 20091031093351.000000+060
Event Type: error
User:

Computer Name: ACL-13C6F3E2EC1
Event Code: 1517
Message: Windows saved user ACL-13C6F3E2EC1\Colin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 9464
Source Name: Userenv
Time Written: 20091031030612.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Blue Mars\Bin32;C:\Program Files\Blue Mars\Bin32\rc;C:\Program Files\QuickTime\QTSystem;C:\Program Files\MySQL\MySQL Server 5.0\bin;%webdev%;C:\Program Files\TortoiseSVN\bin;C:\WINDOWS\system32\WindowsPowerShell\v1.0;C:\Program Files\Autodesk\Backburner;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Common Files\DivX Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.py;.pyw;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"GDAL_DATA"=C:\Program Files\VTP\GDAL-data
"PROJ_LIB"=C:\Program Files\VTP\PROJ4-data
"webdev"=C:\www\openssl\bin;C:\www\Apache22\bin;C:\www\php5;C:\www\mysql5\bin;C:\www\perl\bin

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by Colin at 2010-02-14 01:39:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 56 GB (32%) free of 172 GB
Total RAM: 3327 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:40:07, on 14/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\www\Apache22\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\www\Apache22\bin\httpd.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\PROGRA~2\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Temp\RSIT.exe
C:\Program Files\trend micro\Colin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: forteManager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~2\FLASHS~1\save.htm
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~2\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~2\FLASHS~1\save.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01918E51-AEF1-49B4-86FB-EA882A40254D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{30793B5F-67E6-4A2B-8979-44D91B1AF537}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2CD447-55CB-4EA9-B5A0-84D0C09B7E01}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{01918E51-AEF1-49B4-86FB-EA882A40254D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{01918E51-AEF1-49B4-86FB-EA882A40254D}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\www\Apache22\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BroadWave Audio Streaming Server (BroadWaveService) - NCH Software - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 11521 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-02-13 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1119488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]
Tunebite_WebRipPlugin Class - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll [2009-02-04 144688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4064EA35-578D-4073-A834-C96D82CBCF40} - &Save Flash - C:\Program Files\Save Flash\SaveFlash.dll [2006-11-24 1155072]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1119488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Dit"=C:\WINDOWS\Dit.exe [2004-07-20 90112]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-11-11 90112]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-08 30192]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-01-27 788880]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"MP10_EnsureFileVer"=C:\WINDOWS\inf\unregmp2.exe [2004-08-04 208896]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]
"AVG9_TRAY"=C:\PROGRA~2\AVG\AVG9\avgtray.exe [2010-02-13 2033432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-03 401491]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2009-01-30 2542528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-01-15 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2006-11-10 249927]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2008-12-24 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-04-24 185784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2007-05-14 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~2\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~2\Logitech\SetPoint\KEM.exe [2004-10-28 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
C:\PROGRA~2\WIFICO~1\NINTEN~1.EXE [2006-04-20 1073152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Umax VistaAccess.lnk]
C:\VSTASCAN\vsaccess.exe [2001-03-15 2494464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Colin^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
C:\PROGRA~2\OPENOF~1.0\program\QUICKS~1.EXE [2006-01-25 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
forteManager.lnk - C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-02-13 12464]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SecondLife\SecondLife.exe"="C:\Program Files\SecondLife\SecondLife.exe:*:Enabled:Second Life"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\dwyco2\cdc32.exe"="C:\Program Files\dwyco2\cdc32.exe:*:Enabled:dwyco cdc32 for Windows95/98/ME/NT4/2K/XP"
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\SecondLife\SLVoice.exe"="C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"C:\Program Files\WS_FTP\WS_FTP95.exe"="C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\Temp\rexserver_0.2\rexserver\OpenSim.exe"="C:\Temp\rexserver_0.2\rexserver\OpenSim.exe:*:Enabled: "
"C:\Program Files\ESTsoft\ALFTP\ALFTP.exe"="C:\Program Files\ESTsoft\ALFTP\ALFTP.exe:*:Enabled:ALFTP"
"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:*:Enabled:Crysis_32_sp_demo"
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max Design 2009 32-bit"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-14 01:39:47 ----D---- C:\rsit
2010-02-14 01:39:47 ----D---- C:\Program Files\trend micro
2010-02-13 20:16:00 ----D---- C:\Program Files\TrendMicro
2010-02-13 19:27:54 ----A---- C:\HaxFix.exe
2010-02-13 19:27:47 ----D---- C:\WINDOWS\HaxFix
2010-02-13 14:17:24 ----SHD---- C:\RECYCLER
2010-02-13 14:15:32 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-02-13 14:08:08 ----A---- C:\ComboFix.txt
2010-02-13 13:35:33 ----A---- C:\Boot.bak
2010-02-13 13:35:21 ----RASHD---- C:\cmdcons
2010-02-13 13:33:44 ----A---- C:\WINDOWS\zip.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\SWSC.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\SWREG.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\sed.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\PEV.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\MBR.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\grep.exe
2010-02-13 13:33:36 ----D---- C:\WINDOWS\ERDNT
2010-02-13 13:33:02 ----AD---- C:\Qoobox
2010-02-12 20:03:34 ----D---- C:\Program Files\ImageShack Uploader
2010-02-11 23:29:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spiral Graphics
2010-02-10 21:09:01 ----D---- C:\Documents and Settings\Colin\Application Data\Artisteer
2010-02-10 21:07:07 ----D---- C:\Program Files\Artisteer 2
2010-02-09 21:14:36 ----D---- C:\Program Files\OpenAL
2010-02-09 21:14:07 ----D---- C:\Program Files\Naali0.1
2010-02-06 00:05:40 ----D---- C:\Documents and Settings\Colin\Application Data\Utherverse
2010-02-01 23:45:32 ----HDC---- C:\Documents and Settings\All Users\Application Data\{77D5035B-97D7-4886-BE86-A7F9E26336CD}
2010-01-31 19:54:54 ----D---- C:\Documents and Settings\Colin\Application Data\Leadertech
2010-01-31 19:53:39 ----A---- C:\WINDOWS\system32\lvci12101110.dll
2010-01-31 19:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB916089$
2010-01-31 13:52:58 ----D---- C:\Documents and Settings\Colin\Application Data\Radegast
2010-01-31 13:52:39 ----D---- C:\Program Files\Radegast
2010-01-30 12:05:25 ----D---- C:\WINDOWS\WBEM
2010-01-30 12:03:39 ----HDC---- C:\WINDOWS\ie8
2010-01-30 11:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2010-01-23 11:46:55 ----D---- C:\Documents and Settings\Colin\Application Data\Meta7
2010-01-23 11:45:55 ----D---- C:\Program Files\Meta7Viewer
2010-01-16 18:01:50 ----HDC---- C:\Documents and Settings\All Users\Application Data\{3DA406DB-27D8-4CD7-8DE2-65F86F83C7BB}
2010-01-16 18:01:29 ----D---- C:\Program Files\Openlife R17
2010-01-15 01:50:39 ----A---- C:\WINDOWS\asfbinapp.INI
2010-01-15 01:34:07 ----D---- C:\Documents and Settings\Colin\Application Data\Media Player Classic
2010-01-15 01:32:32 ----A---- C:\WINDOWS\system32\unrar.dll
2010-01-15 01:32:31 ----A---- C:\WINDOWS\avisplitter.ini
2010-01-15 01:32:30 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-01-15 01:32:29 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-01-15 01:32:28 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-01-15 01:32:28 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-01-15 01:32:27 ----D---- C:\Program Files\K-Lite Codec Pack

======List of files/folders modified in the last 1 months======

2010-02-14 01:39:47 ----D---- C:\Program Files
2010-02-14 01:39:43 ----D---- C:\WINDOWS\Prefetch
2010-02-14 01:39:12 ----D---- C:\Temp
2010-02-14 01:32:59 ----D---- C:\Program Files\Mozilla Firefox
2010-02-14 00:08:28 ----D---- C:\WINDOWS\Temp
2010-02-14 00:07:09 ----SD---- C:\WINDOWS\Tasks
2010-02-14 00:06:48 ----D---- C:\Documents and Settings\Colin\Application Data\Skype
2010-02-14 00:06:39 ----D---- C:\Documents and Settings\Colin\Application Data\skypePM
2010-02-14 00:05:02 ----A---- C:\WINDOWS\Debug.ini
2010-02-13 20:16:02 ----SHD---- C:\WINDOWS\Installer
2010-02-13 19:33:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-13 19:27:47 ----D---- C:\WINDOWS
2010-02-13 14:33:55 ----D---- C:\WINDOWS\system32
2010-02-13 14:33:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-13 14:29:07 ----D---- C:\WINDOWS\system32\drivers
2010-02-13 14:28:40 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-02-13 14:14:19 ----SD---- C:\Documents and Settings\Colin\Application Data\Microsoft
2010-02-13 14:13:42 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-02-13 13:56:07 ----A---- C:\WINDOWS\system.ini
2010-02-13 13:51:08 ----D---- C:\WINDOWS\system32\config
2010-02-13 13:46:54 ----D---- C:\WINDOWS\AppPatch
2010-02-13 13:46:50 ----D---- C:\Program Files\Common Files
2010-02-13 13:35:33 ----RASH---- C:\boot.ini
2010-02-12 23:37:04 ----D---- C:\WINDOWS\system32\wbem
2010-02-12 23:37:03 ----D---- C:\WINDOWS\Registration
2010-02-12 17:11:14 ----D---- C:\Program Files\McAfee
2010-02-12 00:12:06 ----RSD---- C:\WINDOWS\Fonts
2010-02-11 23:29:04 ----D---- C:\Program Files\Spiral Graphics
2010-02-11 23:01:47 ----HD---- C:\WINDOWS\inf
2010-02-09 21:15:02 ----D---- C:\WINDOWS\WinSxS
2010-02-09 21:14:36 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2010-02-09 21:14:36 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2010-02-07 14:48:54 ----D---- C:\WINDOWS\system32\NtmsData
2010-02-06 11:21:02 ----D---- C:\Program Files\Utherverse Digital Inc
2010-02-04 03:03:47 ----D---- C:\Documents and Settings\Colin\Application Data\Logitech
2010-02-01 23:47:06 ----D---- C:\Program Files\Blue Mars City Developer Tools
2010-02-01 18:43:22 ----D---- C:\WINDOWS\system
2010-01-31 19:54:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-31 19:54:13 ----D---- C:\Program Files\Common Files\LogiShrd
2010-01-31 19:54:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-31 19:53:11 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-31 19:50:37 ----D---- C:\Program Files\Logitech
2010-01-31 19:50:05 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2010-01-31 10:54:38 ----A---- C:\WINDOWS\win.ini
2010-01-31 10:54:37 ----D---- C:\WINDOWS\pss
2010-01-30 22:42:54 ----D---- C:\Documents and Settings\Colin\Application Data\Hippo_OpenSim_Viewer
2010-01-30 12:22:48 ----D---- C:\WINDOWS\Help
2010-01-30 12:22:48 ----D---- C:\Program Files\Internet Explorer
2010-01-30 12:05:39 ----A---- C:\WINDOWS\imsins.BAK
2010-01-30 12:05:25 ----D---- C:\WINDOWS\system32\en-us
2010-01-30 12:04:59 ----D---- C:\WINDOWS\Media
2010-01-30 11:54:00 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-27 22:15:05 ----D---- C:\WINDOWS\system32\Adobe
2010-01-19 00:47:26 ----D---- C:\Program Files\NCH Software
2010-01-15 01:29:42 ----D---- C:\Program Files\ffdshow

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-10-31 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-02-13 28424]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-02-13 360584]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-01-29 23976]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-11-22 3804416]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-01-30 103488]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2003-03-24 426052]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2004-10-21 54851]
R3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys []
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-10-21 71535]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2009-01-23 37664]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 CardReaderFilter;Card Reader Filter; \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Colin\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2009-10-07 23832]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2009-10-07 114712]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2009-10-07 266008]
S3 LVUVC;Logitech QuickCam Fusion(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2009-10-07 6756632]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 msloop;Microsoft Loopback Adapter Driver; C:\WINDOWS\system32\DRIVERS\loop.sys [2004-08-04 4992]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2006-12-01 21120]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-10 162816]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USB_RNDIS;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver v2; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 vgadrv;vgadrv; C:\WINDOWS\system32\DRIVERS\vgadrv.sys [2006-06-10 8078]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache2.2;Apache2.2; C:\www\Apache22\bin\httpd.exe [2007-09-20 24631]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-09-27 79360]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-02-13 285392]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1181328]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-04-19 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 BroadWaveService;BroadWave Audio Streaming Server; C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe [2009-08-17 593924]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-08 30192]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-01-15 504104]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



Any help gratefully received.

Rock Vacirca

Attached Files


Edited by RockVacirca, 13 February 2010 - 07:45 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:58 AM

Posted 16 February 2010 - 08:04 PM

Hello Rock Vacirca,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

unite.jpg


#3 RockVacirca

RockVacirca
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 17 February 2010 - 12:32 PM

Many thanks for coming to my rescue. I can confirm that I do need help, and that my infected PC has been left disconnected from the Internet and unpowered since I made my first post.

In case it is relevant I would also like to report that just prior to making my post I did a quick 'netstat' and found tha my PC had two open conections to IP addresses in Serbia!

Anyway, here are the two reports you asked for:


OTL logfile created on: 17/02/2010 18:13:38 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Colin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 167.68 Gb Total Space | 54.26 Gb Free Space | 32.36% Space Free | Partition Type: NTFS
Drive D: | 163.76 Gb Total Space | 162.65 Gb Free Space | 99.32% Space Free | Partition Type: NTFS
Drive E: | 3.91 Gb Total Space | 3.87 Gb Free Space | 99.18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 3.76 Gb Total Space | 3.46 Gb Free Space | 92.03% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACL-13C6F3E2EC1
Current User Name: Colin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/17 18:07:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colin\Desktop\OTL.exe
PRC - [2010/02/13 14:28:43 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/13 14:28:40 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/13 14:28:40 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/13 14:28:38 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/13 14:27:25 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/13 14:27:23 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/04 18:42:14 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/27 18:42:09 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/08 19:56:29 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/27 17:37:27 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009/07/25 04:23:12 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/13 22:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/06/10 07:28:50 | 000,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/24 18:31:12 | 000,576,512 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2008/08/08 14:54:14 | 001,134,592 | ---- | M] () -- C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
PRC - [2008/04/17 18:13:44 | 005,750,784 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2008/03/28 22:37:20 | 000,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2008/03/09 23:04:52 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
PRC - [2007/10/31 14:09:16 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/09/20 12:13:36 | 000,024,631 | ---- | M] (Apache Software Foundation) -- C:\www\Apache22\bin\httpd.exe
PRC - [2005/11/11 14:07:00 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 13:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/07/20 18:18:54 | 000,090,112 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2004/04/13 06:07:18 | 000,069,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/02/03 13:42:54 | 000,401,491 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [1999/02/02 00:53:24 | 000,405,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/17 18:07:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colin\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2004/08/04 13:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/13 14:28:38 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/04 18:42:14 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/08 19:56:29 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/27 17:37:27 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/08/17 20:58:28 | 000,593,924 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe -- (BroadWaveService)
SRV - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/13 22:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/06/10 07:28:50 | 000,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/04/17 18:13:44 | 005,750,784 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2008/03/09 23:04:52 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32)
SRV - [2008/01/15 03:22:44 | 000,504,104 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/10/31 14:09:16 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/09/20 12:13:36 | 000,024,631 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\www\Apache22\bin\httpd.exe -- (Apache2.2)
SRV - [2007/04/19 19:52:56 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/01/25 18:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2006/09/29 11:48:06 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)


========== Driver Services (SafeList) ==========

DRV - [2010/02/17 18:10:42 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010/02/13 14:28:42 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/13 14:28:40 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/31 09:46:58 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/07 09:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2009/10/07 09:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 09:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/23 13:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/10 05:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/01/30 00:02:38 | 000,103,488 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/01/29 23:57:58 | 000,023,976 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/01/23 09:49:08 | 000,037,664 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/08/08 14:52:48 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2008/08/08 14:52:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/10/31 14:09:14 | 000,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2007/08/19 12:50:15 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/08 00:51:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/02/03 09:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/01/25 18:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/12/01 17:37:23 | 000,021,120 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2006/09/19 14:44:04 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/06/10 10:41:22 | 000,008,078 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vgadrv.sys -- (vgadrv)
DRV - [2006/04/10 13:02:00 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2005/11/22 14:44:00 | 003,804,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/06 03:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/06 03:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/10/21 13:31:06 | 000,054,851 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/10/21 13:30:56 | 000,071,535 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/08/04 13:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 13:00:00 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004/08/04 13:00:00 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003/12/22 09:28:20 | 000,104,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2003/07/17 15:10:06 | 000,007,040 | R--- | M] (VIA Networking Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ntsim.sys -- (NTSIM)
DRV - [2003/03/24 14:18:48 | 000,426,052 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCWBT8xx.sys -- (HCWBT8XX)
DRV - [2002/07/17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Aspi32.sys -- (ASPI32)
DRV - [2002/07/10 17:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\S-1-5-21-1606980848-1078081533-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\S-1-5-21-1606980848-1078081533-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\S-1-5-21-1606980848-1078081533-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.173.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.2.2
FF - prefs.js..extensions.enabledItems: {47d1d620-5e5b-11da-8cd6-0800200c9a66}:2.0
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: GradientBrushedMetalFF3@pumpel.com:2.1.1
FF - prefs.js..network.proxy.autoconfig_url: "http://portal.uky.edu/proxy.pac"
FF - prefs.js..network.proxy.backup.ftp: "http://206.64.92.16"
FF - prefs.js..network.proxy.backup.ftp_port: 8000
FF - prefs.js..network.proxy.backup.gopher: "http://206.64.92.16"
FF - prefs.js..network.proxy.backup.gopher_port: 8000
FF - prefs.js..network.proxy.backup.socks: "http://206.64.92.16"
FF - prefs.js..network.proxy.backup.socks_port: 8000
FF - prefs.js..network.proxy.backup.ssl: "http://206.64.92.16"
FF - prefs.js..network.proxy.backup.ssl_port: 8000
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 0
FF - user.js..network.proxy.ssl: ""
FF - user.js..network.proxy.ssl_port: 0
FF - user.js..network.proxy.ftp: ""
FF - user.js..network.proxy.ftp_port: 0
FF - user.js..network.proxy.gopher: ""
FF - user.js..network.proxy.gopher_port: 0
FF - user.js..network.proxy.socks_version: 5
FF - user.js..network.proxy.socks: ""
FF - user.js..network.proxy.socks_port: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/13 14:34:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/12 23:36:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2009/03/03 00:06:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/14 14:25:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/14 23:27:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/14 23:00:52 | 000,000,000 | ---D | M]

[2009/02/07 13:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Extensions
[2009/02/07 13:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/13 19:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\hhelargf.default\extensions
[2008/07/09 20:08:25 | 000,000,000 | ---D | M] (Acid Burn) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\hhelargf.default\extensions\{47d1d620-5e5b-11da-8cd6-0800200c9a66}
[2009/03/28 15:19:02 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\hhelargf.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2010/01/31 19:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\hhelargf.default\extensions\DeviceDetection@logitech.com
[2009/03/28 15:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\hhelargf.default\extensions\GradientBrushedMetalFF3@pumpel.com
[2009/09/07 17:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\hhelargf.default\extensions\personas@christopher.beard
[2006/11/17 18:56:49 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\hhelargf.default\searchplugins\siteadvisor.xml
[2010/02/13 19:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/14 23:00:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/02/14 23:00:49 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/02/14 23:00:49 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/02/14 23:00:49 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/02/13 13:54:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\..\Toolbar\WebBrowser: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (TODO: <Company name>)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\forteManager.lnk = C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\Program Files\Flash saver\save.htm ()
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm ()
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash saver\save.htm ()
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash saver\save.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab (DLC Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Colin\My Documents\SimScape Test Files\Shed in Field.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Colin\My Documents\SimScape Test Files\Shed in Field.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/17 15:51:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/07/13 21:53:47 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe - (Logitech Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Umax VistaAccess.lnk - C:\VSTASCAN\VSACCESS.EXE - (UMAX Data Systems Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Colin^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe - ()
MsConfig - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/17 18:12:47 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Colin\Desktop\OTL.exe
[2010/02/14 01:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/02/14 01:39:47 | 000,000,000 | ---D | C] -- C:\rsit
[2010/02/13 20:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/13 19:27:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\HaxFix
[2010/02/13 14:17:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/13 14:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Local Settings\Application Data\AVG Security Toolbar
[2010/02/13 14:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/13 14:14:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/13 14:14:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/13 14:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/13 13:35:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/13 13:33:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/13 13:33:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/13 13:33:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/13 13:33:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/13 13:33:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/13 13:33:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/12 20:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\ImageShack Uploader
[2010/02/12 00:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Desktop\CandM
[2010/02/12 00:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\My Documents\Artisteer Templates
[2010/02/11 23:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spiral Graphics
[2010/02/10 21:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Application Data\Artisteer
[2010/02/10 21:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Artisteer 2
[2010/02/09 21:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\.gstreamer-0.10
[2010/02/09 21:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\My Documents\realXtend
[2010/02/09 21:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/02/09 21:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Naali0.1
[2010/02/06 19:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Desktop\buslink
[2010/02/06 00:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Application Data\Utherverse
[2010/02/01 23:45:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{77D5035B-97D7-4886-BE86-A7F9E26336CD}
[2010/01/31 19:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Application Data\Leadertech
[2010/01/31 19:53:39 | 000,266,008 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvrs.sys
[2010/01/31 19:53:39 | 000,199,192 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci12101110.dll
[2010/01/31 13:52:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Application Data\Radegast
[2010/01/31 13:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Radegast
[2010/01/30 12:28:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Colin\PrivacIE
[2010/01/30 12:24:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Colin\IETldCache
[2010/01/30 12:05:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/01/30 12:03:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/30 02:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Desktop\asfbin1.6.1.703
[2010/01/27 18:35:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Colin\Recent
[2010/01/26 01:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Local Settings\Application Data\Yahoo!
[2010/01/23 12:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\My Documents\[ Rocks Shape and Skin etc ]
[2010/01/23 11:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Application Data\Meta7
[2010/01/23 11:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Local Settings\Application Data\Meta7
[2010/01/23 11:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Meta7Viewer
[2009/11/26 01:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/15 17:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/06/30 16:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Colin\My Documents\*.tmp files -> C:\Documents and Settings\Colin\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/17 18:13:07 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/17 18:13:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/17 18:13:06 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/17 18:13:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/17 18:13:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/17 18:10:46 | 000,171,435 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/17 18:10:42 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010/02/17 18:10:21 | 000,005,486 | ---- | M] () -- C:\WINDOWS\Debug.ini
[2010/02/17 18:09:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/17 18:09:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/17 18:07:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colin\Desktop\OTL.exe
[2010/02/16 21:36:14 | 014,995,456 | ---- | M] () -- C:\Documents and Settings\Colin\ntuser.dat
[2010/02/16 21:36:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Colin\ntuser.ini
[2010/02/15 22:55:46 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/15 22:55:20 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/14 20:22:25 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 18:11:02 | 000,003,858 | -H-- | M] () -- C:\Documents and Settings\Colin\My Documents\Default.rdp
[2010/02/14 18:09:13 | 000,387,113 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\CandM.artx
[2010/02/14 17:59:46 | 000,115,476 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Header2.png
[2010/02/14 15:53:41 | 000,079,880 | ---- | M] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/14 15:35:39 | 000,320,081 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Header.png
[2010/02/14 15:12:00 | 000,253,726 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Header-Background.png
[2010/02/14 15:08:37 | 000,466,272 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\cm-background2.PNG
[2010/02/14 14:21:43 | 000,014,802 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Page-BgTexture.jpg
[2010/02/14 14:16:45 | 000,193,798 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\cm-background.jpg
[2010/02/14 00:10:10 | 000,005,301 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Attach.zip
[2010/02/14 00:08:10 | 055,551,970 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/13 20:18:59 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\HiJackThis.lnk
[2010/02/13 14:28:42 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/13 14:28:40 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/13 14:28:40 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/13 14:27:22 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/13 14:15:36 | 000,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/13 14:10:05 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Windows Explorer.lnk
[2010/02/13 13:56:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/13 13:54:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/13 13:35:33 | 000,000,332 | RHS- | M] () -- C:\boot.ini
[2010/02/13 00:54:28 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Artisteer 2.lnk
[2010/02/13 00:30:28 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\Artisteer Tips.doc
[2010/02/12 00:50:18 | 002,157,146 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Artisteer2_User_Manual.pdf
[2010/02/11 23:35:44 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\metal-frame.jpg
[2010/02/11 08:20:07 | 002,157,146 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\Artisteer2_User_Manual.pdf
[2010/02/10 20:23:40 | 000,007,174 | ---- | M] () -- C:\Documents and Settings\Colin\.recently-used.xbel
[2010/02/10 18:23:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/02/10 18:23:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/02/09 21:14:36 | 000,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/02/09 21:14:36 | 000,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/02/08 20:34:36 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/08 20:34:36 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/02/07 19:57:18 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Things to Do next Visit to York.doc
[2010/02/07 12:10:20 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\Department for Work and Pensions.doc
[2010/02/06 11:26:03 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Virtual Vancouver 3D Client.lnk
[2010/02/06 02:17:35 | 000,000,153 | ---- | M] () -- C:\WINDOWS\asfbinapp.INI
[2010/02/05 23:58:17 | 000,002,198 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Red Light Center 3D Client.lnk
[2010/02/05 23:41:33 | 000,000,024 | ---- | M] () -- C:\url_history.xml
[2010/02/05 22:58:33 | 000,323,243 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\Render.jpg
[2010/02/05 22:58:33 | 000,173,248 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\Tunnel.jpg
[2010/02/05 22:58:32 | 000,166,102 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\Vent01.jpg
[2010/02/05 22:58:31 | 000,101,352 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\vent02.jpg
[2010/02/05 22:58:30 | 000,127,582 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\render2.jpg
[2010/02/01 23:47:57 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MyData Shortcut.lnk
[2010/02/01 23:47:57 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Furniture Editor.lnk
[2010/02/01 23:47:57 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Cloth Editor.lnk
[2010/02/01 23:47:57 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Block Editor.lnk
[2010/02/01 23:47:57 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Shop Editor.lnk
[2010/02/01 23:47:57 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Item Editor.lnk
[2010/02/01 23:47:57 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars City Editor.lnk
[2010/02/01 23:28:57 | 000,035,304 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\releasenotes_7109.pdf
[2010/02/01 23:13:13 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\John Blanshard 1697-1754.doc
[2010/01/31 19:50:40 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2010/01/31 13:52:44 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Radegast.lnk
[2010/01/31 10:54:38 | 000,000,804 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/31 10:54:38 | 000,000,262 | ---- | M] () -- C:\Boot.bak
[2010/01/30 20:36:40 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\Religious Houses of the East Riding.doc
[2010/01/30 17:13:31 | 000,029,374 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\500px-RadegastLGScreen2-20091011.jpg
[2010/01/30 17:11:10 | 000,071,043 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\rad_screeshot_objects.png
[2010/01/30 17:10:41 | 000,435,226 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\rad_screeshot_login.png
[2010/01/30 17:06:45 | 000,070,286 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\radegast.jpg
[2010/01/30 14:59:53 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Opensim Grids.doc
[2010/01/30 12:05:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/29 19:38:56 | 027,938,700 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\religioushouseso00lawtuoft.pdf
[2010/01/28 22:05:05 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\JB1719.doc
[2010/01/28 12:43:23 | 000,536,825 | ---- | M] () -- C:\HaxFix.exe
[2010/01/26 20:31:56 | 000,064,247 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\screen.jpg
[2010/01/23 11:46:50 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Meta7 Viewer.lnk
[2010/01/21 00:05:50 | 000,003,430 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\defaultProfile.xml
[2010/01/21 00:02:22 | 000,037,118 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\boat3.dae
[2010/01/21 00:01:43 | 000,007,643 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\GRC_vehicle.lua
[2010/01/20 00:30:24 | 000,212,577 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Developer Invite.jpg
[2010/01/20 00:25:33 | 000,074,502 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\_1J52II.jpg
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Colin\My Documents\*.tmp files -> C:\Documents and Settings\Colin\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/14 17:59:44 | 000,115,476 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Header2.png
[2010/02/14 15:12:00 | 000,320,081 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Header.png
[2010/02/14 15:12:00 | 000,253,726 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Header-Background.png
[2010/02/14 15:08:36 | 000,466,272 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\cm-background2.PNG
[2010/02/14 14:21:43 | 000,014,802 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Page-BgTexture.jpg
[2010/02/14 14:16:45 | 000,193,798 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\cm-background.jpg
[2010/02/14 00:10:09 | 000,005,301 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Attach.zip
[2010/02/13 20:16:00 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\HiJackThis.lnk
[2010/02/13 19:27:54 | 000,536,825 | ---- | C] () -- C:\HaxFix.exe
[2010/02/13 14:15:36 | 000,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/13 13:35:33 | 000,000,262 | ---- | C] () -- C:\Boot.bak
[2010/02/13 13:35:24 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/13 13:33:44 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/13 13:33:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/13 13:33:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/13 13:33:44 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/13 13:33:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/13 01:38:26 | 000,387,113 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\CandM.artx
[2010/02/13 00:54:28 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Artisteer 2.lnk
[2010/02/13 00:30:28 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\Artisteer Tips.doc
[2010/02/12 00:50:14 | 002,157,146 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Artisteer2_User_Manual.pdf
[2010/02/11 23:35:44 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\metal-frame.jpg
[2010/02/11 08:20:02 | 002,157,146 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\Artisteer2_User_Manual.pdf
[2010/02/10 20:23:40 | 000,007,174 | ---- | C] () -- C:\Documents and Settings\Colin\.recently-used.xbel
[2010/02/08 20:34:36 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/02/08 20:34:36 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/02/07 18:49:17 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Things to Do next Visit to York.doc
[2010/02/07 11:26:01 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\Department for Work and Pensions.doc
[2010/02/06 19:37:29 | 001,405,952 | R--- | C] () -- C:\Documents and Settings\Colin\Desktop\USB2MassStorage_v1019.exe
[2010/02/06 11:26:03 | 000,002,207 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Virtual Vancouver 3D Client.lnk
[2010/02/05 23:58:17 | 000,002,198 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Red Light Center 3D Client.lnk
[2010/02/05 22:58:18 | 000,323,243 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\Render.jpg
[2010/02/05 22:58:18 | 000,173,248 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\Tunnel.jpg
[2010/02/05 22:58:18 | 000,166,102 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\Vent01.jpg
[2010/02/05 22:58:18 | 000,127,582 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\render2.jpg
[2010/02/05 22:58:18 | 000,101,352 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\vent02.jpg
[2010/02/01 23:47:57 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MyData Shortcut.lnk
[2010/02/01 23:47:57 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Furniture Editor.lnk
[2010/02/01 23:47:57 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Cloth Editor.lnk
[2010/02/01 23:47:57 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Block Editor.lnk
[2010/02/01 23:47:57 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Shop Editor.lnk
[2010/02/01 23:47:57 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Item Editor.lnk
[2010/02/01 23:47:57 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars City Editor.lnk
[2010/02/01 23:28:57 | 000,035,304 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\releasenotes_7109.pdf
[2010/02/01 23:13:13 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\John Blanshard 1697-1754.doc
[2010/01/31 19:54:02 | 000,266,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVAFT.cfg
[2010/01/31 19:53:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/01/31 19:50:40 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2010/01/31 13:52:44 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Radegast.lnk
[2010/01/30 17:13:31 | 000,029,374 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\500px-RadegastLGScreen2-20091011.jpg
[2010/01/30 17:11:10 | 000,071,043 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\rad_screeshot_objects.png
[2010/01/30 17:10:41 | 000,435,226 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\rad_screeshot_login.png
[2010/01/30 17:06:45 | 000,070,286 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\radegast.jpg
[2010/01/30 10:22:56 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Opensim Grids.doc
[2010/01/29 21:27:51 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\Religious Houses of the East Riding.doc
[2010/01/29 19:37:12 | 027,938,700 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\religioushouseso00lawtuoft.pdf
[2010/01/28 22:05:04 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\JB1719.doc
[2010/01/26 20:31:54 | 000,064,247 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\screen.jpg
[2010/01/23 11:46:50 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Meta7 Viewer.lnk
[2010/01/21 00:05:48 | 000,003,430 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\defaultProfile.xml
[2010/01/21 00:02:19 | 000,037,118 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\boat3.dae
[2010/01/21 00:01:40 | 000,007,643 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\GRC_vehicle.lua
[2010/01/20 00:25:32 | 000,074,502 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\_1J52II.jpg
[2010/01/19 21:56:09 | 000,212,577 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Developer Invite.jpg
[2010/01/15 01:50:39 | 000,000,153 | ---- | C] () -- C:\WINDOWS\asfbinapp.INI
[2010/01/15 01:32:32 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/15 01:32:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/15 01:32:30 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/15 01:32:29 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/15 01:32:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/15 01:32:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/13 22:51:33 | 000,004,981 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/09/29 19:02:11 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2009/09/27 21:13:16 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2009/09/09 20:18:43 | 000,000,088 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/05 13:25:56 | 000,917,504 | ---- | C] () -- C:\WINDOWS\j3dcore-d3d.dll
[2009/07/05 13:25:56 | 000,180,224 | ---- | C] () -- C:\WINDOWS\j3dcore-ogl.dll
[2009/07/05 13:25:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\j3dcore-ogl-cg.dll
[2009/06/20 19:39:29 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2009/06/20 19:39:29 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\HookMap.dll
[2009/06/20 19:39:29 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\smdll.dll
[2009/06/20 19:39:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2009/06/10 07:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 07:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 07:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 07:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/11 18:51:04 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/10/10 11:30:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\PUTTY.RND
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/18 22:18:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/01/12 02:08:12 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/01/12 02:08:11 | 000,585,791 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/01/03 23:35:39 | 000,002,321 | ---- | C] () -- C:\WINDOWS\vista32d.ini
[2008/01/03 23:31:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\vudcli32.dll
[2008/01/03 23:31:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ucmsp_32.ini
[2008/01/03 23:31:47 | 001,097,868 | ---- | C] () -- C:\WINDOWS\System32\first_dll.dll
[2008/01/03 23:31:47 | 000,276,480 | ---- | C] () -- C:\WINDOWS\System32\segment.dll
[2008/01/03 23:31:47 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MLL_SCAN05AB.dll
[2008/01/03 23:31:47 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\myocr.dll
[2008/01/03 23:31:47 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\IO_PORT.dll
[2008/01/03 23:31:47 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\GPL_scanner.dll
[2008/01/03 23:31:47 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\ocrutil.dll
[2008/01/03 23:31:47 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\segsdk.dll
[2008/01/03 23:24:00 | 000,006,587 | ---- | C] () -- C:\WINDOWS\vista32.ini
[2008/01/03 23:24:00 | 000,000,189 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/01/03 23:24:00 | 000,000,065 | ---- | C] () -- C:\WINDOWS\umaxdrv.ini
[2008/01/03 23:23:57 | 000,001,571 | ---- | C] () -- C:\WINDOWS\faxcpp1.ini
[2008/01/03 23:23:57 | 000,000,422 | ---- | C] () -- C:\WINDOWS\faxcpp.ini
[2008/01/03 23:23:23 | 000,047,616 | R--- | C] () -- C:\WINDOWS\ucmsp_32.dll
[2008/01/03 23:23:15 | 000,135,200 | ---- | C] () -- C:\WINDOWS\u2x00_32.dll
[2008/01/03 23:23:15 | 000,106,528 | ---- | C] () -- C:\WINDOWS\u1230_32.dll
[2008/01/03 23:23:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\u2200_32.dll
[2008/01/03 23:23:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\usq3400.dll
[2008/01/03 23:23:15 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\sqEp2Usb.dll
[2008/01/03 23:23:15 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\SQUSBIO.dll
[2008/01/03 23:23:15 | 000,016,816 | ---- | C] () -- C:\WINDOWS\uns3400.ini
[2008/01/03 23:23:15 | 000,016,474 | ---- | C] () -- C:\WINDOWS\uns5400.ini
[2008/01/03 23:23:15 | 000,010,435 | ---- | C] () -- C:\WINDOWS\scan05a.ini
[2008/01/03 23:23:15 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys
[2008/01/03 23:23:15 | 000,000,668 | ---- | C] () -- C:\WINDOWS\umaxuapi.ini
[2008/01/03 23:23:14 | 000,030,208 | ---- | C] () -- C:\WINDOWS\uxmail32.dll
[2008/01/03 23:23:12 | 000,068,608 | ---- | C] () -- C:\WINDOWS\vufile32.dll
[2008/01/03 23:23:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\udnt.sys
[2008/01/03 23:22:41 | 000,000,500 | ---- | C] () -- C:\WINDOWS\Upmagic.ini
[2008/01/03 23:22:32 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Vss.ini
[2008/01/03 23:17:41 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Temp.ini
[2007/12/14 16:09:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/10/03 22:10:27 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/10/03 22:00:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2007/09/29 04:45:30 | 000,000,447 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/15 20:56:24 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/09/15 20:56:23 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/08/05 01:15:31 | 000,000,742 | ---- | C] () -- C:\WINDOWS\GyroSuit.ini
[2007/06/27 18:58:16 | 000,000,028 | ---- | C] () -- C:\WINDOWS\avinstalled.ini
[2007/06/16 15:40:45 | 000,002,482 | ---- | C] () -- C:\WINDOWS\Field.ini
[2007/06/08 13:53:13 | 000,001,223 | ---- | C] () -- C:\Documents and Settings\Colin\Application Data\cvf.ini
[2007/06/07 12:48:16 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/06/05 22:00:15 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Colin\Application Data\Colin_sp.adl
[2007/06/05 17:19:25 | 000,000,428 | ---- | C] () -- C:\Documents and Settings\Colin\Application Data\spell.cfg
[2007/06/05 17:10:13 | 001,265,664 | ---- | C] () -- C:\WINDOWS\lido.dll
[2007/04/26 20:26:51 | 000,480,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/04/23 21:37:31 | 000,102,196 | ---- | C] () -- C:\Documents and Settings\Colin\Application Data\debuggee.mdmp
[2007/04/22 15:41:47 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SW_Win2000X32.DLL
[2007/04/22 15:38:49 | 000,003,297 | ---- | C] () -- C:\WINDOWS\CX_SearchHistory.INI
[2007/04/22 15:38:43 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2007/04/22 15:38:43 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2007/04/22 15:38:43 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx13_ic.ini
[2007/04/10 01:55:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lua5.1.dll
[2007/04/03 17:34:34 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/03/09 17:09:34 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2007/03/09 17:09:32 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2007/03/01 11:38:42 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SDL_gfx.dll
[2007/01/25 18:31:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/01/20 04:47:46 | 001,483,465 | ---- | C] () -- C:\WINDOWS\System32\libswish-e-2.dll
[2006/11/20 23:46:44 | 000,005,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/19 20:24:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\vrecorder.dll
[2006/11/19 20:12:14 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2006/11/19 20:03:17 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/11/15 19:54:51 | 000,000,269 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2006/11/15 19:47:04 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/11/15 00:38:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/14 23:13:43 | 000,005,486 | ---- | C] () -- C:\WINDOWS\Debug.ini
[2006/11/14 22:29:35 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/28 03:29:02 | 000,061,447 | ---- | C] () -- C:\WINDOWS\System32\pcreposix.dll
[2006/08/27 21:48:58 | 004,484,537 | ---- | C] () -- C:\WINDOWS\System32\libxml2-2.dll
[2006/08/27 18:55:50 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2006/08/11 20:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 20:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(3).dll
[2006/08/11 20:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(2).dll
[2006/08/11 20:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/27 06:47:08 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2006/06/26 18:39:36 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/06/26 18:39:36 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\SDL_mixer.dll
[2006/06/26 18:39:36 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\smpeg.dll
[2006/06/26 18:39:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/06/26 18:39:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/06/16 15:15:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\physfs.dll
[2006/06/16 08:03:32 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\freeglut.dll
[2006/06/10 10:41:22 | 000,013,357 | ---- | C] () -- C:\WINDOWS\System32\vgadrv.dll
[2006/06/10 10:41:22 | 000,008,078 | ---- | C] () -- C:\WINDOWS\System32\drivers\vgadrv.sys
[2006/06/09 18:51:46 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\ode.dll
[2006/05/23 01:44:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\alut.dll
[2006/05/17 18:19:34 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\SDL_ttf.dll
[2006/05/17 18:10:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SDL_net.dll
[2006/05/17 09:57:36 | 000,385,090 | ---- | C] () -- C:\WINDOWS\System32\libtiff.dll
[2006/05/17 09:57:36 | 000,169,443 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll
[2006/05/17 09:57:36 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\libpng12.dll
[2006/05/17 09:57:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDL_image.dll
[2005/04/15 04:57:02 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\glfw.dll
[2003/02/10 00:13:10 | 000,000,416 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\systmsp2pb6
[2001/08/15 11:48:11 | 000,000,536 | -H-- | C] () -- C:\Documents and Settings\Colin\Application Data\winpmltspb6
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2006/10/08 13:18:58 | 064,102,256 | ---- | M] (NVIDIA Corporation ) -- C:\91.47_forceware_winxp2k_international_whql.exe
[2010/01/28 12:43:23 | 000,536,825 | ---- | M] () -- C:\HaxFix.exe
[2009/01/05 19:02:23 | 000,290,899 | ---- | M] () -- C:\ShutDownOpensim.exe


< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 13:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2004/08/04 13:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0888F409
< End of report >
OTL Extras logfile created on: 17/02/2010 18:13:38 - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Colin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 167.68 Gb Total Space | 54.26 Gb Free Space | 32.36% Space Free | Partition Type: NTFS
Drive D: | 163.76 Gb Total Space | 162.65 Gb Free Space | 99.32% Space Free | Partition Type: NTFS
Drive E: | 3.91 Gb Total Space | 3.87 Gb Free Space | 99.18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 3.76 Gb Total Space | 3.46 Gb Free Space | 92.03% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACL-13C6F3E2EC1
Current User Name: Colin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"85:TCP" = 85:TCP:*:Enabled:BroadWave Audio Streaming Server Web Server
"4100:UDP" = 4100:UDP:*:Enabled:uPNP Router Control Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SecondLife\SecondLife.exe" = C:\Program Files\SecondLife\SecondLife.exe:*:Enabled:Second Life -- (Linden Lab)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\dwyco2\cdc32.exe" = C:\Program Files\dwyco2\cdc32.exe:*:Enabled:dwyco cdc32 for Windows95/98/ME/NT4/2K/XP -- (Dwyco, Inc.)
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe" = C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector -- ()
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Temp\rexserver_0.2\rexserver\OpenSim.exe" = C:\Temp\rexserver_0.2\rexserver\OpenSim.exe:*:Enabled: -- ()
"C:\Program Files\ESTsoft\ALFTP\ALFTP.exe" = C:\Program Files\ESTsoft\ALFTP\ALFTP.exe:*:Enabled:ALFTP -- (ESTsoft)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:*:Enabled:Crysis_32_sp_demo -- (Crytek GmbH)
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max Design 2009 32-bit -- (Autodesk, Inc.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0B56244C-7B61-0409-A739-3E29DDE4DC3C}" = Bluerock Technologies Flight Studio 3ds Max Design 2009 32-bit
"{1188E53A-9E17-4CFD-8DD0-EFAE2B336623}_is1" = HelpMaker (Remove Only)
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.5.1.192
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{204D48C5-6231-4955-83EC-623DCB437FD9}_is1" = GreenLife Emerald Viewer 1.22.11 (112) ts
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{2AB45FAF-2D92-0409-8D33-E2FE6172280E}" = Autodesk 3ds Max Design 2009 32-bit ProMaterials™ Library
"{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}" = Python 2.5.4
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{305D5417-E687-0409-AA09-53DE06E059F8}" = Autodesk 3ds Max Design 2009 32-bit Movies
"{315B5139-3566-4063-8793-88DF0ED0CC04}" = MySQL Service Center
"{317CF3AA-F13A-42DB-862D-1CE39FA8E6F1}" = SkinBuilder 2.10.0
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A9C5B3-D166-4C6D-A11E-A54473150000}" = Java 3D 1.5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FD07ECF-05DF-4892-9DD0-A0B1AC563141}" = SharpDevelop 3.0 Release Candidate
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{49389932-51FA-4D26-8B4F-CE86B24302C2}" = TortoiseSVN 1.5.5.14361 (32 bit)
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.03
"{54BD000B-A0BE-46C4-993C-ACEF21216E8A}" = Microsoft Visual Basic 2005 Step by Step
"{566664F6-B34E-41A6-AD1D-4ED22DA334AE}" = Crysis ModSDK
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
"{5B2029A4-1854-42BC-96B6-4ACE5F5414BD}" = ArtRage 2 Starter Edition
"{5C9530C0-957F-4CC4-ADA9-A7195BD9394C}" = AGEIA GAME System Software 2.8.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4239AB-7B6A-4B58-B490-C34C28D24C1F}" = .NET Compact Framework-based Save Bitmap Sample
"{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta)
"{635C3D63-D901-4119-9AD2-852D10DCB937}" = 3dem
"{638C1D72-FFAD-4EC3-B1AD-ABA96BB15B0B}" = Introduction to Visual Basic 2005
"{67361CC4-C64D-4980-8E6B-612C089B97DF}" = DevComponents BubbleBar Component
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{684FC130-A41E-40EE-B1E9-A0F3E29AC908}" = Blue Mars
"{686BB230-DE5B-44F4-8DB0-4F9BEE7310F7}" = OpenOffice.org 2.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{722C0D0B-7ABD-4995-A43F-82FDC15C7939}" = Quest Software Toad for MySQL Freeware 4.0
"{744A5C19-AA4C-0409-BC07-9F4C73C8B247}" = Autodesk 3ds Max Design 2009 32-bit Vault 2009 Plug-In
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78DAD7A3-EA94-456A-8872-41FED394B87E}" = Navman SmartST Desktop for iCN530
"{79FDB311-6FC2-4CE2-AD90-042AEC733C81}" = Video Piggy
"{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60}" = Turbo Squid Tentacles 3ds Max 2009 32-bit
"{7AACE39E-A19F-468A-B130-6DBA27203075}" = Wood Workshop
"{7B18E7E2-AFCA-4CBE-8CD5-3613315AB262}" = ArcGIS Explorer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{7DFA3616-2BCB-4212-A1F6-0BFF1D271C27}" = Openlife R16-4 (R2)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80BCADCC-377A-456F-A90B-CA095374042B}" = Video Piggy
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846D9AAD-EA7D-4126-9177-F874FD389BE4}" = Microsoft FxCop 1.35
"{896D642C-7125-44F0-AC49-A23ABF82209C}" = CDBurnerXP Pro 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis® SP Demo
"{9834D148-2AB1-46B0-BD0E-26E8A4A9153A}" = bvhacker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{A2E24BD9-085B-410F-AAD0-5EB5FA5D73D2}" = ActiveState ActivePython 2.5.0.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A59E259E-5F1A-4F8F-A3DA-356137BE37F6}" = AncestryView V2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF1044EF-4699-4033-8B75-C853239FFB18}" = WinFormResizer v2.0 for .NET 2.0 [v2.0.0020.6]
"{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1
"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5E854D8-0004-46DA-94C8-537D69AF9BD7}" = SkinCrafter.Net VS2005 Light v2.1.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}" = iTunes
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC314AC4-4C4B-48F9-BAC4-252677D49FE1}" = Blue Mars Developer Tools
"{BF1BDC10-4366-4221-0009-000501000000}" = COLLADAMax (0.9.5)
"{BF6685DC-50F9-48EA-B2FF-99AF905D7660}" = Envisioneer Express 5.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C251E4E6-89BA-0409-9B42-1B3D01D34783}" = Autodesk 3ds Max Design 2009 32-bit Architectural Materials Library
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}" = Terragen
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF751CCD-547C-4B98-94DD-48843C6515EF}" = Blue Mars City Developer Tools
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D59967FF-4DCC-4695-BCD9-FA47B94047D6}" = Debugging Tools for Windows
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D6F7EA4B-B06B-4F39-8F65-AEDC3F3F1933}" = Microsoft File Transfer Manager
"{D7A0688F-46D9-4A0D-AEEF-9AA455C4CA9F}" = Openlife R17
"{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}" = Apple Mobile Device Support
"{D8DC9E0F-E613-4F8C-BFFF-322160EB8D57}" = SpreadsheetGear for .NET 2006
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2903F16-9A5A-4292-9D97-8328088086B6}" = forteManager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E5AED31E-3474-4C85-B492-42149DE37891}" = MySQL Server 5.0
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}" = CryEngine®2 Sandbox™2
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Generic USB CardReader 2.0
"{EA7E6911-A891-4D49-A897-F727C3F45886}" = Serif WebPlus 8.0
"{EB3954B3-1E69-4CB5-B5C6-7BEDF3518125}" = Expresso
"{EC561602-C0B9-4FAA-A175-1B3273639AC3}" = MySQL Tools for 5.0
"{EFCBBB01-F876-0409-B91F-7B6132E8BB64}" = Autodesk 3ds Max Design 2009 32-bit Vault 2008 Plug-In
"{F1D2A514-E8D2-4F28-857D-B68854ED3706}" = Tunebite
"{F681200C-0446-0409-ABE4-EA9105E40EE4}" = Autodesk 3ds Max Design 2009 32-bit Additional Maps and Material Libraries
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDAAEE85-A232-11D5-A6B4-0050BA724CB6}" = IA 101
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max Design 2009 32-bit
"{FFE8603D-563F-4ECE-A1D7-A728BAB3A204}" = SkinCrafter 3.3.3 Demo
"7-Zip" = 7-Zip 4.44 beta
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Advanced Archive Repair v1.0" = Advanced Archive Repair v1.0
"Advanced DBF Repair v1.5" = Advanced DBF Repair v1.5
"ALFTP_is1" = ALFTP
"Animation Master v12.0" = Animation Master v12.0w
"Animation v12.0" = Animation Master v12.0d
"Any Video Converter_is1" = Any Video Converter 2.5.9
"AnyDVD" = AnyDVD
"Anywhere PE Viewer_is1" = Anywhere PE Viewer 0.1.7
"AoA DVD Ripper_is1" = AoA DVD Ripper
"ArcGIS Explorer" = ArcGIS Explorer
"Artisteer 2" = Artisteer 2
"ASF-AVI-RM-WMV Repair_is1" = ASF-AVI-RM-WMV Repair 1.82
"AsfTools 3.1" = AsfTools 3.1 (remove only)
"Audacity_is1" = Audacity 1.2.6
"AutoItv3" = AutoIt v3.3.0.0
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"Battle Master 3 GE_is1" = Battle Master 3 GE
"Belarc Advisor" = Belarc Advisor 7.2
"Bersirc" = Bersirc 2.2.14
"BlitzLatin137" = BlitzLatin141
"Blue Mars" = Blue Mars
"Blue Mars City Developer Tools" = Blue Mars City Developer Tools
"Blue Mars Developer Tools" = Blue Mars Developer Tools
"BroadWave" = BroadWave Audio Streaming Server
"CCleaner" = CCleaner (remove only)
"Code Visual to Flowchart_is1" = Code Visual to Flowchart 5.0 Build 0515
"ColladaCGF" = ColladaCGF (remove only)
"ColorPic" = ColorPic
"CutePDF Writer Installation" = CutePDF Writer 2.7
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"DDS Converter 2.1" = DDS Converter 2.1
"Direct MP3 Splitter Joiner_is1" = Direct MP3 Splitter Joiner 2.3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DM Thumbs 1.1" = DM Thumbs 1.1
"doubleTwist desktop" = doubleTwist desktop
"DVD Cutter_is1" = DVD Cutter 1.1
"Dwyco Video Conferencing_is1" = Dwyco Video Conferencing
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"Etymonix SoftReel" = Etymonix SoftReel
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.20
"ExamDiff Pro_is1" = ExamDiff Pro 3.5
"expat_is1" = Expat XML Parser 2.0.1
"FBX Converter 2006.11.2" = FBX Converter 2006.11.2
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"Flash Capture_is1" = Flash Capture 1.20
"Flash saver 5.5" = Flash saver 5.5
"FLV Player1.33 FC" = FLV Player
"FMOD Designer" = FMOD Designer
"Foxit Reader" = Foxit Reader
"Fx WMV Indexer" = Fx WMV Indexer
"GeoControl2 demo" = GeoControl Beta
"GLIntercept_is1" = GLIntercept 0.5
"Google Desktop" = Google Desktop
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"Hide IP NG_is1" = Hide IP NG 1.47
"HijackThis" = HijackThis 2.0.2
"Hippo OpenSim Viewer" = Hippo OpenSim Viewer (remove only)
"IcoFX_is1" = IcoFX 1.5
"Icon Restore_is1" = Icon Restore 1.0
"ie8" = Windows Internet Explorer 8
"iMPEG Converter_is1" = iMPEG Converter 2.15
"InfoView" = InfoView
"Install Creator" = Install Creator
"InstallShield_{BF6685DC-50F9-48EA-B2FF-99AF905D7660}" = Envisioneer Express 5.0
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Full)
"legacyqcam_10.51" = Logitech Legacy USB Camera Driver Package
"LimeWire" = LimeWire 5.0.11
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Meerkat" = Meerkat (remove only)
"Meta7Viewer" = Meta7Viewer (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft Visual Basic 2005 Express Edition - ENU" = Microsoft Visual Basic 2005 Express Edition - ENU
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MP3 Splitter & Joiner Pro_is1" = MP3 Splitter & Joiner Pro 3.47
"Naali" = Naali
"NetworkActiv Port Scanner 4.0" = NetworkActiv Port Scanner 4.0
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Openlife R17" = Openlife R17
"Picasa2" = Picasa 2
"Pixcavator_is1" = Pixcavator 2.2
"POP Peeper" = POP Peeper
"PSPad editor_is1" = PSPad editor
"Pure Sudoku_is1" = Pure Sudoku 1.52
"PuzzLex6_is1" = PuzzLex6
"PyFFI-py2.5" = Python 2.5 PyFFI-2.0.0
"Radegast" = Radegast
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"Recovery for PDF" = Recovery for PDF
"Red Light Center 3D Client" = Red Light Center 3D Client
"Refinery" = COLLADA Refinery
"RogueRemover" = RogueRemover 1.13
"Save Flash" = Save Flash 3.0
"SciTE-ez_is1" = SciTE-ez 1.61-6
"Second Inventory" = Second Inventory
"SecondLife" = SecondLife (remove only)
"SecondLifeOpenGrid" = SecondLifeOpenGrid (remove only)
"SerifDrawPlus40" = Serif DrawPlus 4.0
"SL Friends Monitor_is1" = SL Friends Monitor v1.7
"SL My Inventory Viewer - SLMIV v2_is1" = SL My Inventory Viewer v2.7.0
"Slice" = Slice Uninstall
"SopCast" = SopCast 3.0.3
"SoundTap" = SoundTap Uninstall
"Split and Tile_is1" = Split and Tile
"Spotify" = Spotify
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"ST5UNST #1" = TerraPainter
"ST5UNST #2" = SMWLink3.0
"StarOSD_is1" = StarOSD
"Steam App 3483" = Peggle Extreme
"Steam App 410" = Portal: The First Slice
"SwirlX3DViewer_is1" = SwirlX3DViewer 2.7.0
"SystemRequirementsLab" = System Requirements Lab
"Tao" = Tao 2.0.0
"TeamViewer 4" = TeamViewer 4
"Terrain Generator_is1" = Terrain Generator 3.0.5
"TerraMaker_is1" = TerraMaker 1.3.56
"ToolBox" = NCH Toolbox
"TVAnts 1.0" = TVAnts 1.0
"Twinity" = Twinity (remove only)
"UDK-05b87671-ea33-4bea-b295-3fbe67cd54fd" = Aaaaghh
"UDK-6021d464-791a-47a9-be57-ff113b197325" = Unreal Development Kit: 2009-11-2
"UDK-a317293a-a582-40ed-9a8d-d1a645d5a4f8" = Unreal Development Kit: 2009-11
"UDK-c9637abd-f6e5-4533-919a-1746accfee8e" = First Galactic War
"Uninstall VistaShuttle" = VistaShuttle
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent
"UVMapper Professional Demo_is1" = UVMapper Professional Demo 3.5b
"VastPark Browser" = VastPark Browser 0.9 Alpha
"Videora iPod Converter" = Videora iPod Converter 3.07
"VideoReDoPlus_is1" = VideoReDo Plus Version 2.5.7.602
"Virtual Vancouver 3D Client" = Virtual Vancouver 3D Client
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VTBuilder_is1" = 2007.11.11
"Web Page Maker V2_is1" = Web Page Maker V2.5
"Web Page Maker_is1" = Web Page Maker V3.0
"Web-Developer Server Suite, Community Edition_is1" = Web-Developer Server Suite v2.00
"WiFiConnector" = Nintendo Wi-Fi USB Connector Registration Tool
"Winamp" = Winamp (remove only)
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.4.4
"WinMorph_is1" = WinMorph™ 3.01
"WinPcapInst" = WinPcap 4.0
"WinRAR archiver" = WinRAR archiver
"WM Recorder 12.1" = WM Recorder 12.1
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.90.3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YouTube Downloader_is1" = YouTube Downloader 2.5
"ZD Soft Screen Recorder" = ZD Soft Screen Recorder
"ZD Soft Video Recorder" = ZD Soft Video Recorder
"ZDSV" = ZD Soft Screen Video Decoder
"Zoom Search Engine 5.1_is1" = Zoom Search Engine 5.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1606980848-1078081533-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"0b68c03056d57231" = MakeMyExe
"79c0013fff3e927a" = SimScape
"a84d28cb82e92aa1" = SLeuth
"bd3ec1dff3db8dd8" = SLBot
"DownloadCoach" = Movie Download Manager
"L3DT Standard (v2.5.3.7)" = L3DT Standard v2.5.3.7 (remove only)
"QUICKMEDIACONVERTER" = Converter
"uTorrent" = µTorrent
"Whoola COLLADA Converter" = Whoola COLLADA Converter
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/02/2010 19:47:06 | Computer Name = ACL-13C6F3E2EC1 | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =

Error - 13/02/2010 04:05:44 | Computer Name = ACL-13C6F3E2EC1 | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =

Error - 13/02/2010 08:53:28 | Computer Name = ACL-13C6F3E2EC1 | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =

Error - 13/02/2010 09:21:16 | Computer Name = ACL-13C6F3E2EC1 | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =

Error - 13/02/2010 09:34:59 | Computer Name = ACL-13C6F3E2EC1 | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =

Error - 13/02/2010 19:04:40 | Computer Name = ACL-13C6F3E2EC1 | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =

Error - 14/02/2010 04:51:37 | Computer Name = ACL-13C6F3E2EC1 | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =

Error - 15/02/2010 17:56:03 | Computer Name = ACL-13C6F3E2EC1 | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =

Error - 16/02/2010 16:11:55 | Computer Name = ACL-13C6F3E2EC1 | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =

Error - 17/02/2010 13:10:09 | Computer Name = ACL-13C6F3E2EC1 | Source = RaySat_3dsmax9_32 Server | ID = 131074
Description =


< End of report >

Rock

Edited by RockVacirca, 17 February 2010 - 12:33 PM.


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:58 AM

Posted 17 February 2010 - 01:14 PM

Hi Rock,

Unfortunately your logs show you have a rotkit infection, so you should be aware of the following information.

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


  • Go to Kaspersky and Download TDSSKiller.zip.
  • Extract the contents of TDSSKiller.zip to your Desktop.
  • Click Start >> Run then copy and paste the following bold command line into the Run box and click OK.
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • Follow the instructions to type in "delete" when it asks you what to do when if finds something.
  • When done, a log file should be created on your C: drive called TDSSKiller.txt please post this log in your next reply.

unite.jpg


#5 RockVacirca

RockVacirca
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 17 February 2010 - 03:04 PM

Many thanks for that. I have tried to clean it, and it appears to be sucessful (please confirm or not) and I have already started the process of changing all passwords and informing my CC, Paypal and bank (not from the suspect machine, but from a clean laptop).

Here is the TDSS log:

20:38:51:218 5300 TDSS rootkit removing tool 2.2.4 Feb 15 2010 19:38:31
20:38:51:218 5300 ================================================================================
20:38:51:218 5300 SystemInfo:

20:38:51:218 5300 OS Version: 5.1.2600 ServicePack: 2.0
20:38:51:218 5300 Product type: Workstation
20:38:51:218 5300 ComputerName: ACL-13C6F3E2EC1
20:38:51:218 5300 UserName: Colin
20:38:51:218 5300 Windows directory: C:\WINDOWS
20:38:51:218 5300 Processor architecture: Intel x86
20:38:51:218 5300 Number of processors: 2
20:38:51:218 5300 Page size: 0x1000
20:38:51:218 5300 Boot type: Normal boot
20:38:51:218 5300 ================================================================================
20:38:51:234 5300 UnloadDriverW: NtUnloadDriver error 2
20:38:51:234 5300 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
20:38:51:234 5300 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
20:38:51:265 5300 UtilityInit: KLMD drop and load success
20:38:51:265 5300 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201010)
20:38:51:265 5300 UtilityInit: KLMD open success
20:38:51:265 5300 UtilityInit: Initialize success
20:38:51:265 5300
20:38:51:265 5300 Scanning Services ...
20:38:51:265 5300 CreateRegParser: Registry parser init started
20:38:51:265 5300 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
20:38:51:265 5300 CreateRegParser: DisableWow64Redirection error
20:38:51:265 5300 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
20:38:51:265 5300 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
20:38:51:265 5300 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:38:51:265 5300 wfopen_ex: Trying to KLMD file open
20:38:51:265 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
20:38:51:265 5300 wfopen_ex: File opened ok (Flags 2)
20:38:51:265 5300 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: AD4C60
20:38:51:265 5300 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
20:38:51:265 5300 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
20:38:51:265 5300 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:38:51:265 5300 wfopen_ex: Trying to KLMD file open
20:38:51:265 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
20:38:51:265 5300 wfopen_ex: File opened ok (Flags 2)
20:38:51:265 5300 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: AD4D08
20:38:51:265 5300 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
20:38:51:265 5300 CreateRegParser: EnableWow64Redirection error
20:38:51:265 5300 CreateRegParser: RegParser init completed
20:38:51:578 5300 GetAdvancedServicesInfo: Raw services enum returned 364 services
20:38:51:593 5300 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
20:38:51:593 5300 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
20:38:51:593 5300
20:38:51:593 5300 Scanning Kernel memory ...
20:38:51:593 5300 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
20:38:51:593 5300 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8AEF7910
20:38:51:593 5300 DetectCureTDL3: KLMD_GetDeviceObjectList returned 12 DevObjects
20:38:51:593 5300
20:38:51:593 5300 DetectCureTDL3: DEVICE_OBJECT: 881B8C68
20:38:51:593 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 881B8C68
20:38:51:593 5300 KLMD_ReadMem: Trying to ReadMemory 0x881B8C68[0x38]
20:38:51:593 5300 DetectCureTDL3: DRIVER_OBJECT: 8AEF7910
20:38:51:593 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AEF7910[0xA8]
20:38:51:593 5300 KLMD_ReadMem: Trying to ReadMemory 0xE1001A58[0x18]
20:38:51:593 5300 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_CREATE : B810EC30
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_CLOSE : B810EC30
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_READ : B8108D9B
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_WRITE : B8108D9B
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_SET_EA : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : B8109366
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : B810944D
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CFC3
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_SHUTDOWN : B8109366
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_POWER : B810AEF3
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : B810FA24
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4282
20:38:51:593 5300 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4282
20:38:51:593 5300 TDL3_FileDetect: Processing driver: Disk
20:38:51:593 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:593 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:640 5300 TDL3_FileDetect: Processing driver: Disk
20:38:51:640 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:640 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:640 5300 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:38:51:640 5300
20:38:51:640 5300 DetectCureTDL3: DEVICE_OBJECT: 881B4AB8
20:38:51:640 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 881B4AB8
20:38:51:640 5300 DetectCureTDL3: DEVICE_OBJECT: 881AB728
20:38:51:640 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 881AB728
20:38:51:640 5300 KLMD_ReadMem: Trying to ReadMemory 0x881AB728[0x38]
20:38:51:640 5300 DetectCureTDL3: DRIVER_OBJECT: 8A0E1410
20:38:51:640 5300 KLMD_ReadMem: Trying to ReadMemory 0x8A0E1410[0xA8]
20:38:51:640 5300 KLMD_ReadMem: Trying to ReadMemory 0xE1013060[0x1E]
20:38:51:640 5300 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_CREATE : B83D5218
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_CLOSE : B83D5218
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_READ : B83D523C
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_WRITE : B83D523C
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_SET_EA : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : B83D5180
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : B83D09E6
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_POWER : B83D45F0
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : B83D2A6E
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4282
20:38:51:640 5300 TDL3_FileDetect: Processing driver: usbstor
20:38:51:640 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:640 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:640 5300 KLMD_ReadMem: Trying to ReadMemory 0xB83D1F26[0x400]
20:38:51:640 5300 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
20:38:51:640 5300 TDL3_FileDetect: Processing driver: usbstor
20:38:51:640 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:640 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:640 5300 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
20:38:51:640 5300
20:38:51:640 5300 DetectCureTDL3: DEVICE_OBJECT: 89E17658
20:38:51:640 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89E17658
20:38:51:640 5300 KLMD_ReadMem: Trying to ReadMemory 0x89E17658[0x38]
20:38:51:640 5300 DetectCureTDL3: DRIVER_OBJECT: 8AEF7910
20:38:51:640 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AEF7910[0xA8]
20:38:51:640 5300 KLMD_ReadMem: Trying to ReadMemory 0xE1001A58[0x18]
20:38:51:640 5300 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_CREATE : B810EC30
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_CLOSE : B810EC30
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_READ : B8108D9B
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_WRITE : B8108D9B
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_SET_EA : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : B8109366
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : B810944D
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CFC3
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_SHUTDOWN : B8109366
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4282
20:38:51:640 5300 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_POWER : B810AEF3
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : B810FA24
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4282
20:38:51:656 5300 TDL3_FileDetect: Processing driver: Disk
20:38:51:656 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:656 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:656 5300 TDL3_FileDetect: Processing driver: Disk
20:38:51:656 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:656 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:656 5300 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:38:51:656 5300
20:38:51:656 5300 DetectCureTDL3: DEVICE_OBJECT: 89E18658
20:38:51:656 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89E18658
20:38:51:656 5300 KLMD_ReadMem: Trying to ReadMemory 0x89E18658[0x38]
20:38:51:656 5300 DetectCureTDL3: DRIVER_OBJECT: 8AEF7910
20:38:51:656 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AEF7910[0xA8]
20:38:51:656 5300 KLMD_ReadMem: Trying to ReadMemory 0xE1001A58[0x18]
20:38:51:656 5300 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_CREATE : B810EC30
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_CLOSE : B810EC30
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_READ : B8108D9B
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_WRITE : B8108D9B
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SET_EA : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : B8109366
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : B810944D
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CFC3
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SHUTDOWN : B8109366
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_POWER : B810AEF3
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : B810FA24
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4282
20:38:51:656 5300 TDL3_FileDetect: Processing driver: Disk
20:38:51:656 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:656 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:656 5300 TDL3_FileDetect: Processing driver: Disk
20:38:51:656 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:656 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:656 5300 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:38:51:656 5300
20:38:51:656 5300 DetectCureTDL3: DEVICE_OBJECT: 89E19658
20:38:51:656 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89E19658
20:38:51:656 5300 KLMD_ReadMem: Trying to ReadMemory 0x89E19658[0x38]
20:38:51:656 5300 DetectCureTDL3: DRIVER_OBJECT: 8AEF7910
20:38:51:656 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AEF7910[0xA8]
20:38:51:656 5300 KLMD_ReadMem: Trying to ReadMemory 0xE1001A58[0x18]
20:38:51:656 5300 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_CREATE : B810EC30
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_CLOSE : B810EC30
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_READ : B8108D9B
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_WRITE : B8108D9B
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SET_EA : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : B8109366
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : B810944D
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CFC3
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SHUTDOWN : B8109366
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_POWER : B810AEF3
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : B810FA24
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4282
20:38:51:656 5300 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4282
20:38:51:656 5300 TDL3_FileDetect: Processing driver: Disk
20:38:51:656 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:656 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:656 5300 TDL3_FileDetect: Processing driver: Disk
20:38:51:656 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:656 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:671 5300 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:38:51:671 5300
20:38:51:671 5300 DetectCureTDL3: DEVICE_OBJECT: 8A0AC030
20:38:51:671 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A0AC030
20:38:51:671 5300 DetectCureTDL3: DEVICE_OBJECT: 8AEB1E18
20:38:51:671 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AEB1E18
20:38:51:671 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AEB1E18[0x38]
20:38:51:671 5300 DetectCureTDL3: DRIVER_OBJECT: 8A0E1410
20:38:51:671 5300 KLMD_ReadMem: Trying to ReadMemory 0x8A0E1410[0xA8]
20:38:51:671 5300 KLMD_ReadMem: Trying to ReadMemory 0xE1013060[0x1E]
20:38:51:671 5300 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_CREATE : B83D5218
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_CLOSE : B83D5218
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_READ : B83D523C
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_WRITE : B83D523C
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SET_EA : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : B83D5180
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : B83D09E6
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_POWER : B83D45F0
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : B83D2A6E
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4282
20:38:51:671 5300 TDL3_FileDetect: Processing driver: usbstor
20:38:51:671 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:671 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:671 5300 KLMD_ReadMem: Trying to ReadMemory 0xB83D1F26[0x400]
20:38:51:671 5300 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
20:38:51:671 5300 TDL3_FileDetect: Processing driver: usbstor
20:38:51:671 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:671 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:671 5300 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
20:38:51:671 5300
20:38:51:671 5300 DetectCureTDL3: DEVICE_OBJECT: 8AE11030
20:38:51:671 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AE11030
20:38:51:671 5300 DetectCureTDL3: DEVICE_OBJECT: 8ACA7EA0
20:38:51:671 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8ACA7EA0
20:38:51:671 5300 KLMD_ReadMem: Trying to ReadMemory 0x8ACA7EA0[0x38]
20:38:51:671 5300 DetectCureTDL3: DRIVER_OBJECT: 8A0E1410
20:38:51:671 5300 KLMD_ReadMem: Trying to ReadMemory 0x8A0E1410[0xA8]
20:38:51:671 5300 KLMD_ReadMem: Trying to ReadMemory 0xE1013060[0x1E]
20:38:51:671 5300 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_CREATE : B83D5218
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_CLOSE : B83D5218
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_READ : B83D523C
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_WRITE : B83D523C
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SET_EA : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : B83D5180
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : B83D09E6
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_POWER : B83D45F0
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : B83D2A6E
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4282
20:38:51:671 5300 TDL3_FileDetect: Processing driver: usbstor
20:38:51:671 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:671 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:671 5300 KLMD_ReadMem: Trying to ReadMemory 0xB83D1F26[0x400]
20:38:51:671 5300 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
20:38:51:671 5300 TDL3_FileDetect: Processing driver: usbstor
20:38:51:671 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:671 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:671 5300 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
20:38:51:671 5300
20:38:51:671 5300 DetectCureTDL3: DEVICE_OBJECT: 8A08B510
20:38:51:671 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8A08B510
20:38:51:671 5300 DetectCureTDL3: DEVICE_OBJECT: 8AE14EA0
20:38:51:671 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AE14EA0
20:38:51:671 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AE14EA0[0x38]
20:38:51:671 5300 DetectCureTDL3: DRIVER_OBJECT: 8A0E1410
20:38:51:671 5300 KLMD_ReadMem: Trying to ReadMemory 0x8A0E1410[0xA8]
20:38:51:671 5300 KLMD_ReadMem: Trying to ReadMemory 0xE1013060[0x1E]
20:38:51:671 5300 DetectCureTDL3: DRIVER_OBJECT name: \Driver\usbstor, Driver Name: usbstor
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_CREATE : B83D5218
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_CLOSE : B83D5218
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_READ : B83D523C
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_WRITE : B83D523C
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SET_EA : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : B83D5180
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : B83D09E6
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SHUTDOWN : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_POWER : B83D45F0
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : B83D2A6E
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4282
20:38:51:671 5300 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4282
20:38:51:671 5300 TDL3_FileDetect: Processing driver: usbstor
20:38:51:671 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:671 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:671 5300 KLMD_ReadMem: Trying to ReadMemory 0xB83D1F26[0x400]
20:38:51:671 5300 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
20:38:51:671 5300 TDL3_FileDetect: Processing driver: usbstor
20:38:51:671 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:671 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:38:51:687 5300 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
20:38:51:687 5300
20:38:51:687 5300 DetectCureTDL3: DEVICE_OBJECT: 8AF20C68
20:38:51:687 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AF20C68
20:38:51:687 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AF20C68[0x38]
20:38:51:687 5300 DetectCureTDL3: DRIVER_OBJECT: 8AEF7910
20:38:51:687 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AEF7910[0xA8]
20:38:51:687 5300 KLMD_ReadMem: Trying to ReadMemory 0xE1001A58[0x18]
20:38:51:687 5300 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_CREATE : B810EC30
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_CLOSE : B810EC30
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_READ : B8108D9B
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_WRITE : B8108D9B
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SET_EA : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : B8109366
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : B810944D
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CFC3
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SHUTDOWN : B8109366
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_POWER : B810AEF3
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : B810FA24
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4282
20:38:51:687 5300 TDL3_FileDetect: Processing driver: Disk
20:38:51:687 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:687 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:687 5300 TDL3_FileDetect: Processing driver: Disk
20:38:51:687 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:687 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:687 5300 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:38:51:687 5300
20:38:51:687 5300 DetectCureTDL3: DEVICE_OBJECT: 8AE9FC68
20:38:51:687 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AE9FC68
20:38:51:687 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AE9FC68[0x38]
20:38:51:687 5300 DetectCureTDL3: DRIVER_OBJECT: 8AEF7910
20:38:51:687 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AEF7910[0xA8]
20:38:51:687 5300 KLMD_ReadMem: Trying to ReadMemory 0xE1001A58[0x18]
20:38:51:687 5300 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_CREATE : B810EC30
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_CLOSE : B810EC30
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_READ : B8108D9B
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_WRITE : B8108D9B
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SET_EA : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : B8109366
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : B810944D
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CFC3
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SHUTDOWN : B8109366
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_POWER : B810AEF3
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : B810FA24
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4282
20:38:51:687 5300 TDL3_FileDetect: Processing driver: Disk
20:38:51:687 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:687 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:687 5300 TDL3_FileDetect: Processing driver: Disk
20:38:51:687 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:687 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:687 5300 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:38:51:687 5300
20:38:51:687 5300 DetectCureTDL3: DEVICE_OBJECT: 8AED6C68
20:38:51:687 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AED6C68
20:38:51:687 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AED6C68[0x38]
20:38:51:687 5300 DetectCureTDL3: DRIVER_OBJECT: 8AEF7910
20:38:51:687 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AEF7910[0xA8]
20:38:51:687 5300 KLMD_ReadMem: Trying to ReadMemory 0xE1001A58[0x18]
20:38:51:687 5300 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_CREATE : B810EC30
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_CLOSE : B810EC30
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_READ : B8108D9B
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_WRITE : B8108D9B
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SET_INFORMATION : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_QUERY_EA : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SET_EA : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : B8109366
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : B810944D
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CFC3
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SHUTDOWN : B8109366
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_CLEANUP : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SET_SECURITY : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_POWER : B810AEF3
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : B810FA24
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : 804F4282
20:38:51:687 5300 DetectCureTDL3: IRP_MJ_SET_QUOTA : 804F4282
20:38:51:687 5300 TDL3_FileDetect: Processing driver: Disk
20:38:51:687 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:687 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:703 5300 TDL3_FileDetect: Processing driver: Disk
20:38:51:703 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:703 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
20:38:51:703 5300 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
20:38:51:703 5300
20:38:51:703 5300 DetectCureTDL3: DEVICE_OBJECT: 8AED7AB8
20:38:51:703 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AED7AB8
20:38:51:703 5300 DetectCureTDL3: DEVICE_OBJECT: 8AF08F18
20:38:51:703 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AF08F18
20:38:51:703 5300 DetectCureTDL3: DEVICE_OBJECT: 8AF04D98
20:38:51:703 5300 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8AF04D98
20:38:51:703 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AF04D98[0x38]
20:38:51:703 5300 DetectCureTDL3: DRIVER_OBJECT: 8AEFF8B8
20:38:51:703 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AEFF8B8[0xA8]
20:38:51:703 5300 KLMD_ReadMem: Trying to ReadMemory 0xE101A9B0[0x1A]
20:38:51:703 5300 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_CREATE : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_CREATE_NAMED_PIPE : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_CLOSE : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_READ : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_WRITE : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_QUERY_INFORMATION : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_SET_INFORMATION : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_QUERY_EA : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_SET_EA : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_FLUSH_BUFFERS : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_QUERY_VOLUME_INFORMATION : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_SET_VOLUME_INFORMATION : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_DIRECTORY_CONTROL : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_FILE_SYSTEM_CONTROL : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_DEVICE_CONTROL : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_INTERNAL_DEVICE_CONTROL : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_SHUTDOWN : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_LOCK_CONTROL : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_CLEANUP : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_CREATE_MAILSLOT : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_QUERY_SECURITY : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_SET_SECURITY : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_POWER : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_SYSTEM_CONTROL : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_DEVICE_CHANGE : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_QUERY_QUOTA : B7F149F2
20:38:51:703 5300 DetectCureTDL3: IRP_MJ_SET_QUOTA : B7F149F2
20:38:51:703 5300 TDL3_FileDetect: Processing driver: atapi
20:38:51:703 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
20:38:51:703 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
20:38:51:718 5300 DetectCureTDL3: All IRP handlers pointed to one addr: B7F149F2
20:38:51:718 5300 KLMD_ReadMem: Trying to ReadMemory 0xB7F149F2[0x400]
20:38:51:718 5300 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr
20:38:51:718 5300 KLMD_ReadMem: Trying to ReadMemory 0xFFDF0308[0x4]
20:38:51:718 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AEA70B4[0x4]
20:38:51:718 5300 TDL3_IrpHookDetect: New IrpHandler addr: 8AF188C8
20:38:51:718 5300 KLMD_ReadMem: Trying to ReadMemory 0x8AF188C8[0x400]
20:38:51:718 5300 TDL3_IrpHookDetect: CheckParameters: 10, FFDF0308, 510, 134, 3, 120
20:38:51:718 5300 Driver "atapi" Irp handler infected by TDSS rootkit ... 20:38:51:718 5300 KLMD_WriteMem: Trying to WriteMemory 0x8AF1894E[0xD]
20:38:51:718 5300 cured
20:38:51:718 5300 KLMD_ReadMem: Trying to ReadMemory 0xB7F127C6[0x400]
20:38:51:718 5300 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
20:38:51:718 5300 TDL3_FileDetect: Processing driver: atapi
20:38:51:718 5300 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
20:38:51:718 5300 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
20:38:51:718 5300 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Infected
20:38:51:718 5300 File C:\WINDOWS\system32\DRIVERS\atapi.sys infected by TDSS rootkit ... 20:38:51:718 5300 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
20:38:51:718 5300 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
20:38:51:750 5300 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\driver.cab
20:38:51:828 5300 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp2.cab
20:38:51:859 5300 CabinetCallback: Backup candidate found: atapi.sys:95360, extracting..
20:38:52:046 5300 CabinetCallback: File extracted successfully: C:\DOCUME~1\Colin\LOCALS~1\Temp\bckC.tmp
20:38:52:046 5300 ValidateDriverFile: Stage 1 passed
20:38:52:046 5300 ValidateDriverFile: Stage 2 passed
20:38:52:140 5300 DigitalSignVerifyByHandle: Embedded DS result: 800B0100
20:38:53:406 5300 DigitalSignVerifyByHandle: Cat DS result: 00000000
20:38:53:406 5300 ValidateDriverFile: Stage 3 passed
20:38:53:406 5300 CabinetCallback: File validated successfully, restore information prepared
20:38:53:406 5300 FindDriverFileBackup: Backup copy found in cab-file
20:38:53:406 5300 TDL3_FileCure: Backup copy found, using it..
20:38:53:406 5300 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\drivers\tskD.tmp
20:38:53:437 5300 TDL3_FileCure: New / Old Image paths: (system32\drivers\tskD.tmp, system32\drivers\atapi.sys)
20:38:53:437 5300 TDL3_FileCure: KLMD jobs schedule success
20:38:53:437 5300 will be cured on next reboot
20:38:53:437 5300 UtilityBootReinit: Reboot required for cure complete..
20:38:53:453 5300 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000
20:38:53:468 5300 UtilityBootReinit: KLMD drop success
20:38:53:468 5300 KLMD_ApplyPendList: Pending buffer(292_69AB, 600) dropped successfully
20:38:53:468 5300 UtilityBootReinit: Cure on reboot scheduled successfully
20:38:53:468 5300
20:38:53:468 5300 Completed
20:38:53:468 5300
20:38:53:468 5300 Results:
20:38:53:468 5300 Memory objects infected / cured / cured on reboot: 1 / 1 / 0
20:38:53:468 5300 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:38:53:468 5300 File objects infected / cured / cured on reboot: 1 / 0 / 1
20:38:53:468 5300
20:38:53:468 5300 UnloadDriverW: NtUnloadDriver error 1
20:38:53:468 5300 KLMD_Unload: UnloadDriverW(klmd21) error 1
20:38:53:484 5300 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
20:38:53:484 5300 UtilityDeinit: KLMD(ARK) unloaded successfully

Rock

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:58 AM

Posted 17 February 2010 - 03:43 PM

It looks like we have got it, let make sure and see if theirs anything else to clean.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Then run OTL again with the same code, it will only produce one log this time, please post back with that log and the MBAM log.

Thanks

unite.jpg


#7 RockVacirca

RockVacirca
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 17 February 2010 - 04:22 PM

Here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.44
Database version: 3753
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

17/02/2010 22:20:57
mbam-log-2010-02-17 (22-20-47).txt

Scan type: Quick Scan
Objects scanned: 118790
Time elapsed: 10 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Rock

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:58 AM

Posted 17 February 2010 - 04:36 PM

Do you have the new OTL log aswell?

unite.jpg


#9 RockVacirca

RockVacirca
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 17 February 2010 - 04:39 PM

and the OTL report:

OTL logfile created on: 17/02/2010 22:26:40 - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Colin\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 167.68 Gb Total Space | 54.33 Gb Free Space | 32.40% Space Free | Partition Type: NTFS
Drive D: | 163.76 Gb Total Space | 162.65 Gb Free Space | 99.32% Space Free | Partition Type: NTFS
Drive E: | 3.91 Gb Total Space | 3.87 Gb Free Space | 99.18% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 3.76 Gb Total Space | 3.45 Gb Free Space | 91.89% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACL-13C6F3E2EC1
Current User Name: Colin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/17 18:07:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colin\Desktop\OTL.exe
PRC - [2010/02/13 14:28:43 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/13 14:28:40 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/13 14:28:40 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/13 14:28:38 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/13 14:27:25 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/13 14:27:23 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/04 18:42:14 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/27 18:42:09 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/08 19:56:29 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/09 13:11:12 | 025,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 000,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/09/27 17:37:27 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/13 22:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/06/10 07:28:50 | 000,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/24 18:31:12 | 000,576,512 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2008/08/08 14:54:14 | 001,134,592 | ---- | M] () -- C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
PRC - [2008/04/17 18:13:44 | 005,750,784 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2008/03/28 22:37:20 | 000,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2008/03/09 23:04:52 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
PRC - [2007/10/31 14:09:16 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/09/20 12:13:36 | 000,024,631 | ---- | M] (Apache Software Foundation) -- C:\www\Apache22\bin\httpd.exe
PRC - [2005/11/11 14:07:00 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/04 13:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/07/20 18:18:54 | 000,090,112 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe
PRC - [2004/04/13 06:07:18 | 000,069,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/02/03 13:42:54 | 000,401,491 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [1999/02/02 00:53:24 | 000,405,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\1033\MSOFFICE.EXE


========== Modules (SafeList) ==========

MOD - [2010/02/17 18:07:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colin\Desktop\OTL.exe
MOD - [2009/12/08 13:12:24 | 000,014,544 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2004/08/04 13:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/13 14:28:38 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/04 18:42:14 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/08 19:56:29 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/12/08 14:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/09/27 17:37:27 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/08/17 20:58:28 | 000,593,924 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe -- (BroadWaveService)
SRV - [2009/07/25 04:23:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/13 22:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/06/10 07:28:50 | 000,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/04/17 18:13:44 | 005,750,784 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2008/03/09 23:04:52 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32)
SRV - [2008/01/15 03:22:44 | 000,504,104 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/10/31 14:09:16 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/09/20 12:13:36 | 000,024,631 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\www\Apache22\bin\httpd.exe -- (Apache2.2)
SRV - [2007/04/19 19:52:56 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/01/25 18:31:34 | 000,093,048 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2006/09/29 11:48:06 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)


========== Driver Services (SafeList) ==========

DRV - [2010/02/17 22:25:37 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)
DRV - [2010/02/13 14:28:42 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/13 14:28:40 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/31 09:46:58 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/10/07 09:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2009/10/07 09:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 09:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/09/23 13:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/10 05:03:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/01/30 00:02:38 | 000,103,488 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/01/29 23:57:58 | 000,023,976 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009/01/23 09:49:08 | 000,037,664 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/08/08 14:52:48 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2008/08/08 14:52:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/10/31 14:09:14 | 000,030,464 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2007/08/19 12:50:15 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/03/08 00:51:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/02/03 09:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/01/25 18:31:34 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2006/12/01 17:37:23 | 000,021,120 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2006/09/19 14:44:04 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/06/10 10:41:22 | 000,008,078 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vgadrv.sys -- (vgadrv)
DRV - [2006/04/10 13:02:00 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RT25USBAP.SYS -- (RT25USBAP)
DRV - [2005/11/22 14:44:00 | 003,804,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/04/06 03:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/06 03:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/10/21 13:31:06 | 000,054,851 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2004/10/21 13:30:56 | 000,071,535 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/08/04 13:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/08/04 13:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 13:00:00 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2004/08/04 13:00:00 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)
DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003/12/22 09:28:20 | 000,104,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wceusbsh.sys -- (wceusbsh)
DRV - [2003/07/17 15:10:06 | 000,007,040 | R--- | M] (VIA Networking Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ntsim.sys -- (NTSIM)
DRV - [2003/03/24 14:18:48 | 000,426,052 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCWBT8xx.sys -- (HCWBT8XX)
DRV - [2002/07/17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Aspi32.sys -- (ASPI32)
DRV - [2002/07/10 17:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\S-1-5-21-1606980848-1078081533-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\S-1-5-21-1606980848-1078081533-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\S-1-5-21-1606980848-1078081533-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.173.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.2.2
FF - prefs.js..extensions.enabledItems: {47d1d620-5e5b-11da-8cd6-0800200c9a66}:2.0
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: GradientBrushedMetalFF3@pumpel.com:2.1.1
FF - prefs.js..network.proxy.autoconfig_url: "http://portal.uky.edu/proxy.pac"
FF - prefs.js..network.proxy.backup.ftp: "http://206.64.92.16"
FF - prefs.js..network.proxy.backup.ftp_port: 8000
FF - prefs.js..network.proxy.backup.gopher: "http://206.64.92.16"
FF - prefs.js..network.proxy.backup.gopher_port: 8000
FF - prefs.js..network.proxy.backup.socks: "http://206.64.92.16"
FF - prefs.js..network.proxy.backup.socks_port: 8000
FF - prefs.js..network.proxy.backup.ssl: "http://206.64.92.16"
FF - prefs.js..network.proxy.backup.ssl_port: 8000
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 0
FF - user.js..network.proxy.ssl: ""
FF - user.js..network.proxy.ssl_port: 0
FF - user.js..network.proxy.ftp: ""
FF - user.js..network.proxy.ftp_port: 0
FF - user.js..network.proxy.gopher: ""
FF - user.js..network.proxy.gopher_port: 0
FF - user.js..network.proxy.socks_version: 5
FF - user.js..network.proxy.socks: ""
FF - user.js..network.proxy.socks_port: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/13 14:34:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/02/12 23:36:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\tunebite-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\ [2009/03/03 00:06:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/02/14 14:25:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/14 23:27:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/14 23:00:52 | 000,000,000 | ---D | M]

[2009/02/07 13:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Extensions
[2009/02/07 13:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/13 19:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\hhelargf.default\extensions
[2008/07/09 20:08:25 | 000,000,000 | ---D | M] (Acid Burn) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\hhelargf.default\extensions\{47d1d620-5e5b-11da-8cd6-0800200c9a66}
[2009/03/28 15:19:02 | 000,000,000 | ---D | M] (Aquatint Black Gloss) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\hhelargf.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2010/01/31 19:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\hhelargf.default\extensions\DeviceDetection@logitech.com
[2009/03/28 15:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\hhelargf.default\extensions\GradientBrushedMetalFF3@pumpel.com
[2009/09/07 17:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\hhelargf.default\extensions\personas@christopher.beard
[2006/11/17 18:56:49 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\hhelargf.default\searchplugins\siteadvisor.xml
[2010/02/13 19:09:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/14 23:00:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/02/14 23:00:49 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/02/14 23:00:49 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/02/14 23:00:49 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/02/13 13:54:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Tunebite_WebRipPlugin Class) - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\..\Toolbar\WebBrowser: (&Save Flash) - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll (TODO: <Company name>)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\forteManager.lnk = C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\Program Files\Flash saver\save.htm ()
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm ()
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash saver\save.htm ()
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash saver\save.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1606980848-1078081533-682003330-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab (DLC Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Colin\My Documents\SimScape Test Files\Shed in Field.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Colin\My Documents\SimScape Test Files\Shed in Field.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/17 15:51:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/07/13 21:53:47 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe - (Logitech Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Umax VistaAccess.lnk - C:\VSTASCAN\VSACCESS.EXE - (UMAX Data Systems Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^Colin^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe - ()
MsConfig - StartUpReg: AnyDVD - hkey= - key= - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/17 18:12:47 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Colin\Desktop\OTL.exe
[2010/02/15 19:39:02 | 000,175,880 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Colin\Desktop\TDSSKiller.exe
[2010/02/14 01:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/02/14 01:39:47 | 000,000,000 | ---D | C] -- C:\rsit
[2010/02/13 20:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/13 19:27:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\HaxFix
[2010/02/13 14:17:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/13 14:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Local Settings\Application Data\AVG Security Toolbar
[2010/02/13 14:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/13 14:14:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/13 14:14:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/13 14:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/13 13:35:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/13 13:33:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/13 13:33:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/13 13:33:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/13 13:33:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/13 13:33:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/13 13:33:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/12 20:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\ImageShack Uploader
[2010/02/12 00:59:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Desktop\CandM
[2010/02/12 00:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\My Documents\Artisteer Templates
[2010/02/11 23:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spiral Graphics
[2010/02/10 21:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Application Data\Artisteer
[2010/02/10 21:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Artisteer 2
[2010/02/09 21:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\.gstreamer-0.10
[2010/02/09 21:16:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\My Documents\realXtend
[2010/02/09 21:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/02/09 21:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Naali0.1
[2010/02/06 19:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Desktop\buslink
[2010/02/06 00:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Application Data\Utherverse
[2010/02/01 23:45:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{77D5035B-97D7-4886-BE86-A7F9E26336CD}
[2010/01/31 19:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Application Data\Leadertech
[2010/01/31 19:53:39 | 000,266,008 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvrs.sys
[2010/01/31 19:53:39 | 000,199,192 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci12101110.dll
[2010/01/31 13:52:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Application Data\Radegast
[2010/01/31 13:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\Radegast
[2010/01/30 12:28:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Colin\PrivacIE
[2010/01/30 12:24:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Colin\IETldCache
[2010/01/30 12:05:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/01/30 12:03:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/01/30 02:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Desktop\asfbin1.6.1.703
[2010/01/27 18:35:16 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Colin\Recent
[2010/01/26 01:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Local Settings\Application Data\Yahoo!
[2010/01/23 12:27:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\My Documents\[ Rocks Shape and Skin etc ]
[2010/01/23 11:46:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Application Data\Meta7
[2010/01/23 11:46:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Local Settings\Application Data\Meta7
[2010/01/23 11:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Meta7Viewer
[2009/11/26 01:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/15 17:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/06/30 16:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Colin\My Documents\*.tmp files -> C:\Documents and Settings\Colin\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/17 22:25:37 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2010/02/17 22:13:47 | 055,761,015 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/17 21:48:04 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/17 20:59:13 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/17 20:59:13 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/02/17 20:59:12 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/02/17 20:59:12 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/02/17 20:59:11 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/02/17 20:57:37 | 000,171,435 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/17 20:56:45 | 000,005,486 | ---- | M] () -- C:\WINDOWS\Debug.ini
[2010/02/17 20:56:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/17 20:56:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/17 20:39:55 | 014,995,456 | ---- | M] () -- C:\Documents and Settings\Colin\ntuser.dat
[2010/02/17 20:39:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Colin\ntuser.ini
[2010/02/17 18:07:24 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colin\Desktop\OTL.exe
[2010/02/15 22:55:46 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/15 22:55:20 | 000,301,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/15 19:39:02 | 000,175,880 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Colin\Desktop\TDSSKiller.exe
[2010/02/14 20:22:25 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 18:11:02 | 000,003,858 | -H-- | M] () -- C:\Documents and Settings\Colin\My Documents\Default.rdp
[2010/02/14 18:09:13 | 000,387,113 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\CandM.artx
[2010/02/14 17:59:46 | 000,115,476 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Header2.png
[2010/02/14 15:53:41 | 000,079,880 | ---- | M] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/14 15:35:39 | 000,320,081 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Header.png
[2010/02/14 15:12:00 | 000,253,726 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Header-Background.png
[2010/02/14 15:08:37 | 000,466,272 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\cm-background2.PNG
[2010/02/14 14:21:43 | 000,014,802 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Page-BgTexture.jpg
[2010/02/14 14:16:45 | 000,193,798 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\cm-background.jpg
[2010/02/14 00:10:10 | 000,005,301 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Attach.zip
[2010/02/13 20:18:59 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\HiJackThis.lnk
[2010/02/13 14:28:42 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/13 14:28:40 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/13 14:28:40 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/13 14:27:22 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/02/13 14:15:36 | 000,001,511 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/13 14:10:05 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Windows Explorer.lnk
[2010/02/13 13:56:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/13 13:54:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/13 13:35:33 | 000,000,332 | RHS- | M] () -- C:\boot.ini
[2010/02/13 00:54:28 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Artisteer 2.lnk
[2010/02/13 00:30:28 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\Artisteer Tips.doc
[2010/02/12 00:50:18 | 002,157,146 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Artisteer2_User_Manual.pdf
[2010/02/11 23:35:44 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\metal-frame.jpg
[2010/02/11 08:20:07 | 002,157,146 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\Artisteer2_User_Manual.pdf
[2010/02/10 20:23:40 | 000,007,174 | ---- | M] () -- C:\Documents and Settings\Colin\.recently-used.xbel
[2010/02/10 18:23:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/02/10 18:23:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/02/09 21:14:36 | 000,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/02/09 21:14:36 | 000,110,592 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/02/08 20:34:36 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/02/08 20:34:36 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/02/07 19:57:18 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Things to Do next Visit to York.doc
[2010/02/07 12:10:20 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\Department for Work and Pensions.doc
[2010/02/06 11:26:03 | 000,002,207 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Virtual Vancouver 3D Client.lnk
[2010/02/06 02:17:35 | 000,000,153 | ---- | M] () -- C:\WINDOWS\asfbinapp.INI
[2010/02/05 23:58:17 | 000,002,198 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Red Light Center 3D Client.lnk
[2010/02/05 23:41:33 | 000,000,024 | ---- | M] () -- C:\url_history.xml
[2010/02/05 22:58:33 | 000,323,243 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\Render.jpg
[2010/02/05 22:58:33 | 000,173,248 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\Tunnel.jpg
[2010/02/05 22:58:32 | 000,166,102 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\Vent01.jpg
[2010/02/05 22:58:31 | 000,101,352 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\vent02.jpg
[2010/02/05 22:58:30 | 000,127,582 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\render2.jpg
[2010/02/01 23:47:57 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MyData Shortcut.lnk
[2010/02/01 23:47:57 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Furniture Editor.lnk
[2010/02/01 23:47:57 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Cloth Editor.lnk
[2010/02/01 23:47:57 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Block Editor.lnk
[2010/02/01 23:47:57 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Shop Editor.lnk
[2010/02/01 23:47:57 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Item Editor.lnk
[2010/02/01 23:47:57 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars City Editor.lnk
[2010/02/01 23:28:57 | 000,035,304 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\releasenotes_7109.pdf
[2010/02/01 23:13:13 | 000,048,128 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\John Blanshard 1697-1754.doc
[2010/01/31 19:50:40 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2010/01/31 13:52:44 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Radegast.lnk
[2010/01/31 10:54:38 | 000,000,804 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/31 10:54:38 | 000,000,262 | ---- | M] () -- C:\Boot.bak
[2010/01/30 20:36:40 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\Religious Houses of the East Riding.doc
[2010/01/30 17:13:31 | 000,029,374 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\500px-RadegastLGScreen2-20091011.jpg
[2010/01/30 17:11:10 | 000,071,043 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\rad_screeshot_objects.png
[2010/01/30 17:10:41 | 000,435,226 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\rad_screeshot_login.png
[2010/01/30 17:06:45 | 000,070,286 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\radegast.jpg
[2010/01/30 14:59:53 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Opensim Grids.doc
[2010/01/30 12:05:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/29 19:38:56 | 027,938,700 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\religioushouseso00lawtuoft.pdf
[2010/01/28 22:05:05 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Colin\My Documents\JB1719.doc
[2010/01/28 12:43:23 | 000,536,825 | ---- | M] () -- C:\HaxFix.exe
[2010/01/26 20:31:56 | 000,064,247 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\screen.jpg
[2010/01/23 11:46:50 | 000,000,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Meta7 Viewer.lnk
[2010/01/21 00:05:50 | 000,003,430 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\defaultProfile.xml
[2010/01/21 00:02:22 | 000,037,118 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\boat3.dae
[2010/01/21 00:01:43 | 000,007,643 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\GRC_vehicle.lua
[2010/01/20 00:30:24 | 000,212,577 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Developer Invite.jpg
[2010/01/20 00:25:33 | 000,074,502 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\_1J52II.jpg
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Colin\My Documents\*.tmp files -> C:\Documents and Settings\Colin\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/17 21:48:04 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/14 17:59:44 | 000,115,476 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Header2.png
[2010/02/14 15:12:00 | 000,320,081 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Header.png
[2010/02/14 15:12:00 | 000,253,726 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Header-Background.png
[2010/02/14 15:08:36 | 000,466,272 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\cm-background2.PNG
[2010/02/14 14:21:43 | 000,014,802 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Page-BgTexture.jpg
[2010/02/14 14:16:45 | 000,193,798 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\cm-background.jpg
[2010/02/14 00:10:09 | 000,005,301 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Attach.zip
[2010/02/13 20:16:00 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\HiJackThis.lnk
[2010/02/13 19:27:54 | 000,536,825 | ---- | C] () -- C:\HaxFix.exe
[2010/02/13 14:15:36 | 000,001,511 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/02/13 13:35:33 | 000,000,262 | ---- | C] () -- C:\Boot.bak
[2010/02/13 13:35:24 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/13 13:33:44 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/13 13:33:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/13 13:33:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/13 13:33:44 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/13 13:33:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/13 01:38:26 | 000,387,113 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\CandM.artx
[2010/02/13 00:54:28 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Artisteer 2.lnk
[2010/02/13 00:30:28 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\Artisteer Tips.doc
[2010/02/12 00:50:14 | 002,157,146 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Artisteer2_User_Manual.pdf
[2010/02/11 23:35:44 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\metal-frame.jpg
[2010/02/11 08:20:02 | 002,157,146 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\Artisteer2_User_Manual.pdf
[2010/02/10 20:23:40 | 000,007,174 | ---- | C] () -- C:\Documents and Settings\Colin\.recently-used.xbel
[2010/02/08 20:34:36 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/02/08 20:34:36 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/02/07 18:49:17 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Things to Do next Visit to York.doc
[2010/02/07 11:26:01 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\Department for Work and Pensions.doc
[2010/02/06 19:37:29 | 001,405,952 | R--- | C] () -- C:\Documents and Settings\Colin\Desktop\USB2MassStorage_v1019.exe
[2010/02/06 11:26:03 | 000,002,207 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Virtual Vancouver 3D Client.lnk
[2010/02/05 23:58:17 | 000,002,198 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Red Light Center 3D Client.lnk
[2010/02/05 22:58:18 | 000,323,243 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\Render.jpg
[2010/02/05 22:58:18 | 000,173,248 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\Tunnel.jpg
[2010/02/05 22:58:18 | 000,166,102 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\Vent01.jpg
[2010/02/05 22:58:18 | 000,127,582 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\render2.jpg
[2010/02/05 22:58:18 | 000,101,352 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\vent02.jpg
[2010/02/01 23:47:57 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MyData Shortcut.lnk
[2010/02/01 23:47:57 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Furniture Editor.lnk
[2010/02/01 23:47:57 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Cloth Editor.lnk
[2010/02/01 23:47:57 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Block Editor.lnk
[2010/02/01 23:47:57 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Shop Editor.lnk
[2010/02/01 23:47:57 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars Item Editor.lnk
[2010/02/01 23:47:57 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Blue Mars City Editor.lnk
[2010/02/01 23:28:57 | 000,035,304 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\releasenotes_7109.pdf
[2010/02/01 23:13:13 | 000,048,128 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\John Blanshard 1697-1754.doc
[2010/01/31 19:54:02 | 000,266,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVAFT.cfg
[2010/01/31 19:53:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/01/31 19:50:40 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2010/01/31 13:52:44 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Radegast.lnk
[2010/01/30 17:13:31 | 000,029,374 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\500px-RadegastLGScreen2-20091011.jpg
[2010/01/30 17:11:10 | 000,071,043 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\rad_screeshot_objects.png
[2010/01/30 17:10:41 | 000,435,226 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\rad_screeshot_login.png
[2010/01/30 17:06:45 | 000,070,286 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\radegast.jpg
[2010/01/30 10:22:56 | 000,045,056 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Opensim Grids.doc
[2010/01/29 21:27:51 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\Religious Houses of the East Riding.doc
[2010/01/29 19:37:12 | 027,938,700 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\religioushouseso00lawtuoft.pdf
[2010/01/28 22:05:04 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Colin\My Documents\JB1719.doc
[2010/01/26 20:31:54 | 000,064,247 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\screen.jpg
[2010/01/23 11:46:50 | 000,000,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Meta7 Viewer.lnk
[2010/01/21 00:05:48 | 000,003,430 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\defaultProfile.xml
[2010/01/21 00:02:19 | 000,037,118 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\boat3.dae
[2010/01/21 00:01:40 | 000,007,643 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\GRC_vehicle.lua
[2010/01/20 00:25:32 | 000,074,502 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\_1J52II.jpg
[2010/01/19 21:56:09 | 000,212,577 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Developer Invite.jpg
[2010/01/15 01:50:39 | 000,000,153 | ---- | C] () -- C:\WINDOWS\asfbinapp.INI
[2010/01/15 01:32:32 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/15 01:32:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/15 01:32:30 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/15 01:32:29 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/15 01:32:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/15 01:32:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/13 22:51:33 | 000,004,981 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/09/29 19:02:11 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2009/09/27 21:13:16 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini
[2009/09/09 20:18:43 | 000,000,088 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/05 13:25:56 | 000,917,504 | ---- | C] () -- C:\WINDOWS\j3dcore-d3d.dll
[2009/07/05 13:25:56 | 000,180,224 | ---- | C] () -- C:\WINDOWS\j3dcore-ogl.dll
[2009/07/05 13:25:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\j3dcore-ogl-cg.dll
[2009/06/20 19:39:29 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2009/06/20 19:39:29 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\HookMap.dll
[2009/06/20 19:39:29 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\smdll.dll
[2009/06/20 19:39:29 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2009/06/10 07:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 07:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 07:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 07:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/11 18:51:04 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/10/10 11:30:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\PUTTY.RND
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/01/18 22:18:33 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2008/01/12 02:08:12 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/01/12 02:08:11 | 000,585,791 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/01/03 23:35:39 | 000,002,321 | ---- | C] () -- C:\WINDOWS\vista32d.ini
[2008/01/03 23:31:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\vudcli32.dll
[2008/01/03 23:31:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ucmsp_32.ini
[2008/01/03 23:31:47 | 001,097,868 | ---- | C] () -- C:\WINDOWS\System32\first_dll.dll
[2008/01/03 23:31:47 | 000,276,480 | ---- | C] () -- C:\WINDOWS\System32\segment.dll
[2008/01/03 23:31:47 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MLL_SCAN05AB.dll
[2008/01/03 23:31:47 | 000,142,848 | ---- | C] () -- C:\WINDOWS\System32\myocr.dll
[2008/01/03 23:31:47 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\IO_PORT.dll
[2008/01/03 23:31:47 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\GPL_scanner.dll
[2008/01/03 23:31:47 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\ocrutil.dll
[2008/01/03 23:31:47 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\segsdk.dll
[2008/01/03 23:24:00 | 000,006,587 | ---- | C] () -- C:\WINDOWS\vista32.ini
[2008/01/03 23:24:00 | 000,000,189 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/01/03 23:24:00 | 000,000,065 | ---- | C] () -- C:\WINDOWS\umaxdrv.ini
[2008/01/03 23:23:57 | 000,001,571 | ---- | C] () -- C:\WINDOWS\faxcpp1.ini
[2008/01/03 23:23:57 | 000,000,422 | ---- | C] () -- C:\WINDOWS\faxcpp.ini
[2008/01/03 23:23:23 | 000,047,616 | R--- | C] () -- C:\WINDOWS\ucmsp_32.dll
[2008/01/03 23:23:15 | 000,135,200 | ---- | C] () -- C:\WINDOWS\u2x00_32.dll
[2008/01/03 23:23:15 | 000,106,528 | ---- | C] () -- C:\WINDOWS\u1230_32.dll
[2008/01/03 23:23:15 | 000,065,536 | ---- | C] () -- C:\WINDOWS\u2200_32.dll
[2008/01/03 23:23:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\usq3400.dll
[2008/01/03 23:23:15 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\sqEp2Usb.dll
[2008/01/03 23:23:15 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\SQUSBIO.dll
[2008/01/03 23:23:15 | 000,016,816 | ---- | C] () -- C:\WINDOWS\uns3400.ini
[2008/01/03 23:23:15 | 000,016,474 | ---- | C] () -- C:\WINDOWS\uns5400.ini
[2008/01/03 23:23:15 | 000,010,435 | ---- | C] () -- C:\WINDOWS\scan05a.ini
[2008/01/03 23:23:15 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys
[2008/01/03 23:23:15 | 000,000,668 | ---- | C] () -- C:\WINDOWS\umaxuapi.ini
[2008/01/03 23:23:14 | 000,030,208 | ---- | C] () -- C:\WINDOWS\uxmail32.dll
[2008/01/03 23:23:12 | 000,068,608 | ---- | C] () -- C:\WINDOWS\vufile32.dll
[2008/01/03 23:23:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\udnt.sys
[2008/01/03 23:22:41 | 000,000,500 | ---- | C] () -- C:\WINDOWS\Upmagic.ini
[2008/01/03 23:22:32 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Vss.ini
[2008/01/03 23:17:41 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Temp.ini
[2007/12/14 16:09:35 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/10/03 22:10:27 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/10/03 22:00:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2007/09/29 04:45:30 | 000,000,447 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/09/15 20:56:24 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/09/15 20:56:23 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/08/05 01:15:31 | 000,000,742 | ---- | C] () -- C:\WINDOWS\GyroSuit.ini
[2007/06/27 18:58:16 | 000,000,028 | ---- | C] () -- C:\WINDOWS\avinstalled.ini
[2007/06/16 15:40:45 | 000,002,482 | ---- | C] () -- C:\WINDOWS\Field.ini
[2007/06/08 13:53:13 | 000,001,223 | ---- | C] () -- C:\Documents and Settings\Colin\Application Data\cvf.ini
[2007/06/07 12:48:16 | 000,001,383 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2007/06/05 22:00:15 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Colin\Application Data\Colin_sp.adl
[2007/06/05 17:19:25 | 000,000,428 | ---- | C] () -- C:\Documents and Settings\Colin\Application Data\spell.cfg
[2007/06/05 17:10:13 | 001,265,664 | ---- | C] () -- C:\WINDOWS\lido.dll
[2007/04/26 20:26:51 | 000,480,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2007/04/23 21:37:31 | 000,102,196 | ---- | C] () -- C:\Documents and Settings\Colin\Application Data\debuggee.mdmp
[2007/04/22 15:41:47 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SW_Win2000X32.DLL
[2007/04/22 15:38:49 | 000,003,297 | ---- | C] () -- C:\WINDOWS\CX_SearchHistory.INI
[2007/04/22 15:38:43 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2007/04/22 15:38:43 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2007/04/22 15:38:43 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx13_ic.ini
[2007/04/10 01:55:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lua5.1.dll
[2007/04/03 17:34:34 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/03/09 17:09:34 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2007/03/09 17:09:32 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2007/03/01 11:38:42 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SDL_gfx.dll
[2007/01/25 18:31:36 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/01/20 04:47:46 | 001,483,465 | ---- | C] () -- C:\WINDOWS\System32\libswish-e-2.dll
[2006/11/20 23:46:44 | 000,005,350 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/19 20:24:53 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\vrecorder.dll
[2006/11/19 20:12:14 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2006/11/19 20:03:17 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2006/11/15 19:54:51 | 000,000,269 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2006/11/15 19:47:04 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/11/15 00:38:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/14 23:13:43 | 000,005,486 | ---- | C] () -- C:\WINDOWS\Debug.ini
[2006/11/14 22:29:35 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/28 03:29:02 | 000,061,447 | ---- | C] () -- C:\WINDOWS\System32\pcreposix.dll
[2006/08/27 21:48:58 | 004,484,537 | ---- | C] () -- C:\WINDOWS\System32\libxml2-2.dll
[2006/08/27 18:55:50 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2006/08/11 20:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 20:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(3).dll
[2006/08/11 20:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(2).dll
[2006/08/11 20:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/06/27 06:47:08 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2006/06/26 18:39:36 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/06/26 18:39:36 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\SDL_mixer.dll
[2006/06/26 18:39:36 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\smpeg.dll
[2006/06/26 18:39:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2006/06/26 18:39:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/06/16 15:15:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\physfs.dll
[2006/06/16 08:03:32 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\freeglut.dll
[2006/06/10 10:41:22 | 000,013,357 | ---- | C] () -- C:\WINDOWS\System32\vgadrv.dll
[2006/06/10 10:41:22 | 000,008,078 | ---- | C] () -- C:\WINDOWS\System32\drivers\vgadrv.sys
[2006/06/09 18:51:46 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\ode.dll
[2006/05/23 01:44:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\alut.dll
[2006/05/17 18:19:34 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\SDL_ttf.dll
[2006/05/17 18:10:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SDL_net.dll
[2006/05/17 09:57:36 | 000,385,090 | ---- | C] () -- C:\WINDOWS\System32\libtiff.dll
[2006/05/17 09:57:36 | 000,169,443 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll
[2006/05/17 09:57:36 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\libpng12.dll
[2006/05/17 09:57:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDL_image.dll
[2005/04/15 04:57:02 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\glfw.dll
[2003/02/10 00:13:10 | 000,000,416 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\systmsp2pb6
[2001/08/15 11:48:11 | 000,000,536 | -H-- | C] () -- C:\Documents and Settings\Colin\Application Data\winpmltspb6
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2006/10/08 13:18:58 | 064,102,256 | ---- | M] (NVIDIA Corporation ) -- C:\91.47_forceware_winxp2k_international_whql.exe
[2010/01/28 12:43:23 | 000,536,825 | ---- | M] () -- C:\HaxFix.exe
[2009/01/05 19:02:23 | 000,290,899 | ---- | M] () -- C:\ShutDownOpensim.exe


< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/04 13:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2004/08/04 13:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2010/02/17 20:40:24 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0888F409
< End of report >

Rock

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:58 AM

Posted 17 February 2010 - 05:04 PM

That's looking ok.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 18 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, Aclick on View sACcan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • Kaspersky report
  • New Rsit log

Thanks

unite.jpg


#11 RockVacirca

RockVacirca
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 18 February 2010 - 01:42 AM

OK, here are the Kaspersky and RSIT logs:

*KASPERSKY ONLINE SCANNER 7.0: scan report*
Thursday, February 18, 2010
Operating system: Microsoft Windows XP Professional Service Pack 2
(build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, February 17, 2010 16:47:12
Records in database: 3545693

*Scan settings*
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
*Scan area* My Computer
C:\
D:\
E:\
H:\
I:\
J:\
K:\
L:\
*Scan statistics*
Objects scanned 230771
Threats found 8
Infected objects found 16
Suspicious objects found 0
Scan duration 06:37:28


*File name* *Threat* *Threats count*
C:\Documents and Settings\Colin\Local Settings\Application
Data\Identities\{A23DA7E1-0F4C-4933-9C80-34F92A00790A}\Microsoft\Outlook
Express\Inbox.dbx Infected: Email-Worm.Win32.NetSky.d 1
C:\Documents and Settings\Colin\Shared\Motown Gold - The 1970's - Junior
Walker & the Allstars - Walk in the night.mp3 Infected:
Trojan-Downloader.WMA.GetCodec.y 1
C:\Program Files\AoA DVD Ripper\AoADVDRipper.exe Infected:
Trojan-Dropper.Win32.Delf.dxd 1
C:\Program Files\Copybot22Alpha\saviorchan\Meebey.SmartIrc4net.dll
Infected: Backdoor.MSIL.IrcBot.aj 1
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\00005a2b.tmp.vir
Infected: Trojan-Dropper.Win32.Steps.lb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\00005cb4.tmp.vir
Infected: Trojan-Dropper.Win32.Steps.lb 1
C:\Temp\Copybot22Alpha\saviorchan\Meebey.SmartIrc4net.dll Infected:
Backdoor.MSIL.IrcBot.aj 1
C:\Temp\dvdripper.exe Infected: Trojan-Dropper.Win32.Delf.dxd 1
C:\Temp\freeripmp3.exe Infected:
not-a-virus:WebToolbar.Win32.MyWebSearch.br 1
C:\Temp\mirc631.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Temp\vnc-4_1_3-x86_win32(2).exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.ad 2
C:\Temp\vnc-4_1_3-x86_win32.exe Infected:
not-a-virus:RemoteAdmin.Win32.WinVNC.ad 2
* Selected area has been scanned.*


Logfile of random's system information tool 1.06 (written by random/random)
Run by Colin at 2010-02-18 07:31:42
Microsoft Windows XP Professional Service Pack 2
System drive C: has 57 GB (33%) free of 172 GB
Total RAM: 3327 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:31:54, on 18/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\PROGRA~2\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Colin\Desktop\RSIT.exe
C:\Program Files\trend micro\Colin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: forteManager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~2\FLASHS~1\save.htm
O8 - Extra context menu item: Download Flash with Flash Capture - C:\Program Files\Flash Capture\dl.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~2\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~2\FLASHS~1\save.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01918E51-AEF1-49B4-86FB-EA882A40254D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{30793B5F-67E6-4A2B-8979-44D91B1AF537}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C2CD447-55CB-4EA9-B5A0-84D0C09B7E01}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{01918E51-AEF1-49B4-86FB-EA882A40254D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{01918E51-AEF1-49B4-86FB-EA882A40254D}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BroadWave Audio Streaming Server (BroadWaveService) - NCH Software - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 11467 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-02-13 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1119488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]
Tunebite_WebRipPlugin Class - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll [2009-02-04 144688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-18 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4064EA35-578D-4073-A834-C96D82CBCF40} - &Save Flash - C:\Program Files\Save Flash\SaveFlash.dll [2006-11-24 1155072]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2009-11-23 204048]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1119488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Dit"=C:\WINDOWS\Dit.exe [2004-07-20 90112]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-11-11 90112]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-08 30192]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-01-27 788880]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"MP10_EnsureFileVer"=C:\WINDOWS\inf\unregmp2.exe [2004-08-04 208896]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]
"AVG9_TRAY"=C:\PROGRA~2\AVG\AVG9\avgtray.exe [2010-02-13 2033432]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-03 401491]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2009-01-30 2542528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-01-15 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2006-11-10 249927]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2008-12-24 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-04-24 185784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2007-05-14 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~2\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~2\Logitech\SetPoint\KEM.exe [2004-10-28 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Nintendo Wi-Fi USB Connector Registration Tool.lnk]
C:\PROGRA~2\WIFICO~1\NINTEN~1.EXE [2006-04-20 1073152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Umax VistaAccess.lnk]
C:\VSTASCAN\vsaccess.exe [2001-03-15 2494464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Colin^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
C:\PROGRA~2\OPENOF~1.0\program\QUICKS~1.EXE [2006-01-25 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
forteManager.lnk - C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-02-13 12464]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SecondLife\SecondLife.exe"="C:\Program Files\SecondLife\SecondLife.exe:*:Enabled:Second Life"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\dwyco2\cdc32.exe"="C:\Program Files\dwyco2\cdc32.exe:*:Enabled:dwyco cdc32 for Windows95/98/ME/NT4/2K/XP"
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\SecondLife\SLVoice.exe"="C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"C:\Program Files\WS_FTP\WS_FTP95.exe"="C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\Temp\rexserver_0.2\rexserver\OpenSim.exe"="C:\Temp\rexserver_0.2\rexserver\OpenSim.exe:*:Enabled: "
"C:\Program Files\ESTsoft\ALFTP\ALFTP.exe"="C:\Program Files\ESTsoft\ALFTP\ALFTP.exe:*:Enabled:ALFTP"
"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:*:Enabled:Crysis_32_sp_demo"
"C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max Design 2009 32-bit"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-18 00:09:28 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-02-18 00:09:24 ----D---- C:\Program Files\Common Files\Java
2010-02-18 00:08:56 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-18 00:08:56 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-18 00:08:56 ----A---- C:\WINDOWS\system32\java.exe
2010-02-17 20:46:55 ----A---- C:\TDSSKiller.txt
2010-02-17 20:38:51 ----A---- C:\TDSSKiller.2.2.4_17.02.2010_20.38.51_log.txt
2010-02-14 22:54:26 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-14 01:39:47 ----D---- C:\rsit
2010-02-14 01:39:47 ----D---- C:\Program Files\trend micro
2010-02-13 20:16:00 ----D---- C:\Program Files\TrendMicro
2010-02-13 19:27:54 ----A---- C:\HaxFix.exe
2010-02-13 19:27:47 ----D---- C:\WINDOWS\HaxFix
2010-02-13 14:17:24 ----SHD---- C:\RECYCLER
2010-02-13 14:15:32 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-02-13 14:08:08 ----A---- C:\ComboFix.txt
2010-02-13 13:35:33 ----A---- C:\Boot.bak
2010-02-13 13:35:21 ----RASHD---- C:\cmdcons
2010-02-13 13:33:44 ----A---- C:\WINDOWS\zip.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\SWSC.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\SWREG.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\sed.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\PEV.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\NIRCMD.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\MBR.exe
2010-02-13 13:33:44 ----A---- C:\WINDOWS\grep.exe
2010-02-13 13:33:36 ----D---- C:\WINDOWS\ERDNT
2010-02-13 13:33:02 ----AD---- C:\Qoobox
2010-02-12 20:03:34 ----D---- C:\Program Files\ImageShack Uploader
2010-02-11 23:29:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spiral Graphics
2010-02-10 21:09:01 ----D---- C:\Documents and Settings\Colin\Application Data\Artisteer
2010-02-10 21:07:07 ----D---- C:\Program Files\Artisteer 2
2010-02-09 21:14:36 ----D---- C:\Program Files\OpenAL
2010-02-06 00:05:40 ----D---- C:\Documents and Settings\Colin\Application Data\Utherverse
2010-02-01 23:45:32 ----HDC---- C:\Documents and Settings\All Users\Application Data\{77D5035B-97D7-4886-BE86-A7F9E26336CD}
2010-01-31 19:54:54 ----D---- C:\Documents and Settings\Colin\Application Data\Leadertech
2010-01-31 19:53:39 ----A---- C:\WINDOWS\system32\lvci12101110.dll
2010-01-31 19:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB916089$
2010-01-31 13:52:58 ----D---- C:\Documents and Settings\Colin\Application Data\Radegast
2010-01-31 13:52:39 ----D---- C:\Program Files\Radegast
2010-01-30 12:05:25 ----D---- C:\WINDOWS\WBEM
2010-01-30 12:03:39 ----HDC---- C:\WINDOWS\ie8
2010-01-30 11:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$

======List of files/folders modified in the last 1 months======

2010-02-18 07:31:38 ----D---- C:\WINDOWS\Prefetch
2010-02-18 07:29:44 ----D---- C:\Documents and Settings\Colin\Application Data\Skype
2010-02-18 00:43:53 ----SD---- C:\WINDOWS\Tasks
2010-02-18 00:43:40 ----D---- C:\WINDOWS\Temp
2010-02-18 00:09:25 ----SHD---- C:\WINDOWS\Installer
2010-02-18 00:09:24 ----D---- C:\Program Files\Common Files
2010-02-18 00:08:56 ----D---- C:\WINDOWS\system32
2010-02-18 00:08:38 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-18 00:03:51 ----D---- C:\Documents and Settings\Colin\Application Data\skypePM
2010-02-18 00:02:12 ----A---- C:\WINDOWS\Debug.ini
2010-02-18 00:00:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-17 23:58:00 ----D---- C:\www
2010-02-17 23:53:14 ----D---- C:\Program Files\Utherverse Digital Inc
2010-02-17 23:52:32 ----D---- C:\Program Files
2010-02-17 23:50:56 ----D---- C:\Program Files\Java
2010-02-17 23:45:21 ----D---- C:\WINDOWS
2010-02-17 22:53:51 ----D---- C:\WINDOWS\system32\drivers
2010-02-17 22:49:49 ----D---- C:\Program Files\Mozilla Firefox
2010-02-17 21:48:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-17 20:38:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-14 22:54:27 ----D---- C:\WINDOWS\Debug
2010-02-14 22:53:47 ----D---- C:\Temp
2010-02-14 18:31:32 ----D---- C:\Documents and Settings\Colin\Application Data\Adobe
2010-02-14 15:17:37 ----RSD---- C:\WINDOWS\Fonts
2010-02-13 14:28:40 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-02-13 14:14:19 ----SD---- C:\Documents and Settings\Colin\Application Data\Microsoft
2010-02-13 14:13:42 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-02-13 13:56:07 ----A---- C:\WINDOWS\system.ini
2010-02-13 13:51:08 ----D---- C:\WINDOWS\system32\config
2010-02-13 13:46:54 ----D---- C:\WINDOWS\AppPatch
2010-02-13 13:35:33 ----RASH---- C:\boot.ini
2010-02-12 23:37:04 ----D---- C:\WINDOWS\system32\wbem
2010-02-12 23:37:03 ----D---- C:\WINDOWS\Registration
2010-02-12 17:11:14 ----D---- C:\Program Files\McAfee
2010-02-11 23:29:04 ----D---- C:\Program Files\Spiral Graphics
2010-02-11 23:01:47 ----HD---- C:\WINDOWS\inf
2010-02-09 21:15:02 ----D---- C:\WINDOWS\WinSxS
2010-02-09 21:14:36 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2010-02-09 21:14:36 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2010-02-07 14:48:54 ----D---- C:\WINDOWS\system32\NtmsData
2010-02-06 02:17:35 ----A---- C:\WINDOWS\asfbinapp.INI
2010-02-04 03:03:47 ----D---- C:\Documents and Settings\Colin\Application Data\Logitech
2010-02-01 23:47:06 ----D---- C:\Program Files\Blue Mars City Developer Tools
2010-02-01 18:43:22 ----D---- C:\WINDOWS\system
2010-01-31 19:54:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-31 19:54:13 ----D---- C:\Program Files\Common Files\LogiShrd
2010-01-31 19:54:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-31 19:53:11 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-31 19:50:37 ----D---- C:\Program Files\Logitech
2010-01-31 19:50:05 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2010-01-31 10:54:38 ----A---- C:\WINDOWS\win.ini
2010-01-31 10:54:37 ----D---- C:\WINDOWS\pss
2010-01-30 22:42:54 ----D---- C:\Documents and Settings\Colin\Application Data\Hippo_OpenSim_Viewer
2010-01-30 12:22:48 ----D---- C:\WINDOWS\Help
2010-01-30 12:22:48 ----D---- C:\Program Files\Internet Explorer
2010-01-30 12:05:39 ----A---- C:\WINDOWS\imsins.BAK
2010-01-30 12:05:25 ----D---- C:\WINDOWS\system32\en-us
2010-01-30 12:04:59 ----D---- C:\WINDOWS\Media
2010-01-30 11:54:00 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-27 22:15:05 ----D---- C:\WINDOWS\system32\Adobe
2010-01-19 00:47:26 ----D---- C:\Program Files\NCH Software

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-10-31 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-02-13 28424]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-02-13 360584]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-01-29 23976]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-11-22 3804416]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-01-30 103488]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2003-03-24 426052]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2004-10-21 54851]
R3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys []
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-10-21 71535]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2009-01-23 37664]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 CardReaderFilter;Card Reader Filter; \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Colin\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2009-10-07 23832]
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2009-10-07 114712]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2009-10-07 266008]
S3 LVUVC;Logitech QuickCam Fusion(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2009-10-07 6756632]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 msloop;Microsoft Loopback Adapter Driver; C:\WINDOWS\system32\DRIVERS\loop.sys [2004-08-04 4992]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2006-12-01 21120]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-10 162816]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USB_RNDIS;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver v2; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 12672]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 vgadrv;vgadrv; C:\WINDOWS\system32\DRIVERS\vgadrv.sys [2006-06-10 8078]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-22 104064]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-09-27 79360]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-02-13 285392]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-18 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1181328]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-12-08 93320]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-07-13 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-04-19 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 BroadWaveService;BroadWave Audio Streaming Server; C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe [2009-08-17 593924]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-08 30192]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-01-15 504104]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Rock

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:58 AM

Posted 18 February 2010 - 11:18 AM

Can you tell me if you are having any more problems? and have you set up any proxy settings for IE?

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the icon on your desktop.
  • Paste the following code under the area. Do not include the word "Code".
    CODE
    :Reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"=-
    :Files
    C:\Documents and Settings\Colin\Shared\Motown Gold - The 1970's - Junior Walker & the Allstars - Walk in the night.mp3
    C:\Program Files\AoA DVD Ripper\AoADVDRipper.exe
    C:\Program Files\Copybot22Alpha\saviorchan\Meebey.SmartIrc4net.dll
    C:\Temp\Copybot22Alpha\saviorchan\Meebey.SmartIrc4net.dll
    C:\Temp\dvdripper.exe
    C:\Temp\freeripmp3.exe
    :Commands
    [Purity]
    [EmptyTemp]
  • Push the large button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

unite.jpg


#13 RockVacirca

RockVacirca
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 18 February 2010 - 12:29 PM

Regarding problems, I have not been using this machine while this cleaning has been in progress, just been using my laptop instead. But I have not noticed any popups today. I do not use IE, as I prefer Firefox, and I have never set up any proxy settings. I have just had a look under Internet Options for IE, Connections, and it is all blank in there and nothing under LAN settings either.

Here is the log from OTM (ouch, ouch, ouch - that deleted my entire Temp folder. I had over 120MB of books in there, and lots of work-in-progress, ouch!)


All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
========== FILES ==========
C:\Documents and Settings\Colin\Shared\Motown Gold - The 1970's - Junior Walker & the Allstars - Walk in the night.mp3 moved successfully.
C:\Program Files\AoA DVD Ripper\AoADVDRipper.exe moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Copybot22Alpha\saviorchan\Meebey.SmartIrc4net.dll
C:\Program Files\Copybot22Alpha\saviorchan\Meebey.SmartIrc4net.dll moved successfully.
DllUnregisterServer procedure not found in C:\Temp\Copybot22Alpha\saviorchan\Meebey.SmartIrc4net.dll
C:\Temp\Copybot22Alpha\saviorchan\Meebey.SmartIrc4net.dll moved successfully.
C:\Temp\dvdripper.exe moved successfully.
C:\Temp\freeripmp3.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Colin
->Temp folder emptied: 265661209 bytes
->Temporary Internet Files folder emptied: 12612603 bytes
->Java cache emptied: 5621121 bytes
->FireFox cache emptied: 96887433 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155672 bytes
%systemroot%\System32 .tmp files removed: 2450944 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 141848 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2970812898 bytes

Total Files Cleaned = 3,199.00 mb


OTM by OldTimer - Version 3.1.8.0 log created on 02182010_181152

Files moved on Reboot...

Registry entries deleted on Reboot...


Rock


Regarding problems, I have not been using this machine while this cleaning has been in progress, just been using my laptop instead. But I have not noticed any popups today. I do not use IE, as I prefer Firefox, and I have never set up any proxy settings. I have just had a look under Internet Options for IE, Connections, and it is all blank in there and nothing under LAN settings either.

Here is the log from OTM (ouch, ouch, ouch - that deleted my entire Temp folder. I had over 120MB of books in there, and lots of work-in-progress, ouch!)


All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
========== FILES ==========
C:\Documents and Settings\Colin\Shared\Motown Gold - The 1970's - Junior Walker & the Allstars - Walk in the night.mp3 moved successfully.
C:\Program Files\AoA DVD Ripper\AoADVDRipper.exe moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Copybot22Alpha\saviorchan\Meebey.SmartIrc4net.dll
C:\Program Files\Copybot22Alpha\saviorchan\Meebey.SmartIrc4net.dll moved successfully.
DllUnregisterServer procedure not found in C:\Temp\Copybot22Alpha\saviorchan\Meebey.SmartIrc4net.dll
C:\Temp\Copybot22Alpha\saviorchan\Meebey.SmartIrc4net.dll moved successfully.
C:\Temp\dvdripper.exe moved successfully.
C:\Temp\freeripmp3.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Colin
->Temp folder emptied: 265661209 bytes
->Temporary Internet Files folder emptied: 12612603 bytes
->Java cache emptied: 5621121 bytes
->FireFox cache emptied: 96887433 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155672 bytes
%systemroot%\System32 .tmp files removed: 2450944 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 141848 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2970812898 bytes

Total Files Cleaned = 3,199.00 mb


OTM by OldTimer - Version 3.1.8.0 log created on 02182010_181152

Files moved on Reboot...

Registry entries deleted on Reboot...


Rock

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:58 AM

Posted 18 February 2010 - 01:54 PM

QUOTE
that deleted my entire Temp folder. I had over 120MB of books in there, and lots of work-in-progress, ouch!


Which Temp folder are you referring too?

unite.jpg


#15 RockVacirca

RockVacirca
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 18 February 2010 - 03:01 PM

Oh-oh! ;)

I was taking OTM at its word, and when it said:

QUOTE
->Temp folder emptied: 265661209 bytes


I thought 'Oh-no! 265MB!! That is all my books and wip in my c:\temp fiolder sad.gif

I then checked the Recycle bin and that was empty too, so I feared the worse.

ACTUALLY smile.gif I just checked after reading your reply, and it is all there (phew!), so it looks like OTM creates another Temp folder, fills it with all the rubbish it has found, then deletes that.

Panic over.

Is the PC clean now?

Rock

Edited by RockVacirca, 18 February 2010 - 03:07 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users