Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS Redirect Virus?


  • This topic is locked This topic is locked
4 replies to this topic

#1 RichCliff

RichCliff

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 18 March 2011 - 09:11 AM

Hi,

The last few days i have noticed that when i conduct a search on Google, it redirects me to odd pages and also when just using my usual links in the favourite places, it does the same. Redirects me to other websites (mostly adverts)

Can someone please help to remove this?

Thanks

Rich C

DDS Log:-

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Louise & Rich at 13:11:43.26 on 18/03/2011
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1193 [GMT 0:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvc
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Louise & Rich\Downloads\dds.scr
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/?pc=AVBR
uStart Page = hxxp://www.bing.com/?pc=AVBR
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\louise~1\appdata\roaming\mozilla\firefox\profiles\zb8p3xkw.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R?2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\oo software\defrag\oodag.exe [2011-1-25 2398536]
R2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2008-1-21 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-17 136176]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-4

22904]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-16 20:33:15 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2011-03-15 23:04:42 121300 ----a-w- c:\program files\microsoft games\microsoft flight simulator x\samsonbeta2uninstall.exe
2011-03-15 22:55:31 -------- d-----w- c:\program files\Flight Simulator 9
2011-03-15 11:49:00 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8f1e4036-f274-440a-829d-217210ce7780}\mpengine.dll
2011-03-13 15:29:01 -------- d-----w- C:\TA Software
2011-03-13 15:06:41 659456 ----a-w- c:\program files\microsoft games\microsoft flight simulator x\ai flight planner\AIFP2.exe
2011-03-13 15:06:41 199680 ----a-w- c:\program files\microsoft games\microsoft flight simulator x\ai flight planner\Ionic.Zip.Reduced.dll
2011-03-10 19:13:13 97976 ----a-w- c:\program files\microsoft games\microsoft flight simulator x\simobjects\rotorcraft\as332l2\panel\AVAD_SOUND.dll
2011-03-10 19:13:13 150016 ----a-w- c:\program files\microsoft games\microsoft flight simulator x\simobjects\rotorcraft\as332l2\panel\HelicopterTrim.dll
2011-03-10 19:13:13 114424 ----a-w- c:\program files\microsoft games\microsoft flight simulator x\simobjects\rotorcraft\as332l2\panel\dsd_fsx_xml_sound3.dll
2011-03-10 19:13:09 97976 ----a-w- c:\program files\microsoft games\microsoft flight simulator x\simobjects\rotorcraft\as332l2\docs\callout\CALLOUT_SOUND.dll
2011-03-10 19:13:09 150016 ----a-w- c:\program files\microsoft games\microsoft flight simulator x\simobjects\rotorcraft\as332l2\docs\htrim\HelicopterTrim.dll
2011-03-09 09:45:43 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 09:45:42 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 09:45:42 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 09:45:42 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 09:45:39 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 09:45:39 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-06 20:04:08 587776 ----a-w- c:\program files\microsoft games\microsoft flight simulator x\qualitywings\liverymanager\QW757RepaintManager.exe
2011-03-06 20:03:49 7680 ----a-w- c:\program files\microsoft games\microsoft flight simulator x\TrafficInfo.DLL
2011-03-06 19:54:03 1638272 ----a-w- c:\program files\microsoft games\microsoft flight simulator x\bglmanx.dll
2011-03-06 19:52:54 -------- d-----w- c:\progra~2\Esellerate
2011-03-06 19:52:53 724318 ----a-w- c:\program files\microsoft games\microsoft flight simulator x\unins000.exe
2011-02-28 00:36:23 -------- d-----w- c:\users\louise~1\appdata\local\Real_Environment_Xtreme
2011-02-28 00:01:51 -------- d-----w- c:\program files\Real Environment Xtreme
2011-02-27 18:02:21 -------- d-----w- c:\users\louise~1\appdata\roaming\Malwarebytes
2011-02-27 18:01:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-27 18:01:44 -------- d-----w- c:\progra~2\Malwarebytes
2011-02-27 18:01:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-27 18:01:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-27 00:09:21 -------- d-----w- c:\program files\common files\PX Storage Engine
2011-02-24 18:29:13 -------- d-----w- c:\users\louise~1\appdata\local\PT-Boats
2011-02-24 18:07:39 -------- d-----w- c:\program files\Akella Games
2011-02-24 08:23:10 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-23 16:04:49 -------- d-----w- c:\program files\Lead Pursuit
2011-02-22 17:52:01 -------- d-----w- c:\program files\TSS MD500 Soundpack
2011-02-22 17:42:15 99120 ----a-w- c:\program files\microsoft games\microsoft flight simulator x\simobjects\airplanes\bae_1461-

cc2_x\panel.bae1461_x\RCB_Groundhandling5_Sound.dll
2011-02-22 12:26:18 -------- d-----w- c:\windows\system32\oodag
2011-02-22 09:04:17 -------- d-----w- c:\users\louise~1\appdata\local\O&O
2011-02-22 09:03:51 -------- d-----w- c:\program files\OO Software
2011-02-22 09:02:20 -------- d-----w- c:\users\louise~1\appdata\local\Downloaded Installations
.
==================== Find3M ====================
.
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-25 11:41:44 1627976 ----a-w- c:\windows\system32\ooscrsav.scr
2011-01-25 11:40:38 275784 ----a-w- c:\windows\system32\oodbs.exe
2011-01-25 11:39:18 535880 ----a-w- c:\windows\system32\oodssrs.dll
2011-01-25 11:38:56 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-09 15:28:44 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-06 15:57:51 286720 ----a-w- c:\windows\iun506.exe
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 18:15:41 151552 ----a-w- c:\windows\system32\nvRegDev.dll
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-24 17:05:02 737280 ----a-w- c:\windows\iun6002.exe
2010-12-20 16:36:20 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 14:55:46 389632 ----a-w- c:\windows\system32\html.iec
2010-12-18 18:49:41 90 --sh--w- c:\windows\cnerolf.bin
2001-04-19 02:04:00 543947 ----a-w- c:\program files\780.exe
2001-03-19 12:16:58 291395 ----a-w- c:\program files\WBDCC34I.DLL
2000-12-12 19:42:26 53248 ----a-w- c:\program files\wwser34i.dll
1997-02-25 04:11:22 18432 ----a-w- c:\program files\COMMSC32.DLL
1997-02-25 04:10:54 39936 ----a-w- c:\program files\CDRVXF32.DLL
1997-02-25 04:09:40 32256 ----a-w- c:\program files\CDRVHF32.DLL
1997-02-25 04:07:54 30208 ----a-w- c:\program files\CDRVDL32.DLL
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD25 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x864A5439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x864ab7d0]; MOV EAX, [0x864ab84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI;

JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81C80912] -> \Device\Harddisk0\DR0[0x8590C620]
3 CLASSPNP[0x87FA08B3] -> ntkrnlpa!IofCallDriver[0x81C80912] -> [0x86752F08]
\Driver\iaStor[0x85E080B0] -> IRP_MJ_CREATE -> 0x864A5439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ;

MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD2500BEVT-00A0RT0__________________01.01A01#4&b642c22&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 488397166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 13:14:29.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:46 PM

Posted 18 March 2011 - 10:40 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:



Please be sure to provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 RichCliff

RichCliff
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 PM

Posted 18 March 2011 - 02:18 PM

Hi,

thanks for helping, much appreciated.

Here is my TDS Killer log:-

2011/03/18 19:02:16.0722 4508 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/18 19:02:17.0127 4508 ================================================================================
2011/03/18 19:02:17.0127 4508 SystemInfo:
2011/03/18 19:02:17.0127 4508
2011/03/18 19:02:17.0127 4508 OS Version: 6.0.6002 ServicePack: 2.0
2011/03/18 19:02:17.0127 4508 Product type: Workstation
2011/03/18 19:02:17.0127 4508 ComputerName: HOMELAPTOP
2011/03/18 19:02:17.0128 4508 UserName: Louise & Rich
2011/03/18 19:02:17.0128 4508 Windows directory: C:\Windows
2011/03/18 19:02:17.0128 4508 System windows directory: C:\Windows
2011/03/18 19:02:17.0128 4508 Processor architecture: Intel x86
2011/03/18 19:02:17.0128 4508 Number of processors: 2
2011/03/18 19:02:17.0128 4508 Page size: 0x1000
2011/03/18 19:02:17.0128 4508 Boot type: Normal boot
2011/03/18 19:02:17.0128 4508 ================================================================================
2011/03/18 19:02:18.0821 4508 Initialize success
2011/03/18 19:02:41.0303 4940 ================================================================================
2011/03/18 19:02:41.0303 4940 Scan started
2011/03/18 19:02:41.0303 4940 Mode: Manual;
2011/03/18 19:02:41.0303 4940 ================================================================================
2011/03/18 19:02:43.0438 4940 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/03/18 19:02:43.0570 4940 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/03/18 19:02:43.0915 4940 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/18 19:02:44.0333 4940 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/18 19:02:44.0441 4940 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/18 19:02:44.0608 4940 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/18 19:02:44.0982 4940 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/03/18 19:02:45.0464 4940 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/18 19:02:45.0665 4940 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/18 19:02:46.0092 4940 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/18 19:02:46.0308 4940 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/18 19:02:46.0661 4940 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/18 19:02:46.0864 4940 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/18 19:02:47.0065 4940 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/18 19:02:47.0379 4940 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/03/18 19:02:47.0699 4940 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/18 19:02:48.0005 4940 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/18 19:02:48.0359 4940 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/18 19:02:48.0803 4940 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/03/18 19:02:49.0412 4940 BCM43XX (abd543e555bc0453bf52664936df4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/03/18 19:02:49.0662 4940 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/03/18 19:02:49.0995 4940 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/18 19:02:50.0365 4940 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/18 19:02:50.0662 4940 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/18 19:02:51.0049 4940 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/18 19:02:51.0381 4940 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/18 19:02:51.0683 4940 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/18 19:02:51.0973 4940 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/18 19:02:52.0187 4940 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/18 19:02:52.0310 4940 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/18 19:02:52.0662 4940 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/18 19:02:52.0963 4940 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/18 19:02:53.0401 4940 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/18 19:02:53.0840 4940 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/18 19:02:54.0380 4940 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/03/18 19:02:55.0207 4940 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/18 19:02:55.0651 4940 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/18 19:02:56.0196 4940 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/18 19:02:56.0319 4940 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/18 19:02:56.0385 4940 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/18 19:02:56.0664 4940 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/03/18 19:02:57.0020 4940 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/03/18 19:02:57.0317 4940 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/18 19:02:57.0697 4940 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/18 19:02:58.0010 4940 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/18 19:02:58.0268 4940 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/03/18 19:02:59.0114 4940 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/18 19:02:59.0353 4940 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/18 19:02:59.0844 4940 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/03/18 19:03:00.0244 4940 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/03/18 19:03:00.0402 4940 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/18 19:03:00.0463 4940 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/18 19:03:00.0550 4940 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/18 19:03:00.0724 4940 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/18 19:03:00.0877 4940 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/03/18 19:03:01.0060 4940 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/18 19:03:01.0348 4940 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/18 19:03:01.0702 4940 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/03/18 19:03:02.0106 4940 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/18 19:03:02.0548 4940 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/18 19:03:02.0983 4940 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/18 19:03:03.0050 4940 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/18 19:03:03.0184 4940 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/18 19:03:03.0431 4940 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/03/18 19:03:03.0913 4940 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/03/18 19:03:04.0071 4940 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/03/18 19:03:04.0407 4940 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/18 19:03:04.0731 4940 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/18 19:03:04.0991 4940 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
2011/03/18 19:03:05.0099 4940 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/18 19:03:05.0221 4940 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/18 19:03:05.0490 4940 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/18 19:03:06.0121 4940 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/18 19:03:06.0392 4940 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/18 19:03:06.0799 4940 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/18 19:03:06.0848 4940 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/18 19:03:07.0176 4940 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/18 19:03:07.0377 4940 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/18 19:03:07.0631 4940 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/18 19:03:08.0067 4940 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/18 19:03:08.0589 4940 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/18 19:03:09.0477 4940 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/18 19:03:09.0889 4940 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/03/18 19:03:10.0509 4940 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/18 19:03:10.0853 4940 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/18 19:03:11.0035 4940 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/18 19:03:11.0358 4940 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/18 19:03:11.0648 4940 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/18 19:03:11.0925 4940 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/18 19:03:12.0226 4940 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/18 19:03:12.0745 4940 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/18 19:03:13.0104 4940 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/18 19:03:13.0470 4940 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/18 19:03:13.0643 4940 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/18 19:03:13.0787 4940 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/18 19:03:14.0014 4940 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/18 19:03:14.0566 4940 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/18 19:03:14.0660 4940 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/18 19:03:14.0755 4940 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/18 19:03:14.0915 4940 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/18 19:03:15.0031 4940 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/18 19:03:15.0112 4940 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/18 19:03:15.0140 4940 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/18 19:03:15.0346 4940 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/18 19:03:15.0512 4940 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/18 19:03:15.0801 4940 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/18 19:03:15.0957 4940 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/18 19:03:16.0126 4940 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/18 19:03:16.0219 4940 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/18 19:03:16.0300 4940 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/18 19:03:16.0375 4940 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/03/18 19:03:16.0461 4940 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/18 19:03:16.0627 4940 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/18 19:03:16.0741 4940 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/03/18 19:03:16.0899 4940 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/18 19:03:17.0116 4940 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/03/18 19:03:17.0232 4940 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/18 19:03:17.0391 4940 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/18 19:03:17.0544 4940 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/18 19:03:17.0664 4940 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/18 19:03:17.0880 4940 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/18 19:03:18.0003 4940 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/18 19:03:18.0212 4940 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/18 19:03:18.0374 4940 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\Windows\system32\drivers\ccdcmb.sys
2011/03/18 19:03:18.0504 4940 nmwcdc (60ef5f5621d7832f00a3f190a0c905e2) C:\Windows\system32\drivers\ccdcmbo.sys
2011/03/18 19:03:18.0602 4940 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/03/18 19:03:18.0760 4940 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/18 19:03:18.0955 4940 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/03/18 19:03:19.0279 4940 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/18 19:03:19.0481 4940 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/18 19:03:20.0610 4940 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/03/18 19:03:21.0091 4940 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/18 19:03:21.0258 4940 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/18 19:03:21.0504 4940 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/18 19:03:22.0099 4940 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
2011/03/18 19:03:22.0298 4940 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
2011/03/18 19:03:22.0471 4940 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/18 19:03:22.0678 4940 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/18 19:03:22.0860 4940 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/03/18 19:03:23.0019 4940 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/18 19:03:23.0371 4940 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
2011/03/18 19:03:23.0896 4940 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/03/18 19:03:24.0044 4940 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/18 19:03:24.0124 4940 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/18 19:03:24.0512 4940 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/18 19:03:24.0823 4940 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/18 19:03:24.0868 4940 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/18 19:03:24.0958 4940 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/18 19:03:25.0106 4940 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/03/18 19:03:25.0211 4940 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/18 19:03:25.0383 4940 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/18 19:03:25.0617 4940 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/18 19:03:25.0694 4940 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/18 19:03:25.0775 4940 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/18 19:03:25.0966 4940 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/18 19:03:26.0068 4940 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/18 19:03:26.0396 4940 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/18 19:03:26.0561 4940 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/18 19:03:26.0721 4940 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/18 19:03:26.0905 4940 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/18 19:03:27.0138 4940 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/03/18 19:03:27.0350 4940 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/03/18 19:03:27.0425 4940 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/18 19:03:27.0554 4940 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/18 19:03:27.0715 4940 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
2011/03/18 19:03:27.0839 4940 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/18 19:03:27.0955 4940 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/18 19:03:28.0021 4940 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/18 19:03:28.0077 4940 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/18 19:03:28.0116 4940 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/18 19:03:28.0344 4940 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/18 19:03:28.0385 4940 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/18 19:03:28.0408 4940 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/18 19:03:28.0478 4940 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/18 19:03:28.0514 4940 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/18 19:03:28.0540 4940 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/18 19:03:28.0591 4940 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/18 19:03:28.0664 4940 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/03/18 19:03:28.0740 4940 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/18 19:03:28.0942 4940 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/03/18 19:03:29.0087 4940 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/03/18 19:03:29.0171 4940 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/18 19:03:29.0299 4940 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/18 19:03:29.0435 4940 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/18 19:03:29.0647 4940 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/18 19:03:29.0704 4940 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/18 19:03:29.0737 4940 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/18 19:03:29.0883 4940 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/03/18 19:03:29.0964 4940 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/18 19:03:30.0163 4940 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/18 19:03:30.0308 4940 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/18 19:03:30.0433 4940 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/18 19:03:30.0528 4940 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/18 19:03:30.0657 4940 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/18 19:03:30.0819 4940 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/18 19:03:30.0951 4940 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/18 19:03:31.0115 4940 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/18 19:03:31.0315 4940 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/18 19:03:31.0448 4940 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/18 19:03:31.0593 4940 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/18 19:03:31.0697 4940 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/18 19:03:31.0819 4940 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/18 19:03:31.0933 4940 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/18 19:03:32.0083 4940 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/18 19:03:32.0210 4940 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/03/18 19:03:32.0389 4940 upperdev (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
2011/03/18 19:03:32.0568 4940 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/18 19:03:32.0791 4940 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/18 19:03:32.0938 4940 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/18 19:03:33.0052 4940 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/18 19:03:33.0180 4940 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/18 19:03:33.0319 4940 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/18 19:03:33.0463 4940 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/18 19:03:33.0592 4940 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
2011/03/18 19:03:33.0747 4940 UsbserFilt (e748d50b3b2ec7f40a2ba67fb094cf01) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
2011/03/18 19:03:33.0904 4940 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/18 19:03:34.0035 4940 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/18 19:03:34.0251 4940 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/18 19:03:34.0483 4940 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/18 19:03:34.0625 4940 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/18 19:03:34.0739 4940 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/18 19:03:34.0791 4940 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/18 19:03:34.0962 4940 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/18 19:03:35.0035 4940 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/18 19:03:35.0068 4940 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/03/18 19:03:35.0141 4940 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/03/18 19:03:35.0264 4940 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/18 19:03:35.0415 4940 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/18 19:03:35.0458 4940 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/18 19:03:35.0482 4940 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/18 19:03:35.0627 4940 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/18 19:03:35.0783 4940 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/18 19:03:36.0006 4940 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/03/18 19:03:36.0226 4940 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/18 19:03:36.0449 4940 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/18 19:03:36.0514 4940 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/18 19:03:36.0622 4940 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/18 19:03:36.0740 4940 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/18 19:03:36.0746 4940 ================================================================================
2011/03/18 19:03:36.0746 4940 Scan finished
2011/03/18 19:03:36.0746 4940 ================================================================================
2011/03/18 19:03:36.0770 5232 Detected object count: 1
2011/03/18 19:03:59.0203 5232 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/18 19:03:59.0203 5232 \HardDisk0 - ok
2011/03/18 19:03:59.0258 5232 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/18 19:04:03.0388 4908 Deinitialize success



OTL.txt LOG REPORT

OTL logfile created on: 18/03/2011 19:09:33 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Louise & Rich\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 2345 3067 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 65.72 Gb Free Space | 28.22% Space Free | Partition Type: NTFS

Computer Name: HOMELAPTOP | User Name: Louise & Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/18 19:08:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Louise & Rich\Downloads\OTL.exe
PRC - [2011/03/05 00:25:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/25 11:41:12 | 002,398,536 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2010/10/16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/12 08:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/30 00:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/21 02:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/07/02 13:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/06 16:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 14:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 13:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


========== Modules (SafeList) ==========

MOD - [2011/03/18 19:08:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Louise & Rich\Downloads\OTL.exe
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/16 21:16:21 | 000,079,872 | ---- | M] () [Auto | Running] -- C:\ProgramData\Adobe\sp.DLL -- (SPService)
SRV - [2011/03/15 22:02:17 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_d76cf65.dll -- (Akamai)
SRV - [2011/01/25 11:41:12 | 002,398,536 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2010/11/30 18:40:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/01/30 00:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV - [2010/11/19 15:25:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/10/16 18:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/04/12 08:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/11/04 23:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/05/02 10:58:28 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/06/25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 07:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2154032859-1883374182-3320367249-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-2154032859-1883374182-3320367249-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-2154032859-1883374182-3320367249-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2154032859-1883374182-3320367249-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2154032859-1883374182-3320367249-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2154032859-1883374182-3320367249-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/10 21:46:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 00:25:33 | 000,000,000 | ---D | M]

[2011/01/07 18:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louise & Rich\AppData\Roaming\Mozilla\Extensions
[2011/01/07 18:10:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louise & Rich\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2011/03/17 21:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louise & Rich\AppData\Roaming\Mozilla\Firefox\Profiles\zb8p3xkw.default\extensions
[2011/03/02 22:49:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Louise & Rich\AppData\Roaming\Mozilla\Firefox\Profiles\zb8p3xkw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/01 17:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/03 17:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 17:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 17:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 17:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/30 18:48:50 | 000,001,756 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 cohlive-1.quazal.net
O1 - Hosts: 127.0.0.1 cohlive.quazal.net
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 6 more lines...
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2154032859-1883374182-3320367249-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8726d6f5-f437-11df-a7c3-001d09d65530}\Shell - "" = AutoRun
O33 - MountPoints2\{8726d6f5-f437-11df-a7c3-001d09d65530}\Shell\AutoRun\command - "" = E:\Start.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\dvdcheck.exe
O33 - MountPoints2\G\Shell\directx\command - "" = DirectX9\dxsetup.exe
O33 - MountPoints2\G\Shell\setup\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/15 23:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtavia Sea King
[2011/03/15 22:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Flight Simulator 9
[2011/03/13 15:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plan-G
[2011/03/13 15:29:01 | 000,000,000 | ---D | C] -- C:\TA Software
[2011/03/13 15:21:14 | 000,000,000 | ---D | C] -- C:\Users\Louise & Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JustFlight F-117 Nighthawk for FS9 and FSX
[2011/03/09 09:45:43 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 09:45:42 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 09:45:42 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/09 09:45:42 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/06 20:10:00 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/03/06 20:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QualityWings
[2011/03/06 19:52:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Esellerate
[2011/03/05 20:54:39 | 000,000,000 | ---D | C] -- C:\Users\Louise & Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HS Nimrod by Simshed
[2011/02/28 15:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Environment Xtreme
[2011/02/28 00:36:23 | 000,000,000 | ---D | C] -- C:\Users\Louise & Rich\AppData\Local\Real_Environment_Xtreme
[2011/02/28 00:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Real Environment Xtreme
[2011/02/27 18:02:21 | 000,000,000 | ---D | C] -- C:\Users\Louise & Rich\AppData\Roaming\Malwarebytes
[2011/02/27 18:01:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/27 18:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/27 18:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/27 18:01:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/27 18:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/27 14:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/02/27 00:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/02/27 00:06:12 | 000,000,000 | ---D | C] -- C:\Users\Louise & Rich\Desktop\Adobe
[2011/02/24 22:57:52 | 000,000,000 | ---D | C] -- C:\Users\Louise & Rich\Documents\PT-Boats
[2011/02/24 18:29:13 | 000,000,000 | ---D | C] -- C:\Users\Louise & Rich\AppData\Local\PT-Boats
[2011/02/24 18:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Akella Games
[2011/02/24 18:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Akella Games
[2011/02/24 13:01:38 | 000,000,000 | ---D | C] -- C:\Users\Louise & Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MIRAGE F1 for FSX SP2 or Acceleration
[2011/02/24 08:26:46 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/24 08:23:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/02/24 08:22:52 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/02/24 08:22:52 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/02/24 08:22:52 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/02/24 08:22:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/02/24 08:22:50 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/02/24 08:22:48 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/02/24 08:22:48 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/02/24 08:22:48 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/02/24 08:22:48 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/02/24 08:22:48 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/02/24 08:22:39 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/02/24 08:22:39 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/02/24 08:22:39 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/02/24 08:22:38 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/02/24 08:22:38 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/02/23 16:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lead Pursuit
[2011/02/22 17:52:23 | 000,000,000 | ---D | C] -- C:\Users\Louise & Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TSS MD500 Soundpack
[2011/02/22 17:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TSS MD500 Soundpack
[2011/02/22 17:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\TSS MD500 Soundpack
[2011/02/22 17:51:25 | 000,000,000 | ---D | C] -- C:\Users\Louise & Rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nemeth Designs
[2011/02/22 17:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nemeth Designs
[2011/02/22 12:26:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\oodag
[2011/02/22 09:04:17 | 000,000,000 | ---D | C] -- C:\Users\Louise & Rich\AppData\Local\O&O
[2011/02/22 09:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software
[2011/02/22 09:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2011/02/22 09:02:20 | 000,000,000 | ---D | C] -- C:\Users\Louise & Rich\AppData\Local\Downloaded Installations
[2011/02/15 19:08:26 | 000,291,395 | ---- | C] (Wilson WindowWare, Inc.) -- C:\Program Files\WBDCC34I.DLL
[2011/02/15 19:08:26 | 000,053,248 | ---- | C] (Wilson WindowWare, Inc.) -- C:\Program Files\wwser34i.dll
[2011/02/15 19:08:26 | 000,039,936 | ---- | C] (Willies Computer Software Co.(WCSC)) -- C:\Program Files\CDRVXF32.DLL
[2011/02/15 19:08:26 | 000,032,256 | ---- | C] (Willies Computer Software Co.(WCSC)) -- C:\Program Files\CDRVHF32.DLL
[2011/02/15 19:08:26 | 000,030,208 | ---- | C] (Willies Computer Software Co.(WCSC)) -- C:\Program Files\CDRVDL32.DLL
[2011/02/15 19:08:26 | 000,018,432 | ---- | C] (Willies Computer Software Co.(WCSC)) -- C:\Program Files\COMMSC32.DLL
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/18 19:13:37 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/18 19:13:37 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/18 19:06:20 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/18 19:06:02 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/18 19:06:01 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/18 19:05:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/18 19:05:51 | 000,048,488 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2011/03/18 18:27:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/18 18:15:07 | 000,003,372 | ---- | M] () -- C:\Users\Louise & Rich\Documents\Odiham Field Sites.kmz
[2011/03/18 13:06:58 | 000,000,176 | ---- | M] () -- C:\Users\Louise & Rich\defogger_reenable
[2011/03/14 18:33:20 | 000,187,636 | ---- | M] () -- C:\Users\Louise & Rich\Documents\3Q3.jpg
[2011/03/14 10:30:11 | 000,163,085 | ---- | M] () -- C:\Users\Louise & Rich\Documents\Billingsmoor.jpg
[2011/03/14 10:29:38 | 000,181,024 | ---- | M] () -- C:\Users\Louise & Rich\Documents\Westermill.jpg
[2011/03/13 15:32:33 | 000,000,091 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/13 09:36:15 | 000,000,719 | ---- | M] () -- C:\Users\Louise & Rich\NotamPlot.prp
[2011/03/13 09:36:15 | 000,000,223 | ---- | M] () -- C:\Users\Louise & Rich\UserWaypoints.xml
[2011/03/13 09:36:15 | 000,000,205 | ---- | M] () -- C:\Users\Louise & Rich\Routes.xml
[2011/03/13 08:57:47 | 000,145,442 | ---- | M] () -- C:\Users\Louise & Rich\enroute.dat
[2011/03/13 08:57:47 | 000,000,167 | ---- | M] () -- C:\Users\Louise & Rich\weather.dat
[2011/03/13 08:57:47 | 000,000,167 | ---- | M] () -- C:\Users\Louise & Rich\airfield.dat
[2011/03/13 08:57:47 | 000,000,141 | ---- | M] () -- C:\Users\Louise & Rich\airportInfo.dat
[2011/03/08 21:43:14 | 000,166,641 | ---- | M] () -- C:\Users\Louise & Rich\Documents\ev1.jpg
[2011/03/08 14:04:33 | 000,145,854 | ---- | M] () -- C:\Users\Louise & Rich\Documents\3Q2.jpg
[2011/03/08 11:50:02 | 000,170,262 | ---- | M] () -- C:\Users\Louise & Rich\Documents\3Q.jpg
[2011/03/07 06:27:37 | 003,594,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/28 15:41:53 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\Real Environment Xtreme.lnk
[2011/02/27 18:01:45 | 000,000,930 | ---- | M] () -- C:\Users\Louise & Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/27 14:47:04 | 000,094,665 | ---- | M] () -- C:\Users\Louise & Rich\Documents\Everleigh2003.jpg
[2011/02/27 14:45:04 | 000,224,231 | ---- | M] () -- C:\Users\Louise & Rich\Documents\Lindens1-1-2005.jpg
[2011/02/27 14:44:43 | 000,168,684 | ---- | M] () -- C:\Users\Louise & Rich\Documents\Lindens1-1-2002.jpg
[2011/02/27 14:44:24 | 000,179,460 | ---- | M] () -- C:\Users\Louise & Rich\Documents\Lindens21-10-2003.jpg
[2011/02/27 14:24:05 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/02/27 00:10:38 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 3.3.lnk
[2011/02/24 08:20:01 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/02/19 22:47:02 | 000,176,653 | ---- | M] () -- C:\Users\Louise & Rich\Documents\lemona2.jpg
[2011/02/19 22:46:03 | 000,155,465 | ---- | M] () -- C:\Users\Louise & Rich\Documents\lemona.jpg
[2011/02/19 11:27:11 | 000,157,543 | ---- | M] () -- C:\Users\Louise & Rich\Documents\cove2.jpg
[2011/02/19 11:24:09 | 000,145,922 | ---- | M] () -- C:\Users\Louise & Rich\Documents\cove1.jpg
[2011/02/19 11:16:44 | 000,163,639 | ---- | M] () -- C:\Users\Louise & Rich\Documents\rinsey.jpg
[2011/02/18 16:37:52 | 000,167,831 | ---- | M] () -- C:\Users\Louise & Rich\Documents\etchhilhampton.jpg
[2011/02/18 16:35:11 | 000,157,946 | ---- | M] () -- C:\Users\Louise & Rich\Documents\ashley1.jpg
[2011/02/18 16:30:57 | 000,140,513 | ---- | M] () -- C:\Users\Louise & Rich\Documents\Ashley Down.jpg
[2011/02/18 16:14:01 | 000,182,200 | ---- | M] () -- C:\Users\Louise & Rich\Documents\Barton Complex.jpg
[2011/02/18 15:58:10 | 000,145,870 | ---- | M] () -- C:\Users\Louise & Rich\Documents\harewood.jpg
[2011/02/18 15:56:41 | 000,197,514 | ---- | M] () -- C:\Users\Louise & Rich\Documents\Harewood 3.jpg
[2011/02/18 15:55:43 | 000,201,216 | ---- | M] () -- C:\Users\Louise & Rich\Documents\Harewood 23.jpg
[2011/02/18 15:50:41 | 000,212,334 | ---- | M] () -- C:\Users\Louise & Rich\Documents\Pound Copse.jpg
[2011/02/18 15:39:50 | 000,163,648 | ---- | M] () -- C:\Users\Louise & Rich\Documents\Great Ridge 3.jpg
[2011/02/18 15:38:08 | 000,181,547 | ---- | M] () -- C:\Users\Louise & Rich\Documents\ebsbury copse.jpg
[2011/02/18 15:32:33 | 000,243,830 | ---- | M] () -- C:\Users\Louise & Rich\Documents\West Woods 2.jpg
[2011/02/18 15:24:24 | 000,186,407 | ---- | M] () -- C:\Users\Louise & Rich\Documents\West Woods.jpg
[2011/02/17 23:56:31 | 000,188,277 | ---- | M] () -- C:\Users\Louise & Rich\Documents\ebsbury copse 3.jpg
[2011/02/17 23:52:04 | 000,177,112 | ---- | M] () -- C:\Users\Louise & Rich\Documents\ebsbury copse2.jpg
[2011/02/17 21:38:02 | 000,159,669 | ---- | M] () -- C:\Users\Louise & Rich\Documents\powerlines.jpg
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/18 18:15:06 | 000,003,372 | ---- | C] () -- C:\Users\Louise & Rich\Documents\Odiham Field Sites.kmz
[2011/03/18 13:06:42 | 000,000,176 | ---- | C] () -- C:\Users\Louise & Rich\defogger_reenable
[2011/03/14 18:33:20 | 000,187,636 | ---- | C] () -- C:\Users\Louise & Rich\Documents\3Q3.jpg
[2011/03/14 10:30:11 | 000,163,085 | ---- | C] () -- C:\Users\Louise & Rich\Documents\Billingsmoor.jpg
[2011/03/14 10:29:38 | 000,181,024 | ---- | C] () -- C:\Users\Louise & Rich\Documents\Westermill.jpg
[2011/03/13 15:32:33 | 000,000,091 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/08 21:43:14 | 000,166,641 | ---- | C] () -- C:\Users\Louise & Rich\Documents\ev1.jpg
[2011/03/08 14:04:33 | 000,145,854 | ---- | C] () -- C:\Users\Louise & Rich\Documents\3Q2.jpg
[2011/03/08 11:50:02 | 000,170,262 | ---- | C] () -- C:\Users\Louise & Rich\Documents\3Q.jpg
[2011/03/06 22:21:10 | 002,997,975 | ---- | C] () -- C:\Users\Louise & Rich\Documents\fsx_texture.n226g.qwl
[2011/03/06 22:20:53 | 003,014,992 | ---- | C] () -- C:\Users\Louise & Rich\Documents\fsx_texture.25001.qwl
[2011/02/28 15:41:53 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\Real Environment Xtreme.lnk
[2011/02/27 18:01:45 | 000,000,930 | ---- | C] () -- C:\Users\Louise & Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/27 14:47:03 | 000,094,665 | ---- | C] () -- C:\Users\Louise & Rich\Documents\Everleigh2003.jpg
[2011/02/27 14:45:03 | 000,224,231 | ---- | C] () -- C:\Users\Louise & Rich\Documents\Lindens1-1-2005.jpg
[2011/02/27 14:44:43 | 000,168,684 | ---- | C] () -- C:\Users\Louise & Rich\Documents\Lindens1-1-2002.jpg
[2011/02/27 14:44:24 | 000,179,460 | ---- | C] () -- C:\Users\Louise & Rich\Documents\Lindens21-10-2003.jpg
[2011/02/27 14:24:05 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/02/27 00:10:38 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 3.3.lnk
[2011/02/27 00:10:38 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.3.lnk
[2011/02/24 08:22:41 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 08:22:41 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/24 08:22:41 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/24 08:20:01 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/02/23 09:02:47 | 000,048,488 | ---- | C] () -- C:\Windows\System32\oodbs.lor
[2011/02/19 22:47:02 | 000,176,653 | ---- | C] () -- C:\Users\Louise & Rich\Documents\lemona2.jpg
[2011/02/19 22:46:03 | 000,155,465 | ---- | C] () -- C:\Users\Louise & Rich\Documents\lemona.jpg
[2011/02/19 11:27:10 | 000,157,543 | ---- | C] () -- C:\Users\Louise & Rich\Documents\cove2.jpg
[2011/02/19 11:24:08 | 000,145,922 | ---- | C] () -- C:\Users\Louise & Rich\Documents\cove1.jpg
[2011/02/19 11:16:44 | 000,163,639 | ---- | C] () -- C:\Users\Louise & Rich\Documents\rinsey.jpg
[2011/02/18 16:37:52 | 000,167,831 | ---- | C] () -- C:\Users\Louise & Rich\Documents\etchhilhampton.jpg
[2011/02/18 16:35:11 | 000,157,946 | ---- | C] () -- C:\Users\Louise & Rich\Documents\ashley1.jpg
[2011/02/18 16:30:57 | 000,140,513 | ---- | C] () -- C:\Users\Louise & Rich\Documents\Ashley Down.jpg
[2011/02/18 16:14:01 | 000,182,200 | ---- | C] () -- C:\Users\Louise & Rich\Documents\Barton Complex.jpg
[2011/02/18 15:58:02 | 000,145,870 | ---- | C] () -- C:\Users\Louise & Rich\Documents\harewood.jpg
[2011/02/18 15:56:40 | 000,197,514 | ---- | C] () -- C:\Users\Louise & Rich\Documents\Harewood 3.jpg
[2011/02/18 15:55:42 | 000,201,216 | ---- | C] () -- C:\Users\Louise & Rich\Documents\Harewood 23.jpg
[2011/02/18 15:50:40 | 000,212,334 | ---- | C] () -- C:\Users\Louise & Rich\Documents\Pound Copse.jpg
[2011/02/18 15:39:50 | 000,163,648 | ---- | C] () -- C:\Users\Louise & Rich\Documents\Great Ridge 3.jpg
[2011/02/18 15:32:33 | 000,243,830 | ---- | C] () -- C:\Users\Louise & Rich\Documents\West Woods 2.jpg
[2011/02/18 15:24:24 | 000,186,407 | ---- | C] () -- C:\Users\Louise & Rich\Documents\West Woods.jpg
[2011/02/17 23:56:31 | 000,188,277 | ---- | C] () -- C:\Users\Louise & Rich\Documents\ebsbury copse 3.jpg
[2011/02/17 23:52:04 | 000,177,112 | ---- | C] () -- C:\Users\Louise & Rich\Documents\ebsbury copse2.jpg
[2011/02/17 23:51:05 | 000,181,547 | ---- | C] () -- C:\Users\Louise & Rich\Documents\ebsbury copse.jpg
[2011/02/17 21:38:01 | 000,159,669 | ---- | C] () -- C:\Users\Louise & Rich\Documents\powerlines.jpg
[2011/02/15 19:07:55 | 000,543,947 | ---- | C] () -- C:\Program Files\780.exe
[2011/01/01 17:13:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/28 18:15:52 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2010/12/24 17:07:22 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010/12/18 18:49:41 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2010/12/17 14:51:36 | 000,000,567 | ---- | C] () -- C:\Users\Louise & Rich\AppData\Roaming\AutoGK.ini
[2010/12/17 12:33:20 | 000,005,632 | ---- | C] () -- C:\Users\Louise & Rich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/08 13:30:59 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/12/02 19:44:25 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/11/23 22:11:09 | 000,066,207 | ---- | C] () -- C:\Program Files\bws-0355.rar
[2010/11/23 17:52:08 | 000,051,842 | ---- | C] () -- C:\Program Files\hdx-f14t.rar
[2010/11/23 17:48:27 | 000,008,771 | ---- | C] () -- C:\Program Files\tntfowu1.rar
[2010/11/23 17:34:50 | 000,071,095 | ---- | C] () -- C:\Program Files\bws-0633.rar
[2010/11/23 17:32:36 | 000,146,097 | ---- | C] () -- C:\Program Files\Medal.of.Honor.all.mission.unlocker.by.icecold.7z
[2010/11/23 13:34:50 | 000,647,902 | ---- | C] () -- C:\Program Files\19th Nov-19thDec.pdf
[2010/11/19 13:26:08 | 000,000,132 | ---- | C] () -- C:\Users\Louise & Rich\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/11/17 18:00:34 | 000,091,964 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/11/17 17:14:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/17 17:13:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/11/17 17:13:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/17 15:46:54 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/11/17 15:31:12 | 000,032,631 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/11/17 15:31:08 | 000,032,631 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/11/17 15:20:30 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2010/11/17 15:20:29 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2010/11/17 15:07:39 | 000,000,680 | ---- | C] () -- C:\Users\Louise & Rich\AppData\Local\d3d9caps.dat
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/01/25 21:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/08 23:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 003,594,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2002/10/15 22:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:00934A10

< End of report >



Extras LOG REPORT

OTL Extras logfile created on: 18/03/2011 19:09:33 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Louise & Rich\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): c:\pagefile.sys 2345 3067 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 65.72 Gb Free Space | 28.22% Space Free | Partition Type: NTFS

Computer Name: HOMELAPTOP | User Name: Louise & Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2154032859-1883374182-3320367249-1000\SOFTWARE\Classes\<extension>]
.html [@ = Max2.Association.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2154032859-1883374182-3320367249-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4061}" = lport=12209 | protocol=6 | dir=in | name=spport |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4062}" = lport=12209 | protocol=6 | dir=out | name=spport |
"{28B5970A-C175-4D9F-BC9F-C27CC30CB0CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{2B459708-FC61-4131-93E6-794BAE44E44C}" = lport=4181 | protocol=17 | dir=in | name=googlepp2 |
"{4ABCC444-2B7B-4A49-AD7D-3D709790A049}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{625F19B5-8D8F-44D5-8588-3E725A0F6BE8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{72C01BA8-47CA-4584-BB26-AAF885CE6030}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{825F9BA0-98F2-4531-A9C8-C5F3140B254D}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{8CD5C9A5-90CA-4D82-9CB3-5CEB10C2820C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{9D01C832-A320-4BFD-9E13-F98B5B403EB7}" = lport=4180 | protocol=17 | dir=in | name=googlepp |
"{A0868414-36E7-4081-BC5F-943FEB187278}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BC1A06CF-6C50-477C-A7B5-DFC48D7C8C10}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{C0E1C326-4FBE-44D6-96F0-A2F594508369}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C5F8C42B-EEC4-4B00-89C7-66362F3A70E2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D96AF160-7D25-4555-9645-1DCDB8F7F38C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{EB37662A-D6F9-40E7-934F-A3902C63869F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F753B06F-34D4-46DD-915B-235EB646DA90}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FB5DDF05-6709-455E-B26D-B74A6411BE51}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{FF971C8A-EDA0-4626-8E3C-4F00F72C603C}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BE053F9-4AF9-4A82-B00E-7748C109BC5C}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{0F603D5A-BE01-47E1-A90E-6FCBA4879B9D}" = protocol=6 | dir=in | app=c:\program files\gaijin\wings of prey\aces.exe |
"{2079524C-4D76-4B65-971A-B7326E56D83B}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{22B25B33-5D82-4447-89CE-81CD985E417A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4059}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4060}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{34507325-7A28-42B8-8713-134CA731726C}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{387FE268-AB1E-4833-BD02-B75B180916AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38F21B0F-92B4-428B-A306-F868E86EE158}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{3A44C5F2-FAB9-448B-9AB1-F5FCB62F38C6}" = protocol=6 | dir=in | app=c:\program files\activision\apache air assault\yuplay\yuplay.exe |
"{3BC871BB-FA93-4725-8A10-F4FE6B591E6C}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{3DFC2178-A0AE-4308-8FAE-701464EA7D16}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{4A679BDF-9E14-4EFA-8345-D2A9707E2730}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{4EBFCFCE-EA19-49E5-957D-5F25BC632E5B}" = protocol=17 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe |
"{541A809D-8049-454D-8489-FD1CF3AD5CEE}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{5D1959B6-FB4E-4055-98AD-AC4D899F7B42}" = protocol=6 | dir=in | app=c:\program files\volition inc\red faction guerrilla\rfg.exe |
"{62A074FC-736C-4B6E-BAC7-6A74E3E99EF6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6E1A89D9-1432-4E6C-B488-DE4C891CA50A}" = protocol=17 | dir=in | app=c:\program files\activision\apache air assault\launcher.exe |
"{7334ED9E-3938-4EE5-B438-1025B2681217}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{759A8DDF-2FEE-4328-9889-CA88C84592A8}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{7958660F-B700-41C2-8A9E-6EFCFD766557}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{7A88EEF1-F9D5-4333-A0DA-55415A22BE76}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{8276F473-C6A6-4C53-B403-16432BDA38D1}" = protocol=6 | dir=in | app=c:\program files\activision\apache air assault\launcher.exe |
"{85E178C7-0F21-4816-AFAB-2D45204E06B9}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{8643EEBD-7587-4E00-B2A9-D4135A072D91}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{89A331E5-19E2-41E2-A138-49D4C9487158}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe |
"{8E284BB1-BB9D-4D6A-938E-731D31CFF3E0}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{9252BF42-0D93-4CBC-9D42-1937320296E2}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{9850336B-3740-4D64-8548-35C7CD3849F8}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{9BAB1B01-23FA-4A96-84FB-5B6F6D36C4C0}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{A24627F3-50F5-4D85-91AB-7D4EBAFF464C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{A46DF333-01E9-4AA5-BC4C-CFCA35DC4080}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{A4BA9B78-68E6-4A85-9DF0-46591118B205}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{A9ECBD83-FAB6-4A80-8573-08BB60B80D04}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AC5FC9F7-622D-4E2C-A33F-0428E488711D}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{AFDDDB97-1FB3-4A6A-A018-DE139D20871B}" = protocol=6 | dir=out | app=system |
"{B4ABE9C7-E3C5-4B97-938F-0288EB53B781}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{B75F6BD5-2606-45E2-A381-C58DC8A73D61}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{C272FD5C-7CC3-4DE5-AC71-123CB8245F70}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2 operation arrowhead\arma2oa.exe |
"{C2E16197-1D70-47E4-8F6D-DC96CEC777E6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CBEF4ADE-A964-4262-8F2B-C6B228BAAF7E}" = protocol=6 | dir=in | app=c:\users\louise & rich\documents\utorrent.exe |
"{CC4F6E2A-AC12-4073-822F-BE1466D1C119}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{CE7403AE-B603-49F5-814A-6A77FF824903}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe |
"{D63368C9-30BF-4257-BC51-0CA5B0CFC782}" = protocol=17 | dir=in | app=c:\program files\gaijin\wings of prey\aces.exe |
"{D6CADD57-50F9-4C12-A344-81DFB67E06A9}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{DC495476-EDB1-4BA6-B452-F62FC67B7B1C}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{EDB4D9FD-D0B8-42D6-8B86-72F17BE5D0BD}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{F06FBFD8-273D-4478-8CEC-7E3358750C65}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{F60636AB-86A1-4411-923F-92EAABDC2A59}" = protocol=17 | dir=in | app=c:\users\louise & rich\documents\utorrent.exe |
"{FB1A5BC8-40D7-4FE7-BDDE-10A425BB8459}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{FD475FA1-E287-4260-B428-158924499F42}" = protocol=17 | dir=in | app=c:\program files\activision\apache air assault\yuplay\yuplay.exe |
"TCP Query User{012417A2-0680-43EF-8C3F-508E94CF3051}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{289EC5AB-A473-4346-B9FF-65312F9C7774}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{31BE9366-36E3-4669-AFAC-9FA7D1D31E87}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe |
"TCP Query User{383F0D6B-9DFA-48FE-AE02-555AC9896EB5}C:\program files\akella games\pt boats\pt-boats.exe" = protocol=6 | dir=in | app=c:\program files\akella games\pt boats\pt-boats.exe |
"TCP Query User{4035D436-DDF7-4023-9F7D-FA13EF1F9009}C:\program files\thq\company of heroes\reliccoh.exe -dev.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe -dev.exe |
"TCP Query User{4B8D044B-8F23-4419-A6A0-4080F716566E}C:\program files\atari\tdu2\uplauncher.exe" = protocol=6 | dir=in | app=c:\program files\atari\tdu2\uplauncher.exe |
"TCP Query User{4F8F1052-31A4-4165-8C2A-FB27137601EC}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{5B266C47-A3F7-493A-82C3-CD01D075D1D5}C:\coaa\planeplotter.exe" = protocol=6 | dir=in | app=c:\coaa\planeplotter.exe |
"TCP Query User{70DFB1CB-201A-4DED-9058-951E934B5E65}C:\users\louise & rich\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\louise & rich\appdata\roaming\imvuclient\1vivoxvoice.exe |
"TCP Query User{7A2B4B0C-69AB-4C94-9D5F-EF2A1F9E41A2}C:\program files\atari\tdu2\_uplauncher.exe" = protocol=6 | dir=in | app=c:\program files\atari\tdu2\_uplauncher.exe |
"TCP Query User{89D46BC7-9180-4092-8ED2-09F4E0AC7E0F}C:\program files\activision\apache air assault\apache.exe" = protocol=6 | dir=in | app=c:\program files\activision\apache air assault\apache.exe |
"TCP Query User{8D65CFF3-DC44-47BA-9950-743BA46CA3CE}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"TCP Query User{B523F269-CCD1-434D-ACC1-598B80283FD5}C:\program files\atari\tdu2\testdrive2.exe" = protocol=6 | dir=in | app=c:\program files\atari\tdu2\testdrive2.exe |
"TCP Query User{B9A8DF2C-C1C8-40AD-B351-CED006188E0F}C:\program files\gaijin\wings of prey\acess.exe" = protocol=6 | dir=in | app=c:\program files\gaijin\wings of prey\acess.exe |
"TCP Query User{C4878C96-E604-4A7C-9F39-9D559969314F}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"TCP Query User{CD647FEE-2FA8-43B1-B1D5-9F29BE9DB38D}C:\program files\thq\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\bugreport\bugreport.exe |
"TCP Query User{E7414B62-2DFE-4EF1-86D2-E4180248F59B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{EAFE0210-E2B0-4248-A686-ABBF660091AA}C:\program files\coaa\planeplotter\planeplotter.exe" = protocol=6 | dir=in | app=c:\program files\coaa\planeplotter\planeplotter.exe |
"TCP Query User{F9A470A6-ABD2-4D32-8465-18F0746E9B89}C:\program files\thq\company of heroes\reliccoh -dev.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh -dev.exe |
"UDP Query User{13FE0C11-8525-473D-AE22-86601AF84F40}C:\users\louise & rich\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\louise & rich\appdata\roaming\imvuclient\1vivoxvoice.exe |
"UDP Query User{1C9EFEA4-E5DD-480A-ADFD-6B9A1693E1BB}C:\program files\gaijin\wings of prey\acess.exe" = protocol=17 | dir=in | app=c:\program files\gaijin\wings of prey\acess.exe |
"UDP Query User{29F6BE52-B11B-4637-819D-1FE4AABD58A5}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{2D487A7C-FCB4-4372-A4A5-3170A1DF6428}C:\coaa\planeplotter.exe" = protocol=17 | dir=in | app=c:\coaa\planeplotter.exe |
"UDP Query User{385110B4-3D51-4D1F-B98A-C28793211D68}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe |
"UDP Query User{3C415CFA-20BB-49F4-B63E-CCE45DE5AFD4}C:\program files\akella games\pt boats\pt-boats.exe" = protocol=17 | dir=in | app=c:\program files\akella games\pt boats\pt-boats.exe |
"UDP Query User{46706B1C-A801-4691-A162-33BD2D9AC51A}C:\program files\coaa\planeplotter\planeplotter.exe" = protocol=17 | dir=in | app=c:\program files\coaa\planeplotter\planeplotter.exe |
"UDP Query User{599DEA59-55FD-40D7-9974-267D45161994}C:\program files\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - black ops\blackops.exe |
"UDP Query User{64538C2C-7D42-4A8B-998B-C5278275F624}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{7CCCD374-F927-4A17-8741-78CCFA928E56}C:\program files\activision\apache air assault\apache.exe" = protocol=17 | dir=in | app=c:\program files\activision\apache air assault\apache.exe |
"UDP Query User{A29C7D7F-7CF1-4A4B-BADF-39605055C5B5}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{AD772F50-1929-465E-875C-13AE122F8369}C:\program files\thq\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\bugreport\bugreport.exe |
"UDP Query User{AEA86283-47FF-4685-8565-09D77B2B17A8}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe |
"UDP Query User{D02ABCD1-B76C-417F-AAEB-00F718CC98DA}C:\program files\atari\tdu2\_uplauncher.exe" = protocol=17 | dir=in | app=c:\program files\atari\tdu2\_uplauncher.exe |
"UDP Query User{D06F9667-D055-49BF-AC33-4E959C659D7D}C:\program files\thq\company of heroes\reliccoh -dev.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh -dev.exe |
"UDP Query User{D371CEFD-3F77-47FA-98F2-E3C63C47333D}C:\program files\atari\tdu2\uplauncher.exe" = protocol=17 | dir=in | app=c:\program files\atari\tdu2\uplauncher.exe |
"UDP Query User{D6683E63-EFC9-4F4C-A760-9556E8FD3032}C:\program files\thq\company of heroes\reliccoh.exe -dev.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe -dev.exe |
"UDP Query User{E4A0F956-4B5E-4C36-A247-986EB855DDD8}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{F5101E54-D334-42DF-8124-9C532BDE6ED5}C:\program files\atari\tdu2\testdrive2.exe" = protocol=17 | dir=in | app=c:\program files\atari\tdu2\testdrive2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{27E0FC67-6297-4B52-BA11-0CEBA6C28BA3}" = Plan-G
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2E190C8E-682A-409D-9329-539E24C9D1C1}" = Opera 10.63
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3763A2B4-B07A-4E4D-994D-7D2C6AF0CF9E}" = Safari
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}" = gmax
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor ™
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4E8814-F682-4197-8F4B-E9FFC6F08977}" = System Requirements Lab for Intel
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85DF6786-66AA-42EE-8616-AE456B07BD99}" = Microsoft Flight Simulator SimConnect Client v10.0.61242.0
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86FE411B-172B-404B-9679-3B9E73E47607}" = Microsoft Flight Simulator X SDK SP1A
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1D4735-84E4-41E2-A1DB-70EADE27633C}" = Adobe Photoshop Lightroom 3.3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{bd8defa4-19fa-4964-9692-f1122d8a62d9}}_is1" = Apache: Air Assault 1.0.0.1
"{C1E0B8A2-4668-47A0-B676-1DEF1AEE9E02}" = Virtavia Sea King
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1AC9B0B-2727-4811-91DC-1FC3C4E47A9B}" = Microsoft Flight Simulator SimConnect Client v10.0.60905.0
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D721220E-2D02-4785-AC88-6A67F4E8758F}" = DodoSim 206 FSX
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB8ADA9D-01A2-4225-BE77-104E325B73E2}" = O&O Defrag Professional
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBAA269E-A2B3-474D-B889-308EAA9AF33B}" = Douglas DC-6 for FSX
"{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}" = XML Notepad 2007
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7979-3214-4876-1942" = NotamPlot v2.6 2.6
"7-Zip" = 7-Zip 9.20
"ACG RAF Coningsby FSX" = ACG RAF Coningsby FSX
"ADE9xSetup_is1" = Airport Design Editor 9x Version 1.47.7.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Akamai" = Akamai NetSession Interface
"Area 51 Simulations MH-47E FSX Version" = Area 51 Simulations MH-47E FSX Version
"AutoGK" = Auto Gordian Knot 2.55
"AvantBrowser" = Avant Browser (remove only)
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BattlEye" = BattlEye Uninstall
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Bytescout XLS Viewer_is1" = $APPNAME> 2.31
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Company of Heroes" = Company of Heroes
"conduitEngine" = Conduit Engine
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DELL Webcam Center" = DELL Webcam Center
"DELL Webcam Manager" = DELL Webcam Manager
"Dodosim 206 for FSX" = Dodosim 206 for FSX
"EasyGPS_is1" = EasyGPS 4.18
"Emergency 2012" = Emergency 2012
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"JustFlight DC-3 Legends of Flight" = JustFlight DC-3 Legends of Flight
"MAIWTextureReplacer_is1" = MAIW-Texture Replacer Version 2.4.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maxthon2" = Maxthon2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ModMan" = ModMan 7.1.1.0
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MWSnap 3" = MWSnap 3
"Neat Image_is1" = Neat Image v6.0 Pro+
"Nemeth Designs Aerospatiale AS-350 for FS2004" = Nemeth Designs Aerospatiale AS-350 for FS2004
"Nemeth Designs Aerospatiale SA-2 Samson (Beta 2)" = Nemeth Designs Aerospatiale SA-2 Samson (Beta 2)
"Nemeth Designs MD 500 Defender for Microsoft Flight Simulator X" = Nemeth Designs MD 500 Defender for Microsoft Flight Simulator X
"Nemeth Designs Sikorsky CH-53E Super Stallion" = Nemeth Designs Sikorsky CH-53E Super Stallion
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotomatixPro4.0x32_is1" = Photomatix Pro version 4.0
"PlanePlotter_is1" = PlanePlotter 5.5.4.2
"PowerISO" = PowerISO
"Project Landrover Derfender" = Project Landrover Derfender
"PT Boats: Knights of The Sea_is1" = PT Boats: Knights of The Sea
"QualityWings Ultimate 757 Collection FSX_is1" = QualityWings Ultimate 757 Collection FSX 1.2.2
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"TSS MD500 Soundpack" = TSS MD500 Soundpack
"UK2000 VFR Scenery Volume1" = UK2000 VFR Scenery Volume1 files
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VFR-Gen-X Vol.1" = VFR-Gen-X Vol.1 v2.0
"VobSub" = VobSub v2.23 (Remove Only)
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"XviD" = XviD MPEG-4 Codec
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2154032859-1883374182-3320367249-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Arnhem" = Arnhem
"HS Nimrod by Simshed" = HS Nimrod by Simshed
"jlGui 3.1" = jlGui 3.1
"JustFlight F-117 Nighthawk for FS9 and FSX" = JustFlight F-117 Nighthawk for FS9 and FSX
"MIRAGE F1 for FSX SP2 or Acceleration" = MIRAGE F1 for FSX SP2 or Acceleration

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/03/2011 13:45:32 | Computer Name = HomeLaptop | Source = WinMgmt | ID = 10
Description =

Error - 17/03/2011 15:03:05 | Computer Name = HomeLaptop | Source = SPP | ID = 16387
Description =

Error - 17/03/2011 15:03:05 | Computer Name = HomeLaptop | Source = System Restore | ID = 8193
Description =

Error - 17/03/2011 15:03:05 | Computer Name = HomeLaptop | Source = System Restore | ID = 8210
Description =

Error - 17/03/2011 21:10:06 | Computer Name = HomeLaptop | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc000071b, fault offset 0x00088d15, process id 0x4cc, application
start time 0x01cbe4caf760b3c6.

Error - 17/03/2011 21:17:19 | Computer Name = HomeLaptop | Source = WinMgmt | ID = 10
Description =

Error - 18/03/2011 04:56:12 | Computer Name = HomeLaptop | Source = WinMgmt | ID = 10
Description =

Error - 18/03/2011 09:10:28 | Computer Name = HomeLaptop | Source = WinMgmt | ID = 10
Description =

Error - 18/03/2011 09:21:15 | Computer Name = HomeLaptop | Source = Perflib | ID = 1010
Description =

Error - 18/03/2011 15:07:37 | Computer Name = HomeLaptop | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 03/12/2010 04:06:02 | Computer Name = HomeLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 04/12/2010 06:18:53 | Computer Name = HomeLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 04/12/2010 15:44:01 | Computer Name = HomeLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 05/12/2010 08:26:46 | Computer Name = HomeLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 06/12/2010 05:09:59 | Computer Name = HomeLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 06/12/2010 10:34:40 | Computer Name = HomeLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 07/12/2010 05:14:09 | Computer Name = HomeLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 08/12/2010 06:07:38 | Computer Name = HomeLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 09/12/2010 06:50:14 | Computer Name = HomeLaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 10/12/2010 04:04:28 | Computer Name = HomeLaptop | Source = Service Control Manager | ID = 7000
Description =


< End of report >


No pop ups yet but sometimes it takes a while before they appear etc.

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:46 PM

Posted 18 March 2011 - 02:27 PM

RichCliff,

How are you doing today?

You're doing great so far!

TDSSKiller has found the main infection, and you should notice that your computer is running better now.

Please be sure to let me know how things are running after performing the scans in this post. :)

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    SRV - [2011/03/16 21:16:21 | 000,079,872 | ---- | M] () [Auto | Running] -- C:\ProgramData\Adobe\sp.DLL -- (SPService)
    O33 - MountPoints2\{8726d6f5-f437-11df-a7c3-001d09d65530}\Shell - "" = AutoRun
    O33 - MountPoints2\{8726d6f5-f437-11df-a7c3-001d09d65530}\Shell\AutoRun\command - "" = E:\Start.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\dvdcheck.exe
    O33 - MountPoints2\G\Shell\directx\command - "" = DirectX9\dxsetup.exe
    O33 - MountPoints2\G\Shell\setup\command - "" = G:\setup.exe
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2011/02/15 19:07:55 | 000,543,947 | ---- | C] () -- C:\Program Files\780.exe
    [2010/12/18 18:49:41 | 000,000,090 | -HS- | C] () -- C:\Windows\cnerolf.bin
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:46 PM

Posted 21 March 2011 - 10:46 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users