Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer hanging


  • This topic is locked This topic is locked
19 replies to this topic

#1 phoenix64

phoenix64

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 20 September 2010 - 10:41 AM

Hi there,

Have noticed over the past few weeks that my computer keeps hanging and slowing down for periods of time (sometimes a minute, sometimes five minutes). Doesn't seem to be specific to any program (sometimes with IE, sometimes with Photoshop, sometimes with Outlook), but it means that I am unable to actually do anything (as no programs respond). Usually after a short while the computer returns to normal speed but it is happening more and more often and makes doing anything on the computer particularly frustrating.
Am not too much of an expert so not sure what is best to do but have included a HijackThis log below. If anyone is able to help it would be much appreciated.

Oh and apologies if I am posting in the wrong forum, wasn't entirely sure what category to go in.

many thanks,

Phoenix64

SPEC:
AMD Phenom II X3 720 2.8GHz
4GB Ram
Windows 7

HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:03:25, on 20/09/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\MAFWTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe
C:\Program Files\Creative\Prodikeys PC-MIDI\PCMIDI Drivers\CtPmNtfy.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Paul\AppData\Local\Valued Opinions\PanelApp\PanelApp.exe
C:\Program Files\DigiGuide TV Guide\digiguide.exe
C:\Windows\WindowsMobile\WmdHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\MAFWTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [CTHotKeys] "C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe" -STARTUP
O4 - HKLM\..\Run: [CtPmNtfy] "C:\Program Files\Creative\Prodikeys PC-MIDI\PCMIDI Drivers\Ctpmntfy.exe" -startup
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [PanelApp] C:\Users\Paul\AppData\Local\Valued Opinions\PanelApp\PanelApp.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\Client.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PanelSvc - Unknown owner - C:\Program Files\Valued Opinions\PanelApp\PanelSvc.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe

--
End of file - 7815 bytes

Edited by boopme, 20 September 2010 - 11:59 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:31 AM

Posted 27 September 2010 - 08:15 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 phoenix64

phoenix64
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 28 September 2010 - 05:50 AM

Hello Elise,

Thank you for your help. As I mentioned I was having problems with the computer hanging a lot and generally slowing down repeatedly (for example while trying to save the report for the RKU scan the system became completely unresponsive for about 30secs to a minute). Since my initial post the hanging has become less frequent but I have had a couple of BSODs and am starting to wonder whether it is a hardware issue rather than some sort of malware. Anyway here are the logs you requested, thanks again for helping me out.

OTL.Txt

OTL logfile created on: 28/09/2010 11:39:43 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Paul\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 35.95 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 40.44 Gb Free Space | 17.36% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAUL-PC
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/28 11:39:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2010/09/21 06:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/09/02 11:26:00 | 000,390,192 | ---- | M] () -- C:\Program Files\DigiGuide TV Guide\DigiGuide.exe
PRC - [2010/09/01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/04 01:51:38 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/06/11 14:42:00 | 012,979,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/04/29 09:43:12 | 000,321,328 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/04/15 21:38:33 | 000,049,792 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlservice.exe
PRC - [2010/04/15 21:38:31 | 001,860,736 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe
PRC - [2009/12/30 11:03:52 | 000,031,232 | ---- | M] () -- C:\Users\Paul\AppData\Local\Valued Opinions\PanelApp\PanelApp.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/29 15:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\MAFWTray.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/04/09 04:11:56 | 000,009,216 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Prodikeys PC-MIDI\PCMIDI Drivers\CtPmNtfy.exe
PRC - [2007/05/31 10:20:54 | 000,050,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\WmdHost.exe
PRC - [2005/09/06 17:56:44 | 000,450,560 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe


========== Modules (SafeList) ==========

MOD - [2010/09/28 11:39:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/16 07:15:05 | 000,804,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/04/15 21:38:33 | 000,049,792 | ---- | M] (TMRG, Inc.) [Auto | Running] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
SRV - [2010/03/29 17:15:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 17:17:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/30 11:20:16 | 000,091,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Valued Opinions\PanelApp\PanelSvc.exe -- (PanelSvc)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Paul\Desktop\Everything JungleFlasher 03.20.2010\JungleFlasher\Program\JungleFlasher v0.1.73 Beta (108)\portio32.sys -- (PORTIO)
DRV - [2010/08/04 02:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/08/04 02:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/04 01:15:30 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/07/27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2010/07/27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/23 10:32:45 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/02/27 12:57:53 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/29 15:28:18 | 000,192,392 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mafw.sys -- (MAFW)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:27 | 000,046,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2009/07/14 00:51:27 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2009/07/14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/08 07:57:40 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2009/03/02 00:05:32 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2008/04/15 13:11:36 | 000,025,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtPmFilt.sys -- (CtPmFilt)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en&source=iglk
IE - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 27 47 26 0F B7 CA 01 [binary data]
IE - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2010/09/28 10:29:50 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/03/01 17:47:36 | 000,001,364 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTHotKeys] C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CtPmNtfy] C:\Program Files\Creative\Prodikeys PC-MIDI\PCMIDI Drivers\Ctpmntfy.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\MAFWTray.exe (Avid Technology, Inc.)
O4 - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001..\Run: [PanelApp] C:\Users\Paul\AppData\Local\Valued Opinions\PanelApp\PanelApp.exe ()
O4 - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\Client.exe (GipsyMedia Limited)
O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001\..Trusted Domains: nationet.com ([olb2] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/25 15:19:10 | 000,000,000 | ---- | M] () - C:\AutoRun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/02/25 15:19:10 | 000,000,000 | ---- | M] () - G:\AutoRun.inf -- [ NTFS ]
O33 - MountPoints2\{3a9dfbd6-239a-11df-b45a-00e04d9f092a}\Shell - "" = AutoRun
O33 - MountPoints2\{3a9dfbd6-239a-11df-b45a-00e04d9f092a}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{3c3022a2-974e-11df-895b-00e04d9f092a}\Shell - "" = AutoRun
O33 - MountPoints2\{3c3022a2-974e-11df-895b-00e04d9f092a}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{69de345c-a497-11df-8eb0-00e04d9f092a}\Shell - "" = AutoRun
O33 - MountPoints2\{69de345c-a497-11df-8eb0-00e04d9f092a}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{9d8d4b93-67f2-11df-9ff2-00e04d9f092a}\Shell - "" = AutoRun
O33 - MountPoints2\{9d8d4b93-67f2-11df-9ff2-00e04d9f092a}\Shell\AutoRun\command - "" = D:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{af8ea326-7ab5-11df-9b7a-00e04d9f092a}\Shell - "" = AutoRun
O33 - MountPoints2\{af8ea326-7ab5-11df-9b7a-00e04d9f092a}\Shell\AutoRun\command - "" = E:\Password.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/28 11:39:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2010/09/25 11:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2010/09/24 09:05:44 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Microsoft Games
[2010/09/22 09:13:21 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Amazon
[2010/09/22 09:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2010/09/20 16:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/20 09:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/15 15:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/09/15 15:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/09/13 09:55:32 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2010/09/13 09:55:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/13 09:55:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/13 09:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/13 09:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/02 11:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\DigiGuide TV Guide
[2010/09/02 10:36:38 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\SightSpeed Recordings
[2010/09/02 10:36:38 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\LogiShrd
[2010/09/02 10:32:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\logishrd
[2010/09/02 10:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/09/02 10:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2010/08/30 20:33:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\rar1
[2010/08/29 21:16:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\vlc
[2010/08/18 19:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/08/10 17:47:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/10 17:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/04 01:50:08 | 000,159,744 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2010/08/04 01:49:52 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2010/08/04 01:49:42 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2010/08/04 01:49:36 | 000,011,776 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2010/08/04 01:49:28 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2010/08/04 01:23:44 | 000,065,536 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
[2010/07/24 12:33:41 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\AccurateRip
[2010/07/24 12:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Exact Audio Copy
[2010/07/23 22:43:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\MPEG Streamclip
[2010/07/23 10:32:45 | 000,018,816 | ---- | C] (RIF) -- C:\Windows\System32\drivers\dvd43llh.sys
[2010/07/23 10:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\dvd43
[2010/07/23 10:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\RelevantKnowledge
[2010/07/23 10:20:40 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Media Player Classic
[2010/07/23 10:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\XviD
[2010/07/23 10:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/07/16 16:00:35 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Steinberg
[2010/07/16 15:54:18 | 000,033,792 | ---- | C] (Team H2O) -- C:\Windows\System32\drivers\cledx.sys
[2010/07/16 15:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010/07/16 15:29:36 | 000,016,896 | ---- | C] (Syncrosoft GmbH) -- C:\Windows\System32\drivers\synasUSB.sys
[2010/07/16 15:29:14 | 000,045,056 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\System32\Synsopos.exe
[2010/07/16 15:29:13 | 000,704,512 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\System32\SYNSOACC.dll
[2010/07/16 15:29:13 | 000,147,456 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\System32\SynsoLChk.dll
[2010/07/16 15:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Syncrosoft
[2010/07/15 23:38:54 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Documents on Paul's HTC HD2
[2010/07/14 15:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\GoldWave
[2010/07/14 15:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2010/07/14 12:39:00 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\Rex Shared Library.dll
[2010/07/14 11:17:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
[2010/07/14 11:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2010/07/14 11:17:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
[2010/07/14 11:09:20 | 000,000,000 | ---D | C] -- C:\Users\Paul\TruePianos Settings
[2010/07/14 11:09:00 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Cakewalk
[2010/07/14 11:09:00 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Cakewalk
[2010/07/14 11:08:11 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Native Instruments
[2010/07/14 11:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2010/07/14 11:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2010/07/14 11:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Identities
[2010/07/14 11:01:58 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll
[2010/07/14 11:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Cakewalk
[2010/07/14 11:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2010/07/14 10:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 5

========== Files - Modified Within 90 Days ==========

[2010/09/28 11:40:11 | 005,242,880 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT
[2010/09/28 11:40:09 | 000,133,632 | ---- | M] () -- C:\Users\Paul\Desktop\RKUnhookerLE.EXE
[2010/09/28 11:39:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2010/09/28 11:18:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/28 10:47:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532429788-1010218452-2909568879-1001UA.job
[2010/09/28 09:24:26 | 001,220,036 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/28 09:24:26 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/28 09:24:26 | 000,400,534 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2010/09/28 09:24:26 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2010/09/28 09:24:26 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/28 09:18:07 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/28 09:18:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/28 09:18:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/28 09:17:58 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/27 22:25:18 | 000,814,698 | -H-- | M] () -- C:\Users\Paul\AppData\Local\IconCache.db
[2010/09/27 19:46:11 | 000,061,952 | ---- | M] () -- C:\Users\Paul\Desktop\Budget.xls
[2010/09/27 14:58:42 | 301,584,414 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/27 10:44:00 | 000,022,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/27 10:44:00 | 000,022,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/26 12:29:27 | 000,032,653 | ---- | M] () -- C:\Users\Paul\Desktop\falling_down_ver2.gp5
[2010/09/25 11:53:17 | 000,001,411 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/24 16:06:31 | 003,609,570 | ---- | M] () -- C:\Users\Paul\Desktop\Actor Showreel Flyer.psd
[2010/09/24 13:53:12 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532429788-1010218452-2909568879-1001Core.job
[2010/09/23 09:50:30 | 000,010,789 | ---- | M] () -- C:\Users\Paul\Desktop\Music & Fun Ideas.docx
[2010/09/23 09:32:06 | 000,203,836 | RHS- | M] () -- C:\grldr
[2010/09/23 09:32:06 | 000,000,000 | RHS- | M] () -- C:\winx.ld
[2010/09/20 17:09:37 | 002,357,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/20 16:13:59 | 000,118,384 | ---- | M] () -- C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/18 21:48:16 | 000,001,082 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/09/15 10:24:02 | 000,065,536 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{d60bb206-c0aa-11df-9b71-80f77cd3c1fd}.TM.blf
[2010/09/15 10:24:01 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{d60bb206-c0aa-11df-9b71-80f77cd3c1fd}.TMContainer00000000000000000002.regtrans-ms
[2010/09/15 10:24:01 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{d60bb206-c0aa-11df-9b71-80f77cd3c1fd}.TMContainer00000000000000000001.regtrans-ms
[2010/09/14 11:54:12 | 000,000,009 | ---- | M] () -- C:\7Loader.TAG
[2010/09/08 17:36:11 | 008,392,608 | ---- | M] () -- C:\Users\Paul\Desktop\500 miles (Hedy West Cover).mp3
[2010/09/02 11:26:01 | 000,001,065 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DigiGuide TV Guide.lnk
[2010/09/01 00:36:52 | 000,072,533 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2010/08/04 01:55:18 | 000,071,096 | ---- | M] () -- C:\Windows\System32\atiapfxx.blb
[2010/08/04 01:51:38 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
[2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2010/08/04 01:50:08 | 000,159,744 | ---- | M] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2010/08/04 01:49:52 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2010/08/04 01:49:42 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2010/08/04 01:49:36 | 000,011,776 | ---- | M] (AMD) -- C:\Windows\System32\atimuixx.dll
[2010/08/04 01:49:28 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2010/08/04 01:23:44 | 000,065,536 | ---- | M] (AMD) -- C:\Windows\System32\coinst.dll
[2010/08/04 01:21:16 | 000,523,968 | ---- | M] () -- C:\Windows\System32\atiumdva.cap
[2010/08/04 01:14:28 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
[2010/07/27 08:03:20 | 010,829,656 | ---- | M] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | M] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | M] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 07:56:04 | 000,090,411 | ---- | M] () -- C:\Windows\System32\lvcoinst.ini
[2010/07/27 05:54:44 | 000,022,053 | ---- | M] () -- C:\Windows\atiogl.xml
[2010/07/25 10:49:29 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{3c30226a-974e-11df-895b-00e04d9f092a}.TMContainer00000000000000000002.regtrans-ms
[2010/07/25 10:49:29 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{3c30226a-974e-11df-895b-00e04d9f092a}.TMContainer00000000000000000001.regtrans-ms
[2010/07/25 10:49:29 | 000,065,536 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{3c30226a-974e-11df-895b-00e04d9f092a}.TM.blf
[2010/07/23 10:32:45 | 000,018,816 | ---- | M] (RIF) -- C:\Windows\System32\drivers\dvd43llh.sys
[2010/07/23 10:28:37 | 000,000,551 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\AutoGK.ini
[2010/07/15 23:38:54 | 000,000,826 | ---- | M] () -- C:\Users\Paul\Desktop\Documents on Paul's HTC HD2.LNK
[2010/07/14 11:05:32 | 000,118,784 | ---- | M] () -- C:\Windows\dsdxirmv.exe

========== Files Created - No Company Name ==========

[2010/09/26 12:29:27 | 000,032,653 | ---- | C] () -- C:\Users\Paul\Desktop\falling_down_ver2.gp5
[2010/09/25 11:25:41 | 000,072,533 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/09/24 13:50:50 | 204,942,976 | R--- | C] () -- C:\Users\Paul\Desktop\Documentary - Stanley Kubrick - Dark Side of the Moon.avi
[2010/09/23 10:17:14 | 003,609,570 | ---- | C] () -- C:\Users\Paul\Desktop\Actor Showreel Flyer.psd
[2010/09/23 09:44:00 | 000,010,789 | ---- | C] () -- C:\Users\Paul\Desktop\Music & Fun Ideas.docx
[2010/09/23 09:32:06 | 000,203,836 | RHS- | C] () -- C:\grldr
[2010/09/23 09:32:06 | 000,000,000 | RHS- | C] () -- C:\winx.ld
[2010/09/18 21:48:16 | 000,001,082 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/09/15 10:23:19 | 000,524,288 | -HS- | C] () -- C:\Users\Paul\NTUSER.DAT{d60bb206-c0aa-11df-9b71-80f77cd3c1fd}.TMContainer00000000000000000002.regtrans-ms
[2010/09/15 10:23:19 | 000,524,288 | -HS- | C] () -- C:\Users\Paul\NTUSER.DAT{d60bb206-c0aa-11df-9b71-80f77cd3c1fd}.TMContainer00000000000000000001.regtrans-ms
[2010/09/15 10:23:19 | 000,065,536 | -HS- | C] () -- C:\Users\Paul\NTUSER.DAT{d60bb206-c0aa-11df-9b71-80f77cd3c1fd}.TM.blf
[2010/09/12 18:27:18 | 301,584,414 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/08 17:36:01 | 008,392,608 | ---- | C] () -- C:\Users\Paul\Desktop\500 miles (Hedy West Cover).mp3
[2010/09/06 13:42:51 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532429788-1010218452-2909568879-1001UA.job
[2010/09/06 13:42:50 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532429788-1010218452-2909568879-1001Core.job
[2010/09/02 11:26:01 | 000,001,065 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DigiGuide TV Guide.lnk
[2010/08/04 01:55:18 | 000,071,096 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2010/08/04 01:21:16 | 000,523,968 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2010/08/04 01:14:28 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 07:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/07/27 05:54:44 | 000,022,053 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/07/24 19:07:05 | 000,524,288 | -HS- | C] () -- C:\Users\Paul\NTUSER.DAT{3c30226a-974e-11df-895b-00e04d9f092a}.TMContainer00000000000000000002.regtrans-ms
[2010/07/24 19:07:05 | 000,524,288 | -HS- | C] () -- C:\Users\Paul\NTUSER.DAT{3c30226a-974e-11df-895b-00e04d9f092a}.TMContainer00000000000000000001.regtrans-ms
[2010/07/24 19:07:05 | 000,065,536 | -HS- | C] () -- C:\Users\Paul\NTUSER.DAT{3c30226a-974e-11df-895b-00e04d9f092a}.TM.blf
[2010/07/23 10:16:03 | 000,000,551 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\AutoGK.ini
[2010/07/16 15:29:36 | 000,147,425 | ---- | C] () -- C:\Windows\System32\SYNSOACC-Aide.chm
[2010/07/16 15:29:36 | 000,120,468 | ---- | C] () -- C:\Windows\System32\SYNSOACC-Hilfe.chm
[2010/07/16 15:29:36 | 000,114,279 | ---- | C] () -- C:\Windows\System32\SYNSOACC-Help.chm
[2010/07/15 23:38:54 | 000,000,826 | ---- | C] () -- C:\Users\Paul\Desktop\Documents on Paul's HTC HD2.LNK
[2010/07/14 11:05:32 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/03/17 16:22:57 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/17 16:22:57 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/03/16 15:29:24 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/01 15:55:30 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2010/02/28 23:59:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/27 12:57:53 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

========== LOP Check ==========

[2010/05/04 15:14:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\.BitTornado
[2010/09/22 09:13:21 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Amazon
[2010/07/16 16:04:08 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Cakewalk
[2010/04/06 16:29:13 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Canon
[2010/03/02 16:20:43 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\CD-LabelPrint
[2010/03/18 15:47:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/27 13:26:19 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DAEMON Tools Lite
[2010/09/23 18:18:52 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FileZilla
[2010/03/01 15:55:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Final Draft
[2010/05/13 12:09:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ImgBurn
[2010/02/27 18:01:26 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Leadertech
[2010/07/23 22:43:45 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MPEG Streamclip
[2010/03/02 15:27:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Quark
[2010/06/09 16:27:41 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Spotify
[2010/07/16 16:00:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Steinberg
[2010/09/28 11:39:54 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\uTorrent
[2010/05/20 14:56:44 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\YoudaGames
[2010/08/15 12:47:53 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

Extras.Txt

OTL Extras logfile created on: 28/09/2010 11:39:43 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Paul\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 53.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 35.95 Gb Free Space | 12.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 40.44 Gb Free Space | 17.36% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAUL-PC
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3532429788-1010218452-2909568879-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F6CA293-60B5-422E-80A6-C765B7BFA6D5}" = Google Apps Sync™ for Microsoft Outlook® 1.9.449.1159
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{33691AFF-9ABF-4278-BDB6-902EE07D9237}" = Native Instruments Guitar Rig 3
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64522D5F-4743-4939-8E22-B1878FB68772}" = M-Audio FireWire Driver 6.0.1 (x86)
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{987946DE-D6BC-4703-B178-1649CEE2CF93}" = Creative Prodikeys PC-MIDI
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D5EA1755-1899-4380-A4BA-83840648CBDA}" = Valued Opinions Application
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AviSynth" = AviSynth 2.5
"Cakewalk Beatscape 1.0.2_is1" = Beatscape 1.0.2
"Cakewalk Beatscape_is1" = Beatscape 1.0
"Cakewalk Dimension Pro_is1" = Dimension Pro 1.2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DigiGuide TV Guide" = DigiGuide TV Guide
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DreamStation DXi2" = DreamStation DXi2
"DVD43_is1" = DVD43 v4.6.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"FileZilla Client" = FileZilla Client 3.3.2
"GoldWave v5.57" = GoldWave v5.57
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Service Center" = Native Instruments Service Center
"PeerGuardian_is1" = PeerGuardian 2.0
"SONAR8Producer_is1" = SONAR 8.0 Producer Edition
"Spotify" = Spotify
"Steinberg Groove Agent 2" = Steinberg Groove Agent 2
"Steinberg Groove Agent 2 v2.0.0.28" = Steinberg Groove Agent 2 v2.0.0.28
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"SysInfo" = Creative System Information
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.16
"VLC media player" = VLC media player 1.1.4
"WinRAR archiver" = WinRAR archiver
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3532429788-1010218452-2909568879-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/09/2010 04:18:25 | Computer Name = Paul-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 28/09/2010 04:18:25 | Computer Name = Paul-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 28/09/2010 04:18:25 | Computer Name = Paul-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 28/09/2010 04:30:49 | Computer Name = Paul-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 28/09/2010 04:30:49 | Computer Name = Paul-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 28/09/2010 04:30:49 | Computer Name = Paul-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 28/09/2010 04:30:49 | Computer Name = Paul-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 28/09/2010 04:30:49 | Computer Name = Paul-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 28/09/2010 04:30:49 | Computer Name = Paul-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 28/09/2010 04:30:49 | Computer Name = Paul-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 16/06/2010 05:08:44 | Computer Name = Paul-PC | Source = MCUpdate | ID = 0
Description = 10:08:44 - Error connecting to the internet. 10:08:44 - Unable
to contact server..

Error - 16/06/2010 05:08:54 | Computer Name = Paul-PC | Source = MCUpdate | ID = 0
Description = 10:08:49 - Error connecting to the internet. 10:08:49 - Unable
to contact server..

Error - 16/06/2010 06:09:04 | Computer Name = Paul-PC | Source = MCUpdate | ID = 0
Description = 11:09:04 - Error connecting to the internet. 11:09:04 - Unable
to contact server..

Error - 16/06/2010 06:09:14 | Computer Name = Paul-PC | Source = MCUpdate | ID = 0
Description = 11:09:10 - Error connecting to the internet. 11:09:10 - Unable
to contact server..

Error - 16/06/2010 07:09:22 | Computer Name = Paul-PC | Source = MCUpdate | ID = 0
Description = 12:09:22 - Error connecting to the internet. 12:09:22 - Unable
to contact server..

Error - 16/06/2010 07:09:28 | Computer Name = Paul-PC | Source = MCUpdate | ID = 0
Description = 12:09:27 - Error connecting to the internet. 12:09:27 - Unable
to contact server..

Error - 17/06/2010 10:16:33 | Computer Name = Paul-PC | Source = MCUpdate | ID = 0
Description = 15:16:33 - Error connecting to the internet. 15:16:33 - Unable
to contact server..

Error - 17/06/2010 10:16:42 | Computer Name = Paul-PC | Source = MCUpdate | ID = 0
Description = 15:16:38 - Error connecting to the internet. 15:16:38 - Unable
to contact server..

Error - 17/06/2010 13:56:15 | Computer Name = Paul-PC | Source = MCUpdate | ID = 0
Description = 18:56:15 - Error connecting to the internet. 18:56:15 - Unable
to contact server..

Error - 17/06/2010 13:56:27 | Computer Name = Paul-PC | Source = MCUpdate | ID = 0
Description = 18:56:20 - Error connecting to the internet. 18:56:20 - Unable
to contact server..

[ OSession Events ]
Error - 03/03/2010 10:30:52 | Computer Name = Paul-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 92
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16/03/2010 22:22:24 | Computer Name = Paul-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1057
seconds with 0 seconds of active time. This session ended with a crash.

Error - 20/06/2010 17:47:14 | Computer Name = Paul-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4575
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28/09/2010 06:38:14 | Computer Name = Paul-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 28/09/2010 06:39:14 | Computer Name = Paul-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 28/09/2010 06:39:14 | Computer Name = Paul-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 28/09/2010 06:39:14 | Computer Name = Paul-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\DR0.

Error - 28/09/2010 06:39:21 | Computer Name = Paul-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 28/09/2010 06:39:22 | Computer Name = Paul-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 28/09/2010 06:39:22 | Computer Name = Paul-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 28/09/2010 06:39:22 | Computer Name = Paul-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\DR0.

Error - 28/09/2010 06:39:55 | Computer Name = Paul-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 28/09/2010 06:39:55 | Computer Name = Paul-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.


< End of report >

RKU Log


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #3
==============================================
>Drivers
==============================================
0x9E83F000 C:\Windows\system32\DRIVERS\lvuvc.sys 6836224 bytes (Logitech Inc., Logitech USB Video Class Driver)
0x9203E000 C:\Windows\system32\DRIVERS\atikmdag.sys 6422528 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82C3F000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82C3F000 PnpManager 4259840 bytes
0x82C3F000 RAW 4259840 bytes
0x82C3F000 WMIxWDM 4259840 bytes
0x97CB0000 Win32k 2400256 bytes
0x97CB0000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8BE2C000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8BA9E000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8B822000 PCI_PNP3191 995328 bytes
0x8B822000 C:\Windows\System32\Drivers\spca.sys 995328 bytes
0x8B822000 sptd 995328 bytes
0x9265E000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8BC83000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8326E000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0x9912F000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9EF3F000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83319000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x91467000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8BC0F000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8C11B000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA0A83000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x9754E000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xA0A34000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x97F40000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9279C000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x83398000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8B944000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x974EF000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8322C000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x91406000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8BFAF000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8BD3A000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9EED8000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x91588000 C:\Windows\System32\Drivers\a6vf2mcq.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x91523000 C:\Windows\system32\DRIVERS\atikmpag.sys 233472 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x92715000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x82C08000 ACPI_HAL 225280 bytes
0x82C08000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8BA59000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9749F000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8BDCA000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8C175000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8BF75000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xA0B10000 C:\Windows\System32\Drivers\RDPWD.SYS 200704 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x9759E000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x9901B000 C:\Windows\system32\DRIVERS\mafw.sys 188416 bytes (Avid Technology, Inc., M-Audio Delta FW Audio Driver (WDM))
0x8BD9D000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x9155C000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x8BBCD000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8B99F000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8B91E000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8C00A000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8BD78000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0xA0AD4000 C:\Windows\System32\drivers\rdpdr.sys 151552 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x9276D000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x8BA2D000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9E800000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x97411000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x991D0000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x914F1000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C09A000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA0B46000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8C061000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9274E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8C1AE000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x97F90000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x990E2000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x9E823000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8C1DB000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x990FD000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x9EFC4000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x975CD000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x914CB000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x915D3000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x97433000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9744B000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x97462000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8C0F9000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x99083000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x99061000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8B800000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x9EEC4000 C:\Windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x990A5000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8BA00000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9EF2C000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8BA13000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x915C1000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x9EFDD000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x9EFEF000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x91512000 C:\Windows\system32\DRIVERS\amdppm.sys 69632 bytes (Microsoft Corporation, Processor Device Driver)
0x8BE18000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8C02F000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8BA8D000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9753D000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8B9C9000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x83213000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x9EF1C000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8BE00000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x833E3000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8B9DA000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x927E7000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x914E3000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x974D3000 C:\Windows\system32\DRIVERS\cledx.sys 57344 bytes (Team H2O, Team H2O CLEDX DevWhore)
0x8C1CD000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C0EB000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8B9F1000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8BC6C000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x974E1000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8338A000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x92029000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x975E6000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x97483000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x97490000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0x99054000 C:\Windows\system32\DRIVERS\RNDISMPX.SYS 53248 bytes (Microsoft Corporation, Remote NDIS Miniport)
0x991F1000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xA0B03000 C:\Windows\System32\DRIVERS\tssecsrv.sys 53248 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8C0BB000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x990BF000 C:\Windows\system32\DRIVERS\CtPmFilt.sys 49152 bytes (Creative Technology Ltd, Creative Prodikeys PC-MIDI Filter Driver)
0x9145B000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x990CB000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8C08E000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x975F3000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x92000000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x9909A000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x83208000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0x99078000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x990D7000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8C0E0000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x915EB000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8C110000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x92015000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8B994000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x915F6000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x97533000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0x91451000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x91447000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x97479000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0x991C6000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x9200B000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0xA0AF9000 C:\Windows\system32\drivers\tdtcp.sys 40960 bytes (Microsoft Corporation, TCP Transport Driver)
0x92792000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8BA50000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x8B816000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x97400000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8BC7A000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA0B72000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x97F10000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x99049000 C:\Windows\system32\DRIVERS\usb8023x.sys 36864 bytes (Microsoft Corporation, Remote NDIS USB Driver)
0x8BFA6000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x92020000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8B915000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x83224000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8BE10000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BC4000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8B98C000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C0C8000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C0D0000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8C0D8000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8BFEE000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C087000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x990B8000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8C080000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8B9EA000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8C1A7000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x927F6000 C:\Windows\System32\DRIVERS\dvd43llh.sys 20480 bytes (RIF, dvd43llh.sys)
0xA0B41000 C:\Windows\system32\Drivers\LVPr2Mon.sys 20480 bytes (-, -)
0x9749D000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x99052000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x855411F8 unknown_irp_handler 3592 bytes
0x8553F1F8 unknown_irp_handler 3592 bytes
0x8726F1F8 unknown_irp_handler 3592 bytes
0x855401F8 unknown_irp_handler 3592 bytes
0x869911F8 unknown_irp_handler 3592 bytes
0x8689D1F8 unknown_irp_handler 3592 bytes
0x868611F8 unknown_irp_handler 3592 bytes
0x8553D1F8 unknown_irp_handler 3592 bytes
0x8689E1F8 unknown_irp_handler 3592 bytes
0x87AC01F8 unknown_irp_handler 3592 bytes
0x8676C500 unknown_irp_handler 2816 bytes
0x869E8500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:31 AM

Posted 28 September 2010 - 05:59 AM

I see indeed a few disk errors, so lets concentrate on that first.

Click Start > Programs > Accessories and right click on "Command Prompt". Select Run as Administrator.

Type chkdsk /r at the command prompt and press enter. When asked to schedule the check for next reboot, type Y and press enter.

Now restart your computer and let the disk check run unhindered. Note - this may take some time. When done, let me know if you see any improvement.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 phoenix64

phoenix64
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 29 September 2010 - 04:54 AM

Hello Elise,

Thanks again for your help. Have run chkdsk and the computer does seem to be improved. Am still having a few hangs but nowhere near as long as before. Will see how it progresses.

Just in case I have run the OTL and RHU logs again, here they are:

OTL.Txt


OTL logfile created on: 29/09/2010 10:45:39 - Run 3
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Paul\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 35.42 Gb Free Space | 11.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 40.38 Gb Free Space | 17.34% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAUL-PC
Current User Name: Paul
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/29 10:45:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2010/09/21 06:40:50 | 000,977,976 | ---- | M] (Google Inc.) -- C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/09/02 11:26:00 | 000,390,192 | ---- | M] () -- C:\Program Files\DigiGuide TV Guide\DigiGuide.exe
PRC - [2010/09/01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/04 01:51:38 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/06/11 14:42:00 | 012,979,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2010/04/29 09:43:12 | 000,321,328 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/04/15 21:38:33 | 000,049,792 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlservice.exe
PRC - [2010/04/15 21:38:31 | 001,860,736 | ---- | M] (TMRG, Inc.) -- C:\Program Files\RelevantKnowledge\rlvknlg.exe
PRC - [2009/12/30 11:03:52 | 000,031,232 | ---- | M] () -- C:\Users\Paul\AppData\Local\Valued Opinions\PanelApp\PanelApp.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/29 15:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\MAFWTray.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/04/09 04:11:56 | 000,009,216 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Prodikeys PC-MIDI\PCMIDI Drivers\CtPmNtfy.exe
PRC - [2005/09/06 17:56:44 | 000,450,560 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe


========== Modules (SafeList) ==========

MOD - [2010/09/29 10:45:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
MOD - [2009/07/14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/16 07:15:05 | 000,804,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010/04/15 21:38:33 | 000,049,792 | ---- | M] (TMRG, Inc.) [Auto | Running] -- C:\Program Files\RelevantKnowledge\rlservice.exe -- (RelevantKnowledge)
SRV - [2010/03/29 17:15:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 17:17:19 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/30 11:20:16 | 000,091,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Valued Opinions\PanelApp\PanelSvc.exe -- (PanelSvc)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Paul\Desktop\Everything JungleFlasher 03.20.2010\JungleFlasher\Program\JungleFlasher v0.1.73 Beta (108)\portio32.sys -- (PORTIO)
DRV - [2010/08/04 02:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/08/04 02:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/04 01:15:30 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/07/27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2010/07/27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/23 10:32:45 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/02/27 12:57:53 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/29 15:28:18 | 000,192,392 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mafw.sys -- (MAFW)
DRV - [2009/07/14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009/07/14 00:51:27 | 000,046,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2009/07/14 00:51:27 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2009/07/14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/14 00:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/08 07:57:40 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2009/03/02 00:05:32 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2008/04/15 13:11:36 | 000,025,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtPmFilt.sys -- (CtPmFilt)
DRV - [2007/06/02 15:59:42 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cledx.sys -- (CLEDX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en&source=iglk
IE - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F1 27 47 26 0F B7 CA 01 [binary data]
IE - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge [2010/09/29 09:38:19 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/03/01 17:47:36 | 000,001,364 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTHotKeys] C:\Program Files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CtPmNtfy] C:\Program Files\Creative\Prodikeys PC-MIDI\PCMIDI Drivers\Ctpmntfy.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\MAFWTray.exe (Avid Technology, Inc.)
O4 - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001..\Run: [PanelApp] C:\Users\Paul\AppData\Local\Valued Opinions\PanelApp\PanelApp.exe ()
O4 - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DigiGuide TV Guide.lnk = C:\Program Files\DigiGuide TV Guide\Client.exe (GipsyMedia Limited)
O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3532429788-1010218452-2909568879-1001\..Trusted Domains: nationet.com ([olb2] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/02/25 15:19:10 | 000,000,000 | ---- | M] () - C:\AutoRun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/02/25 15:19:10 | 000,000,000 | ---- | M] () - G:\AutoRun.inf -- [ NTFS ]
O33 - MountPoints2\{3a9dfbd6-239a-11df-b45a-00e04d9f092a}\Shell - "" = AutoRun
O33 - MountPoints2\{3a9dfbd6-239a-11df-b45a-00e04d9f092a}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{3c3022a2-974e-11df-895b-00e04d9f092a}\Shell - "" = AutoRun
O33 - MountPoints2\{3c3022a2-974e-11df-895b-00e04d9f092a}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{69de345c-a497-11df-8eb0-00e04d9f092a}\Shell - "" = AutoRun
O33 - MountPoints2\{69de345c-a497-11df-8eb0-00e04d9f092a}\Shell\AutoRun\command - "" = E:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{9d8d4b93-67f2-11df-9ff2-00e04d9f092a}\Shell - "" = AutoRun
O33 - MountPoints2\{9d8d4b93-67f2-11df-9ff2-00e04d9f092a}\Shell\AutoRun\command - "" = D:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{af8ea326-7ab5-11df-9b7a-00e04d9f092a}\Shell - "" = AutoRun
O33 - MountPoints2\{af8ea326-7ab5-11df-9b7a-00e04d9f092a}\Shell\AutoRun\command - "" = E:\Password.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/29 10:45:23 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2010/09/25 11:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
[2010/09/24 09:05:44 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Microsoft Games
[2010/09/22 09:13:21 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Amazon
[2010/09/22 09:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2010/09/20 16:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/20 09:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/15 15:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/09/15 15:44:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/09/13 09:55:32 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2010/09/13 09:55:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/13 09:55:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/13 09:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/13 09:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/02 11:25:59 | 000,000,000 | ---D | C] -- C:\Program Files\DigiGuide TV Guide
[2010/09/02 10:36:38 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\SightSpeed Recordings
[2010/09/02 10:36:38 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\LogiShrd
[2010/09/02 10:32:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\logishrd
[2010/09/02 10:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/09/02 10:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2010/08/30 20:33:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\rar1
[2010/08/29 21:16:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\vlc
[2010/08/18 19:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/08/10 17:47:15 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/08/10 17:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/04 01:50:08 | 000,159,744 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2010/08/04 01:49:52 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2010/08/04 01:49:42 | 000,278,528 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2010/08/04 01:49:36 | 000,011,776 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2010/08/04 01:49:28 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2010/08/04 01:23:44 | 000,065,536 | ---- | C] (AMD) -- C:\Windows\System32\coinst.dll
[2010/07/24 12:33:41 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\AccurateRip
[2010/07/24 12:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Exact Audio Copy
[2010/07/23 22:43:45 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\MPEG Streamclip
[2010/07/23 10:32:45 | 000,018,816 | ---- | C] (RIF) -- C:\Windows\System32\drivers\dvd43llh.sys
[2010/07/23 10:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\dvd43
[2010/07/23 10:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\RelevantKnowledge
[2010/07/23 10:20:40 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Media Player Classic
[2010/07/23 10:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\XviD
[2010/07/23 10:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/07/16 16:00:35 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Steinberg
[2010/07/16 15:54:18 | 000,033,792 | ---- | C] (Team H2O) -- C:\Windows\System32\drivers\cledx.sys
[2010/07/16 15:53:34 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010/07/16 15:29:36 | 000,016,896 | ---- | C] (Syncrosoft GmbH) -- C:\Windows\System32\drivers\synasUSB.sys
[2010/07/16 15:29:14 | 000,045,056 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\System32\Synsopos.exe
[2010/07/16 15:29:13 | 000,704,512 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\System32\SYNSOACC.dll
[2010/07/16 15:29:13 | 000,147,456 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Windows\System32\SynsoLChk.dll
[2010/07/16 15:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Syncrosoft
[2010/07/15 23:38:54 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Documents on Paul's HTC HD2
[2010/07/14 15:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\GoldWave
[2010/07/14 15:39:37 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2010/07/14 12:39:00 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\Rex Shared Library.dll
[2010/07/14 11:17:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E0C041D8-7EFB-4E8C-A20F-651F5AD0B7C1}
[2010/07/14 11:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2010/07/14 11:17:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
[2010/07/14 11:09:20 | 000,000,000 | ---D | C] -- C:\Users\Paul\TruePianos Settings
[2010/07/14 11:09:00 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Cakewalk
[2010/07/14 11:09:00 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Cakewalk
[2010/07/14 11:08:11 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\Native Instruments
[2010/07/14 11:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2010/07/14 11:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2010/07/14 11:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Identities
[2010/07/14 11:01:58 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll
[2010/07/14 11:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Cakewalk
[2010/07/14 11:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2010/07/14 10:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 5

========== Files - Modified Within 90 Days ==========

[2010/09/29 10:45:48 | 005,242,880 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT
[2010/09/29 10:45:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2010/09/29 10:18:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/29 09:47:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532429788-1010218452-2909568879-1001UA.job
[2010/09/29 09:10:45 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/29 09:10:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/29 09:10:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/29 09:10:26 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/28 21:41:02 | 001,220,036 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/28 21:41:02 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/28 21:41:02 | 000,400,534 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2010/09/28 21:41:02 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2010/09/28 21:41:02 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/28 21:40:53 | 001,946,801 | -H-- | M] () -- C:\Users\Paul\AppData\Local\IconCache.db
[2010/09/27 19:46:11 | 000,061,952 | ---- | M] () -- C:\Users\Paul\Desktop\Budget.xls
[2010/09/27 14:58:42 | 301,584,414 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/27 10:44:00 | 000,022,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/27 10:44:00 | 000,022,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/26 12:29:27 | 000,032,653 | ---- | M] () -- C:\Users\Paul\Desktop\falling_down_ver2.gp5
[2010/09/25 11:53:17 | 000,001,411 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/24 13:53:12 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532429788-1010218452-2909568879-1001Core.job
[2010/09/23 09:32:06 | 000,203,836 | RHS- | M] () -- C:\grldr
[2010/09/23 09:32:06 | 000,000,000 | RHS- | M] () -- C:\winx.ld
[2010/09/20 17:09:37 | 002,357,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/20 16:13:59 | 000,118,384 | ---- | M] () -- C:\Users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/18 21:48:16 | 000,001,082 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/09/15 10:24:02 | 000,065,536 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{d60bb206-c0aa-11df-9b71-80f77cd3c1fd}.TM.blf
[2010/09/15 10:24:01 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{d60bb206-c0aa-11df-9b71-80f77cd3c1fd}.TMContainer00000000000000000002.regtrans-ms
[2010/09/15 10:24:01 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{d60bb206-c0aa-11df-9b71-80f77cd3c1fd}.TMContainer00000000000000000001.regtrans-ms
[2010/09/14 11:54:12 | 000,000,009 | ---- | M] () -- C:\7Loader.TAG
[2010/09/08 17:36:11 | 008,392,608 | ---- | M] () -- C:\Users\Paul\Desktop\500 miles (Hedy West Cover).mp3
[2010/09/02 11:26:01 | 000,001,065 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DigiGuide TV Guide.lnk
[2010/09/01 00:36:52 | 000,072,533 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2010/08/04 01:55:18 | 000,071,096 | ---- | M] () -- C:\Windows\System32\atiapfxx.blb
[2010/08/04 01:51:38 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
[2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2010/08/04 01:50:08 | 000,159,744 | ---- | M] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2010/08/04 01:49:52 | 000,356,352 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\atipdlxx.dll
[2010/08/04 01:49:42 | 000,278,528 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\Oemdspif.dll
[2010/08/04 01:49:36 | 000,011,776 | ---- | M] (AMD) -- C:\Windows\System32\atimuixx.dll
[2010/08/04 01:49:28 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\System32\ati2edxx.dll
[2010/08/04 01:23:44 | 000,065,536 | ---- | M] (AMD) -- C:\Windows\System32\coinst.dll
[2010/08/04 01:21:16 | 000,523,968 | ---- | M] () -- C:\Windows\System32\atiumdva.cap
[2010/08/04 01:14:28 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
[2010/07/27 08:03:20 | 010,829,656 | ---- | M] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | M] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | M] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 07:56:04 | 000,090,411 | ---- | M] () -- C:\Windows\System32\lvcoinst.ini
[2010/07/27 05:54:44 | 000,022,053 | ---- | M] () -- C:\Windows\atiogl.xml
[2010/07/25 10:49:29 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{3c30226a-974e-11df-895b-00e04d9f092a}.TMContainer00000000000000000002.regtrans-ms
[2010/07/25 10:49:29 | 000,524,288 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{3c30226a-974e-11df-895b-00e04d9f092a}.TMContainer00000000000000000001.regtrans-ms
[2010/07/25 10:49:29 | 000,065,536 | -HS- | M] () -- C:\Users\Paul\NTUSER.DAT{3c30226a-974e-11df-895b-00e04d9f092a}.TM.blf
[2010/07/23 10:32:45 | 000,018,816 | ---- | M] (RIF) -- C:\Windows\System32\drivers\dvd43llh.sys
[2010/07/23 10:28:37 | 000,000,551 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\AutoGK.ini
[2010/07/15 23:38:54 | 000,000,826 | ---- | M] () -- C:\Users\Paul\Desktop\Documents on Paul's HTC HD2.LNK
[2010/07/14 11:05:32 | 000,118,784 | ---- | M] () -- C:\Windows\dsdxirmv.exe

========== Files Created - No Company Name ==========

[2010/09/26 12:29:27 | 000,032,653 | ---- | C] () -- C:\Users\Paul\Desktop\falling_down_ver2.gp5
[2010/09/25 11:25:41 | 000,072,533 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/09/24 13:50:50 | 204,942,976 | R--- | C] () -- C:\Users\Paul\Desktop\Documentary - Stanley Kubrick - Dark Side of the Moon.avi
[2010/09/23 09:32:06 | 000,203,836 | RHS- | C] () -- C:\grldr
[2010/09/23 09:32:06 | 000,000,000 | RHS- | C] () -- C:\winx.ld
[2010/09/18 21:48:16 | 000,001,082 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/09/15 10:23:19 | 000,524,288 | -HS- | C] () -- C:\Users\Paul\NTUSER.DAT{d60bb206-c0aa-11df-9b71-80f77cd3c1fd}.TMContainer00000000000000000002.regtrans-ms
[2010/09/15 10:23:19 | 000,524,288 | -HS- | C] () -- C:\Users\Paul\NTUSER.DAT{d60bb206-c0aa-11df-9b71-80f77cd3c1fd}.TMContainer00000000000000000001.regtrans-ms
[2010/09/15 10:23:19 | 000,065,536 | -HS- | C] () -- C:\Users\Paul\NTUSER.DAT{d60bb206-c0aa-11df-9b71-80f77cd3c1fd}.TM.blf
[2010/09/12 18:27:18 | 301,584,414 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/09/08 17:36:01 | 008,392,608 | ---- | C] () -- C:\Users\Paul\Desktop\500 miles (Hedy West Cover).mp3
[2010/09/06 13:42:51 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532429788-1010218452-2909568879-1001UA.job
[2010/09/06 13:42:50 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3532429788-1010218452-2909568879-1001Core.job
[2010/09/02 11:26:01 | 000,001,065 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DigiGuide TV Guide.lnk
[2010/08/04 01:55:18 | 000,071,096 | ---- | C] () -- C:\Windows\System32\atiapfxx.blb
[2010/08/04 01:21:16 | 000,523,968 | ---- | C] () -- C:\Windows\System32\atiumdva.cap
[2010/08/04 01:14:28 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/07/27 07:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/07/27 05:54:44 | 000,022,053 | ---- | C] () -- C:\Windows\atiogl.xml
[2010/07/24 19:07:05 | 000,524,288 | -HS- | C] () -- C:\Users\Paul\NTUSER.DAT{3c30226a-974e-11df-895b-00e04d9f092a}.TMContainer00000000000000000002.regtrans-ms
[2010/07/24 19:07:05 | 000,524,288 | -HS- | C] () -- C:\Users\Paul\NTUSER.DAT{3c30226a-974e-11df-895b-00e04d9f092a}.TMContainer00000000000000000001.regtrans-ms
[2010/07/24 19:07:05 | 000,065,536 | -HS- | C] () -- C:\Users\Paul\NTUSER.DAT{3c30226a-974e-11df-895b-00e04d9f092a}.TM.blf
[2010/07/23 10:16:03 | 000,000,551 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\AutoGK.ini
[2010/07/16 15:29:36 | 000,147,425 | ---- | C] () -- C:\Windows\System32\SYNSOACC-Aide.chm
[2010/07/16 15:29:36 | 000,120,468 | ---- | C] () -- C:\Windows\System32\SYNSOACC-Hilfe.chm
[2010/07/16 15:29:36 | 000,114,279 | ---- | C] () -- C:\Windows\System32\SYNSOACC-Help.chm
[2010/07/15 23:38:54 | 000,000,826 | ---- | C] () -- C:\Users\Paul\Desktop\Documents on Paul's HTC HD2.LNK
[2010/07/14 11:05:32 | 000,118,784 | ---- | C] () -- C:\Windows\dsdxirmv.exe
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/03/17 16:22:57 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/17 16:22:57 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/03/16 15:29:24 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/01 15:55:30 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2010/02/28 23:59:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/27 12:57:53 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

========== LOP Check ==========

[2010/05/04 15:14:02 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\.BitTornado
[2010/09/22 09:13:21 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Amazon
[2010/07/16 16:04:08 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Cakewalk
[2010/04/06 16:29:13 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Canon
[2010/03/02 16:20:43 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\CD-LabelPrint
[2010/03/18 15:47:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/27 13:26:19 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DAEMON Tools Lite
[2010/09/23 18:18:52 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FileZilla
[2010/03/01 15:55:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Final Draft
[2010/05/13 12:09:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ImgBurn
[2010/02/27 18:01:26 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Leadertech
[2010/07/23 22:43:45 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\MPEG Streamclip
[2010/03/02 15:27:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Quark
[2010/06/09 16:27:41 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Spotify
[2010/07/16 16:00:35 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Steinberg
[2010/09/29 10:45:46 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\uTorrent
[2010/05/20 14:56:44 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\YoudaGames
[2010/08/15 12:47:53 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

RKU Log


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #3
==============================================
>Drivers
==============================================
0x81E18000 C:\Windows\system32\DRIVERS\lvuvc.sys 6836224 bytes (Logitech Inc., Logitech USB Video Class Driver)
0x9203C000 C:\Windows\system32\DRIVERS\atikmdag.sys 6422528 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82C15000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82C15000 PnpManager 4259840 bytes
0x82C15000 RAW 4259840 bytes
0x82C15000 WMIxWDM 4259840 bytes
0x98AA0000 Win32k 2400256 bytes
0x98AA0000 C:\Windows\System32\win32k.sys 2400256 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8BE33000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8BA9D000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x8B81B000 PCI_PNP9992 995328 bytes
0x8B81B000 sptd 995328 bytes
0x8B81B000 C:\Windows\System32\Drivers\spuj.sys 995328 bytes
0x9265C000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8BCA1000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8327C000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xA403A000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA0226000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x83327000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x9191E000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8BC2D000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8C17C000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA4158000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
0x96A8D000 C:\Windows\system32\drivers\HdAudio.sys 327680 bytes (Microsoft Corporation, High Definition Audio Function Driver)
0xA4109000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x98D30000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9279A000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x833A6000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8B93D000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x96A2E000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8323A000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x918BD000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8BFB6000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8BD58000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA02F9000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x9163D000 C:\Windows\system32\DRIVERS\atikmpag.sys 233472 bytes (Advanced Micro Devices, Inc., AMD multi-vendor Miniport Driver)
0x916A2000 C:\Windows\System32\Drivers\aw646wxx.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x92713000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83025000 ACPI_HAL 225280 bytes
0x83025000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8BA58000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9179C000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x8C028000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x9181A000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8BF7C000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xA4000000 C:\Windows\System32\Drivers\RDPWD.SYS 200704 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x96ADD000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x96B25000 C:\Windows\system32\DRIVERS\mafw.sys 188416 bytes (Avid Technology, Inc., M-Audio Delta FW Audio Driver (WDM))
0x8BE00000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x91676000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x8BBCC000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8B998000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8B917000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8C06B000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8BD96000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0xA41AE000 C:\Windows\System32\drivers\rdpdr.sys 151552 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x9276B000 C:\Windows\system32\DRIVERS\Rt86win7.sys 151552 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver )
0x8BA2C000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA02D6000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x91710000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA40DB000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x919A8000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C0FB000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x8C0C2000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9274C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x91853000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x98D80000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x82548000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA0334000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x91880000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver)
0x82563000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA02AB000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x96B0C000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x91982000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x916ED000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x91732000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9174A000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x91761000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8C15A000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x96B6C000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x96B53000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 94208 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x8B800000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x8249D000 C:\Windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x96B8E000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8BA00000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8258D000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9189A000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x916DB000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0xA02C4000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0xA0367000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x919C9000 C:\Windows\system32\DRIVERS\amdppm.sys 69632 bytes (Microsoft Corporation, Processor Device Driver)
0x8C05A000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8252C000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8BA8C000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x96A7C000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8B9C2000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x83221000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8257D000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8BDBB000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x918AD000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8B9D3000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x927E5000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x9199A000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x917D0000 C:\Windows\system32\DRIVERS\cledx.sys 57344 bytes (Team H2O, Team H2O CLEDX DevWhore)
0x91872000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C14C000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8B9EA000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8BC8A000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x917DE000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x83398000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x92029000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8250B000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x91782000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x9178F000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xA40FC000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xA41DD000 C:\Windows\System32\DRIVERS\tssecsrv.sys 53248 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8C11C000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x96BA8000 C:\Windows\system32\DRIVERS\CtPmFilt.sys 49152 bytes (Creative Technology Ltd, Creative Prodikeys PC-MIDI Filter Driver)
0x91912000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x824F5000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8C0EF000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x82518000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x92000000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0x96B83000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x83216000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0x8253D000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x96BB4000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8C141000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x91705000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8C171000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x92015000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8B98D000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x82501000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x96A72000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)
0x91908000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x918FE000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x91778000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xA40D1000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x9200B000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0xA41D3000 C:\Windows\system32\drivers\tdtcp.sys 40960 bytes (Microsoft Corporation, TCP Transport Driver)
0x92790000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8BA4F000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x833F1000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x82523000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
0x8BC98000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xA41EA000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x98D00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8BFAD000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x92020000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8B90E000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x83232000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8BDCB000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80B9A000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8B985000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C129000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C131000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x8C139000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x8BFF5000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C0E8000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x96BA1000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8C0E1000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8B9E3000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x9184C000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x927F4000 C:\Windows\System32\DRIVERS\dvd43llh.sys 20480 bytes (RIF, dvd43llh.sys)
0xA41A9000 C:\Windows\system32\Drivers\LVPr2Mon.sys 20480 bytes (-, -)
0x92036000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x96B6A000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x855411F8 unknown_irp_handler 3592 bytes
0x8676B1F8 unknown_irp_handler 3592 bytes
0x8553F1F8 unknown_irp_handler 3592 bytes
0x874FE1F8 unknown_irp_handler 3592 bytes
0x855401F8 unknown_irp_handler 3592 bytes
0x868EE1F8 unknown_irp_handler 3592 bytes
0x868111F8 unknown_irp_handler 3592 bytes
0x8553D1F8 unknown_irp_handler 3592 bytes
0x868ED1F8 unknown_irp_handler 3592 bytes
0x868E9500 unknown_irp_handler 2816 bytes
0x86956500 unknown_irp_handler 2816 bytes
0x85575500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:31 AM

Posted 29 September 2010 - 07:24 AM

To be sure lets also check for malware.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 phoenix64

phoenix64
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 29 September 2010 - 02:21 PM

Hi Elise,

Here's the log, if you could let me know what it means that would be great smile.gif

Thanks.

ComboFix 10-09-28.03 - Paul 29/09/2010 20:01:59.1.3 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2481 [GMT 1:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\AutoRun.inf
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\MSVCP71.DLL
c:\program files\RelevantKnowledge\MSVCR71.DLL
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlls64.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlvknlg64.exe
c:\program files\RelevantKnowledge\rlxf.dll
C:\server.exe
G:\AutoRun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RelevantKnowledge


((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
.

2010-09-29 08:15 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-25 10:24 . 2010-08-16 06:15 804864 ----a-w- c:\windows\system32\FntCache.dll
2010-09-25 10:24 . 2010-08-16 06:14 1076224 ----a-w- c:\windows\system32\DWrite.dll
2010-09-25 10:24 . 2010-08-16 06:14 737280 ----a-w- c:\windows\system32\d2d1.dll
2010-09-25 10:24 . 2010-08-16 06:14 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-09-25 10:24 . 2010-08-16 06:14 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2010-09-25 10:24 . 2010-05-09 09:15 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-09-25 10:24 . 2010-05-09 09:15 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-09-25 10:24 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2010-09-25 10:23 . 2010-09-25 10:23 -------- d-----w- c:\program files\Feedback Tool
2010-09-24 08:05 . 2010-09-24 08:07 -------- d-----w- c:\users\Paul\AppData\Local\Microsoft Games
2010-09-22 08:13 . 2010-09-22 08:13 -------- d-----w- c:\users\Paul\AppData\Roaming\Amazon
2010-09-22 08:12 . 2010-09-22 08:12 -------- d-----w- c:\program files\Amazon
2010-09-20 15:03 . 2010-09-20 15:03 -------- d-----w- c:\program files\Trend Micro
2010-09-20 08:33 . 2010-09-20 08:33 -------- d-----w- c:\program files\QuickTime
2010-09-15 14:45 . 2010-09-15 14:45 -------- d-----w- c:\program files\Common Files\Windows Live
2010-09-15 14:44 . 2010-09-15 14:44 -------- d-----w- c:\program files\Microsoft
2010-09-15 14:41 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-09-15 14:39 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-09-15 14:39 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-09-15 14:39 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-09-15 14:39 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-09-15 09:33 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-13 08:55 . 2010-09-13 08:55 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
2010-09-13 08:55 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-13 08:55 . 2010-09-13 08:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-13 08:55 . 2010-09-13 08:55 -------- d-----w- c:\programdata\Malwarebytes
2010-09-13 08:55 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-06 08:26 . 2010-09-20 15:13 118384 ----a-w- c:\users\Paul\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-02 10:25 . 2010-09-28 19:15 -------- d-----w- c:\program files\DigiGuide TV Guide
2010-09-02 09:36 . 2010-09-02 09:36 -------- d-----w- c:\users\Paul\AppData\Local\LogiShrd
2010-09-02 09:32 . 2010-09-29 19:07 -------- d-----w- c:\windows\system32\logishrd
2010-09-02 09:32 . 2010-09-02 09:32 -------- d-----w- c:\programdata\Logitech
2010-09-02 09:32 . 2010-09-02 09:32 -------- d-----w- c:\program files\Common Files\LWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 18:57 . 2010-02-27 12:01 -------- d-----w- c:\users\Paul\AppData\Roaming\uTorrent
2010-09-29 17:42 . 2010-04-23 10:40 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-28 20:41 . 2010-02-27 16:55 400534 ----a-w- c:\windows\system32\perfh011.dat
2010-09-28 20:41 . 2010-02-27 16:55 110208 ----a-w- c:\windows\system32\perfc011.dat
2010-09-28 08:22 . 2010-09-28 08:22 365968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{804FED62-E245-4B34-BB4F-B9DBDA9271F8}\mpasdlta.vdm
2010-09-24 08:06 . 2010-03-01 19:27 229264 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpasdlta.vdm
2010-09-23 17:18 . 2010-03-03 16:46 -------- d-----w- c:\users\Paul\AppData\Roaming\FileZilla
2010-09-20 16:28 . 2010-08-29 20:16 -------- d-----w- c:\users\Paul\AppData\Roaming\vlc
2010-09-20 08:33 . 2010-03-02 14:23 -------- d-----w- c:\programdata\Apple Computer
2010-09-17 12:54 . 2010-09-28 08:22 12300688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{804FED62-E245-4B34-BB4F-B9DBDA9271F8}\mpasbase.vdm
2010-09-17 12:54 . 2010-03-01 19:27 12300688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\Backup\mpasbase.vdm
2010-09-15 14:45 . 2010-02-27 12:28 -------- d-----w- c:\programdata\Microsoft Help
2010-09-15 14:41 . 2010-02-27 12:30 -------- d-----w- c:\program files\Microsoft.NET
2010-09-07 11:40 . 2010-05-04 14:34 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-07 11:35 . 2010-09-07 11:35 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-07 11:35 . 2010-05-04 14:33 -------- d-----w- c:\programdata\DivX
2010-09-07 11:35 . 2010-03-09 12:57 -------- d-----w- c:\program files\DivX
2010-09-07 11:35 . 2010-09-07 11:35 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-09-07 11:35 . 2010-09-07 11:35 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-09-07 11:35 . 2010-09-07 11:35 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-09-07 11:35 . 2010-09-07 11:35 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-09-07 11:34 . 2010-09-07 11:35 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-09-07 11:34 . 2010-09-07 11:34 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-07 11:34 . 2010-05-04 14:34 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-09-07 11:34 . 2010-05-04 14:34 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-09-06 08:16 . 2010-02-27 17:01 -------- d-----w- c:\program files\Logitech
2010-09-02 09:33 . 2010-02-27 13:29 -------- d-----w- c:\program files\Common Files\logishrd
2010-09-02 09:32 . 2010-09-02 09:32 53248 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-08-31 23:46 . 2010-09-25 10:25 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-08-31 23:44 . 2010-09-25 10:25 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-08-31 23:44 . 2010-09-25 10:25 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-08-31 23:43 . 2010-09-25 10:25 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-08-31 23:43 . 2010-09-25 10:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-08-31 23:43 . 2010-09-25 10:25 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-08-31 23:43 . 2010-09-25 10:25 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-08-31 23:43 . 2010-09-25 10:25 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-08-31 23:42 . 2010-09-25 10:25 51200 ----a-w- c:\windows\system32\admparse.dll
2010-08-31 23:42 . 2010-09-25 10:25 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-08-31 23:42 . 2010-09-25 10:25 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-08-31 23:42 . 2010-09-25 10:25 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-08-31 23:42 . 2010-09-25 10:25 149504 ----a-w- c:\windows\system32\wextract.exe
2010-08-31 23:42 . 2010-09-25 10:25 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-08-31 23:42 . 2010-09-25 10:25 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-08-31 23:42 . 2010-09-25 10:25 11264 ----a-w- c:\windows\system32\mshta.exe
2010-08-31 23:41 . 2010-09-25 10:25 160768 ----a-w- c:\windows\system32\msls31.dll
2010-08-18 18:05 . 2010-08-18 18:04 -------- d-----w- c:\program files\Unlocker
2010-08-10 16:47 . 2010-08-10 16:47 -------- d-----w- c:\program files\Common Files\Java
2010-08-10 16:39 . 2010-03-03 21:47 -------- d-----w- c:\program files\Java
2010-08-04 01:21 . 2010-08-04 01:21 6096384 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-08-04 00:55 . 2010-08-04 00:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-04 00:54 . 2010-08-04 00:54 519680 ----a-w- c:\windows\system32\aticfx32.dll
2010-08-04 00:52 . 2010-08-04 00:52 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-04 00:51 . 2009-08-18 02:36 380928 ----a-w- c:\windows\system32\atieclxx.exe
2010-08-04 00:51 . 2009-08-18 02:36 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-08-04 00:50 . 2010-08-04 00:50 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-08-04 00:49 . 2010-08-04 00:49 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-04 00:49 . 2009-08-18 02:11 15845888 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-04 00:49 . 2010-08-04 00:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-08-04 00:49 . 2010-08-04 00:49 11776 ----a-w- c:\windows\system32\atimuixx.dll
2010-08-04 00:49 . 2010-08-04 00:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-04 00:46 . 2009-07-13 22:09 3899392 ----a-w- c:\windows\system32\atidxx32.dll
2010-08-04 00:28 . 2009-08-18 02:20 4021760 ----a-w- c:\windows\system32\atiumdag.dll
2010-08-04 00:26 . 2010-08-04 00:26 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-04 00:25 . 2010-08-04 00:25 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-04 00:24 . 2010-08-04 00:24 4341248 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-04 00:23 . 2010-08-04 00:23 65536 ----a-w- c:\windows\system32\coinst.dll
2010-08-04 00:21 . 2009-08-18 02:05 3324416 ----a-w- c:\windows\system32\atiumdva.dll
2010-08-04 00:16 . 2009-08-18 01:52 241664 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-04 00:15 . 2010-08-04 00:15 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-08-04 00:15 . 2010-08-04 00:15 16896 ----a-w- c:\windows\system32\atigktxx.dll
2010-08-04 00:15 . 2010-08-04 00:15 214016 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-08-04 00:15 . 2010-08-04 00:15 30208 ----a-w- c:\windows\system32\atiuxpag.dll
2010-08-04 00:14 . 2010-08-04 00:14 27648 ----a-w- c:\windows\system32\atiu9pag.dll
2010-08-04 00:14 . 2010-08-04 00:14 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-08-04 00:14 . 2010-08-04 00:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-08-04 00:09 . 2010-08-04 00:09 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-04 00:09 . 2010-08-04 00:09 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-07-29 06:30 . 2010-08-12 21:51 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 21:51 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 07:14 . 2010-07-27 07:14 6842464 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-07-27 07:14 . 2010-07-27 07:14 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-07-27 07:14 . 2010-07-27 07:14 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-07-27 07:12 . 2010-07-27 07:12 282336 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-07-27 07:08 . 2010-07-27 07:08 203360 ----a-w- c:\windows\system32\lvci1311021.dll
2010-07-27 07:07 . 2010-07-27 07:07 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-07-27 07:03 . 2010-07-27 07:03 10829656 ----a-w- c:\windows\system32\LogiDPP.dll
2010-07-27 07:03 . 2010-07-27 07:03 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-07-27 07:03 . 2010-07-27 07:03 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-07-23 09:32 . 2010-07-23 09:32 18816 ----a-w- c:\windows\system32\drivers\dvd43llh.sys
2010-07-17 04:00 . 2010-06-02 16:08 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-14 10:05 . 2010-07-14 10:05 118784 ----a-w- c:\windows\dsdxirmv.exe
2010-07-07 13:50 . 2010-07-07 13:50 203360 ----a-w- c:\windows\system32\lvci1301788.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DummyIconOverlay]
@="{B8A03725-03B9-485F-BB22-E848799D4C2A}"
[HKEY_CLASSES_ROOT\CLSID\{B8A03725-03B9-485F-BB22-E848799D4C2A}]
2010-09-29 08:16 72704 ----a-w- c:\users\Paul\AppData\Local\Valued Opinions\PanelApp\pahelper_1403.2010.0728.2212.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-29 321328]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-06-02 1457152]
"PanelApp"="c:\users\Paul\AppData\Local\Valued Opinions\PanelApp\PanelApp.exe" [2009-12-30 31232]
"Google Update"="c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-06 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CTHotKeys"="c:\program files\Creative\Prodikeys PC-MIDI\HotKeysManager\HKManager.exe" [2005-09-06 450560]
"CtPmNtfy"="c:\program files\Creative\Prodikeys PC-MIDI\PCMIDI Drivers\Ctpmntfy.exe" [2008-04-09 9216]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DigiGuide TV Guide.lnk - c:\program files\DigiGuide TV Guide\Client.exe [2010-9-2 570416]
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi9"=CtPmMidi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-23 18:34 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
2005-10-22 23:00 385024 ----a-w- c:\program files\Syncrosoft\POS\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 135664]
R3 PanelSvc;PanelSvc;c:\program files\Valued Opinions\PanelApp\PanelSvc.exe [2009-12-30 91136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-02-27 691696]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 176128]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 214016]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 CtPmFilt;Creative Prodikeys PC-MIDI Filter Driver;c:\windows\system32\DRIVERS\CtPmFilt.sys [2008-04-15 25600]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\DRIVERS\mafw.sys [2009-07-29 192392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 16:08]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-02 16:08]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3532429788-1010218452-2909568879-1001Core.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 12:42]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3532429788-1010218452-2909568879-1001UA.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-06 12:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en&amp;source=iglk
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: nationet.com\olb2
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(7328)
c:\users\Paul\AppData\Local\Valued Opinions\PanelApp\pahelper_1403.2010.0728.2212.dll
c:\users\Paul\AppData\Local\Valued Opinions\PanelApp\PanelApp_1403.2010.0728.2212.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2010-09-29 20:12:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-29 19:12

Pre-Run: 38,215,417,856 bytes free
Post-Run: 38,939,209,728 bytes free

- - End Of File - - B07834C2FDBE4664EC7B18C0CBE6E271


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:31 AM

Posted 29 September 2010 - 02:48 PM

Hello there,
Aside from some spyware, you had an autorun infection. I recommend to clean all flash drives.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.



P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


INSTALL ANTIVIRUS
---------------------------
I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Edited by elise025, 29 September 2010 - 02:53 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 phoenix64

phoenix64
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 30 September 2010 - 09:37 AM

Hi Elise,

Have tried to do all your suggestions, but had some trouble with MBAM scanning all drives. It seemed to send my computer into some kind of coma (i.e. after an hour or so the computer would go into standby and never come back...without me restarting it). So I have managed to do a couple of scans of some of the drives and have attached the logs below. I am now trying a full scan again of all drives and will update with a log if I manage to get all the way through this time.

Many thanks...

1st Scan


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4721

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

30/09/2010 13:15:20
mbam-log-2010-09-30 (13-15-20).txt

Scan type: Full scan (A:\|)
Objects scanned: 149625
Time elapsed: 1 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully.


2nd Scan


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4721

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

30/09/2010 15:27:57
mbam-log-2010-09-30 (15-27-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 367671
Time elapsed: 1 hour(s), 3 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlls.dll.vir (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlls64.dll.vir (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlph.dll.vir (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlservice.exe.vir (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg.exe.vir (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlvknlg64.exe.vir (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\rlxf.dll.vir (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\RelevantKnowledge\components\rlxg.dll.vir (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\Paul\Desktop\Backup\Desktop Backup\Raw Footage\Living at 31\Card 2\RECYCLER\RECYCLER\autorun.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Users\Paul\Desktop\Backup\Desktop Backup\Raw Footage\SD Card - Megumi's Exhibition\RECYCLER\RECYCLER\autorun.exe (Worm.AutoRun) -> Quarantined and deleted successfully.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:31 AM

Posted 30 September 2010 - 10:21 AM

Okay, please keep me posted. smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 phoenix64

phoenix64
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 01 October 2010 - 06:53 AM

Hi Elise,

Finally managed to get a full scan to run all the way through, have included the results below. I am starting to think there is definitely some sort of hardware issue though as the computer crashed to a BSOD earlier today and then refused to boot up for about half an hour. Not quite sure what the issue is, do you have any other advice on trying to pinpoint the problem?

Thanks again.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4721

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

01/10/2010 12:46:20
mbam-log-2010-10-01 (12-46-20).txt

Scan type: Full scan (A:\|C:\|F:\|G:\|)
Objects scanned: 447282
Time elapsed: 2 hour(s), 22 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:31 AM

Posted 01 October 2010 - 09:42 AM

Lets see if we can find out what is causing this BSOD.

Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 phoenix64

phoenix64
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 01 October 2010 - 11:26 AM

This is what I got:


==================================================
Dump File : 092310-20950-01.dmp
Crash Time : 23/09/2010 09:28:32
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 0x00000003
Parameter 2 : 0x86cf4d40
Parameter 3 : 0x86cf4eac
Parameter 4 : 0x82e3add0
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+dcd10
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16617 (win7_gdr.100618-1621)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\092310-20950-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7600
==================================================


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:31 AM

Posted 01 October 2010 - 11:32 AM

Unfortunately this is a very general BSOD. Did it occur only once?

Besides this, do you have any other problems left?

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 phoenix64

phoenix64
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 01 October 2010 - 03:28 PM

Hi Elise,

here are the results of the ESETScan:

C:\Users\Paul\Desktop\Backup\Desktop Backup\Raw Footage\Living at 31\Card 2\autorun.inf Win32/PcClient.WJ trojan cleaned by deleting - quarantined
C:\Users\Paul\Desktop\Backup\Desktop Backup\Raw Footage\SD Card - Megumi's Exhibition\autorun.inf Win32/PcClient.WJ trojan cleaned by deleting - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users