Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with 'Trojan horse Pakes.AV'


  • This topic is locked This topic is locked
32 replies to this topic

#1 richa2002

richa2002

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 08 March 2010 - 05:18 AM

Hi all

I have been sent here from http://www.bleepingcomputer.com/forums/top...ml#entry1656254.

One of the symptoms of my problem is that 75% of the time when I click a Google search result, it redirects me to a random website. I have done a full scan with AVG to no avail. A week ago, AVG was picking this up as 'Trojan Horse Pakes.AV' and the resident shield would pop informing me it has removed a threat and the file name always looks like this: 'C:\WINDOWS\Temp\(random string of 4 letters).tmp\svchost.exe'. The random string of 4 letters changes every time. AVG's resident shield no longer seems to be picking this up so I'm not sure if that's a good or a bad thing!

I am using Windows XP Professional SP3 and I'm using Firefox as my browser.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Richard at 10:11:39.29 on 08/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2141 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Richard\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride =
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-8287-79A187E26987} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Fraps] c:\fraps\FRAPS.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [PostCopy] c:\windows\system32\belkin\f5d5050\PostCopy.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\blu-ray disc suite" updatewithcreateonce "software\cyberlink\PowerStarter"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\richard\startm~1\programs\startup\outloo~1.lnk - c:\program files\outlook express\msimn.exe
StartupFolder: c:\docume~1\richard\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239233472218&h=e27106f198a1b622829dbad747a9537e/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,5907/mcfscan.cab
TCP: {B588FE11-FB34-4D15-9757-B85B57038BDF} = 194.72.9.34,62.6.40.178
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\richard\applic~1\mozilla\firefox\profiles\d72y6p6a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\richard\application data\mozilla\firefox\profiles\d72y6p6a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\richard\application data\mozilla\firefox\profiles\d72y6p6a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-19 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-19 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-26 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-26 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-26 285392]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [2009-7-7 3584]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-6-11 2560]
R3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [2009-4-7 20160]
S2 gupdate1c9d4c69f1a5b0c;Google Update Service (gupdate1c9d4c69f1a5b0c);c:\program files\google\update\GoogleUpdate.exe [2009-5-14 133104]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\richard\locals~1\temp\aswarkrn.sys --> c:\docume~1\richard\locals~1\temp\aswArKrn.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-10-8 79360]
S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files\common files\creative labs shared\service\DDLLicensing.exe [2009-10-8 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\common files\just flight limited shared\service\JustFlightLimitedLicSvc.exe [2009-8-4 69632]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-9-1 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-9-1 8320]
S3 PIBus;PIBus Device;c:\windows\system32\drivers\pibus.sys --> c:\windows\system32\drivers\PIBus.sys [?]
S3 PIKbd;PI Virtual Keyboard;c:\windows\system32\drivers\pikbd.sys --> c:\windows\system32\drivers\PIKbd.sys [?]
S3 WmaCAudio;WmaCAudio;c:\windows\system32\drivers\WmaCAudio.sys [2009-7-31 23096]

=============== Created Last 30 ================

2010-03-06 17:27:57 53248 ------w- c:\windows\system32\mwgfxvb.dll
2010-03-06 17:27:56 28672 ------w- c:\windows\system32\mwgfxcopy.exe
2010-03-06 17:27:56 237056 ------w- c:\windows\system32\mwgfx24.dll
2010-03-06 17:27:56 191488 ------w- c:\windows\system32\mwgfx.dll
2010-03-06 17:27:55 256512 ------w- c:\windows\system32\mwdlg.dll
2010-03-06 17:27:54 56832 ------w- c:\windows\system32\mwace.dll
2010-03-06 17:27:54 49152 ------w- c:\windows\system32\mwddsvb.dll
2010-03-06 17:27:54 27136 ------w- c:\windows\system32\mwacevb.dll
2010-03-06 17:27:54 104960 ------w- c:\windows\system32\mwdds.dll
2010-03-06 17:27:44 0 d-----w- c:\program files\RW_Tools
2010-03-03 15:43:13 0 ----a-w- c:\documents and settings\richard\defogger_reenable
2010-03-02 01:01:06 0 d-----w- c:\windows\McAfee.com
2010-03-02 00:45:52 10752 ----a-w- c:\windows\DCEBoot.exe
2010-03-02 00:38:07 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-01 21:01:41 22528 ----a-w- c:\windows\system\svchost.exe
2010-03-01 21:01:25 0 d-sh--w- c:\windows\system32\lowsec
2010-02-26 14:36:07 0 d-----w- c:\docume~1\richard\applic~1\AVG9
2010-02-25 21:02:22 0 d-----w- c:\program files\Actual Installer
2010-02-24 16:27:40 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-24 16:27:33 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-24 16:27:33 0 d-----w- c:\docume~1\richard\applic~1\SUPERAntiSpyware.com
2010-02-23 17:37:51 0 d-----w- c:\docume~1\richard\applic~1\Malwarebytes
2010-02-23 17:37:42 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 17:37:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-20 12:49:00 0 d-----w- c:\program files\Lavasoft
2010-02-10 11:56:30 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2010-02-10 11:56:25 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2010-02-10 11:56:22 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2010-02-10 11:56:22 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2010-02-10 11:56:21 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2010-02-10 11:56:21 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2010-02-10 11:56:19 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2010-02-10 11:56:06 456832 ------w- c:\windows\system32\dllcache\mrxsmb.sys

==================== Find3M ====================

2010-03-08 09:57:48 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-08 05:44:41 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-28 14:33:01 17408 ----a-w- C:\psapi.dll
2010-02-17 11:45:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-21 12:03:46 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2010-01-17 13:10:48 59240 ----a-w- c:\windows\system32\GenSvcInst.exe
2010-01-17 13:10:48 38944 ----a-w- c:\windows\system32\drivers\CDRBSDRV.SYS
2010-01-17 13:10:48 139264 ----a-w- c:\windows\system32\bgsvcgen.exe
2010-01-01 07:58:29 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-30 10:07:46 60068 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 05:53:44 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2009-12-08 23:52:36 2189312 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 23:10:32 2066176 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 18:20:54 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:20:54 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 17:40:31 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 17:40:31 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-06 14:30:17 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040620090407\index.dat

============= FINISH: 10:13:12.76 ===============

Hope someone can help.

Thanks!

Attached Files


Edited by richa2002, 08 March 2010 - 05:19 AM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:12 PM

Posted 10 March 2010 - 07:28 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I
would appreciate if you would let me no so I can close this topic.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt

Thanks

unite.jpg


#3 richa2002

richa2002
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 10 March 2010 - 08:59 PM

Hi there

Malwarebytes' Anti-Malware 1.44
Database version: 3850
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/03/2010 01:49:23
mbam-log-2010-03-11 (01-49-23).txt

Scan type: Quick Scan
Objects scanned: 141353
Time elapsed: 13 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Temp\bojt.tmp\svchost.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system\svchost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.


Attached are info.txt and log.txt

Attached Files

  • Attached File  info.txt   45.04KB   1 downloads
  • Attached File  log.txt   42.32KB   3 downloads


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:12 PM

Posted 11 March 2010 - 06:06 PM

Hi richa2002,

How is the computer running now, are you still getting redirected?

When replying with the logs please paste them all into the topic rather than attaching them., thanks.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • OTL.txt
  • Extra.txt
  • mbr.log

Thanks

unite.jpg


#5 richa2002

richa2002
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 12 March 2010 - 07:46 AM

Thanks for your reply! The problems seems to have improved but it is still there unfortunately.
OTL.txt
OTL logfile created on: 12/03/2010 12:24:00 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Richard\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 132.09 Gb Free Space | 22.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 190.46 Gb Free Space | 20.45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 465.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: ARMSTRONGPC
Current User Name: Richard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/12 12:22:12 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\OTL.exe
PRC - [2010/02/24 01:46:04 | 000,684,032 | ---- | M] (RailSimulator.com) -- C:\Program Files\Steam\steamapps\common\railworks\BlueprintEditor.exe
PRC - [2010/02/24 01:40:58 | 001,217,872 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010/01/25 22:51:25 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/17 13:10:48 | 000,139,264 | ---- | M] (SOURCENEXT) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2010/01/01 11:54:24 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2009/12/12 11:24:24 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/26 19:53:52 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/26 19:53:52 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/26 19:53:50 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/26 19:53:48 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/06/11 14:16:33 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2009/02/06 16:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/01/21 01:05:18 | 000,960,560 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/21 01:04:02 | 000,377,248 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/21 00:59:56 | 004,359,600 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/01/08 19:07:03 | 000,975,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/01/03 11:28:20 | 001,203,880 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps.exe
PRC - [2008/12/29 17:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/12/20 06:50:34 | 002,656,528 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 06:46:58 | 000,558,864 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2008/12/19 12:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/11 14:50:26 | 000,019,968 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2008/07/11 14:46:44 | 000,969,216 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2008/04/14 00:12:28 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2006/01/07 01:36:10 | 000,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
PRC - [2003/06/18 00:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe


========== Modules (SafeList) ==========

MOD - [2010/03/12 12:22:12 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\OTL.exe
MOD - [2009/01/03 11:24:20 | 000,176,128 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/17 13:10:48 | 000,139,264 | ---- | M] (SOURCENEXT) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2009/11/26 19:53:50 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/26 19:53:48 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/10/08 11:18:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/10/08 10:35:12 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe -- (Creative Dolby Digital Live Pack Licensing Service)
SRV - [2009/08/04 14:39:25 | 000,069,632 | ---- | M] (Just Flight Limited) [On_Demand | Stopped] -- C:\Program Files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe -- (Just Flight Limited License Service)
SRV - [2009/06/11 14:16:33 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2009/06/02 09:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/04/24 22:11:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/21 01:04:00 | 000,618,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/12/29 17:27:38 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/12/16 20:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/01/06 21:25:12 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/01/15 04:31:00 | 000,782,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe -- (NetMDSB)


========== Driver Services (SafeList) ==========

DRV - [2010/01/17 13:10:48 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009/11/26 19:53:59 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/26 19:53:59 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/26 19:53:53 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/09/04 13:16:14 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/01/21 12:54:14] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2009/07/24 07:00:18 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmaCAudio.sys -- (WmaCAudio)
DRV - [2009/06/10 17:33:00 | 008,087,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/06/04 01:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/04 01:46:56 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/04 01:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/04 01:46:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/04 01:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/04 01:46:34 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/05/09 00:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/15 13:12:49 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/04/15 13:12:47 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/04/15 13:12:47 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/04/15 13:12:45 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2009/03/19 13:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/03/19 13:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/09 07:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 07:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 07:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/12/17 06:02:06 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008/12/17 06:01:42 | 006,364,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008/12/17 06:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/17 06:00:12 | 000,768,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/12/16 20:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/15 17:12:38 | 001,173,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2008/07/15 17:11:14 | 000,092,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2008/07/15 17:10:28 | 000,157,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2008/07/15 17:09:44 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2008/07/15 17:08:36 | 000,127,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2008/07/15 17:08:08 | 000,347,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2008/07/15 17:07:18 | 000,527,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2008/07/15 17:06:46 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2008/07/15 16:23:42 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2008/07/15 16:23:22 | 000,170,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2008/07/15 16:22:46 | 001,323,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2008/05/20 09:53:00 | 004,800,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 21:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/02 15:54:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2006/08/11 15:56:32 | 000,515,456 | ---- | M] (Windows ® 2000/XP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SndTDriverV32.sys -- (SndTDriverV32)
DRV - [2006/06/13 04:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 04:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 04:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 04:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 04:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/06/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/03/17 07:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 07:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006/03/17 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/11/21 05:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/08/13 10:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/08/17 11:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)
DRV - [1996/09/27 08:10:48 | 000,003,584 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DLPORTIO.sys -- (DLPortIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-602162358-412668190-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-602162358-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-602162358-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-602162358-412668190-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/08 01:12:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/25 22:51:37 | 000,000,000 | ---D | M]

[2009/04/06 22:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Mozilla\Extensions
[2010/03/11 11:19:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\d72y6p6a.default\extensions
[2009/09/07 00:29:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\d72y6p6a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/20 15:04:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\d72y6p6a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/20 15:04:58 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\d72y6p6a.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010/03/11 11:19:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/25 22:51:29 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/25 22:51:29 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/25 22:51:29 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/25 22:51:29 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/04/24 21:30:21 | 000,000,800 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-602162358-412668190-682003330-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] File not found
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [PostCopy] C:\WINDOWS\system32\BELKIN\F5D5050\PostCopy.exe ()
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-602162358-412668190-682003330-1003..\Run: [Fraps] C:\Fraps\fraps.exe (Beepa P/L)
O4 - HKU\S-1-5-21-602162358-412668190-682003330-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [_nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [_nltide_2] File not found
O4 - Startup: C:\Documents and Settings\Richard\Start Menu\Programs\Startup\Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Richard\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-602162358-412668190-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/...907/mcfscan.cab (McFreeScan Class)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - File not found
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (schannel.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/06 14:28:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/04/06 14:27:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BDRegion - hkey= - key= - C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
MsConfig - StartUpReg: DLA - hkey= - key= - File not found
MsConfig - StartUpReg: Google Quick Search Box - hkey= - key= - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: LGODDFU - hkey= - key= - C:\Program Files\lg_fwupdate\fwupdate.exe (BitLeader)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: NokiaMusic FastStart - hkey= - key= - C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SsAAD.exe - hkey= - key= - M:\PROGRA~1\Sony\SONICS~1\SsAAD.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17736316556935168)

========== Files/Folders - Created Within 30 Days ==========

[2010/03/12 12:22:12 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\OTL.exe
[2010/03/12 12:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/03/11 01:57:38 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/03/11 01:57:37 | 000,000,000 | ---D | C] -- C:\rsit
[2010/03/11 01:56:15 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/11 01:32:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/11 01:32:56 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/08 21:04:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\vlc
[2010/03/06 21:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/03/06 21:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/06 17:27:57 | 000,053,248 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwgfxvb.dll
[2010/03/06 17:27:56 | 000,237,056 | ---- | C] (MW Publishing) -- C:\WINDOWS\System32\mwgfx24.dll
[2010/03/06 17:27:56 | 000,191,488 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwgfx.dll
[2010/03/06 17:27:56 | 000,028,672 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwgfxcopy.exe
[2010/03/06 17:27:55 | 000,256,512 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwdlg.dll
[2010/03/06 17:27:54 | 000,104,960 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwdds.dll
[2010/03/06 17:27:54 | 000,056,832 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwace.dll
[2010/03/06 17:27:54 | 000,049,152 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwddsvb.dll
[2010/03/06 17:27:54 | 000,027,136 | ---- | C] (MW Graphics) -- C:\WINDOWS\System32\mwacevb.dll
[2010/03/06 17:27:44 | 000,000,000 | ---D | C] -- C:\Program Files\RW_Tools
[2010/03/02 01:16:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/03/02 01:01:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\McAfee.com
[2010/03/02 00:38:07 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/02/26 14:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\AVG9
[2010/02/25 21:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\Actual Installer
[2010/02/24 16:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/24 16:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\SUPERAntiSpyware.com
[2010/02/24 16:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/23 17:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard\Application Data\Malwarebytes
[2010/02/23 17:37:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/23 17:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/23 12:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/02/23 12:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/02/23 12:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/02/20 12:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/02/20 12:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/17 19:32:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2009/11/26 19:48:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/26 19:48:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/26 19:48:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/26 19:48:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/10/02 10:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Nokia
[2009/05/15 10:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/05/14 19:03:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/07/11 14:51:46 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/12 12:24:14 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\mbr.exe
[2010/03/12 12:22:12 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richard\Desktop\OTL.exe
[2010/03/12 12:12:03 | 000,521,078 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 12:12:03 | 000,441,012 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/12 12:12:03 | 000,070,908 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/12 12:11:58 | 057,001,849 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/12 12:07:06 | 000,000,689 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2010/03/12 12:06:51 | 000,236,551 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/12 12:05:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/12 12:05:56 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/03/12 12:05:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/12 12:05:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/12 12:05:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/03/12 01:41:47 | 000,054,928 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2010/03/12 01:41:47 | 000,054,928 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2010/03/12 01:41:47 | 000,000,788 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000005-00211102}.rfx
[2010/03/12 01:41:39 | 013,893,632 | -H-- | M] () -- C:\Documents and Settings\Richard\NTUSER.DAT
[2010/03/12 01:41:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Richard\ntuser.ini
[2010/03/12 01:37:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/11 17:38:16 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/11 11:47:34 | 001,572,918 | ---- | M] () -- C:\temp.bmp
[2010/03/11 11:42:26 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\psapi.dll
[2010/03/11 01:33:01 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/09 17:50:58 | 000,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/03/09 17:36:49 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 9.lnk
[2010/03/08 18:53:32 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/03/08 12:50:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/08 01:26:42 | 003,790,650 | -H-- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\IconCache.db
[2010/03/06 17:27:49 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\RW_Tools.lnk
[2010/03/03 16:14:52 | 000,183,296 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 15:43:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Richard\defogger_reenable
[2010/03/03 15:42:51 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\Defogger.exe
[2010/03/03 00:56:50 | 000,001,564 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\RS_Tools_Pro.lnk
[2010/03/02 00:45:52 | 000,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2010/03/02 00:34:52 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\housecall.guid.cache
[2010/03/02 00:06:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/25 21:02:24 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\Richard\Desktop\Actual Installer.lnk
[2010/02/24 08:31:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/17 11:45:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/12 12:24:14 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\mbr.exe
[2010/03/11 11:36:17 | 001,572,918 | ---- | C] () -- C:\temp.bmp
[2010/03/11 01:33:01 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/06 17:27:49 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\RW_Tools.lnk
[2010/03/03 15:43:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Richard\defogger_reenable
[2010/03/03 15:42:51 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\Defogger.exe
[2010/03/03 00:56:50 | 000,001,564 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\RS_Tools_Pro.lnk
[2010/03/02 00:45:52 | 000,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2010/03/02 00:34:52 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\housecall.guid.cache
[2010/02/25 21:22:37 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Richard\Desktop\Actual Installer.lnk
[2010/02/21 12:53:50 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/03 22:44:12 | 001,215,448 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2
[2010/01/21 12:02:33 | 000,000,300 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2009/11/05 14:12:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/07 22:10:31 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2009/10/01 23:36:06 | 000,363,968 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/07 14:49:11 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\DLPORTIO.sys
[2009/06/11 14:16:34 | 000,000,689 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2009/06/11 14:16:33 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2009/06/10 07:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 07:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 07:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 07:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/06/08 12:47:33 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2009/06/03 23:55:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009/05/17 11:50:46 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/05/10 10:34:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/03 14:15:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/10 16:04:04 | 000,000,174 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/04/08 19:11:04 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/04/06 18:06:33 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Richard\Application Data\Settings.cfg
[2009/04/06 16:57:36 | 000,183,296 | ---- | C] () -- C:\Documents and Settings\Richard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/06 16:15:12 | 000,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/04/06 14:33:50 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/04/06 14:33:35 | 000,035,682 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/04/06 14:33:35 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/16 20:58:54 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 20:50:56 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/07/15 15:35:42 | 000,030,305 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2008/07/11 15:22:30 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/07/11 14:50:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2006/10/02 16:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2003/07/13 03:40:28 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\SAWZipNG.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/01/08 19:41:28 | 017,778,664 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/01/08 19:41:28 | 017,778,664 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/03/11 21:29:25 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2009/01/08 19:09:48 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2008/04/14 04:42:34 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2008/04/14 04:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2006/11/08 06:25:24 | 000,116,688 | R--- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\Program Files\VIA\Setup\viastor\DRIVER\Raid\winnt40\viamraid.sys
[2006/11/08 06:23:52 | 000,102,912 | R--- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Program Files\VIA\Setup\viastor\DRIVER\Raid\winxp\viamraid.sys
[2006/11/08 06:23:52 | 000,102,912 | R--- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\WINDOWS\system32\drivers\viamraid.sys
[2006/11/08 06:23:52 | 000,102,912 | R--- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\WINDOWS\system32\DRVSTORE\viamraid_0B7BD2CE86023D524D8509B41571686ECF13C39F\viamraid.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >

Extras.txt
OTL Extras logfile created on: 12/03/2010 12:24:00 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Richard\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 132.09 Gb Free Space | 22.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 190.46 Gb Free Space | 20.45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 465.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: ARMSTRONGPC
Current User Name: Richard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-602162358-412668190-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Visicom Media\AceFTP 3 Freeware\aceftp3free.exe" = C:\Program Files\Visicom Media\AceFTP 3 Freeware\aceftp3free.exe:*:Enabled:AceFTP v3 -- (Visicom Media Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Richard\Desktop\flashget.exe" = C:\Documents and Settings\Richard\Desktop\flashget.exe:*:Enabled:Flashget -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe" = C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia -- File not found
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe" = C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\common\railworks\RailWorks.exe" = C:\Program Files\Steam\steamapps\common\railworks\RailWorks.exe:*:Enabled:RailWorks -- (RailSimulator.com)
"C:\Program Files\Steam\steamapps\common\railworks beta\RailWorks.exe" = C:\Program Files\Steam\steamapps\common\railworks beta\RailWorks.exe:*:Enabled:RailWorks Beta -- (RailSimulator.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5C03F-B35E-4A68-80EC-082C41E08205}" = Just Trains Cargowaggon IWB for RailWorks
"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0824EE6D-137F-4B83-9628-8E7B000BEBA6}" = Rail Simulator
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{0EEB3C40-2A8C-4045-B3F9-13C4A5C490C0}" = Nokia Home Media Server
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}" = MD Simple Burner 2.0.05
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EB6C056-02BB-453E-8448-EC90B9794180}" = Nokia Multimedia Common Components 2.4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8B53527D-BBB2-43A5-91D7-9ED772FD737F}" = Skype web features
"{8FB9C5CB-DD8E-4D97-8A4E-6C3AB033F265}" = Just Trains Newcastle to York Modern (for Rail Simulator)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.4
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B8D91F6B-803A-4579-9DAD-1377B56DC657}" = TMPGEnc Authoring Works 4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEA18030-8B42-1286-EF64-CDA6BD083888}" = BBC iPlayer Desktop
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}" = Nokia Ovi One Touch Access
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5EB9193-9FEF-44BD-B9EF-1D3F9B9C0C70}" = Just Trains Newcastle to York Modern (for RailWorks)
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA51496-49D4-4FBF-9866-A2E2F40FAC7A}" = Sony Sound Forge 9.0
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeā„¢ 4.1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC432844-6914-4421-910C-F1B05B3A761C}" = Nokia Music
"{E3FED8DD-4690-4E7D-BC23-6C6494CC0443}" = Nokia Ovi Suite
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AceFTP 3 Freeware" = AceFTP 3 Freeware
"AcMgrDDL" = DDL and DTS Connect License Activation
"Actual Installer" = Actual Installer 3.4
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AudioCS" = Creative Audio Console
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"Canon iP4300 User Registration" = Canon iP4300 User Registration
"Console Launcher" = Creative Console Launcher
"Cool FLAC To MP3 Converter_is1" = Cool FLAC To MP3 Converter 1.0
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DriverLINX Port I/O Driver" = DriverLINX Port I/O Driver
"DVD Audio Ripper 4" = DVD Audio Ripper 4
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"F5D5050" = F5D5050 Driver Uninstall
"Fraps" = Fraps (remove only)
"GoldWave v5.52" = GoldWave v5.52
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0824EE6D-137F-4B83-9628-8E7B000BEBA6}"


Edited by syler, 12 March 2010 - 01:17 PM.
remove duplicate logs


#6 richa2002

richa2002
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 12 March 2010 - 07:47 AM

"InstallShield_{0824EE6D-137F-4B83-9628-8E7B000BEBA6}" = Rail Simulator
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"IrfanView" = IrfanView (remove only)
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mk3 Coach Sound Pack for Rail Simulator" = Mk3 Coach Sound Pack for Rail Simulator
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"QSetup Installation Suite" = QSetup Installation Suite
"RDMWII" = RailDriver MWII
"ReClock" = ReClock (remove only)
"SimSig King's Cross_is1" = SimSig King's Cross V2.111
"SimSig North London Line_is1" = SimSig North London Line V2.102
"SimSig System_is1" = SimSig V2.103
"Steam App 24000" = RailWorks Beta
"Steam App 24010" = RailWorks
"Steam App 24012" = Railworks_BonusContent
"SystemRequirementsLab" = System Requirements Lab
"Total Video Converter 3.21_is1" = Total Video Converter 3.21 090220
"Uninstaller_

Edited by richa2002, 12 March 2010 - 07:50 AM.


#7 richa2002

richa2002
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 12 March 2010 - 07:48 AM

*mistaken post*

Edited by richa2002, 12 March 2010 - 07:48 AM.


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:12 PM

Posted 12 March 2010 - 06:52 PM

Hi

Please be careful when posting your logs, you just posted the same logs 3 times in one reply and also made two extra posts,
it just make the thread unnecessarily long and bloated. You also didn't post the mbr.log, can you post that please.

unite.jpg


#9 richa2002

richa2002
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 12 March 2010 - 07:41 PM

I'm sorry, I really didn't realise that I did that. When I tried to post it kept coming up with an error of which I can't remember and it wasn't about the length of the post so I kept going back to try. I then found I'd posted it a number of times. The extras.txt log didn't post in it's entirety so here it is:



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
OTL Extras logfile created on: 12/03/2010 12:24:00 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Richard\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 132.09 Gb Free Space | 22.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 190.46 Gb Free Space | 20.45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 465.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: ARMSTRONGPC
Current User Name: Richard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-602162358-412668190-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Visicom Media\AceFTP 3 Freeware\aceftp3free.exe" = C:\Program Files\Visicom Media\AceFTP 3 Freeware\aceftp3free.exe:*:Enabled:AceFTP v3 -- (Visicom Media Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Richard\Desktop\flashget.exe" = C:\Documents and Settings\Richard\Desktop\flashget.exe:*:Enabled:Flashget -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe" = C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia -- File not found
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe" = C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\common\railworks\RailWorks.exe" = C:\Program Files\Steam\steamapps\common\railworks\RailWorks.exe:*:Enabled:RailWorks -- (RailSimulator.com)
"C:\Program Files\Steam\steamapps\common\railworks beta\RailWorks.exe" = C:\Program Files\Steam\steamapps\common\railworks beta\RailWorks.exe:*:Enabled:RailWorks Beta -- (RailSimulator.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5C03F-B35E-4A68-80EC-082C41E08205}" = Just Trains Cargowaggon IWB for RailWorks
"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0824EE6D-137F-4B83-9628-8E7B000BEBA6}" = Rail Simulator
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{0EEB3C40-2A8C-4045-B3F9-13C4A5C490C0}" = Nokia Home Media Server
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}" = MD Simple Burner 2.0.05
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EB6C056-02BB-453E-8448-EC90B9794180}" = Nokia Multimedia Common Components 2.4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8B53527D-BBB2-43A5-91D7-9ED772FD737F}" = Skype web features
"{8FB9C5CB-DD8E-4D97-8A4E-6C3AB033F265}" = Just Trains Newcastle to York Modern (for Rail Simulator)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.4
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B8D91F6B-803A-4579-9DAD-1377B56DC657}" = TMPGEnc Authoring Works 4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEA18030-8B42-1286-EF64-CDA6BD083888}" = BBC iPlayer Desktop
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}" = Nokia Ovi One Touch Access
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5EB9193-9FEF-44BD-B9EF-1D3F9B9C0C70}" = Just Trains Newcastle to York Modern (for RailWorks)
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA51496-49D4-4FBF-9866-A2E2F40FAC7A}" = Sony Sound Forge 9.0
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC432844-6914-4421-910C-F1B05B3A761C}" = Nokia Music
"{E3FED8DD-4690-4E7D-BC23-6C6494CC0443}" = Nokia Ovi Suite
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AceFTP 3 Freeware" = AceFTP 3 Freeware
"AcMgrDDL" = DDL and DTS Connect License Activation
"Actual Installer" = Actual Installer 3.4
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AudioCS" = Creative Audio Console
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"Canon iP4300 User Registration" = Canon iP4300 User Registration
"Console Launcher" = Creative Console Launcher
"Cool FLAC To MP3 Converter_is1" = Cool FLAC To MP3 Converter 1.0
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DriverLINX Port I/O Driver" = DriverLINX Port I/O Driver
"DVD Audio Ripper 4" = DVD Audio Ripper 4
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"F5D5050" = F5D5050 Driver Uninstall
"Fraps" = Fraps (remove only)
"GoldWave v5.52" = GoldWave v5.52
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0824EE6D-137F-4B83-9628-8E7B000BEBA6}" = Rail Simulator
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"IrfanView" = IrfanView (remove only)
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mk3 Coach Sound Pack for Rail Simulator" = Mk3 Coach Sound Pack for Rail Simulator
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"QSetup Installation Suite" = QSetup Installation Suite
"RDMWII" = RailDriver MWII
"ReClock" = ReClock (remove only)
"SimSig King's Cross

I'm sorry, I didn't realise I'd done as a page kept appearing saying the connection had been reset so I kept going back to try and again without knowing it had actually posted. It appears that the extras.txt log didn't post in its entirety. Here it is:
OTL Extras logfile created on: 12/03/2010 12:24:00 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Richard\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 132.09 Gb Free Space | 22.16% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 190.46 Gb Free Space | 20.45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 465.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS

Computer Name: ARMSTRONGPC
Current User Name: Richard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-602162358-412668190-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Visicom Media\AceFTP 3 Freeware\aceftp3free.exe" = C:\Program Files\Visicom Media\AceFTP 3 Freeware\aceftp3free.exe:*:Enabled:AceFTP v3 -- (Visicom Media Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Richard\Desktop\flashget.exe" = C:\Documents and Settings\Richard\Desktop\flashget.exe:*:Enabled:Flashget -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe" = C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia -- File not found
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe" = C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\steamapps\common\railworks\RailWorks.exe" = C:\Program Files\Steam\steamapps\common\railworks\RailWorks.exe:*:Enabled:RailWorks -- (RailSimulator.com)
"C:\Program Files\Steam\steamapps\common\railworks beta\RailWorks.exe" = C:\Program Files\Steam\steamapps\common\railworks beta\RailWorks.exe:*:Enabled:RailWorks Beta -- (RailSimulator.com)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5C03F-B35E-4A68-80EC-082C41E08205}" = Just Trains Cargowaggon IWB for RailWorks
"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0824EE6D-137F-4B83-9628-8E7B000BEBA6}" = Rail Simulator
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{0EEB3C40-2A8C-4045-B3F9-13C4A5C490C0}" = Nokia Home Media Server
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}" = MD Simple Burner 2.0.05
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{64963F0E-03F2-4B59-8D1B-1806545E7092}" = NVIDIA DDS Utilities
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EB6C056-02BB-453E-8448-EC90B9794180}" = Nokia Multimedia Common Components 2.4
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8B53527D-BBB2-43A5-91D7-9ED772FD737F}" = Skype web features
"{8FB9C5CB-DD8E-4D97-8A4E-6C3AB033F265}" = Just Trains Newcastle to York Modern (for Rail Simulator)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 3.4
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B8D91F6B-803A-4579-9DAD-1377B56DC657}" = TMPGEnc Authoring Works 4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BEA18030-8B42-1286-EF64-CDA6BD083888}" = BBC iPlayer Desktop
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4B045DB-C2C0-4A05-8DA5-754B4733EE31}" = Nokia Ovi One Touch Access
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5EB9193-9FEF-44BD-B9EF-1D3F9B9C0C70}" = Just Trains Newcastle to York Modern (for RailWorks)
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCA51496-49D4-4FBF-9866-A2E2F40FAC7A}" = Sony Sound Forge 9.0
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DA507A38-4B2A-40C0-90AC-E30AAA0B757C}" = Vegas Movie Studio Platinum 9.0
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DC432844-6914-4421-910C-F1B05B3A761C}" = Nokia Music
"{E3FED8DD-4690-4E7D-BC23-6C6494CC0443}" = Nokia Ovi Suite
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AceFTP 3 Freeware" = AceFTP 3 Freeware
"AcMgrDDL" = DDL and DTS Connect License Activation
"Actual Installer" = Actual Installer 3.4
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AudioCS" = Creative Audio Console
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"Canon iP4300 User Registration" = Canon iP4300 User Registration
"Console Launcher" = Creative Console Launcher
"Cool FLAC To MP3 Converter_is1" = Cool FLAC To MP3 Converter 1.0
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"DriverLINX Port I/O Driver" = DriverLINX Port I/O Driver
"DVD Audio Ripper 4" = DVD Audio Ripper 4
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"F5D5050" = F5D5050 Driver Uninstall
"Fraps" = Fraps (remove only)
"GoldWave v5.52" = GoldWave v5.52
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0824EE6D-137F-4B83-9628-8E7B000BEBA6}" = Rail Simulator
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"IrfanView" = IrfanView (remove only)
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mk3 Coach Sound Pack for Rail Simulator" = Mk3 Coach Sound Pack for Rail Simulator
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3019
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"QSetup Installation Suite" = QSetup Installation Suite
"RDMWII" = RailDriver MWII
"ReClock" = ReClock (remove only)
"SimSig King's Cross_is1" = SimSig King's Cross V2.111
"SimSig North London Line_is1" = SimSig North London Line V2.102
"SimSig System_is1" = SimSig V2.103
"Steam App 24000" = RailWorks Beta
"Steam App 24010" = RailWorks
"Steam App 24012" = Railworks_BonusContent
"SystemRequirementsLab" = System Requirements Lab
"Total Video Converter 3.21_is1" = Total Video Converter 3.21 090220
"Uninstaller_B83E4000_Just Trains Newcastle to York Modern License" = Just Trains Newcastle to York Modern License (Shared Components)
"Uninstaller_B8F27000_Cargowaggon IWB" = Cargowaggon IWB (Shared Components)
"VLC media

#10 richa2002

richa2002
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 12 March 2010 - 07:44 PM

It still won't post in it's entirety, it's like all the information is not getting through resulting in a 'connection was reset' error when i post. I think it's best I attach all three of the requested files as that's a sure-fire way of knowing you are getting all the information. Thank you for your perseverance.

Attached Files

  • Attached File  Extras.Txt   63.91KB   0 downloads
  • Attached File  mbr.log   311bytes   2 downloads
  • Attached File  OTL.Txt   100.41KB   0 downloads

Edited by richa2002, 12 March 2010 - 07:44 PM.


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:12 PM

Posted 12 March 2010 - 07:58 PM

  • Go to Kaspersky and Download TDSSKiller.zip.
  • Extract the contents of TDSSKiller.zip to your Desktop.
  • Double click on TDSSKiller.exe to run it.
  • If it finds something and asks you what to do, follow the instructions to type in "delete".
  • When done, a log file should be created on your C: drive called TDSSKiller.txt please post this log in your next reply.

unite.jpg


#12 richa2002

richa2002
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 12 March 2010 - 08:23 PM

Here's hoping this one posts okay!


00:59:25:569 5140 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
00:59:25:569 5140 ================================================================================
00:59:25:569 5140 SystemInfo:

00:59:25:569 5140 OS Version: 5.1.2600 ServicePack: 3.0
00:59:25:569 5140 Product type: Workstation
00:59:25:569 5140 ComputerName: ARMSTRONGPC
00:59:25:569 5140 UserName: Richard
00:59:25:569 5140 Windows directory: C:\WINDOWS
00:59:25:569 5140 Processor architecture: Intel x86
00:59:25:569 5140 Number of processors: 2
00:59:25:569 5140 Page size: 0x1000
00:59:25:569 5140 Boot type: Normal boot
00:59:25:569 5140 ================================================================================
00:59:25:600 5140 UnloadDriverW: NtUnloadDriver error 2
00:59:25:600 5140 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
00:59:25:631 5140 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
00:59:25:631 5140 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
00:59:25:631 5140 wfopen_ex: Trying to KLMD file open
00:59:25:631 5140 wfopen_ex: File opened ok (Flags 2)
00:59:25:631 5140 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
00:59:25:647 5140 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
00:59:25:647 5140 wfopen_ex: Trying to KLMD file open
00:59:25:647 5140 wfopen_ex: File opened ok (Flags 2)
00:59:25:647 5140 Initialize success
00:59:25:647 5140
00:59:25:647 5140 Scanning Services ...
00:59:26:397 5140 GetAdvancedServicesInfo: Raw services enum returned 409 services
00:59:26:413 5140
00:59:26:413 5140 Scanning Kernel memory ...
00:59:26:413 5140 Devices to scan: 14
00:59:26:413 5140
00:59:26:413 5140 Driver Name: Disk
00:59:26:413 5140 IRP_MJ_CREATE : B810EBB0
00:59:26:413 5140 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:59:26:413 5140 IRP_MJ_CLOSE : B810EBB0
00:59:26:413 5140 IRP_MJ_READ : B8108D1F
00:59:26:413 5140 IRP_MJ_WRITE : B8108D1F
00:59:26:413 5140 IRP_MJ_QUERY_INFORMATION : 804F4562
00:59:26:413 5140 IRP_MJ_SET_INFORMATION : 804F4562
00:59:26:413 5140 IRP_MJ_QUERY_EA : 804F4562
00:59:26:413 5140 IRP_MJ_SET_EA : 804F4562
00:59:26:413 5140 IRP_MJ_FLUSH_BUFFERS : B81092E2
00:59:26:413 5140 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:59:26:413 5140 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:59:26:413 5140 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:59:26:413 5140 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:59:26:413 5140 IRP_MJ_DEVICE_CONTROL : B81093BB
00:59:26:413 5140 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
00:59:26:413 5140 IRP_MJ_SHUTDOWN : B81092E2
00:59:26:413 5140 IRP_MJ_LOCK_CONTROL : 804F4562
00:59:26:413 5140 IRP_MJ_CLEANUP : 804F4562
00:59:26:413 5140 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:59:26:413 5140 IRP_MJ_QUERY_SECURITY : 804F4562
00:59:26:413 5140 IRP_MJ_SET_SECURITY : 804F4562
00:59:26:413 5140 IRP_MJ_POWER : B810AC82
00:59:26:413 5140 IRP_MJ_SYSTEM_CONTROL : B810F99E
00:59:26:413 5140 IRP_MJ_DEVICE_CHANGE : 804F4562
00:59:26:413 5140 IRP_MJ_QUERY_QUOTA : 804F4562
00:59:26:413 5140 IRP_MJ_SET_QUOTA : 804F4562
00:59:26:413 5140 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:59:26:413 5140
00:59:26:413 5140 Driver Name: usbstor
00:59:26:413 5140 IRP_MJ_CREATE : B8475218
00:59:26:413 5140 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:59:26:413 5140 IRP_MJ_CLOSE : B8475218
00:59:26:413 5140 IRP_MJ_READ : B847523C
00:59:26:413 5140 IRP_MJ_WRITE : B847523C
00:59:26:413 5140 IRP_MJ_QUERY_INFORMATION : 804F4562
00:59:26:413 5140 IRP_MJ_SET_INFORMATION : 804F4562
00:59:26:413 5140 IRP_MJ_QUERY_EA : 804F4562
00:59:26:413 5140 IRP_MJ_SET_EA : 804F4562
00:59:26:413 5140 IRP_MJ_FLUSH_BUFFERS : 804F4562
00:59:26:413 5140 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:59:26:413 5140 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:59:26:413 5140 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:59:26:413 5140 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:59:26:413 5140 IRP_MJ_DEVICE_CONTROL : B8475180
00:59:26:413 5140 IRP_MJ_INTERNAL_DEVICE_CONTROL : B84709E6
00:59:26:413 5140 IRP_MJ_SHUTDOWN : 804F4562
00:59:26:413 5140 IRP_MJ_LOCK_CONTROL : 804F4562
00:59:26:413 5140 IRP_MJ_CLEANUP : 804F4562
00:59:26:413 5140 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:59:26:413 5140 IRP_MJ_QUERY_SECURITY : 804F4562
00:59:26:413 5140 IRP_MJ_SET_SECURITY : 804F4562
00:59:26:413 5140 IRP_MJ_POWER : B84745F0
00:59:26:413 5140 IRP_MJ_SYSTEM_CONTROL : B8472A6E
00:59:26:413 5140 IRP_MJ_DEVICE_CHANGE : 804F4562
00:59:26:413 5140 IRP_MJ_QUERY_QUOTA : 804F4562
00:59:26:413 5140 IRP_MJ_SET_QUOTA : 804F4562
00:59:26:428 5140 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
00:59:26:428 5140
00:59:26:428 5140 Driver Name: Disk
00:59:26:428 5140 IRP_MJ_CREATE : B810EBB0
00:59:26:428 5140 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:59:26:428 5140 IRP_MJ_CLOSE : B810EBB0
00:59:26:428 5140 IRP_MJ_READ : B8108D1F
00:59:26:428 5140 IRP_MJ_WRITE : B8108D1F
00:59:26:428 5140 IRP_MJ_QUERY_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_SET_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_EA : 804F4562
00:59:26:428 5140 IRP_MJ_SET_EA : 804F4562
00:59:26:428 5140 IRP_MJ_FLUSH_BUFFERS : B81092E2
00:59:26:428 5140 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_DEVICE_CONTROL : B81093BB
00:59:26:428 5140 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
00:59:26:428 5140 IRP_MJ_SHUTDOWN : B81092E2
00:59:26:428 5140 IRP_MJ_LOCK_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_CLEANUP : 804F4562
00:59:26:428 5140 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_SECURITY : 804F4562
00:59:26:428 5140 IRP_MJ_SET_SECURITY : 804F4562
00:59:26:428 5140 IRP_MJ_POWER : B810AC82
00:59:26:428 5140 IRP_MJ_SYSTEM_CONTROL : B810F99E
00:59:26:428 5140 IRP_MJ_DEVICE_CHANGE : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_QUOTA : 804F4562
00:59:26:428 5140 IRP_MJ_SET_QUOTA : 804F4562
00:59:26:428 5140 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:59:26:428 5140
00:59:26:428 5140 Driver Name: Disk
00:59:26:428 5140 IRP_MJ_CREATE : B810EBB0
00:59:26:428 5140 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:59:26:428 5140 IRP_MJ_CLOSE : B810EBB0
00:59:26:428 5140 IRP_MJ_READ : B8108D1F
00:59:26:428 5140 IRP_MJ_WRITE : B8108D1F
00:59:26:428 5140 IRP_MJ_QUERY_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_SET_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_EA : 804F4562
00:59:26:428 5140 IRP_MJ_SET_EA : 804F4562
00:59:26:428 5140 IRP_MJ_FLUSH_BUFFERS : B81092E2
00:59:26:428 5140 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_DEVICE_CONTROL : B81093BB
00:59:26:428 5140 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
00:59:26:428 5140 IRP_MJ_SHUTDOWN : B81092E2
00:59:26:428 5140 IRP_MJ_LOCK_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_CLEANUP : 804F4562
00:59:26:428 5140 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_SECURITY : 804F4562
00:59:26:428 5140 IRP_MJ_SET_SECURITY : 804F4562
00:59:26:428 5140 IRP_MJ_POWER : B810AC82
00:59:26:428 5140 IRP_MJ_SYSTEM_CONTROL : B810F99E
00:59:26:428 5140 IRP_MJ_DEVICE_CHANGE : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_QUOTA : 804F4562
00:59:26:428 5140 IRP_MJ_SET_QUOTA : 804F4562
00:59:26:428 5140 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:59:26:428 5140
00:59:26:428 5140 Driver Name: Disk
00:59:26:428 5140 IRP_MJ_CREATE : B810EBB0
00:59:26:428 5140 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:59:26:428 5140 IRP_MJ_CLOSE : B810EBB0
00:59:26:428 5140 IRP_MJ_READ : B8108D1F
00:59:26:428 5140 IRP_MJ_WRITE : B8108D1F
00:59:26:428 5140 IRP_MJ_QUERY_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_SET_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_EA : 804F4562
00:59:26:428 5140 IRP_MJ_SET_EA : 804F4562
00:59:26:428 5140 IRP_MJ_FLUSH_BUFFERS : B81092E2
00:59:26:428 5140 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_DEVICE_CONTROL : B81093BB
00:59:26:428 5140 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
00:59:26:428 5140 IRP_MJ_SHUTDOWN : B81092E2
00:59:26:428 5140 IRP_MJ_LOCK_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_CLEANUP : 804F4562
00:59:26:428 5140 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_SECURITY : 804F4562
00:59:26:428 5140 IRP_MJ_SET_SECURITY : 804F4562
00:59:26:428 5140 IRP_MJ_POWER : B810AC82
00:59:26:428 5140 IRP_MJ_SYSTEM_CONTROL : B810F99E
00:59:26:428 5140 IRP_MJ_DEVICE_CHANGE : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_QUOTA : 804F4562
00:59:26:428 5140 IRP_MJ_SET_QUOTA : 804F4562
00:59:26:428 5140 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:59:26:428 5140
00:59:26:428 5140 Driver Name: Disk
00:59:26:428 5140 IRP_MJ_CREATE : B810EBB0
00:59:26:428 5140 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:59:26:428 5140 IRP_MJ_CLOSE : B810EBB0
00:59:26:428 5140 IRP_MJ_READ : B8108D1F
00:59:26:428 5140 IRP_MJ_WRITE : B8108D1F
00:59:26:428 5140 IRP_MJ_QUERY_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_SET_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_EA : 804F4562
00:59:26:428 5140 IRP_MJ_SET_EA : 804F4562
00:59:26:428 5140 IRP_MJ_FLUSH_BUFFERS : B81092E2
00:59:26:428 5140 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_DEVICE_CONTROL : B81093BB
00:59:26:428 5140 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
00:59:26:428 5140 IRP_MJ_SHUTDOWN : B81092E2
00:59:26:428 5140 IRP_MJ_LOCK_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_CLEANUP : 804F4562
00:59:26:428 5140 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_SECURITY : 804F4562
00:59:26:428 5140 IRP_MJ_SET_SECURITY : 804F4562
00:59:26:428 5140 IRP_MJ_POWER : B810AC82
00:59:26:428 5140 IRP_MJ_SYSTEM_CONTROL : B810F99E
00:59:26:428 5140 IRP_MJ_DEVICE_CHANGE : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_QUOTA : 804F4562
00:59:26:428 5140 IRP_MJ_SET_QUOTA : 804F4562
00:59:26:428 5140 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:59:26:428 5140
00:59:26:428 5140 Driver Name: usbstor
00:59:26:428 5140 IRP_MJ_CREATE : B8475218
00:59:26:428 5140 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:59:26:428 5140 IRP_MJ_CLOSE : B8475218
00:59:26:428 5140 IRP_MJ_READ : B847523C
00:59:26:428 5140 IRP_MJ_WRITE : B847523C
00:59:26:428 5140 IRP_MJ_QUERY_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_SET_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_EA : 804F4562
00:59:26:428 5140 IRP_MJ_SET_EA : 804F4562
00:59:26:428 5140 IRP_MJ_FLUSH_BUFFERS : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_DEVICE_CONTROL : B8475180
00:59:26:428 5140 IRP_MJ_INTERNAL_DEVICE_CONTROL : B84709E6
00:59:26:428 5140 IRP_MJ_SHUTDOWN : 804F4562
00:59:26:428 5140 IRP_MJ_LOCK_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_CLEANUP : 804F4562
00:59:26:428 5140 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_SECURITY : 804F4562
00:59:26:428 5140 IRP_MJ_SET_SECURITY : 804F4562
00:59:26:428 5140 IRP_MJ_POWER : B84745F0
00:59:26:428 5140 IRP_MJ_SYSTEM_CONTROL : B8472A6E
00:59:26:428 5140 IRP_MJ_DEVICE_CHANGE : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_QUOTA : 804F4562
00:59:26:428 5140 IRP_MJ_SET_QUOTA : 804F4562
00:59:26:428 5140 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
00:59:26:428 5140
00:59:26:428 5140 Driver Name: usbstor
00:59:26:428 5140 IRP_MJ_CREATE : B8475218
00:59:26:428 5140 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:59:26:428 5140 IRP_MJ_CLOSE : B8475218
00:59:26:428 5140 IRP_MJ_READ : B847523C
00:59:26:428 5140 IRP_MJ_WRITE : B847523C
00:59:26:428 5140 IRP_MJ_QUERY_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_SET_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_EA : 804F4562
00:59:26:428 5140 IRP_MJ_SET_EA : 804F4562
00:59:26:428 5140 IRP_MJ_FLUSH_BUFFERS : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_DEVICE_CONTROL : B8475180
00:59:26:428 5140 IRP_MJ_INTERNAL_DEVICE_CONTROL : B84709E6
00:59:26:428 5140 IRP_MJ_SHUTDOWN : 804F4562
00:59:26:428 5140 IRP_MJ_LOCK_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_CLEANUP : 804F4562
00:59:26:428 5140 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_SECURITY : 804F4562
00:59:26:428 5140 IRP_MJ_SET_SECURITY : 804F4562
00:59:26:428 5140 IRP_MJ_POWER : B84745F0
00:59:26:428 5140 IRP_MJ_SYSTEM_CONTROL : B8472A6E
00:59:26:428 5140 IRP_MJ_DEVICE_CHANGE : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_QUOTA : 804F4562
00:59:26:428 5140 IRP_MJ_SET_QUOTA : 804F4562
00:59:26:428 5140 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
00:59:26:428 5140
00:59:26:428 5140 Driver Name: usbstor
00:59:26:428 5140 IRP_MJ_CREATE : B8475218
00:59:26:428 5140 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:59:26:428 5140 IRP_MJ_CLOSE : B8475218
00:59:26:428 5140 IRP_MJ_READ : B847523C
00:59:26:428 5140 IRP_MJ_WRITE : B847523C
00:59:26:428 5140 IRP_MJ_QUERY_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_SET_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_EA : 804F4562
00:59:26:428 5140 IRP_MJ_SET_EA : 804F4562
00:59:26:428 5140 IRP_MJ_FLUSH_BUFFERS : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:59:26:428 5140 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_DEVICE_CONTROL : B8475180
00:59:26:428 5140 IRP_MJ_INTERNAL_DEVICE_CONTROL : B84709E6
00:59:26:428 5140 IRP_MJ_SHUTDOWN : 804F4562
00:59:26:428 5140 IRP_MJ_LOCK_CONTROL : 804F4562
00:59:26:428 5140 IRP_MJ_CLEANUP : 804F4562
00:59:26:428 5140 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_SECURITY : 804F4562
00:59:26:428 5140 IRP_MJ_SET_SECURITY : 804F4562
00:59:26:428 5140 IRP_MJ_POWER : B84745F0
00:59:26:428 5140 IRP_MJ_SYSTEM_CONTROL : B8472A6E
00:59:26:428 5140 IRP_MJ_DEVICE_CHANGE : 804F4562
00:59:26:428 5140 IRP_MJ_QUERY_QUOTA : 804F4562
00:59:26:428 5140 IRP_MJ_SET_QUOTA : 804F4562
00:59:26:428 5140 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
00:59:26:428 5140
00:59:26:444 5140 Driver Name: usbstor
00:59:26:444 5140 IRP_MJ_CREATE : B8475218
00:59:26:444 5140 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:59:26:444 5140 IRP_MJ_CLOSE : B8475218
00:59:26:444 5140 IRP_MJ_READ : B847523C
00:59:26:444 5140 IRP_MJ_WRITE : B847523C
00:59:26:444 5140 IRP_MJ_QUERY_INFORMATION : 804F4562
00:59:26:444 5140 IRP_MJ_SET_INFORMATION : 804F4562
00:59:26:444 5140 IRP_MJ_QUERY_EA : 804F4562
00:59:26:444 5140 IRP_MJ_SET_EA : 804F4562
00:59:26:444 5140 IRP_MJ_FLUSH_BUFFERS : 804F4562
00:59:26:444 5140 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:59:26:444 5140 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:59:26:444 5140 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:59:26:444 5140 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:59:26:444 5140 IRP_MJ_DEVICE_CONTROL : B8475180
00:59:26:444 5140 IRP_MJ_INTERNAL_DEVICE_CONTROL : B84709E6
00:59:26:444 5140 IRP_MJ_SHUTDOWN : 804F4562
00:59:26:444 5140 IRP_MJ_LOCK_CONTROL : 804F4562
00:59:26:444 5140 IRP_MJ_CLEANUP : 804F4562
00:59:26:444 5140 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:59:26:444 5140 IRP_MJ_QUERY_SECURITY : 804F4562
00:59:26:444 5140 IRP_MJ_SET_SECURITY : 804F4562
00:59:26:444 5140 IRP_MJ_POWER : B84745F0
00:59:26:444 5140 IRP_MJ_SYSTEM_CONTROL : B8472A6E
00:59:26:444 5140 IRP_MJ_DEVICE_CHANGE : 804F4562
00:59:26:444 5140 IRP_MJ_QUERY_QUOTA : 804F4562
00:59:26:444 5140 IRP_MJ_SET_QUOTA : 804F4562
00:59:26:444 5140 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
00:59:26:444 5140
00:59:26:444 5140 Driver Name: Disk
00:59:26:444 5140 IRP_MJ_CREATE : B810EBB0
00:59:26:444 5140 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:59:26:444 5140 IRP_MJ_CLOSE : B810EBB0
00:59:26:444 5140 IRP_MJ_READ : B8108D1F
00:59:26:444 5140 IRP_MJ_WRITE : B8108D1F
00:59:26:444 5140 IRP_MJ_QUERY_INFORMATION : 804F4562
00:59:26:444 5140 IRP_MJ_SET_INFORMATION : 804F4562
00:59:26:444 5140 IRP_MJ_QUERY_EA : 804F4562
00:59:26:444 5140 IRP_MJ_SET_EA : 804F4562
00:59:26:444 5140 IRP_MJ_FLUSH_BUFFERS : B81092E2
00:59:26:444 5140 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:59:26:444 5140 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:59:26:444 5140 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:59:26:444 5140 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:59:26:444 5140 IRP_MJ_DEVICE_CONTROL : B81093BB
00:59:26:444 5140 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
00:59:26:444 5140 IRP_MJ_SHUTDOWN : B81092E2
00:59:26:444 5140 IRP_MJ_LOCK_CONTROL : 804F4562
00:59:26:444 5140 IRP_MJ_CLEANUP : 804F4562
00:59:26:444 5140 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:59:26:444 5140 IRP_MJ_QUERY_SECURITY : 804F4562
00:59:26:444 5140 IRP_MJ_SET_SECURITY : 804F4562
00:59:26:444 5140 IRP_MJ_POWER : B810AC82
00:59:26:444 5140 IRP_MJ_SYSTEM_CONTROL : B810F99E
00:59:26:444 5140 IRP_MJ_DEVICE_CHANGE : 804F4562
00:59:26:444 5140 IRP_MJ_QUERY_QUOTA : 804F4562
00:59:26:444 5140 IRP_MJ_SET_QUOTA : 804F4562
00:59:26:444 5140 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:59:26:444 5140
00:59:26:444 5140 Driver Name: Disk
00:59:26:444 5140 IRP_MJ_CREATE : B810EBB0
00:59:26:444 5140 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:59:26:444 5140 IRP_MJ_CLOSE : B810EBB0
00:59:26:444 5140 IRP_MJ_READ : B8108D1F
00:59:26:444 5140 IRP_MJ_WRITE : B8108D1F
00:59:26:444 5140 IRP_MJ_QUERY_INFORMATION : 804F4562
00:59:26:444 5140 IRP_MJ_SET_INFORMATION : 804F4562
00:59:26:444 5140 IRP_MJ_QUERY_EA : 804F4562
00:59:26:444 5140 IRP_MJ_SET_EA : 804F4562
00:59:26:444 5140 IRP_MJ_FLUSH_BUFFERS : B81092E2
00:59:26:444 5140 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:59:26:444 5140 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:59:26:444 5140 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:59:26:444 5140 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:59:26:444 5140 IRP_MJ_DEVICE_CONTROL : B81093BB
00:59:26:444 5140 IRP_MJ_INTERNAL_DEVICE_CONTROL : B810CF28
00:59:26:444 5140 IRP_MJ_SHUTDOWN : B81092E2
00:59:26:444 5140 IRP_MJ_LOCK_CONTROL : 804F4562
00:59:26:444 5140 IRP_MJ_CLEANUP : 804F4562
00:59:26:444 5140 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:59:26:444 5140 IRP_MJ_QUERY_SECURITY : 804F4562
00:59:26:444 5140 IRP_MJ_SET_SECURITY : 804F4562
00:59:26:444 5140 IRP_MJ_POWER : B810AC82
00:59:26:444 5140 IRP_MJ_SYSTEM_CONTROL : B810F99E
00:59:26:444 5140 IRP_MJ_DEVICE_CHANGE : 804F4562
00:59:26:444 5140 IRP_MJ_QUERY_QUOTA : 804F4562
00:59:26:444 5140 IRP_MJ_SET_QUOTA : 804F4562
00:59:26:444 5140 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
00:59:26:444 5140
00:59:26:444 5140 Driver Name: atapi
00:59:26:444 5140 IRP_MJ_CREATE : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_CREATE_NAMED_PIPE : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_CLOSE : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_READ : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_WRITE : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_QUERY_INFORMATION : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_SET_INFORMATION : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_QUERY_EA : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_SET_EA : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_FLUSH_BUFFERS : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_QUERY_VOLUME_INFORMATION : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_SET_VOLUME_INFORMATION : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_DIRECTORY_CONTROL : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_FILE_SYSTEM_CONTROL : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_DEVICE_CONTROL : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_SHUTDOWN : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_LOCK_CONTROL : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_CLEANUP : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_CREATE_MAILSLOT : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_QUERY_SECURITY : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_SET_SECURITY : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_POWER : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_SYSTEM_CONTROL : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_DEVICE_CHANGE : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_QUERY_QUOTA : 8AFEEA9A
00:59:26:444 5140 IRP_MJ_SET_QUOTA : 8AFEEA9A
00:59:26:444 5140 Driver "atapi" infected by TDSS rootkit!
00:59:26:444 5140 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
00:59:26:444 5140 File "C:\WINDOWS\system32\DRIVERS\atapi.sys" infected by TDSS rootkit ... 00:59:26:444 5140 Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
00:59:26:444 5140 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
00:59:26:616 5140 vfvi6
00:59:26:803 5140 !dsvbh1
00:59:27:428 5140 dsvbh2
00:59:27:428 5140 fdfb2
00:59:27:428 5140 Backup copy found, using it..
00:59:27:460 5140 will be cured on next reboot
00:59:27:460 5140
00:59:27:460 5140 Driver Name: atapi
00:59:27:460 5140 IRP_MJ_CREATE : B7F156F2
00:59:27:460 5140 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
00:59:27:460 5140 IRP_MJ_CLOSE : B7F156F2
00:59:27:460 5140 IRP_MJ_READ : 804F4562
00:59:27:460 5140 IRP_MJ_WRITE : 804F4562
00:59:27:460 5140 IRP_MJ_QUERY_INFORMATION : 804F4562
00:59:27:460 5140 IRP_MJ_SET_INFORMATION : 804F4562
00:59:27:460 5140 IRP_MJ_QUERY_EA : 804F4562
00:59:27:460 5140 IRP_MJ_SET_EA : 804F4562
00:59:27:460 5140 IRP_MJ_FLUSH_BUFFERS : 804F4562
00:59:27:460 5140 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
00:59:27:460 5140 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
00:59:27:460 5140 IRP_MJ_DIRECTORY_CONTROL : 804F4562
00:59:27:460 5140 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
00:59:27:460 5140 IRP_MJ_DEVICE_CONTROL : B7F15712
00:59:27:460 5140 IRP_MJ_INTERNAL_DEVICE_CONTROL : B7F11852
00:59:27:460 5140 IRP_MJ_SHUTDOWN : 804F4562
00:59:27:460 5140 IRP_MJ_LOCK_CONTROL : 804F4562
00:59:27:460 5140 IRP_MJ_CLEANUP : 804F4562
00:59:27:460 5140 IRP_MJ_CREATE_MAILSLOT : 804F4562
00:59:27:460 5140 IRP_MJ_QUERY_SECURITY : 804F4562
00:59:27:460 5140 IRP_MJ_SET_SECURITY : 804F4562
00:59:27:460 5140 IRP_MJ_POWER : B7F1573C
00:59:27:460 5140 IRP_MJ_SYSTEM_CONTROL : B7F1C336
00:59:27:460 5140 IRP_MJ_DEVICE_CHANGE : 804F4562
00:59:27:460 5140 IRP_MJ_QUERY_QUOTA : 804F4562
00:59:27:460 5140 IRP_MJ_SET_QUOTA : 804F4562
00:59:27:460 5140 C:\WINDOWS\system32\drivers\tsk28E.tmp - Verdict: 3
00:59:27:460 5140 Reboot required for cure complete..
00:59:27:460 5140 Cure on reboot scheduled successfully
00:59:27:460 5140
00:59:27:460 5140 Completed
00:59:27:460 5140
00:59:27:460 5140 Results:
00:59:27:460 5140 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
00:59:27:460 5140 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
00:59:27:460 5140 File objects infected / cured / cured on reboot: 1 / 0 / 1
00:59:27:460 5140
00:59:27:460 5140 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
00:59:27:460 5140 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
00:59:27:460 5140 UnloadDriverW: NtUnloadDriver error 1
00:59:27:460 5140 KLMD_Unload: UnloadDriverW(klmd21) error 1
00:59:27:475 5140 KLMD(ARK) unloaded successfully


The problem seems to have gone which is great news. Thanks for all your help and I'll be sure to come back if it pops up again.

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:12 PM

Posted 13 March 2010 - 04:17 PM

QUOTE
The problem seems to have gone which is great news. Thanks for all your help and I'll be sure to come back if it pops up again.


We are not done just yet, just because the symptoms have gone it doesn't mean your free of malware, lets do some more checks.


First please update Malwarebytes then run a quick scan and post the log.


Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Then please post back here with the following logs:
  • MBAM log
  • Combofix.txt

Thanks

unite.jpg


#14 richa2002

richa2002
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 13 March 2010 - 06:41 PM

Oh! Thanks for that.

Malwarebytes' Anti-Malware 1.44
Database version: 3864
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/03/2010 21:37:47
mbam-log-2010-03-13 (21-37-46).txt

Scan type: Quick Scan
Objects scanned: 140725
Time elapsed: 16 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 10-03-13.01 - Richard 13/03/2010 23:14:34.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2327 [GMT 0:00]
Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Richard\Application Data\Microsoft\~DFK1a8b69f.tmp
c:\documents and settings\Richard\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Richard\Application Data\Microsoft\bass.dll
c:\documents and settings\Richard\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Richard\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Richard\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Richard\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Richard\Application Data\Microsoft\rsaadjd.dll
c:\windows\system32\VB6KO.DLL
c:\windows\TEMP\logishrd\LVPrcInj02.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SVCHOST


((((((((((((((((((((((((( Files Created from 2010-02-13 to 2010-03-13 )))))))))))))))))))))))))))))))
.

2010-03-13 23:27 . 2010-03-13 23:27 -------- d-----w- c:\windows\system32\xircom
2010-03-13 23:27 . 2010-03-13 23:27 -------- d-----w- c:\windows\system32\wbem\snmp
2010-03-13 23:27 . 2010-03-13 23:27 -------- d-----w- c:\program files\microsoft frontpage
2010-03-13 21:19 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 21:19 . 2010-03-13 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-13 21:19 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-11 01:57 . 2010-03-11 01:57 -------- d-----w- c:\program files\trend micro
2010-03-11 01:57 . 2010-03-11 01:57 -------- d-----w- C:\rsit
2010-03-11 01:56 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-08 21:04 . 2010-03-13 13:10 -------- d-----w- c:\documents and settings\Richard\Application Data\vlc
2010-03-06 17:27 . 2008-08-10 10:39 53248 ------w- c:\windows\system32\mwgfxvb.dll
2010-03-06 17:27 . 2009-03-10 23:25 191488 ------w- c:\windows\system32\mwgfx.dll
2010-03-06 17:27 . 2008-10-20 13:44 237056 ------w- c:\windows\system32\mwgfx24.dll
2010-03-06 17:27 . 2007-08-19 09:37 28672 ------w- c:\windows\system32\mwgfxcopy.exe
2010-03-06 17:27 . 2006-03-14 11:48 256512 ------w- c:\windows\system32\mwdlg.dll
2010-03-06 17:27 . 2008-09-05 08:32 104960 ------w- c:\windows\system32\mwdds.dll
2010-03-06 17:27 . 2004-05-14 11:13 56832 ------w- c:\windows\system32\mwace.dll
2010-03-06 17:27 . 2004-05-14 09:13 27136 ------w- c:\windows\system32\mwacevb.dll
2010-03-06 17:27 . 2004-03-16 16:47 49152 ------w- c:\windows\system32\mwddsvb.dll
2010-03-06 17:27 . 2010-03-13 21:16 -------- d-----w- c:\program files\RW_Tools
2010-03-02 01:16 . 2010-03-02 01:16 -------- d-----w- c:\windows\BDOSCAN8
2010-03-02 01:01 . 2010-03-02 01:01 -------- d-----w- c:\windows\McAfee.com
2010-03-02 00:45 . 2010-03-02 00:45 10752 ----a-w- c:\windows\DCEBoot.exe
2010-03-02 00:38 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-02-26 14:36 . 2010-02-26 14:36 -------- d-----w- c:\documents and settings\Richard\Application Data\AVG9
2010-02-25 21:02 . 2010-02-25 21:02 -------- d-----w- c:\program files\Actual Installer
2010-02-24 16:27 . 2010-02-24 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-24 16:27 . 2010-02-25 00:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-24 16:27 . 2010-02-24 16:27 -------- d-----w- c:\documents and settings\Richard\Application Data\SUPERAntiSpyware.com
2010-02-23 17:37 . 2010-02-23 17:37 -------- d-----w- c:\documents and settings\Richard\Application Data\Malwarebytes
2010-02-23 17:37 . 2010-02-23 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-23 12:43 . 2010-02-23 12:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-02-20 12:49 . 2010-02-23 12:45 -------- d-----w- c:\program files\Lavasoft
2010-02-20 12:48 . 2010-02-23 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 23:31 . 2009-04-06 16:07 -------- d-----w- c:\documents and settings\Richard\Application Data\Skype
2010-03-13 23:29 . 2009-04-21 20:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-13 23:29 . 2009-06-04 11:16 -------- d-----w- c:\program files\Steam
2010-03-13 23:27 . 2009-06-11 14:16 689 --sha-w- c:\windows\system32\mmf.sys
2010-03-13 23:26 . 2009-04-07 23:53 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-13 17:43 . 2009-04-06 21:49 -------- d-----w- c:\program files\RS_Tools
2010-03-13 01:15 . 2008-04-13 23:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-11 17:38 . 2009-04-06 14:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-11 11:42 . 2009-05-17 11:49 17408 ----a-w- C:\psapi.dll
2010-03-11 02:04 . 2009-04-06 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-11 01:52 . 2009-04-29 08:23 -------- d-----w- c:\program files\uTorrent
2010-03-10 22:47 . 2009-04-14 13:05 -------- d-----w- c:\documents and settings\Richard\Application Data\dvdcss
2010-03-10 22:46 . 2009-04-29 08:23 -------- d-----w- c:\documents and settings\Richard\Application Data\uTorrent
2010-03-09 19:27 . 2009-04-06 16:26 -------- d-----w- c:\program files\Rail Simulator
2010-02-25 00:28 . 2009-04-06 14:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-17 11:45 . 2009-04-08 22:20 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-02-15 16:41 . 2009-04-06 18:35 -------- d-----w- c:\program files\Zoom Player
2010-02-09 10:34 . 2009-04-06 14:39 -------- d-----w- c:\program files\Google
2010-01-30 17:28 . 2009-04-06 15:13 -------- d-----w- c:\documents and settings\Richard\Application Data\Apple Computer
2010-01-30 17:27 . 2009-04-06 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-28 22:44 . 2009-04-24 19:31 -------- d-----w- c:\program files\SimSig
2010-01-26 17:28 . 2010-01-26 17:28 -------- d-----w- c:\program files\RailWorks
2010-01-26 00:44 . 2010-01-26 00:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-26 00:44 . 2010-01-26 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-25 23:35 . 2009-11-05 14:04 -------- d-----w- c:\program files\Common Files\Nero
2010-01-25 23:34 . 2009-11-05 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-01-25 23:34 . 2009-11-05 12:44 -------- d-----w- c:\program files\Nero
2010-01-25 23:31 . 2009-04-18 18:13 -------- d-----w- c:\documents and settings\Richard\Application Data\Move Networks
2010-01-25 23:03 . 2009-04-30 20:06 -------- d-----w- c:\program files\Easy Video Downloader
2010-01-25 23:03 . 2009-04-19 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-01-25 19:49 . 2009-08-29 11:32 -------- d-----w- c:\program files\abgx360
2010-01-24 21:00 . 2009-12-19 16:42 -------- d-----w- c:\program files\PI Engineering
2010-01-21 12:53 . 2010-01-21 11:59 -------- d-----w- c:\program files\CyberLink
2010-01-21 12:53 . 2009-04-06 14:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-21 12:28 . 2010-01-21 12:28 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2010-01-21 12:28 . 2010-01-21 12:02 -------- d-----w- c:\program files\lg_fwupdate
2010-01-21 12:04 . 2010-01-21 12:04 -------- d-----w- c:\documents and settings\Richard\Application Data\CyberLink
2010-01-21 12:03 . 2010-01-21 12:02 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2010-01-21 12:01 . 2010-01-21 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-01-21 12:00 . 2010-01-21 12:00 -------- d-----w- c:\program files\Common Files\LightScribe
2010-01-19 18:09 . 2010-01-19 18:08 -------- d-----w- c:\program files\Easy CD & DVD Cover Creator
2010-01-19 16:33 . 2010-01-19 16:33 -------- d-----w- c:\documents and settings\Richard\Application Data\CD-LabelPrint
2010-01-19 16:32 . 2009-04-08 12:46 -------- d-----w- c:\program files\Canon
2010-01-19 11:45 . 2010-01-19 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-19 11:45 . 2010-01-19 11:45 -------- d-----w- c:\documents and settings\Richard\Application Data\Office Genuine Advantage
2010-01-17 14:20 . 2010-01-04 21:30 -------- d-----w- c:\program files\Pegasys Inc
2010-01-17 13:27 . 2010-01-04 21:34 -------- d-----w- c:\documents and settings\Richard\Application Data\Pegasys Inc
2010-01-17 13:10 . 2010-01-04 21:31 59240 ----a-w- c:\windows\system32\GenSvcInst.exe
2010-01-17 13:10 . 2010-01-04 21:31 38944 ----a-w- c:\windows\system32\drivers\CDRBSDRV.SYS
2010-01-17 13:10 . 2010-01-04 21:31 139264 ----a-w- c:\windows\system32\bgsvcgen.exe
2010-01-02 15:14 . 2009-06-28 11:18 8 ----a-w- c:\windows\system32\nvModes.dat
2010-01-01 07:58 . 2009-01-08 19:12 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-30 10:07 . 2009-12-30 10:07 60068 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-21 19:14 . 2008-12-20 22:15 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2009-04-06 14:25 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-04-14 04:41 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
CODE
<pre>
c:\program files\Pantaray\QSetup\Projects\AP1 Paddington to Oxford Scenario Pack Variety\ Paddington to Oxford Scenario Pack (Variety) .exe
</pre>


------- Sigcheck -------

[-] 2009-01-08 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys

[-] 2009-01-08 . 4F6B3A9F4B7C96A8E22A5261773C16B3 . 975872 . . [6.00.2900.5634] . . c:\windows\explorer.exe

[-] 2009-01-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-30 25604904]
"Steam"="c:\program files\Steam\Steam.exe" [2010-02-24 1217872]
"Fraps"="c:\fraps\FRAPS.EXE" [2009-01-03 1203880]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PostCopy"="c:\windows\system32\BELKIN\F5D5050\PostCopy.exe" [2001-07-25 20480]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-01-21 4359600]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960560]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 377248]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-07-11 19968]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-12-03 122880]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-02-21 222504]
"UpdatePSTShortCut"="c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2008-10-20 210216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]

c:\documents and settings\Richard\Start Menu\Programs\Startup\
Outlook Express.lnk - c:\program files\Outlook Express\msimn.exe [2009-4-6 223232]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-8-30 333088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-26 19:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2009-03-11 12:54 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-09-04 13:16 75048 ------w- c:\program files\CyberLink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2006-06-13 04:20 127036 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2009-12-03 00:03 122880 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2009-04-16 19:56 62760 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2010-01-21 12:03 557056 ----a-w- c:\program files\lg_fwupdate\fwupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2009-07-22 18:16 2331936 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2009-04-16 19:54 87336 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
m:\progra~1\Sony\SONICS~1\SsAAD.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-08 23:30 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Visicom Media\\AceFTP 3 Freeware\\aceftp3free.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\railworks\\RailWorks.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\railworks beta\\RailWorks.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [19/08/2009 14:20 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26/11/2009 19:53 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [26/11/2009 19:53 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [26/11/2009 19:53 285392]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\DLPORTIO.sys [07/07/2009 14:49 3584]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [11/06/2009 14:16 2560]
R3 ADM8511;%ADM8511.Service.DispName%;c:\windows\system32\drivers\ADM8511.SYS [07/04/2009 22:10 20160]
S2 gupdate1c9d4c69f1a5b0c;Google Update Service (gupdate1c9d4c69f1a5b0c);c:\program files\Google\Update\GoogleUpdate.exe [14/05/2009 19:03 133104]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\Richard\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\Richard\LOCALS~1\Temp\aswArKrn.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [08/10/2009 11:18 79360]
S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [08/10/2009 10:35 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [04/06/2009 01:46 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [04/06/2009 01:46 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 01:46 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [04/06/2009 01:46 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 01:46 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [04/06/2009 01:46 72728]
S3 Just Flight Limited License Service;Just Flight Limited License Service;c:\program files\Common Files\Just Flight Limited Shared\Service\JustFlightLimitedLicSvc.exe [04/08/2009 14:39 69632]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [01/09/2009 00:56 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [01/09/2009 00:56 8320]
S3 PIBus;PIBus Device;c:\windows\system32\DRIVERS\PIBus.sys --> c:\windows\system32\DRIVERS\PIBus.sys [?]
S3 PIKbd;PI Virtual Keyboard;c:\windows\system32\DRIVERS\PIKbd.sys --> c:\windows\system32\DRIVERS\PIKbd.sys [?]
S3 WmaCAudio;WmaCAudio;c:\windows\system32\drivers\WmaCAudio.sys [31/07/2009 16:43 23096]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-07-30 10:39 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:03]

2010-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-14 19:03]

2010-03-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {B588FE11-FB34-4D15-9757-B85B57038BDF} = 194.72.9.34,62.6.40.178
FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\d72y6p6a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\d72y6p6a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
FF - component: c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\d72y6p6a.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-8287-79A187E26987} - (no file)
SafeBoot-klmdb.sys
AddRemove-Mk3 Coach Sound Pack for Rail Simulator - c:\documents and settings\Richard\Desktop\Richard's Folder\Website\AP\Mk1\Raw Files RS\un_Mk1 Coach Sound Pack_12345.exe
AddRemove-VP185 Class 43 Sound Pack for Rail Simulator - c:\documents and settings\Richard\Desktop\Richard's Folder\Website\AP\Combo 2\Raw Files\un_ High Speed Train_12345.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-13 23:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \E07E2E0BA8832060]
"1"=hex:59,ee,b1,0b,e7,cb,ba,22,10,c4,11,95,b8,27,ac,e2,d0,7f,55,22,bd,75,c1,
b4,b7,49,b9,16,b4,4c,81,20,bd,94,24,2d,a4,c1,d4,54
"2"=hex:55,1f,8a,dc,f0,b0,19,f4,38,b9,76,f2,65,2c,c7,f5,3b,6e,27,e9,a0,e7,a8,
2c
"3"=hex:59,ee,b1,0b,e7,cb,ba,22,10,c4,11,95,b8,27,ac,e2,d0,7f,55,22,bd,75,c1,
b4,4c,21,70,f3,81,0b,5f,da,13,46,a0,ca,b9,83,ed,3e,85,53,a4,d2,bc,7a,d9,b2,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \E07E2E0BA8832060\E24DE05B514515AA3895F93D301E4A48]
"1"=hex:be,a9,4a,d4,6c,87,f7,af,73,22,04,ee,3b,8f,66,58,52,ee,d5,de,e6,e3,95,
08
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:be,a9,4a,d4,6c,87,f7,af,af,78,3f,c1,0d,83,88,ef,27,b9,aa,71,6b,9a,73,
03,16,b6,ac,6d,3e,41,a2,f6,a9,89,12,33,00,2a,98,4a,2a,82,b6,9f,89,50,43,ed,\
"8"=hex:f8,6e,66,d3,34,5e,51,d1,a5,db,ee,79,4c,ec,1c,9e,78,ec,f5,ad,97,0c,63,
01,a6,67,2f,a2,69,52,ba,d7,0f,8a,cf,d3,79,67,17,09,68,62,d2,74,d8,22,0d,ca,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(8572)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Haali\MatroskaSplitter\mmfinfo.dll
c:\program files\Haali\MatroskaSplitter\mkunicode.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\CTXFIHLP.EXE
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-13 23:38:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-13 23:38

Pre-Run: 145,965,793,280 bytes free
Post-Run: 150,007,701,504 bytes free

- - End Of File - - 679325B621853827BE9B70D267ECB7F9

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:12 PM

Posted 14 March 2010 - 12:14 PM

You are definetly not free of malware yet and you have a few files that need replacing, can you let me no if you have your Windows
CD, just incase we need it.


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
  • Copy the content of the following codebox into the main textfield :
    CODE
    :filefind
    *tcpip*
    *explorer*
    *sfcfiles*
  • Please Confirm everything is copied and Pasted as I have provided above
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan, Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users