Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google Redirect Virus.


  • Please log in to reply

#1
@thorntonrich

@thorntonrich

    Member

  • Member
  • PipPip
  • 19 posts
Hello, I have the Google Redirect Virus. It redirects Google links what seems like 25-20% of the time. To start with it redirected to youtube pages and search engines what were either fake or obscure.
I found the run-through here: http://www.geekstogo...ogle-redirects/
OTM didn't seem to agree with my system. It froze and would not respond after I clicked 'MoveIt!' forcing me to restart the computer through task manager as all applications had been ended.
I moved onto GooredFix which gave this result:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:07 on 23/06/2011 (Richard)
Firefox version [Unable to determine]

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:30 08/08/2009]

---------- Old Logs ----------
GooredFix[17.16.55_23-06-2011].txt

-=E.O.F=-


Then TDSSKiller which found nothing.
So here I am now. I used OTL, it gave me two txt files. One titled 'Extras.Txt' and the other 'OTL.txt. The 'Extras' shows this:

OTL Extras logfile created on: 23/06/2011 19:10:20 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Richard\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 45.53% Memory free
3.99 Gb Paging File | 2.62 Gb Available in Paging File | 65.68% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.09 Gb Total Space | 38.93 Gb Free Space | 26.11% Space Free | Partition Type: NTFS
Drive D: | 149.00 Gb Total Space | 148.72 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- Reg Error: Value error. File not found
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- Reg Error: Value error.
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E86452-642C-4C25-B0EC-270AA314F2FD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0D1A7A98-CA26-4D30-B3F2-525B55949D2F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1DBCF1CB-CE61-4559-9319-37773DBCD456}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{34AE4503-6E8F-4665-94B9-4603E281C872}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{448DA8DC-AAAD-4CE3-A886-19AD253A9EE8}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{4A0020FD-EB5F-4C36-B0BB-BAFB24DC98C0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5173BE79-D6B8-4AAF-9BE4-B76239DEBDEA}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5AC498C3-C861-486D-B08C-E31CB8167FD9}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5B6B8088-D0D1-41EE-AE43-7DFD7A6B06FE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5C643507-6D66-4167-B07C-1666E93F4FF7}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{603CEAB6-DE21-44F3-A800-CBE8E53D66C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6748FD0C-A574-4338-9CDF-F936DF041FFF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6C82A6A9-048B-403A-A78C-6DC4C84879BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{70FE7F10-CB18-4924-A1C5-E56721F5C333}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{712F6EF9-3D41-4733-8DB0-3806AE8F77D2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7160722C-42F7-4CC9-BDF9-E7C61B4198BF}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{719527D5-A755-4C91-9EB1-2A52610798BB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{98F71EED-789C-408A-B433-7107B99C12EC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9BC27E4A-E851-45A2-BD0F-9A47F03EF855}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9F403C62-67EE-4B36-9535-53DFC6E00C80}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A3169085-DF92-4B39-A626-C1BF7739A64B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A46D9BD1-DEF1-4B40-BA30-E6769EFC5D69}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AA822ADB-C83D-443B-AA76-5D2BD96644A2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B0835AFA-58B8-490E-A1F9-64A66CFD3C58}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B0C11975-990A-40AE-AE29-C8BCC863E06A}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B176B94C-CE16-4C69-A502-A41216A4FE4A}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B2684C7B-F98C-4218-87CE-2B1E4397E7DF}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B967F39D-69F9-4F41-91CA-AF7FC141CD98}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C4B11DD8-F291-47D0-9CE8-2AFD5891E3E7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D13A9748-DD82-4345-AC33-30379233410F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E75E619C-2312-4CD9-BAED-F73C7DC7FA7A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E7F1EB8A-6E89-4B74-901A-9DABA1F1F256}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F5E70D05-65DF-485B-8353-30FF402CCD0B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AA6127-8F29-4283-A408-BECE9C961689}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{063F12FA-995D-4B55-AA78-3DF6EF15A135}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{098A4642-D04F-4A57-A00F-370BFFB81DDF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0B366F25-AB2A-4BB7-8043-049FADCCD802}" = dir=in | app=c:\windows\system32\acprgwiz32.exe |
"{0B37DFD4-12CD-400C-AE0F-B4D70CE702D7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{16E0A4C8-19A8-4BF6-9C4F-29E6F2456033}" = protocol=17 | dir=in | app=c:\windows\system32\lxcrcoms.exe |
"{1728F935-96D6-4254-97C8-D216B8B3E40F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1AB6781D-1932-4A32-A336-5C36CA9AABA5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{22B86B8C-57DD-48A4-A7CC-6AB061CAA66B}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{2971A387-2EC2-481B-BECB-90CB7BF0B232}" = protocol=6 | dir=in | app=c:\program files\lexmark 2400 series\lxcrmon.exe |
"{2CA18860-AE50-4B36-9C96-258632515248}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{31BDAFBF-CEB7-49D5-A46F-D2FF6714E829}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{32CAB104-91DA-486D-8D0E-CCAE8787A163}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{33515127-8619-45DB-9D2C-07C6B835D0A1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{36F3E97D-1CE1-464C-9BE1-F2C0046AB071}" = protocol=17 | dir=in | app=c:\program files\lexmark 2400 series\lxcrmon.exe |
"{370AF92E-53E3-4F26-A148-E15769E82CE4}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{4264D82D-8A94-468D-9EE0-5BEA5FCA6AD3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{45AC6193-6174-44A9-B2B4-E8B55BC89D00}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4D3FFAF8-9777-4BEF-A017-F39219492A38}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4E8469B6-413B-4ACB-B34D-364933A6CC48}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{546086BD-CD32-42F7-AF7D-BE4B6232C85B}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5C13A0D4-3B04-45D3-87F1-8895A3DF1DBB}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5CB7B019-927F-4A7A-899C-04BD2E933C56}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{62ED2A14-EB94-43A3-8ADD-A3EA5277FBB5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{67059999-56FE-47EE-AC82-806400F390B5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{689643DE-E6CE-42B3-B7EF-9C0816877725}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{6AAE6A6B-8C26-4A82-8561-D7E898729A2C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6B3D054B-A3D6-4035-A410-529E5A7C3341}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6EFD9EFD-7D5B-4368-BDA7-68D4B4F28919}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{7719DA99-E3F0-4B21-8292-EB23B5C26DC7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{79721ABF-CE6C-43F3-8628-00676CBC5849}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{7A4E19DA-6CFD-4B48-98FB-C28EC0CE80F6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7D634A93-1061-4412-BCE8-A9CEBD323852}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{7D6D87EF-113F-43CF-BBD7-1B98D4433941}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{7D75C3AE-9BD0-4259-B24D-3E96456FAB36}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{815E1928-0979-423E-AE21-8C3D35B469E2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8219DAF6-27EB-4530-B60A-E262C8891C1E}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{88E4BDCD-DEFF-408E-9222-A845C4ABA571}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{8ADBEA06-A02B-4060-92ED-C8C01431D8E5}" = protocol=6 | dir=in | app=c:\windows\system32\lxcrcoms.exe |
"{91BB5438-CBB4-44F5-8D18-9D105CFD10A6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{93551C05-DBC9-4E8B-9730-F35BCB15B41E}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{93D59006-4364-43DB-9A47-03D10576C672}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{93F33DCB-F380-418C-B413-8AFAD4D5085E}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{9512921F-400D-4B95-A4DE-09B7A78DE70E}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{97C4B9F5-4C5E-4D72-A3CD-86D3957C74BF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{997787B3-097E-41CD-9965-AB85642CD2C4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9CBC1AFE-74B6-49AF-A4EC-677C032FE2CD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A0CED304-976A-41A5-AFF8-2AB0A0CB82C8}" = dir=in | app=c:\windows\system32\acprgwiz32.exe |
"{A11B502B-2487-4C18-871C-E189A4105E87}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A91E457C-304F-460A-9EFC-B93A74F0A210}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ABC32B2D-0070-4372-9973-B87953D22F37}" = dir=in | app=c:\windows\system32\acprgwiz32.exe |
"{AC801560-65C9-4DDF-A0A8-FEC3C5B2335B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{AEECE47B-AB03-4321-A6D7-AC5BA743D6D2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AF99A9AE-5A96-46FF-AA50-2D6BEF0B5ED3}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{B5F8512F-477F-43ED-B779-ACEA23BDCB17}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{B766ED05-97C1-4C2A-996F-323E40226A8C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B8BFB873-FC25-4544-8C46-F17076FA2002}" = protocol=17 | dir=in | app=c:\program files\lexmark 2400 series\lxcraiox.exe |
"{BB0704EB-CEB9-44C5-B652-0C9129C77217}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{BB9149FE-48F0-4989-B7F3-0F31204C3BF2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BCE12CC0-539D-4EC6-823E-7D8B73AD18A2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C8202BC5-1AFE-4656-9003-1501B706F562}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C98EDF96-4869-4806-B00C-9E5E2A1B8495}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C9F5AB38-8B93-49C2-ADA1-0B7788BDCBE7}" = protocol=6 | dir=in | app=c:\program files\lexmark 2400 series\lxcraiox.exe |
"{CCE3007C-A195-421C-9DB7-16E953D9DD77}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{CD1E2F26-2301-4B2B-B0A6-E5E8BD3AA8BB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D8291F19-ECF0-4DB6-97DA-346916AA0E8F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{E46245B0-CDD7-4609-AFFE-3833A6360BD6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4CDB0D4-89F4-480C-ACA2-9D2BCF782015}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ED9D780C-56D0-48C8-BDC0-7658D416C2BD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EE2E85E0-4739-4BBD-AF3C-EBBE539634CC}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{FA21B43B-45E4-454E-8EBD-8E41CAF81206}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{FCFAF4FD-0CA6-42EF-B8DC-084A33051A3D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FE95289C-EA55-43D7-BFBD-2D7B1A663FF6}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{FF5A022F-4379-4A22-B2D4-DFFD4BDB835E}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{0149598B-ABC5-4E15-9CE1-C6C32030A272}C:\program files\sports interactive\cm99-00\cm9900.exe" = protocol=6 | dir=in | app=c:\program files\sports interactive\cm99-00\cm9900.exe |
"TCP Query User{18206EB3-48C4-4728-8522-8BA97F01FFAF}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{212DDF26-C6F2-454D-96A9-C0524E504E9A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{27295952-BDAB-4000-AB73-E88D5E7E0A36}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{278EA485-4FA1-4D9C-BBAC-F398AD402E71}C:\program files\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\program files\mohaa\mohaa.exe |
"TCP Query User{4176C9E7-49DF-429C-B690-5AB7D49C2016}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{45FC586D-A408-4913-81A6-D1B0846B2EBC}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{47EF3E70-C360-4F20-90B4-402B47D2AAE3}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{68B55ED5-2D52-4FC0-A61B-E1248610D867}C:\program files\sports interactive\football manager 2006\fm.exe" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2006\fm.exe |
"TCP Query User{6DFF0D05-41C8-43F6-953A-CB0A17BCC8FE}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{7AD59CCF-FE27-4898-B0F3-D7EBDDB0D85F}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{7C2DDBB6-86D2-4E1E-B025-74145EB4AE5B}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{808F87B7-C258-4854-8A86-DD6D74653650}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{8E2FA094-AE8D-4F56-B2DC-B2F284637E61}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8ED906A9-96B1-42D5-8477-66586B1593B4}C:\users\richard\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{924686EB-ECBA-4F07-8C65-A14D102148AC}C:\users\richard\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{966480D6-89C0-4673-B4C1-983FA1736A44}C:\users\richard\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\richard\program files\utorrent\utorrent.exe |
"TCP Query User{9DDA6077-7A99-4E48-AC5E-2817863E78AA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A388B890-C58A-468E-AC93-BE7D046BF08D}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{A429AE59-DED3-48FA-AE8F-0FA442BEEFFE}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{A95D9AC7-D4FF-400C-8A03-925C81AB4192}C:\users\richard\desktop\housecall66.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\housecall66.exe |
"TCP Query User{AA8D9595-D66E-4C6E-82D6-6E1C4E4FE9AE}C:\program files\freeciv-2.0.9-gtk2\civserver.exe" = protocol=6 | dir=in | app=c:\program files\freeciv-2.0.9-gtk2\civserver.exe |
"TCP Query User{CBF291DA-5FAB-41C9-AF3D-A37839B7177A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{FF1E827B-F90D-49A4-B3D5-A781F7F6DAA2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{00303D10-54E4-4762-86A9-4B01C3AF0D28}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{00F2E532-FFE1-45D1-8699-189824ABC0E2}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{05146993-BF7E-47EE-83D4-D07F31CE24C9}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{11F7882C-D688-407D-BC7B-7164449B1EEC}C:\users\richard\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{1731ADC8-4C58-4CE4-B95B-97A75E2D650E}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{1F623F42-1949-467F-A8FC-4E5409B35E67}C:\program files\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\program files\mohaa\mohaa.exe |
"UDP Query User{2542397E-AAFF-46F8-80DC-FD93FB954619}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{2B0D99E8-F1CB-4D22-9BB1-8A6D92BD4FFE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{543FF0BB-F6F7-4BAF-BA19-5B90AF1EB133}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{54956F9A-02C5-4206-AED3-13BA673FA85A}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{5D09241A-C2D0-41E6-8DA9-9EE40E847F3F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{69300B01-BA31-47D1-B6ED-B4A6125CEB97}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{79F45C71-3CEA-4727-B81D-2CC700F88262}C:\program files\sports interactive\football manager 2006\fm.exe" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2006\fm.exe |
"UDP Query User{8BB377D6-40A7-422D-BDA9-5B0ACA894410}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{8D8AA5BC-7620-4E4C-9CF9-335CD99706DB}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{9197FE7A-35B3-430A-8574-4CD311F5A74F}C:\users\richard\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{9415A175-C7A1-436F-80B8-2E85A394AD0A}C:\program files\sports interactive\cm99-00\cm9900.exe" = protocol=17 | dir=in | app=c:\program files\sports interactive\cm99-00\cm9900.exe |
"UDP Query User{9C9D2C72-83FB-4E37-95D9-271941E3EB8F}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{A8AD482F-DED0-4E22-8086-E91FABC19BA9}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{AF65A4EC-04A3-4DFC-8363-20BAD18300C8}C:\program files\freeciv-2.0.9-gtk2\civserver.exe" = protocol=17 | dir=in | app=c:\program files\freeciv-2.0.9-gtk2\civserver.exe |
"UDP Query User{B4758F15-6311-4B7E-9A7C-1A6EE6C195E0}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{C62A886D-4E82-4574-B9FE-CE53EC2A72C3}C:\users\richard\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\richard\program files\utorrent\utorrent.exe |
"UDP Query User{E0B683BF-E23C-4C21-8EC4-0671EBFD25D3}C:\users\richard\desktop\housecall66.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\housecall66.exe |
"UDP Query User{EC5D6501-F627-4D3F-A53E-820044A45712}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}" = Football Manager 2006
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79C25975-740E-436E-9327-C164831ADCE7}" = enhanced keyboard driver
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A64FA784-7795-11D8-86F5-0050BF6C9337}" = Keyboard driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D62FD787-E963-43CA-9B84-555D08971CC1}" = Kies-OutlookAddIn
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F010EF78-8CBC-453B-BD6E-0B6D9E60F96C}" = Multimedia Mouse Driver
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Magical UnInstall" = Ashampoo Magical UnInstall
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"BlueSquare Poker" = BlueSquare Poker
"Championship Manager 1_is1" = v1.02
"Championship Manager 3" = Championship Manager 3
"Championship Manager 99-00" = Championship Manager 99-00
"CyberTweak_is1" = CyberTweak Version 1.3 Final
"Dan Elwell's Broadband Speed Test_is1" = Dan Elwell's Broadband Speed Test
"DivX Setup.divx.com" = DivX Setup
"doubleTwist" = doubleTwist
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Football Manager 2008" = Football Manager 2008
"Football Manager Live universe_1c" = Football Manager Live
"FrostWire" = FrostWire 4.21.8
"HandBrake" = HandBrake 0.9.5
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{F010EF78-8CBC-453B-BD6E-0B6D9E60F96C}" = Multimedia Mouse Driver
"LastFM_is1" = Last.fm 1.5.4.24567
"Lexmark 2400 Series" = Lexmark 2400 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Network Play System" = EA AutoPatch
"New Star Soccer" = New Star Soccer
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Picasa 3" = Picasa 3
"PROR" = Microsoft Office Professional 2007
"RealPlayer 6.0" = RealPlayer
"Steam App 4760" = Rome: Total War Gold
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"TweakVI" = TweakVI
"Veetle TV" = Veetle TV 0.9.18
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/11/2009 12:44:49 | Computer Name = Richard-PC | Source = avast! | ID = 33554522
Description =

Error - 19/03/2010 12:12:30 | Computer Name = Richard-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 23/06/2011 12:54:38 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 23/06/2011 12:54:38 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 23/06/2011 12:54:40 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 23/06/2011 12:54:40 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 23/06/2011 13:31:35 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000008>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 23/06/2011 13:31:38 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_00001F>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 23/06/2011 13:31:43 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000074>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 23/06/2011 13:31:44 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_00007E>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 23/06/2011 13:31:45 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000084>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 23/06/2011 13:31:45 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description = The entry <C:\USERS\RICHARD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000089>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

[ Media Center Events ]
Error - 16/04/2008 11:34:29 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 23/05/2008 14:06:18 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ OSession Events ]
Error - 19/01/2011 15:47:00 | Computer Name = Richard-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6546.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10302
seconds with 1500 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23/06/2011 12:10:06 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 23/06/2011 12:15:13 | Computer Name = Richard-PC | Source = DCOM | ID = 10010
Description =

Error - 23/06/2011 12:16:50 | Computer Name = Richard-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 23/06/2011 12:18:16 | Computer Name = Richard-PC | Source = HTTP | ID = 15016
Description =

Error - 23/06/2011 12:22:48 | Computer Name = Richard-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 17:20:55 on 23/06/2011 was unexpected.

Error - 23/06/2011 12:22:35 | Computer Name = Richard-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 23/06/2011 12:23:06 | Computer Name = Richard-PC | Source = HTTP | ID = 15016
Description =

Error - 23/06/2011 12:29:04 | Computer Name = Richard-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 23/06/2011 12:51:18 | Computer Name = Richard-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 23/06/2011 12:51:38 | Computer Name = Richard-PC | Source = HTTP | ID = 15016
Description =


< End of report >
and the 'OTL' shows this:

OTL logfile created on: 23/06/2011 19:10:20 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Richard\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 45.53% Memory free
3.99 Gb Paging File | 2.62 Gb Available in Paging File | 65.68% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.09 Gb Total Space | 38.93 Gb Free Space | 26.11% Space Free | Partition Type: NTFS
Drive D: | 149.00 Gb Total Space | 148.72 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/04 21:50:07 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Downloads\OTL.exe
PRC - [2011/05/11 17:41:20 | 000,019,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/05/11 17:41:10 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/05/10 13:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/12/14 16:49:30 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2008/11/26 12:34:22 | 000,089,600 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/04 21:50:07 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Downloads\OTL.exe
MOD - [2011/05/10 13:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/07/26 14:15:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/05/15 09:55:22 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/08/24 13:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/03/04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/25 22:17:04 | 000,537,840 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbkcoms.exe -- (dlbk_device)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/08 18:00:48 | 002,179,072 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Multimedia Mouse Driver\v5\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2007/02/05 11:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 11:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/12/11 12:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 12:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/29 18:00:20 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/01/03 09:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 09:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/01/03 09:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/12/21 06:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 06:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/12/21 06:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/10/22 07:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/08/04 22:41:04 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2010/07/26 14:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/09/28 02:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2008/12/20 01:08:28 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/07 10:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/19 06:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/12/31 13:06:17 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/12/31 13:06:17 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/12/24 18:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/11/18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/06/25 10:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117obex.sys -- (s117obex)
DRV - [2007/06/25 10:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 10:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/25 10:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007/06/25 10:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV - [2007/06/25 10:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007/04/23 16:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 16:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 16:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 16:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 16:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2003/11/10 12:31:38 | 000,036,232 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMD033.sys -- (NETMDUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/?o...o=312&o=0&l=dir
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 C4 ED 01 3E AB 91 47 83 56 9D 86 E9 3C 1C 6F [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/04/24 20:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions
[2009/04/24 20:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/06/23 17:10:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LXCRCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [RTHDBPL] File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\AdvancedOptions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about - No CLSID value found
O18 - Protocol\Handler\cdl - No CLSID value found
O18 - Protocol\Handler\file - No CLSID value found
O18 - Protocol\Handler\ftp - No CLSID value found
O18 - Protocol\Handler\http - No CLSID value found
O18 - Protocol\Handler\https - No CLSID value found
O18 - Protocol\Handler\javascript - No CLSID value found
O18 - Protocol\Handler\local - No CLSID value found
O18 - Protocol\Handler\mailto - No CLSID value found
O18 - Protocol\Handler\mhtml - No CLSID value found
O18 - Protocol\Handler\mk - No CLSID value found
O18 - Protocol\Handler\res - No CLSID value found
O18 - Protocol\Handler\vbscript - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Richard\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Richard\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{714b186e-ed69-11df-a68b-00196639e941}\Shell - "" = AutoRun
O33 - MountPoints2\{714b186e-ed69-11df-a68b-00196639e941}\Shell\AutoRun\command - "" = F:\TotalLock.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 18:17:34 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Richard\Desktop\TDSSKiller.exe
[2011/06/23 18:16:55 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\GooredFix Backups
[2011/06/23 17:10:04 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/22 20:20:03 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\Wondershare DVD Ripper Platinum
[2011/06/22 20:19:46 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\System32\iconv.dll
[2011/06/22 20:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2011/06/22 20:12:12 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\PCHand Media Converter Pro
[2011/06/22 18:52:41 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2011/06/17 20:14:39 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/06/16 19:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/06/13 00:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/08 22:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/08 22:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/29 20:14:09 | 000,000,000 | -HSD | C] -- C:\Users\Richard\AppData\Roaming\SysWin
[2009/01/23 20:37:56 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2007/06/25 22:17:06 | 000,386,288 | ---- | C] ( ) -- C:\Windows\System32\dlbkih.exe
[2007/06/25 22:17:04 | 000,537,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkcoms.exe
[2007/06/25 22:17:00 | 000,382,192 | ---- | C] ( ) -- C:\Windows\System32\dlbkcfg.exe
[2007/03/21 14:41:30 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbkcu.dll
[2007/01/30 15:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbkpmui.dll
[2007/01/30 15:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbkserv.dll
[2007/01/30 15:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomm.dll
[2007/01/30 15:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbklmpm.dll
[2007/01/30 15:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbkiesc.dll
[2007/01/30 15:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbkpplc.dll
[2007/01/30 15:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomc.dll
[2007/01/30 15:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkprox.dll
[2007/01/30 15:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbkinpa.dll
[2007/01/30 15:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbkusb1.dll
[2007/01/30 15:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbkhbn3.dll
[2006/02/03 04:25:42 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2006/02/03 04:24:32 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2006/02/03 04:19:36 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2006/02/03 04:12:32 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2006/02/03 04:12:26 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2006/02/03 04:11:30 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2006/02/03 04:11:22 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2006/02/03 04:10:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2006/02/03 04:10:18 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2006/02/03 04:06:24 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2006/02/03 04:01:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2006/02/03 03:59:12 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Richard\Documents\*.tmp files -> C:\Users\Richard\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/23 19:13:04 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/23 19:13:04 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/23 19:08:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/23 18:23:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3456724143-1184340653-1783022048-1000UA.job
[2011/06/23 18:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/23 17:51:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/23 17:29:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/23 17:22:40 | 256,252,461 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/23 17:10:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/06/23 15:51:30 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BF1112C5-21DC-4288-9407-81BF26CBA82F}.job
[2011/06/22 20:58:27 | 000,666,261 | ---- | M] () -- C:\Users\Richard\Desktop\pic quiz 17.08.08.pdf
[2011/06/22 19:23:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3456724143-1184340653-1783022048-1000Core.job
[2011/06/22 18:52:41 | 000,000,816 | ---- | M] () -- C:\Users\Richard\Desktop\Handbrake.lnk
[2011/06/22 18:30:45 | 000,328,234 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/22 18:30:45 | 000,046,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/19 20:24:39 | 001,939,968 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz july 2.pub
[2011/06/17 20:14:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Richard\Desktop\TDSSKiller.exe
[2011/06/14 20:25:40 | 002,011,136 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz 26.6.11.pub
[2011/06/14 20:17:37 | 002,011,136 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz july1.pub
[2011/06/13 22:51:29 | 000,087,569 | ---- | M] () -- C:\Users\Richard\Desktop\2011-06-13 22.49.55.jpg
[2011/06/09 11:37:22 | 001,679,872 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz 19.6.11.pub
[2011/06/08 22:26:11 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/07 01:43:49 | 001,638,912 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz 12.6.11.pub
[2011/06/05 20:20:32 | 004,011,008 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz 5.6.11.pub
[2011/06/05 19:47:46 | 000,879,518 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz 5.6.11.pdf
[2011/06/05 19:13:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/05 19:13:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/03 14:28:50 | 002,094,080 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz june 3.pub
[2011/05/31 18:35:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/29 20:14:09 | 000,000,085 | ---- | M] () -- C:\Windows\System32\251647472
[2011/05/29 20:14:07 | 000,199,680 | ---- | M] () -- C:\Windows\System32\dlbkcoin32.exe
[2011/05/29 10:21:18 | 000,001,356 | ---- | M] () -- C:\Users\Richard\AppData\Local\d3d9caps.dat
[2011/05/28 23:20:11 | 001,125,888 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz 29.5.11.pub
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Richard\Documents\*.tmp files -> C:\Users\Richard\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/22 20:58:25 | 000,666,261 | ---- | C] () -- C:\Users\Richard\Desktop\pic quiz 17.08.08.pdf
[2011/06/22 20:19:46 | 000,675,840 | ---- | C] () -- C:\Windows\System32\ac3filter.ax
[2011/06/19 20:24:39 | 001,939,968 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz july 2.pub
[2011/06/14 20:25:39 | 002,011,136 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz 26.6.11.pub
[2011/06/13 22:51:29 | 000,087,569 | ---- | C] () -- C:\Users\Richard\Desktop\2011-06-13 22.49.55.jpg
[2011/06/09 10:31:43 | 001,679,872 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz 19.6.11.pub
[2011/06/08 22:26:11 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/07 01:30:04 | 001,638,912 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz 12.6.11.pub
[2011/06/05 19:47:45 | 000,879,518 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz 5.6.11.pdf
[2011/06/05 19:13:24 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/06/05 19:13:24 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/06/03 14:41:34 | 002,011,136 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz july1.pub
[2011/06/02 20:04:45 | 004,011,008 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz 5.6.11.pub
[2011/06/02 11:23:59 | 002,094,080 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz june 3.pub
[2011/05/31 18:35:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/29 20:14:07 | 000,199,680 | ---- | C] () -- C:\Windows\System32\dlbkcoin32.exe
[2011/05/29 20:14:07 | 000,000,085 | ---- | C] () -- C:\Windows\System32\251647472
[2011/05/25 17:10:21 | 001,125,888 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz 29.5.11.pub
[2011/04/01 16:29:18 | 000,194,088 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/03/27 14:27:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/01/29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/01/29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/01/29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/01/29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/01/29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010/11/09 12:48:08 | 000,000,127 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/11/09 12:47:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/08/10 18:38:53 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/08/10 18:38:53 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/01/02 11:53:31 | 000,000,102 | ---- | C] () -- C:\Windows\dellstat.ini
[2009/05/07 16:28:32 | 000,000,391 | ---- | C] () -- C:\Windows\PUB_QUIZ.INI
[2009/02/18 12:25:15 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/02/18 12:25:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/05 16:13:23 | 000,001,356 | ---- | C] () -- C:\Users\Richard\AppData\Local\d3d9caps.dat
[2008/09/10 13:51:54 | 000,028,160 | ---- | C] () -- C:\Windows\System32\pfppmd.dll
[2008/06/22 16:19:55 | 000,024,206 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\UserTile.png
[2008/06/21 11:56:09 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/06/06 16:48:29 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2008/03/21 21:30:08 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/03/04 14:58:20 | 000,000,739 | ---- | C] () -- C:\Windows\eReg.dat
[2008/03/03 22:11:16 | 000,164,352 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008/03/03 22:11:16 | 000,001,476 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-New Star Soccer.dat
[2008/01/27 19:05:08 | 000,000,090 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/01/06 19:12:01 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2008/01/03 15:39:15 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/12/31 13:06:17 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2007/12/31 13:06:17 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007/12/30 20:12:00 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/12/30 20:12:00 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/12/24 16:02:34 | 000,049,152 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/22 10:58:33 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2007/12/17 10:36:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\LXPRMON.DLL
[2007/12/17 10:36:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXPMONUI.DLL
[2007/12/05 19:50:16 | 000,000,078 | ---- | C] () -- C:\Windows\Hotkey.INI
[2007/12/04 18:58:12 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/03/21 14:53:26 | 000,462,848 | ---- | C] () -- C:\Windows\System32\dlbkjswr.dll
[2007/03/21 14:53:16 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbkcur.dll
[2007/03/21 14:41:20 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbkutil.dll
[2007/02/22 23:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbkcoin.dll
[2007/02/07 23:58:00 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/11/30 12:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,423,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,328,234 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,046,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 17:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2005/12/20 17:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[2005/12/16 20:15:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbkvs.dll
[2005/10/15 15:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2005/10/15 15:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2005/09/13 22:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv5.dll
[2005/09/13 22:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv4.dll
[2005/07/08 09:11:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
[2000/07/15 01:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe

========== LOP Check ==========

[2010/09/22 17:05:12 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\AnvSoft
[2011/01/09 12:32:01 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Azureus
[2010/09/22 16:22:47 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\FreeVideoConverter
[2011/06/23 16:53:44 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\FrostWire
[2008/01/01 20:13:39 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\FUJIFILM
[2011/06/22 19:29:12 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\HandBrake
[2008/12/20 00:38:07 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\HouseCall 6.6
[2011/01/09 12:36:24 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\LimeWire
[2008/03/14 11:43:15 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\NCH Swift Sound
[2009/06/08 17:21:31 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Nokia
[2008/03/02 21:07:33 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Oberon Media
[2009/05/06 19:39:24 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\PC Suite
[2011/02/22 20:20:57 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Samsung
[2009/03/09 19:14:46 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Sony
[2008/01/10 11:09:44 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Sony Setup
[2010/10/07 17:51:41 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Sports Interactive
[2011/05/29 20:11:07 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\StumbleUpon
[2011/06/06 23:52:12 | 000,000,000 | -HSD | M] -- C:\Users\Richard\AppData\Roaming\SysWin
[2007/12/28 16:56:28 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Teleca
[2008/04/22 02:04:54 | 000,000,000 | ---D | M] -- C:\Users\Richard\AppData\Roaming\Uniblue
[2010/08/13 00:15:00 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2011/06/23 17:29:29 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/03/18 00:46:59 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/04/21 23:47:53 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC.job
[2011/06/23 15:51:30 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BF1112C5-21DC-4288-9407-81BF26CBA82F}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3E7393FC

< End of report >

I am using Windows vista 32bit and Google Chrome.

Since I tried the above, Google seems to redirect less but instead it simply fails to direct at all on certain links. I will click one and literally nothing occurs. It is always the same link. For instance, supposing I click the 1st result of a search and it fails to load. If I then click the second result and that loads fine, pressing back on my browser window and then clicking the 1st search result again will have the same result, i.e nothing.
Thank sin advance to anyone who can help.
Richard
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Uninstall
FrostWire 4.21.8
Yahoo! Toolbar
Winamp Toolbar for Firefox
We may need to uninstall Winamp too since one of its drivers can be used by the malware to hide behind but we will leave it for now.

Copy the text between the lines of stars by highlighting and Ctrl + c


********************************************************************

:OTL
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKCU..\Run: [RTHDBPL] File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about - No CLSID value found
O18 - Protocol\Handler\cdl - No CLSID value found
O18 - Protocol\Handler\file - No CLSID value found
O18 - Protocol\Handler\ftp - No CLSID value found
O18 - Protocol\Handler\http - No CLSID value found
O18 - Protocol\Handler\https - No CLSID value found
O18 - Protocol\Handler\javascript - No CLSID value found
O18 - Protocol\Handler\local - No CLSID value found
O18 - Protocol\Handler\mailto - No CLSID value found
O18 - Protocol\Handler\mhtml - No CLSID value found
O18 - Protocol\Handler\mk - No CLSID value found
O18 - Protocol\Handler\res - No CLSID value found
O18 - Protocol\Handler\vbscript - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
[2011/05/29 20:14:09 | 000,000,000 | -HSD | C] -- C:\Users\Richard\AppData\Roaming\SysWin
[2011/05/29 20:14:09 | 000,000,085 | ---- | M] () -- C:\Windows\System32\251647472
[2011/05/29 20:14:07 | 000,199,680 | ---- | M] () -- C:\Windows\System32\dlbkcoin32.exe
[2011/03/18 00:46:59 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job
[2008/04/21 23:47:53 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\Uniblue SpeedUpMyPC.job

:Commands
[purity]
[emptytemp]
[Reboot]


*******************************************************************

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix

Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK

Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Right click on aswMBR.exe and Run As Administrator

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image


Please run TDSSKiller again and post the log.

Ron
  • 0

#3
@thorntonrich

@thorntonrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks for this.
I uninstalled Frostwire and Yahoo toolbar easily enough.
When I tried to uninstall Winamp Toolbar for Firefox I got the popup: "You do not have sufficient access to uninstall Winamp Toolbar for Firefox. Please contact your system administrator." As far as I was aware I am the system administrator, no one else uses this PC and I had to give permission in the first place when I clicked to uninstall it.
I uninstalled Winamp anyway as I do not use it.
I just wanted to check whether it was ok to proceed to OTL from here given the problem removing Winamp Toolbar.
Thank you.

Richard.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
yes we can remove the toolbar with otl
  • 0

#5
@thorntonrich

@thorntonrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi Ron, sorry to take a while to reply, I've been away from home for a few days.
First up we have the Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6944

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

25/06/2011 09:04:38
mbam-log-2011-06-25 (09-04-38).txt

Scan type: Quick scan
Objects scanned: 162606
Time elapsed: 10 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdTools, Inc. (Adware.AdTools) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\tmp0000001092793a6f670c0c8d (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\tmp000000117d2f5997d4ee054f (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\tmp0000001295018cbf5ec88bfc (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\tmp0000000d083b9d277351e928 (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Richard\downloads\installsecuritycentral_147.exe (Trojan.FakeAlert.PGen) -> Quarantined and deleted successfully.
c:\Windows\System32\02000000fa1f84171315c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\02000000fa1f84171315o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\02000000fa1f84171315p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\02000000fa1f84171315s.manifest (Malware.Trace) -> Quarantined and deleted successfully.


Followed by the Combofix file:

ComboFix 11-06-25.01 - Richard 25/06/2011 9:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1919.987 [GMT 1:00]
Running from: c:\users\Richard\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Richard\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\uheuombg.sys
c:\windows\system32\muzapp.exe
c:\windows\system32\system32
c:\windows\system32\system32\3DAudio.ax
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_alqtlao
.
.
((((((((((((((((((((((((( Files Created from 2011-05-25 to 2011-06-25 )))))))))))))))))))))))))))))))
.
.
2011-06-25 08:08 . 2011-06-25 08:08 -------- d-----w- C:\32788R22FWJFW
2011-06-25 07:47 . 2011-06-25 07:47 -------- d-----w- c:\users\Richard\AppData\Roaming\Malwarebytes
2011-06-25 07:47 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-25 07:47 . 2011-06-25 07:47 -------- d-----w- c:\programdata\Malwarebytes
2011-06-25 07:47 . 2011-06-25 07:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-25 07:47 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-24 21:19 . 2011-06-24 21:19 -------- d-----w- C:\_OTL
2011-06-24 15:38 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A110EE2-1916-4AAF-B347-280F6DA7A85D}\mpengine.dll
2011-06-23 16:10 . 2011-06-23 16:10 -------- d-----w- C:\_OTM
2011-06-22 19:19 . 2010-11-19 17:04 892928 ----a-w- c:\windows\system32\iconv.dll
2011-06-22 19:19 . 2010-11-19 17:04 675840 ----a-w- c:\windows\system32\ac3filter.ax
2011-06-22 19:19 . 2011-06-23 04:41 -------- d-----w- c:\program files\Wondershare
2011-06-17 19:14 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-16 18:43 . 2011-06-16 18:43 -------- d-----w- c:\programdata\WindowsSearch
2011-06-12 23:35 . 2011-06-12 23:35 -------- d-----w- c:\program files\Common Files\Java
2011-06-08 21:25 . 2011-06-08 21:25 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 18:14 . 2009-10-03 01:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:10 . 2010-07-08 08:42 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2009-03-01 12:14 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2009-03-01 12:14 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2009-03-01 12:14 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2009-03-01 12:14 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2009-03-01 12:14 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2009-03-01 12:14 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-04 03:52 . 2010-05-30 17:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-27 01:57 . 2011-04-27 01:57 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-05-11 934800]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-05-11 3373968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-05-11 19856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 106496]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 01:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2006-12-11 11:11 82864 ----a-w- c:\program files\Lexmark 2400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2006-02-02 08:11 290816 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-02 18:54 133104 ----atw- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-01-07 19:46 1468296 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 16:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2008-06-10 12:56 1442888 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-05-11 16:41 3373968 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KMConfig]
2007-03-06 14:51 212992 ----a-w- c:\program files\Multimedia Mouse Driver\v5\StartAutorun.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCRCATS]
2006-11-21 12:27 106496 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\lxcrtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
2006-12-11 11:11 291760 ----a-w- c:\program files\Lexmark 2400 Series\lxcrmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagUninstall]
2007-11-02 15:58 1743712 ----a-w- c:\program files\Ashampoo\Ashampoo Magical UnInstall\MagicalUnInstall.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 12:42 3420776 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 12:42 110696 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2008-01-19 07:33 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 11:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2007-05-31 08:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-01-29 20032]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-11 136176]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 121192]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 136680]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 dlbk_device;dlbk_device;c:\windows\system32\dlbkcoms.exe [2007-06-25 537840]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-26 217088]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-08-04 6656]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Multimedia Mouse Driver\v5\KMWDSrv.exe [2007-05-08 2179072]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-07-26 36640]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-11 15:56]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-11 15:56]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3456724143-1184340653-1783022048-1000Core.job
- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 18:54]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3456724143-1184340653-1783022048-1000UA.job
- c:\users\Richard\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-02 18:54]
.
2011-06-24 c:\windows\Tasks\User_Feed_Synchronization-{BF1112C5-21DC-4288-9407-81BF26CBA82F}.job
- c:\windows\system32\msfeedssync.exe [2008-05-23 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.ask.com/?o=312&o=0&l=dir
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
MSConfigStartUp-UIWatcher - c:\program files\Ashampoo\Ashampoo Magical UnInstall\UIWatcher.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-Windows Mobile Device Center - c:\windows\WindowsMobile\wmdc.exe
AddRemove-Championship Manager 1_is1 - c:\program files\Sports Interactive\Championship Manager 1\unins000.exe
AddRemove-Championship Manager 3 - c:\program files\sports interactive\CM3\Uninst.isu
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\program files\DivX\DivXConverterUninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-25 09:25
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\lxcrcoms.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-06-25 09:34:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-25 08:33
.
Pre-Run: 45,132,337,152 bytes free
Post-Run: 44,674,588,672 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 39674947D1118166B4D874220A22500C


This is the aswMBR file (the Fix button was NOT highlighted at the end):

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-29 07:42:14
-----------------------------
07:42:14.519 OS Version: Windows 6.0.6001 Service Pack 1
07:42:14.519 Number of processors: 2 586 0x6B02
07:42:14.521 ComputerName: RICHARD-PC UserName: Richard
07:42:21.571 Initialize success
07:42:21.926 AVAST engine defs: 11062801
07:42:31.354 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
07:42:31.357 Disk 0 Vendor: MAXTOR_S 3.AA Size: 305245MB BusType: 6
07:42:33.392 Disk 0 MBR read successfully
07:42:33.395 Disk 0 MBR scan
07:42:33.400 Disk 0 unknown MBR code
07:42:35.409 Disk 0 scanning sectors +625137345
07:42:35.434 Disk 0 scanning C:\Windows\system32\drivers
07:42:43.474 Service scanning
07:42:45.140 Disk 0 trace - called modules:
07:42:45.161 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
07:42:45.165 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bc3ac8]
07:42:45.169 3 CLASSPNP.SYS[83ba0745] -> nt!IofCallDriver -> [0x85b21d50]
07:42:45.174 5 acpi.sys[8060e6a0] -> nt!IofCallDriver -> \Device\0000005b[0x85b278c0]
07:42:45.625 AVAST engine scan C:\Windows
10:13:54.950 AVAST engine scan C:\Users\Richard
11:57:07.750 AVAST engine scan C:\ProgramData
12:06:15.899 Scan finished successfully
12:11:21.892 Disk 0 MBR has been saved successfully to "C:\Users\Richard\Desktop\MBR.dat"
12:11:21.916 The log file has been saved successfully to "C:\Users\Richard\Desktop\aswMBR.txt"


And the TDSSKiller log is this:

2011/06/29 12:12:51.0833 5004 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/29 12:12:53.0002 5004 ================================================================================
2011/06/29 12:12:53.0002 5004 SystemInfo:
2011/06/29 12:12:53.0003 5004
2011/06/29 12:12:53.0003 5004 OS Version: 6.0.6001 ServicePack: 1.0
2011/06/29 12:12:53.0003 5004 Product type: Workstation
2011/06/29 12:12:53.0003 5004 ComputerName: RICHARD-PC
2011/06/29 12:12:53.0003 5004 UserName: Richard
2011/06/29 12:12:53.0003 5004 Windows directory: C:\Windows
2011/06/29 12:12:53.0003 5004 System windows directory: C:\Windows
2011/06/29 12:12:53.0003 5004 Processor architecture: Intel x86
2011/06/29 12:12:53.0003 5004 Number of processors: 2
2011/06/29 12:12:53.0003 5004 Page size: 0x1000
2011/06/29 12:12:53.0003 5004 Boot type: Normal boot
2011/06/29 12:12:53.0003 5004 ================================================================================
2011/06/29 12:13:00.0733 5004 !crdlk
2011/06/29 12:13:00.0876 5004 Initialize success
2011/06/29 12:13:05.0616 5132 ================================================================================
2011/06/29 12:13:05.0616 5132 Scan started
2011/06/29 12:13:05.0616 5132 Mode: Manual;
2011/06/29 12:13:05.0616 5132 ================================================================================
2011/06/29 12:13:06.0586 5132 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/06/29 12:13:06.0656 5132 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/29 12:13:06.0717 5132 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/29 12:13:06.0779 5132 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/29 12:13:06.0836 5132 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/29 12:13:06.0957 5132 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
2011/06/29 12:13:07.0013 5132 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/29 12:13:07.0067 5132 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/29 12:13:07.0119 5132 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/29 12:13:07.0162 5132 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/29 12:13:07.0196 5132 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/29 12:13:07.0240 5132 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/29 12:13:07.0295 5132 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/29 12:13:07.0430 5132 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/29 12:13:07.0488 5132 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/29 12:13:07.0564 5132 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/29 12:13:07.0610 5132 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/29 12:13:07.0674 5132 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/06/29 12:13:07.0751 5132 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/06/29 12:13:07.0829 5132 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/06/29 12:13:07.0877 5132 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/06/29 12:13:07.0924 5132 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/29 12:13:07.0972 5132 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/06/29 12:13:08.0039 5132 athr (dcdfc3a5a8b239055aab6bd975ada889) C:\Windows\system32\DRIVERS\athr.sys
2011/06/29 12:13:08.0131 5132 atksgt (3c4b9850a2631c2263507400d029057b) C:\Windows\system32\DRIVERS\atksgt.sys
2011/06/29 12:13:08.0274 5132 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/29 12:13:08.0396 5132 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/29 12:13:08.0461 5132 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/29 12:13:08.0490 5132 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/29 12:13:08.0559 5132 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/29 12:13:08.0611 5132 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/29 12:13:08.0665 5132 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/29 12:13:08.0707 5132 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/29 12:13:08.0777 5132 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/29 12:13:08.0892 5132 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/29 12:13:08.0957 5132 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/29 12:13:09.0005 5132 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/29 12:13:09.0060 5132 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/06/29 12:13:09.0137 5132 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/29 12:13:09.0183 5132 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/29 12:13:09.0238 5132 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/29 12:13:09.0291 5132 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/29 12:13:09.0379 5132 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
2011/06/29 12:13:09.0477 5132 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\Windows\system32\drivers\dgderdrv.sys
2011/06/29 12:13:09.0561 5132 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/06/29 12:13:09.0657 5132 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/29 12:13:09.0715 5132 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/29 12:13:09.0803 5132 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/29 12:13:09.0886 5132 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/06/29 12:13:09.0995 5132 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/29 12:13:10.0121 5132 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/06/29 12:13:10.0181 5132 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/06/29 12:13:10.0249 5132 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/29 12:13:10.0325 5132 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/29 12:13:10.0362 5132 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/29 12:13:10.0426 5132 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/29 12:13:10.0493 5132 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/06/29 12:13:10.0583 5132 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
2011/06/29 12:13:10.0652 5132 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/29 12:13:10.0734 5132 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/29 12:13:10.0773 5132 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/29 12:13:10.0871 5132 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/29 12:13:10.0927 5132 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/29 12:13:10.0977 5132 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/29 12:13:11.0038 5132 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/29 12:13:11.0084 5132 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/29 12:13:11.0139 5132 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/29 12:13:11.0209 5132 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/06/29 12:13:11.0264 5132 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/29 12:13:11.0332 5132 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/29 12:13:11.0388 5132 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/29 12:13:11.0494 5132 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/29 12:13:11.0552 5132 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/06/29 12:13:11.0597 5132 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/29 12:13:11.0676 5132 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/29 12:13:11.0777 5132 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/29 12:13:11.0826 5132 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/29 12:13:11.0902 5132 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\Windows\system32\drivers\iPodDrv.sys
2011/06/29 12:13:11.0980 5132 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/06/29 12:13:12.0014 5132 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/29 12:13:12.0076 5132 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
2011/06/29 12:13:12.0115 5132 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/29 12:13:12.0186 5132 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/29 12:13:12.0232 5132 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/29 12:13:12.0270 5132 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/29 12:13:12.0312 5132 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/29 12:13:12.0361 5132 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/29 12:13:12.0446 5132 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/29 12:13:12.0566 5132 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/06/29 12:13:12.0626 5132 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/29 12:13:12.0716 5132 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/29 12:13:12.0774 5132 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/29 12:13:12.0830 5132 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/29 12:13:12.0892 5132 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/29 12:13:12.0967 5132 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/06/29 12:13:13.0046 5132 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/29 12:13:13.0089 5132 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/29 12:13:13.0152 5132 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/29 12:13:13.0195 5132 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/29 12:13:13.0263 5132 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/29 12:13:13.0303 5132 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/29 12:13:13.0360 5132 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/29 12:13:13.0420 5132 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/29 12:13:13.0484 5132 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/29 12:13:13.0532 5132 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/06/29 12:13:13.0583 5132 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/29 12:13:13.0628 5132 mrxsmb10 (cf6e972f8e0d0f2970360a17572b366b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/29 12:13:13.0677 5132 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/29 12:13:13.0727 5132 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/29 12:13:13.0783 5132 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/29 12:13:13.0861 5132 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/29 12:13:13.0920 5132 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/29 12:13:14.0000 5132 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/29 12:13:14.0051 5132 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/29 12:13:14.0093 5132 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/29 12:13:14.0143 5132 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/06/29 12:13:14.0217 5132 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/29 12:13:14.0288 5132 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/29 12:13:14.0356 5132 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/06/29 12:13:14.0440 5132 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/29 12:13:14.0557 5132 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/06/29 12:13:14.0616 5132 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/29 12:13:14.0662 5132 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/29 12:13:14.0716 5132 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/29 12:13:14.0768 5132 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/29 12:13:14.0829 5132 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/29 12:13:14.0877 5132 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/29 12:13:14.0954 5132 NETMDUSB (417334447945c9e111ffd881f7bf4d08) C:\Windows\system32\Drivers\NETMD033.sys
2011/06/29 12:13:15.0031 5132 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/29 12:13:15.0106 5132 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/06/29 12:13:15.0149 5132 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/29 12:13:15.0238 5132 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/06/29 12:13:15.0320 5132 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/29 12:13:15.0387 5132 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/06/29 12:13:15.0437 5132 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/29 12:13:15.0511 5132 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/06/29 12:13:15.0857 5132 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/29 12:13:16.0166 5132 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/06/29 12:13:16.0233 5132 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/06/29 12:13:16.0278 5132 nvstor32 (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/06/29 12:13:16.0348 5132 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/29 12:13:16.0517 5132 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/29 12:13:16.0629 5132 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/06/29 12:13:16.0679 5132 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/06/29 12:13:16.0706 5132 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/06/29 12:13:16.0783 5132 pbfilter (4dfe4cef1aeec1025380d7ebf40e8e2b) C:\Program Files\PeerBlock\pbfilter.sys
2011/06/29 12:13:16.0899 5132 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/06/29 12:13:16.0953 5132 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/06/29 12:13:16.0994 5132 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/06/29 12:13:17.0056 5132 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/29 12:13:17.0122 5132 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/29 12:13:17.0261 5132 Point32 (e56e57cfb75b1ee2bb001ad036c27fbb) C:\Windows\system32\DRIVERS\point32k.sys
2011/06/29 12:13:17.0317 5132 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/29 12:13:17.0392 5132 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/29 12:13:17.0475 5132 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/29 12:13:17.0516 5132 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/29 12:13:17.0601 5132 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/29 12:13:17.0680 5132 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/29 12:13:17.0726 5132 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/29 12:13:17.0797 5132 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/29 12:13:17.0854 5132 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/29 12:13:17.0919 5132 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/29 12:13:17.0957 5132 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/29 12:13:18.0019 5132 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/29 12:13:18.0060 5132 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/29 12:13:18.0130 5132 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/29 12:13:18.0169 5132 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/29 12:13:18.0221 5132 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/06/29 12:13:18.0296 5132 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/29 12:13:18.0371 5132 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\Windows\system32\DRIVERS\s115bus.sys
2011/06/29 12:13:18.0428 5132 s115mdfl (e24113fc13b8737c94cf4e3415488c76) C:\Windows\system32\DRIVERS\s115mdfl.sys
2011/06/29 12:13:18.0478 5132 s115mdm (4029e49e7c673aa0670bd206b0af1b5b) C:\Windows\system32\DRIVERS\s115mdm.sys
2011/06/29 12:13:18.0536 5132 s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\Windows\system32\DRIVERS\s115mgmt.sys
2011/06/29 12:13:18.0592 5132 s115obex (089869db9ffd2ac807fa87fe82ac7761) C:\Windows\system32\DRIVERS\s115obex.sys
2011/06/29 12:13:18.0677 5132 s117bus (1f561844318914e7eb6e54673a4cc54c) C:\Windows\system32\DRIVERS\s117bus.sys
2011/06/29 12:13:18.0720 5132 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\Windows\system32\DRIVERS\s117mdfl.sys
2011/06/29 12:13:18.0767 5132 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\Windows\system32\DRIVERS\s117mdm.sys
2011/06/29 12:13:18.0826 5132 s117mgmt (bd6483e64b1da17e812b34bcdefd9459) C:\Windows\system32\DRIVERS\s117mgmt.sys
2011/06/29 12:13:18.0885 5132 s117nd5 (c7ca36c3054b4cd47a1f6611b046e2f9) C:\Windows\system32\DRIVERS\s117nd5.sys
2011/06/29 12:13:18.0917 5132 s117obex (e290b3a6b58fb72ca97dd48d64e4fc1c) C:\Windows\system32\DRIVERS\s117obex.sys
2011/06/29 12:13:18.0971 5132 s117unic (5c4d1ba23c7511ac880e8ba7baa80dba) C:\Windows\system32\DRIVERS\s117unic.sys
2011/06/29 12:13:19.0067 5132 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/29 12:13:19.0171 5132 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/29 12:13:19.0258 5132 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/29 12:13:19.0296 5132 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/06/29 12:13:19.0332 5132 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/29 12:13:19.0408 5132 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/29 12:13:19.0443 5132 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/29 12:13:19.0473 5132 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/29 12:13:19.0500 5132 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/29 12:13:19.0556 5132 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/29 12:13:19.0603 5132 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/06/29 12:13:19.0658 5132 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/29 12:13:19.0737 5132 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/06/29 12:13:19.0844 5132 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/29 12:13:19.0914 5132 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/06/29 12:13:19.0987 5132 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/29 12:13:20.0032 5132 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/29 12:13:20.0077 5132 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/06/29 12:13:20.0140 5132 ssadmdfl (9630b486b62cc0adb0a89152ed0218d7) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/06/29 12:13:20.0201 5132 ssadmdm (9afaa23421622c392b55508fa9613949) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/06/29 12:13:20.0277 5132 sscdbus (069351a1d7d291013177a90ae6edccbc) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/06/29 12:13:20.0315 5132 sscdmdfl (1c925be223a5c0f9f469252292a48df6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/06/29 12:13:20.0369 5132 sscdmdm (ae3e77ae0fbdb07eb1ac3fed74a0695e) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/06/29 12:13:20.0479 5132 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/29 12:13:20.0540 5132 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/29 12:13:20.0594 5132 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/29 12:13:20.0652 5132 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/29 12:13:20.0760 5132 Tcpip (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys
2011/06/29 12:13:20.0836 5132 Tcpip6 (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/29 12:13:20.0891 5132 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/29 12:13:20.0958 5132 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/29 12:13:20.0995 5132 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/29 12:13:21.0032 5132 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/29 12:13:21.0074 5132 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/29 12:13:21.0165 5132 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\Windows\system32\drivers\tmcomm.sys
2011/06/29 12:13:21.0246 5132 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/29 12:13:21.0286 5132 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/29 12:13:21.0331 5132 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/29 12:13:21.0391 5132 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/29 12:13:21.0447 5132 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/29 12:13:21.0543 5132 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/29 12:13:21.0587 5132 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/29 12:13:21.0639 5132 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/29 12:13:21.0688 5132 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/29 12:13:21.0745 5132 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/29 12:13:21.0817 5132 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/29 12:13:21.0867 5132 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/29 12:13:21.0916 5132 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/29 12:13:21.0972 5132 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/29 12:13:22.0028 5132 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/29 12:13:22.0065 5132 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/29 12:13:22.0114 5132 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/29 12:13:22.0169 5132 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/29 12:13:22.0223 5132 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/29 12:13:22.0281 5132 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/29 12:13:22.0346 5132 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/06/29 12:13:22.0404 5132 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/29 12:13:22.0498 5132 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/29 12:13:22.0539 5132 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/29 12:13:22.0587 5132 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/29 12:13:22.0635 5132 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/06/29 12:13:22.0690 5132 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/29 12:13:22.0778 5132 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/06/29 12:13:22.0827 5132 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/06/29 12:13:22.0873 5132 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/29 12:13:22.0964 5132 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/29 12:13:23.0030 5132 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/29 12:13:23.0063 5132 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/29 12:13:23.0149 5132 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/29 12:13:23.0218 5132 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/29 12:13:23.0375 5132 winusb (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\winusb.sys
2011/06/29 12:13:23.0425 5132 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/29 12:13:23.0557 5132 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/29 12:13:23.0615 5132 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/29 12:13:23.0715 5132 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/29 12:13:23.0810 5132 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/06/29 12:13:23.0820 5132 ================================================================================
2011/06/29 12:13:23.0820 5132 Scan finished
2011/06/29 12:13:23.0820 5132 ================================================================================
2011/06/29 12:13:23.0839 1076 Detected object count: 0
2011/06/29 12:13:23.0839 1076 Actual detected object count: 0
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Logs look good. Are you still being redirected?

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#7
@thorntonrich

@thorntonrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Yes, still getting redirects unfortunately.
These are the two logs from OTL:


OTL logfile created on: 30/06/2011 02:12:10 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Richard\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 46.68% Memory free
3.98 Gb Paging File | 2.98 Gb Available in Paging File | 74.88% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.09 Gb Total Space | 48.80 Gb Free Space | 32.73% Space Free | Partition Type: NTFS
Drive D: | 149.00 Gb Total Space | 148.72 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/04 21:50:07 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
PRC - [2011/05/11 17:41:20 | 000,019,856 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/05/11 17:41:10 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/12/14 16:49:30 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/10/16 13:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010/07/26 14:15:26 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/03/09 13:44:12 | 000,130,560 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/03/04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2008/11/26 12:35:00 | 000,119,808 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2008/11/26 12:34:22 | 000,089,600 | ---- | M] () -- C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/06/25 22:17:04 | 000,537,840 | ---- | M] ( ) -- C:\Windows\System32\dlbkcoms.exe
PRC - [2007/05/08 18:00:48 | 002,179,072 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Multimedia Mouse Driver\v5\KMWDSrv.exe
PRC - [2006/12/11 12:12:06 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcrcoms.exe


========== Modules (SafeList) ==========

MOD - [2011/06/04 21:50:07 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
MOD - [2011/05/10 13:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/07/26 14:15:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/05/15 09:55:22 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/03/04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/25 22:17:04 | 000,537,840 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlbkcoms.exe -- (dlbk_device)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/08 18:00:48 | 002,179,072 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Multimedia Mouse Driver\v5\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2007/02/05 11:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 11:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/12/11 12:12:06 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 12:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/01/29 18:00:20 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/01/03 09:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/01/03 09:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/01/03 09:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/12/21 06:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 06:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/12/21 06:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/10/22 07:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/08/04 22:41:04 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2010/07/26 14:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/09/28 02:02:42 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2008/12/20 01:08:28 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/07 10:55:22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/19 06:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007/12/31 13:06:17 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/12/31 13:06:17 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/12/24 18:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/11/18 04:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/06/25 10:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117obex.sys -- (s117obex)
DRV - [2007/06/25 10:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 10:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/25 10:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007/06/25 10:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV - [2007/06/25 10:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 10:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2007/04/23 16:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 16:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 16:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 16:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 16:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2003/11/10 12:31:38 | 000,036,232 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMD033.sys -- (NETMDUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.ask.com/?o...o=312&o=0&l=dir
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 90 C4 ED 01 3E AB 91 47 83 56 9D 86 E9 3C 1C 6F [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/04/24 20:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions
[2009/04/24 20:30:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richard\AppData\Roaming\Mozilla\Extensions\[email protected]

O1 HOSTS File: ([2011/06/25 09:25:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O4 - HKLM..\Run: [LXCRCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\AdvancedOptions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Richard\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Richard\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 09:37:18 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\Richard\Desktop\aswMBR.exe
[2011/06/25 09:34:29 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Local\temp
[2011/06/25 09:25:38 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/06/25 09:22:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/06/25 09:08:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/25 09:08:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/25 09:08:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/25 09:08:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/25 09:08:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/25 09:08:15 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/06/25 09:06:45 | 004,136,919 | R--- | C] (Swearware) -- C:\Users\Richard\Desktop\ComboFix.exe
[2011/06/25 08:47:37 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Malwarebytes
[2011/06/25 08:47:21 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/25 08:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/25 08:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/25 08:47:14 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/25 08:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/25 08:45:59 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Richard\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/24 22:19:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/23 18:17:34 | 001,441,584 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Richard\Desktop\TDSSKiller.exe
[2011/06/23 18:16:55 | 000,000,000 | ---D | C] -- C:\Users\Richard\Desktop\GooredFix Backups
[2011/06/23 17:10:04 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/22 20:20:03 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\Wondershare DVD Ripper Platinum
[2011/06/22 20:19:46 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\System32\iconv.dll
[2011/06/22 20:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2011/06/22 20:12:12 | 000,000,000 | ---D | C] -- C:\Users\Richard\Documents\PCHand Media Converter Pro
[2011/06/22 18:52:41 | 000,000,000 | ---D | C] -- C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2011/06/17 20:14:39 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/06/16 19:49:04 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/16 19:49:04 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/06/16 19:49:02 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/16 19:49:01 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/16 19:49:01 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/06/16 19:48:59 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/16 19:48:59 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/16 19:48:58 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011/06/16 19:48:58 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/16 19:48:57 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/16 19:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/06/13 00:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/13 00:32:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/06/13 00:32:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/06/13 00:32:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/06/08 22:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/08 22:25:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/04 21:50:01 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
[2009/01/23 20:37:56 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCRhcp.dll
[2007/06/25 22:17:06 | 000,386,288 | ---- | C] ( ) -- C:\Windows\System32\dlbkih.exe
[2007/06/25 22:17:04 | 000,537,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkcoms.exe
[2007/06/25 22:17:00 | 000,382,192 | ---- | C] ( ) -- C:\Windows\System32\dlbkcfg.exe
[2007/03/21 14:41:30 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbkcu.dll
[2007/01/30 15:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbkpmui.dll
[2007/01/30 15:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbkserv.dll
[2007/01/30 15:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomm.dll
[2007/01/30 15:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbklmpm.dll
[2007/01/30 15:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbkiesc.dll
[2007/01/30 15:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbkpplc.dll
[2007/01/30 15:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomc.dll
[2007/01/30 15:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkprox.dll
[2007/01/30 15:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbkinpa.dll
[2007/01/30 15:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbkusb1.dll
[2007/01/30 15:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbkhbn3.dll
[2006/02/03 04:25:42 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcrpmui.dll
[2006/02/03 04:24:32 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
[2006/02/03 04:19:36 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
[2006/02/03 04:12:32 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcrih.exe
[2006/02/03 04:12:26 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
[2006/02/03 04:11:30 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
[2006/02/03 04:11:22 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
[2006/02/03 04:10:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
[2006/02/03 04:10:18 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
[2006/02/03 04:06:24 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
[2006/02/03 04:01:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
[2006/02/03 03:59:12 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Richard\Documents\*.tmp files -> C:\Users\Richard\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/30 02:11:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/29 23:23:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3456724143-1184340653-1783022048-1000UA.job
[2011/06/29 23:08:03 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/29 22:39:29 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/29 22:39:28 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/29 22:38:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/29 21:07:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/06/29 20:46:12 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BF1112C5-21DC-4288-9407-81BF26CBA82F}.job
[2011/06/29 12:11:21 | 000,000,512 | ---- | M] () -- C:\Users\Richard\Desktop\MBR.dat
[2011/06/29 12:03:36 | 002,650,624 | ---- | M] () -- C:\Users\Richard\Desktop\picture quiz july 2.pub
[2011/06/28 19:23:03 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3456724143-1184340653-1783022048-1000Core.job
[2011/06/26 20:21:44 | 001,821,184 | ---- | M] () -- C:\Users\Richard\Desktop\picture quiz july 3.pub
[2011/06/26 20:21:38 | 001,821,184 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz july 3.pub
[2011/06/25 09:37:32 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\Richard\Desktop\aswMBR.exe
[2011/06/25 09:25:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/25 09:07:03 | 004,136,919 | R--- | M] (Swearware) -- C:\Users\Richard\Desktop\ComboFix.exe
[2011/06/25 08:47:21 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/25 08:46:09 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Richard\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/24 18:10:18 | 000,328,234 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/24 18:10:18 | 000,046,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/23 20:15:21 | 000,033,189 | ---- | M] () -- C:\Users\Richard\Desktop\248746_10150626092320511_834490510_18747115_3101527_n.jpg
[2011/06/23 20:05:44 | 000,059,179 | ---- | M] () -- C:\Users\Richard\Desktop\249304_10150595482940511_834490510_18392700_5040029_n.jpg
[2011/06/23 17:22:40 | 256,252,461 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/22 20:58:27 | 000,666,261 | ---- | M] () -- C:\Users\Richard\Desktop\pic quiz 17.08.08.pdf
[2011/06/22 18:52:41 | 000,000,816 | ---- | M] () -- C:\Users\Richard\Desktop\Handbrake.lnk
[2011/06/19 20:24:39 | 001,939,968 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz july 2.pub
[2011/06/17 20:14:39 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/06/16 15:28:52 | 001,441,584 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Richard\Desktop\TDSSKiller.exe
[2011/06/14 20:25:40 | 002,011,136 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz 26.6.11.pub
[2011/06/14 20:17:37 | 002,011,136 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz july1.pub
[2011/06/13 22:51:29 | 000,087,569 | ---- | M] () -- C:\Users\Richard\Desktop\2011-06-13 22.49.55.jpg
[2011/06/09 11:37:22 | 001,679,872 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz 19.6.11.pub
[2011/06/08 22:26:11 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/07 01:43:49 | 001,638,912 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz 12.6.11.pub
[2011/06/05 20:20:32 | 004,011,008 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz 5.6.11.pub
[2011/06/05 19:47:46 | 000,879,518 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz 5.6.11.pdf
[2011/06/05 19:13:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/05 19:13:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/04 21:50:07 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Richard\Desktop\OTL.exe
[2011/06/03 14:28:50 | 002,094,080 | ---- | M] () -- C:\Users\Richard\Documents\picture quiz june 3.pub
[2011/05/31 18:35:20 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Richard\Documents\*.tmp files -> C:\Users\Richard\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/29 12:11:21 | 000,000,512 | ---- | C] () -- C:\Users\Richard\Desktop\MBR.dat
[2011/06/26 20:21:44 | 001,821,184 | ---- | C] () -- C:\Users\Richard\Desktop\picture quiz july 3.pub
[2011/06/26 18:27:27 | 001,821,184 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz july 3.pub
[2011/06/26 18:09:10 | 002,650,624 | ---- | C] () -- C:\Users\Richard\Desktop\picture quiz july 2.pub
[2011/06/25 09:08:36 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/25 09:08:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/25 09:08:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/25 09:08:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/25 09:08:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/25 08:47:21 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/23 20:15:23 | 000,033,189 | ---- | C] () -- C:\Users\Richard\Desktop\248746_10150626092320511_834490510_18747115_3101527_n.jpg
[2011/06/23 20:05:51 | 000,059,179 | ---- | C] () -- C:\Users\Richard\Desktop\249304_10150595482940511_834490510_18392700_5040029_n.jpg
[2011/06/22 20:58:25 | 000,666,261 | ---- | C] () -- C:\Users\Richard\Desktop\pic quiz 17.08.08.pdf
[2011/06/22 20:19:46 | 000,675,840 | ---- | C] () -- C:\Windows\System32\ac3filter.ax
[2011/06/19 20:24:39 | 001,939,968 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz july 2.pub
[2011/06/14 20:25:39 | 002,011,136 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz 26.6.11.pub
[2011/06/13 22:51:29 | 000,087,569 | ---- | C] () -- C:\Users\Richard\Desktop\2011-06-13 22.49.55.jpg
[2011/06/09 10:31:43 | 001,679,872 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz 19.6.11.pub
[2011/06/08 22:26:11 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/06/07 01:30:04 | 001,638,912 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz 12.6.11.pub
[2011/06/05 19:47:45 | 000,879,518 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz 5.6.11.pdf
[2011/06/05 19:13:24 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/06/05 19:13:24 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/06/03 14:41:34 | 002,011,136 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz july1.pub
[2011/06/02 20:04:45 | 004,011,008 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz 5.6.11.pub
[2011/06/02 11:23:59 | 002,094,080 | ---- | C] () -- C:\Users\Richard\Documents\picture quiz june 3.pub
[2011/05/31 18:35:20 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/01 16:29:18 | 000,194,088 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/03/27 14:27:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/01/29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/01/29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/01/29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/01/29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/01/29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010/11/09 12:48:08 | 000,000,127 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/11/09 12:47:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/08/10 18:38:53 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/08/10 18:38:53 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010/01/02 11:53:31 | 000,000,102 | ---- | C] () -- C:\Windows\dellstat.ini
[2009/05/07 16:28:32 | 000,000,391 | ---- | C] () -- C:\Windows\PUB_QUIZ.INI
[2009/02/18 12:25:15 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/02/18 12:25:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/05 16:13:23 | 000,001,356 | ---- | C] () -- C:\Users\Richard\AppData\Local\d3d9caps.dat
[2008/09/10 13:51:54 | 000,028,160 | ---- | C] () -- C:\Windows\System32\pfppmd.dll
[2008/06/22 16:19:55 | 000,024,206 | ---- | C] () -- C:\Users\Richard\AppData\Roaming\UserTile.png
[2008/06/21 11:56:09 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/06/06 16:48:29 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
[2008/03/21 21:30:08 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/03/04 14:58:20 | 000,000,739 | ---- | C] () -- C:\Windows\eReg.dat
[2008/03/03 22:11:16 | 000,164,352 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2008/03/03 22:11:16 | 000,001,476 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-New Star Soccer.dat
[2008/01/27 19:05:08 | 000,000,090 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/01/06 19:12:01 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2008/01/03 15:39:15 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2007/12/31 13:06:17 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2007/12/31 13:06:17 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007/12/30 20:12:00 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/12/30 20:12:00 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/12/24 16:02:34 | 000,049,152 | ---- | C] () -- C:\Users\Richard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/22 10:58:33 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2007/12/17 10:36:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\LXPRMON.DLL
[2007/12/17 10:36:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXPMONUI.DLL
[2007/12/05 19:50:16 | 000,000,078 | ---- | C] () -- C:\Windows\Hotkey.INI
[2007/12/04 18:58:12 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007/03/21 14:53:26 | 000,462,848 | ---- | C] () -- C:\Windows\System32\dlbkjswr.dll
[2007/03/21 14:53:16 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbkcur.dll
[2007/03/21 14:41:20 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbkutil.dll
[2007/02/22 23:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbkcoin.dll
[2007/02/07 23:58:00 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/11/30 12:32:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,423,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,328,234 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,046,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/08/14 17:01:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
[2006/08/08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
[2005/12/20 17:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
[2005/12/16 20:15:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbkvs.dll
[2005/10/15 15:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2005/10/15 15:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2005/09/13 22:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv5.dll
[2005/09/13 22:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv4.dll
[2005/07/08 09:11:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
[2000/07/15 01:00:00 | 000,030,720 | ---- | C] () -- C:\Windows\regtlib.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:D31BE97C
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3E7393FC

< End of report >


----------------------------------------------------------------


OTL Extras logfile created on: 30/06/2011 02:12:10 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Richard\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 46.68% Memory free
3.98 Gb Paging File | 2.98 Gb Available in Paging File | 74.88% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.09 Gb Total Space | 48.80 Gb Free Space | 32.73% Space Free | Partition Type: NTFS
Drive D: | 149.00 Gb Total Space | 148.72 Gb Free Space | 99.81% Space Free | Partition Type: NTFS

Computer Name: RICHARD-PC | User Name: Richard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- Reg Error: Value error. File not found
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Richard\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- Reg Error: Value error.
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E86452-642C-4C25-B0EC-270AA314F2FD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0D1A7A98-CA26-4D30-B3F2-525B55949D2F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1DBCF1CB-CE61-4559-9319-37773DBCD456}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{34AE4503-6E8F-4665-94B9-4603E281C872}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{448DA8DC-AAAD-4CE3-A886-19AD253A9EE8}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{4A0020FD-EB5F-4C36-B0BB-BAFB24DC98C0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5173BE79-D6B8-4AAF-9BE4-B76239DEBDEA}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5AC498C3-C861-486D-B08C-E31CB8167FD9}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5B6B8088-D0D1-41EE-AE43-7DFD7A6B06FE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5C643507-6D66-4167-B07C-1666E93F4FF7}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{603CEAB6-DE21-44F3-A800-CBE8E53D66C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6748FD0C-A574-4338-9CDF-F936DF041FFF}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6C82A6A9-048B-403A-A78C-6DC4C84879BE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{70FE7F10-CB18-4924-A1C5-E56721F5C333}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{712F6EF9-3D41-4733-8DB0-3806AE8F77D2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7160722C-42F7-4CC9-BDF9-E7C61B4198BF}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{719527D5-A755-4C91-9EB1-2A52610798BB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{98F71EED-789C-408A-B433-7107B99C12EC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9BC27E4A-E851-45A2-BD0F-9A47F03EF855}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9F403C62-67EE-4B36-9535-53DFC6E00C80}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A3169085-DF92-4B39-A626-C1BF7739A64B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A46D9BD1-DEF1-4B40-BA30-E6769EFC5D69}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AA822ADB-C83D-443B-AA76-5D2BD96644A2}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B0835AFA-58B8-490E-A1F9-64A66CFD3C58}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B0C11975-990A-40AE-AE29-C8BCC863E06A}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B176B94C-CE16-4C69-A502-A41216A4FE4A}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B2684C7B-F98C-4218-87CE-2B1E4397E7DF}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B967F39D-69F9-4F41-91CA-AF7FC141CD98}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C4B11DD8-F291-47D0-9CE8-2AFD5891E3E7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D13A9748-DD82-4345-AC33-30379233410F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E75E619C-2312-4CD9-BAED-F73C7DC7FA7A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E7F1EB8A-6E89-4B74-901A-9DABA1F1F256}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F5E70D05-65DF-485B-8353-30FF402CCD0B}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AA6127-8F29-4283-A408-BECE9C961689}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{063F12FA-995D-4B55-AA78-3DF6EF15A135}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{098A4642-D04F-4A57-A00F-370BFFB81DDF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0B366F25-AB2A-4BB7-8043-049FADCCD802}" = dir=in | app=c:\windows\system32\acprgwiz32.exe |
"{0B37DFD4-12CD-400C-AE0F-B4D70CE702D7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{16E0A4C8-19A8-4BF6-9C4F-29E6F2456033}" = protocol=17 | dir=in | app=c:\windows\system32\lxcrcoms.exe |
"{1728F935-96D6-4254-97C8-D216B8B3E40F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1AB6781D-1932-4A32-A336-5C36CA9AABA5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{22B86B8C-57DD-48A4-A7CC-6AB061CAA66B}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{2971A387-2EC2-481B-BECB-90CB7BF0B232}" = protocol=6 | dir=in | app=c:\program files\lexmark 2400 series\lxcrmon.exe |
"{2CA18860-AE50-4B36-9C96-258632515248}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{31BDAFBF-CEB7-49D5-A46F-D2FF6714E829}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{32CAB104-91DA-486D-8D0E-CCAE8787A163}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{33515127-8619-45DB-9D2C-07C6B835D0A1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{36F3E97D-1CE1-464C-9BE1-F2C0046AB071}" = protocol=17 | dir=in | app=c:\program files\lexmark 2400 series\lxcrmon.exe |
"{370AF92E-53E3-4F26-A148-E15769E82CE4}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{4264D82D-8A94-468D-9EE0-5BEA5FCA6AD3}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{45AC6193-6174-44A9-B2B4-E8B55BC89D00}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4D3FFAF8-9777-4BEF-A017-F39219492A38}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4E8469B6-413B-4ACB-B34D-364933A6CC48}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{546086BD-CD32-42F7-AF7D-BE4B6232C85B}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{5C13A0D4-3B04-45D3-87F1-8895A3DF1DBB}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{5CB7B019-927F-4A7A-899C-04BD2E933C56}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{62ED2A14-EB94-43A3-8ADD-A3EA5277FBB5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{67059999-56FE-47EE-AC82-806400F390B5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{689643DE-E6CE-42B3-B7EF-9C0816877725}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{6AAE6A6B-8C26-4A82-8561-D7E898729A2C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6B3D054B-A3D6-4035-A410-529E5A7C3341}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6EFD9EFD-7D5B-4368-BDA7-68D4B4F28919}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{7719DA99-E3F0-4B21-8292-EB23B5C26DC7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{79721ABF-CE6C-43F3-8628-00676CBC5849}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{7A4E19DA-6CFD-4B48-98FB-C28EC0CE80F6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7D634A93-1061-4412-BCE8-A9CEBD323852}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{7D6D87EF-113F-43CF-BBD7-1B98D4433941}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{7D75C3AE-9BD0-4259-B24D-3E96456FAB36}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{815E1928-0979-423E-AE21-8C3D35B469E2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8219DAF6-27EB-4530-B60A-E262C8891C1E}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2008\fm.exe |
"{88E4BDCD-DEFF-408E-9222-A845C4ABA571}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{8ADBEA06-A02B-4060-92ED-C8C01431D8E5}" = protocol=6 | dir=in | app=c:\windows\system32\lxcrcoms.exe |
"{91BB5438-CBB4-44F5-8D18-9D105CFD10A6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw-bi.exe |
"{93551C05-DBC9-4E8B-9730-F35BCB15B41E}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{93D59006-4364-43DB-9A47-03D10576C672}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{93F33DCB-F380-418C-B413-8AFAD4D5085E}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{9512921F-400D-4B95-A4DE-09B7A78DE70E}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{97C4B9F5-4C5E-4D72-A3CD-86D3957C74BF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{997787B3-097E-41CD-9965-AB85642CD2C4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9CBC1AFE-74B6-49AF-A4EC-677C032FE2CD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A0CED304-976A-41A5-AFF8-2AB0A0CB82C8}" = dir=in | app=c:\windows\system32\acprgwiz32.exe |
"{A11B502B-2487-4C18-871C-E189A4105E87}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A91E457C-304F-460A-9EFC-B93A74F0A210}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ABC32B2D-0070-4372-9973-B87953D22F37}" = dir=in | app=c:\windows\system32\acprgwiz32.exe |
"{AC801560-65C9-4DDF-A0A8-FEC3C5B2335B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{AEECE47B-AB03-4321-A6D7-AC5BA743D6D2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AF99A9AE-5A96-46FF-AA50-2D6BEF0B5ED3}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{B5F8512F-477F-43ED-B779-ACEA23BDCB17}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{B766ED05-97C1-4C2A-996F-323E40226A8C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B8BFB873-FC25-4544-8C46-F17076FA2002}" = protocol=17 | dir=in | app=c:\program files\lexmark 2400 series\lxcraiox.exe |
"{BB0704EB-CEB9-44C5-B652-0C9129C77217}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\rome total war gold\rometw.exe |
"{BB9149FE-48F0-4989-B7F3-0F31204C3BF2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BCE12CC0-539D-4EC6-823E-7D8B73AD18A2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{C8202BC5-1AFE-4656-9003-1501B706F562}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C98EDF96-4869-4806-B00C-9E5E2A1B8495}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C9F5AB38-8B93-49C2-ADA1-0B7788BDCBE7}" = protocol=6 | dir=in | app=c:\program files\lexmark 2400 series\lxcraiox.exe |
"{CCE3007C-A195-421C-9DB7-16E953D9DD77}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{CD1E2F26-2301-4B2B-B0A6-E5E8BD3AA8BB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D8291F19-ECF0-4DB6-97DA-346916AA0E8F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{E46245B0-CDD7-4609-AFFE-3833A6360BD6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4CDB0D4-89F4-480C-ACA2-9D2BCF782015}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{ED9D780C-56D0-48C8-BDC0-7658D416C2BD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EE2E85E0-4739-4BBD-AF3C-EBBE539634CC}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{FA21B43B-45E4-454E-8EBD-8E41CAF81206}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{FCFAF4FD-0CA6-42EF-B8DC-084A33051A3D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FE95289C-EA55-43D7-BFBD-2D7B1A663FF6}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{FF5A022F-4379-4A22-B2D4-DFFD4BDB835E}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{0149598B-ABC5-4E15-9CE1-C6C32030A272}C:\program files\sports interactive\cm99-00\cm9900.exe" = protocol=6 | dir=in | app=c:\program files\sports interactive\cm99-00\cm9900.exe |
"TCP Query User{18206EB3-48C4-4728-8522-8BA97F01FFAF}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{212DDF26-C6F2-454D-96A9-C0524E504E9A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{27295952-BDAB-4000-AB73-E88D5E7E0A36}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{278EA485-4FA1-4D9C-BBAC-F398AD402E71}C:\program files\mohaa\mohaa.exe" = protocol=6 | dir=in | app=c:\program files\mohaa\mohaa.exe |
"TCP Query User{4176C9E7-49DF-429C-B690-5AB7D49C2016}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{45FC586D-A408-4913-81A6-D1B0846B2EBC}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{47EF3E70-C360-4F20-90B4-402B47D2AAE3}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{68B55ED5-2D52-4FC0-A61B-E1248610D867}C:\program files\sports interactive\football manager 2006\fm.exe" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2006\fm.exe |
"TCP Query User{6DFF0D05-41C8-43F6-953A-CB0A17BCC8FE}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{7AD59CCF-FE27-4898-B0F3-D7EBDDB0D85F}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{7C2DDBB6-86D2-4E1E-B025-74145EB4AE5B}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{808F87B7-C258-4854-8A86-DD6D74653650}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{8E2FA094-AE8D-4F56-B2DC-B2F284637E61}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8ED906A9-96B1-42D5-8477-66586B1593B4}C:\users\richard\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{924686EB-ECBA-4F07-8C65-A14D102148AC}C:\users\richard\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\richard\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{966480D6-89C0-4673-B4C1-983FA1736A44}C:\users\richard\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\richard\program files\utorrent\utorrent.exe |
"TCP Query User{9DDA6077-7A99-4E48-AC5E-2817863E78AA}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A388B890-C58A-468E-AC93-BE7D046BF08D}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{A429AE59-DED3-48FA-AE8F-0FA442BEEFFE}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{A95D9AC7-D4FF-400C-8A03-925C81AB4192}C:\users\richard\desktop\housecall66.exe" = protocol=6 | dir=in | app=c:\users\richard\desktop\housecall66.exe |
"TCP Query User{AA8D9595-D66E-4C6E-82D6-6E1C4E4FE9AE}C:\program files\freeciv-2.0.9-gtk2\civserver.exe" = protocol=6 | dir=in | app=c:\program files\freeciv-2.0.9-gtk2\civserver.exe |
"TCP Query User{CBF291DA-5FAB-41C9-AF3D-A37839B7177A}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{FF1E827B-F90D-49A4-B3D5-A781F7F6DAA2}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{00303D10-54E4-4762-86A9-4B01C3AF0D28}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{00F2E532-FFE1-45D1-8699-189824ABC0E2}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{05146993-BF7E-47EE-83D4-D07F31CE24C9}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{11F7882C-D688-407D-BC7B-7164449B1EEC}C:\users\richard\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{1731ADC8-4C58-4CE4-B95B-97A75E2D650E}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{1F623F42-1949-467F-A8FC-4E5409B35E67}C:\program files\mohaa\mohaa.exe" = protocol=17 | dir=in | app=c:\program files\mohaa\mohaa.exe |
"UDP Query User{2542397E-AAFF-46F8-80DC-FD93FB954619}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{2B0D99E8-F1CB-4D22-9BB1-8A6D92BD4FFE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{543FF0BB-F6F7-4BAF-BA19-5B90AF1EB133}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{54956F9A-02C5-4206-AED3-13BA673FA85A}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{5D09241A-C2D0-41E6-8DA9-9EE40E847F3F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{69300B01-BA31-47D1-B6ED-B4A6125CEB97}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{79F45C71-3CEA-4727-B81D-2CC700F88262}C:\program files\sports interactive\football manager 2006\fm.exe" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2006\fm.exe |
"UDP Query User{8BB377D6-40A7-422D-BDA9-5B0ACA894410}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{8D8AA5BC-7620-4E4C-9CF9-335CD99706DB}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{9197FE7A-35B3-430A-8574-4CD311F5A74F}C:\users\richard\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\richard\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{9415A175-C7A1-436F-80B8-2E85A394AD0A}C:\program files\sports interactive\cm99-00\cm9900.exe" = protocol=17 | dir=in | app=c:\program files\sports interactive\cm99-00\cm9900.exe |
"UDP Query User{9C9D2C72-83FB-4E37-95D9-271941E3EB8F}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{A8AD482F-DED0-4E22-8086-E91FABC19BA9}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{AF65A4EC-04A3-4DFC-8363-20BAD18300C8}C:\program files\freeciv-2.0.9-gtk2\civserver.exe" = protocol=17 | dir=in | app=c:\program files\freeciv-2.0.9-gtk2\civserver.exe |
"UDP Query User{B4758F15-6311-4B7E-9A7C-1A6EE6C195E0}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{C62A886D-4E82-4574-B9FE-CE53EC2A72C3}C:\users\richard\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\richard\program files\utorrent\utorrent.exe |
"UDP Query User{E0B683BF-E23C-4C21-8EC4-0671EBFD25D3}C:\users\richard\desktop\housecall66.exe" = protocol=17 | dir=in | app=c:\users\richard\desktop\housecall66.exe |
"UDP Query User{EC5D6501-F627-4D3F-A53E-820044A45712}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49CFD5D9-0556-4037-B7D6-E13ED4BEA4C5}" = Football Manager 2006
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79C25975-740E-436E-9327-C164831ADCE7}" = enhanced keyboard driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A64FA784-7795-11D8-86F5-0050BF6C9337}" = Keyboard driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C7DDA8E7-AD3D-4F51-AC1E-B0FF57002192}" = Microsoft IntelliPoint 6.3
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D62FD787-E963-43CA-9B84-555D08971CC1}" = Kies-OutlookAddIn
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F010EF78-8CBC-453B-BD6E-0B6D9E60F96C}" = Multimedia Mouse Driver
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Magical UnInstall" = Ashampoo Magical UnInstall
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"BlueSquare Poker" = BlueSquare Poker
"Championship Manager 99-00" = Championship Manager 99-00
"CyberTweak_is1" = CyberTweak Version 1.3 Final
"Dan Elwell's Broadband Speed Test_is1" = Dan Elwell's Broadband Speed Test
"DivX Setup.divx.com" = DivX Setup
"doubleTwist" = doubleTwist
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Football Manager 2008" = Football Manager 2008
"Football Manager Live universe_1c" = Football Manager Live
"HandBrake" = HandBrake 0.9.5
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{F010EF78-8CBC-453B-BD6E-0B6D9E60F96C}" = Multimedia Mouse Driver
"LastFM_is1" = Last.fm 1.5.4.24567
"Lexmark 2400 Series" = Lexmark 2400 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Network Play System" = EA AutoPatch
"New Star Soccer" = New Star Soccer
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Picasa 3" = Picasa 3
"PROR" = Microsoft Office Professional 2007
"RealPlayer 6.0" = RealPlayer
"Steam App 4760" = Rome: Total War Gold
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"TweakVI" = TweakVI
"Veetle TV" = Veetle TV 0.9.18
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/11/2009 12:44:49 | Computer Name = Richard-PC | Source = avast! | ID = 33554522
Description =

Error - 19/03/2010 12:12:30 | Computer Name = Richard-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 29/06/2011 11:33:47 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 29/06/2011 12:12:40 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 29/06/2011 12:12:40 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 29/06/2011 13:30:00 | Computer Name = Richard-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 29/06/2011 15:42:57 | Computer Name = Richard-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 29/06/2011 15:44:30 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 29/06/2011 15:44:30 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 29/06/2011 15:44:31 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 29/06/2011 15:45:14 | Computer Name = Richard-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 29/06/2011 17:39:07 | Computer Name = Richard-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 16/04/2008 11:34:29 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 23/05/2008 14:06:18 | Computer Name = Richard-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

[ OSession Events ]
Error - 19/01/2011 15:47:00 | Computer Name = Richard-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
12.0.6546.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10302
seconds with 1500 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 29/06/2011 13:07:34 | Computer Name = Richard-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 29/06/2011 13:07:34 | Computer Name = Richard-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 29/06/2011 13:07:34 | Computer Name = Richard-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 29/06/2011 13:07:36 | Computer Name = Richard-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 29/06/2011 13:28:00 | Computer Name = Richard-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 29/06/2011 13:28:54 | Computer Name = Richard-PC | Source = HTTP | ID = 15016
Description =

Error - 29/06/2011 15:42:02 | Computer Name = Richard-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 29/06/2011 15:42:24 | Computer Name = Richard-PC | Source = HTTP | ID = 15016
Description =

Error - 29/06/2011 16:08:11 | Computer Name = Richard-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description =

Error - 29/06/2011 17:37:57 | Computer Name = Richard-PC | Source = HTTP | ID = 15016
Description =


< End of report >
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
Open a browser and point it at 192.168.0.1. This is your router. You probably have never changed the default password so you can get the user name and password from:

http://www.phenoelit...rg/dpl/dpl.html or
from
http://www.routerpasswords.com/

It should say on the router the make and model number please tell me what it says.

From the login you should be able to tell what software version it has.

See if you can determine from the router what DNS address it is using. If you have a separate cable or DSL modem and are not usng any encryption on the wireless then just rest the router by pressing the RESET button on the back (you may need a sharp object to press the button). Hold the button down for 30 seconds. Log back into the router and immediately change its default password to something else. If you are not using a separate modem or you are using encryption on wireless then go into the router and copy the configuration information then reset it and change the default password.

Ron
  • 0

#9
@thorntonrich

@thorntonrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ron,

The make of the Router is Netgear and model number is DG934G.
Software version is 2.02.44
DNS: It has two listed here on the router status page. 90.207.238.97 and 90.207.238.99.
I'm afraid I must confess my ignorance at this stage. As far as I'm aware there is no separate modem but whether there is encryption on the wireless, how would I find out? To be on the safe side I have copied the configuration info and am about to reset the router as soon as I have posted this.
Do you need to see the configuration?

Richard
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
IF this is a wireless modem if there is encryption on the link then when you connect to it with a wireless device it would require a password. If it just connects up and perhaps warns you that the connection is not secure then there is no encryption.

Without a separate modem you will need to reconfigure the device after a reset. You may need to contact your ISP for the information.

The DNS numbers look OK. Somewhere in England outside of Leeds. Belong to Sky Broadband so not likely to be the wrong ones. Sometimes the malware will put in a static route in the router. I had one that actually replaced the router firmware with DD-WRT open source firmware but yours seems to be normal.
  • 0

Advertisements


#11
@thorntonrich

@thorntonrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok, there is encryption in that case. There is a password to prevent (for instance) my neighbours from using my connection? So I should reconfigure it now?
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
You definitely want the encryption on your wireless. You should also change the password on the router. Did the reset make any difference in your redirect?
  • 0

#13
@thorntonrich

@thorntonrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
It is definitely improved. I have just spent a couple of minutes trying it out. I got 2 re-directs in about 20-30 clicks.
You mentioned before that "Without a separate modem you will need to reconfigure the device after a reset. You may need to contact your ISP for the information." Do I need to do this now? There is no separate modem other than the router to the best of my knowledge.
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,776 posts
  • MVP
No if it connects OK then it doesn't need any other configuration. Normally they make you put in a login and password but there may be a central unit somewhere that does this.

Improves is not good enough. We want it to go away completely. Let's change to a different DNS.

1. Click "Start," (click "Settings,") click "Control Panel," click "Network and Sharing Center," and then click "View Status", Click "Properties,"
2. Click on Internet Protocol Version 4 (TCP/IPv4) (On the text not the check box) then Click on Properties

3. Click "Use the following DNS server addresses," and then type 4.2.2.1 in the Preferred DNS server and 8.8.8.8 in the Alternate DNS server boxes.

4. Click "OK" and close all of the windows that have opened.

Reboot. Try it now.

Ron
  • 0

#15
@thorntonrich

@thorntonrich

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
It still seems to be moving in the right direction, ie getting better but there is still the odd redirect. I may be imagining it but it seems to be most often when clicking on links to Wikipedia pages.
Also, I am seeing more of these pages after clicking a link:

The webpage at http://64.111.211.16...pa=&ref1=&ref2= might be temporarily down or it may have moved permanently to a new web address.

Error 103 (net::ERR_CONNECTION_ABORTED): Unknown error.

Is that any help to you?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP