Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dos/Alureon.E Help! [Solved]


  • This topic is locked This topic is locked

#1
Shaw86

Shaw86

    Member

  • Member
  • PipPip
  • 16 posts
Good Afternoon,
My MSE recently discovered the Dos/Alureon.E virus on my computer but any other tool i have downloaded such as hitman pro and Malwarebytes cannot detect this. The MSE states the item as (boot:\\.\PHYSICALDRIVE0\Partition2 (Type 17)). Any help to remove this will be extremley appreciated.
Many Thanks,
Shaw86
  • 0

Advertisements


#2
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,203 posts
OK, let's see if we can help you

»Firstly... «

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

»Next... «

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
If it asks you whether to download Avast click "No"
Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log...

Posted Image

... save it to your desktop and post in your next reply
  • 0

#3
Shaw86

Shaw86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL logfile created on: 21/11/2011 15:16:47 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\ian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.92% Memory free
3.84 Gb Paging File | 2.94 Gb Available in Paging File | 76.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 455.74 Gb Total Space | 398.81 Gb Free Space | 87.51% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.53 Gb Free Space | 65.25% Space Free | Partition Type: NTFS
Drive J: | 34.16 Gb Total Space | 18.86 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
Drive K: | 34.17 Gb Total Space | 26.84 Gb Free Space | 78.55% Space Free | Partition Type: NTFS
Drive L: | 558.88 Gb Total Space | 470.32 Gb Free Space | 84.15% Space Free | Partition Type: NTFS
Drive M: | 558.88 Gb Total Space | 470.32 Gb Free Space | 84.15% Space Free | Partition Type: NTFS
Drive Z: | 54.66 Gb Total Space | 35.27 Gb Free Space | 64.52% Space Free | Partition Type: NTFS

Computer Name: HP20581498458 | User Name: ian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 15:14:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ian\Desktop\OTL.exe
PRC - [2011/08/23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/08 10:59:59 | 000,177,784 | ---- | M] (Solid Documents, LLC) -- C:\WINDOWS\Installer\MSI1770.tmp
PRC - [2011/04/27 14:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/12/02 12:33:40 | 005,609,472 | ---- | M] (Estimation Ltd) -- C:\EstGrp\EE\EE.exe
PRC - [2010/10/06 10:14:22 | 006,054,400 | ---- | M] (Estimation Ltd) -- C:\Program Files\Common Files\Estimation Group\LiveUpdate\LiveUpd.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/11/13 09:33:54 | 000,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/01/23 17:42:18 | 001,437,816 | ---- | M] (RICOH COMPANY,LTD.) -- C:\Program Files\RDS\RMClient\PMCTray.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/12/04 15:03:02 | 000,561,152 | ---- | M] (RICOH Company Ltd.) -- C:\Program Files\RDS\PLDLnk.exe
PRC - [2007/04/11 17:01:06 | 000,163,840 | ---- | M] (RICOH Company Ltd.) -- C:\Program Files\RDS\PLTBar.exe
PRC - [2007/01/05 02:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/10/30 09:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/07/10 17:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
PRC - [2006/05/16 22:12:59 | 000,075,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
PRC - [2006/01/12 20:52:32 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2005/09/19 22:50:38 | 000,487,424 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/19 09:22:11 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
MOD - [2011/10/19 09:21:19 | 001,941,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\c6935503f2942d325235e4857e02792b\Microsoft.Office.Interop.Word.ni.dll
MOD - [2011/10/19 09:21:10 | 000,014,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Extensibility\e0184e13eb92684dd8f3f166ab684d1e\Extensibility.ni.dll
MOD - [2011/10/19 09:21:09 | 002,359,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\915c231ec79db798f02296f6ac86b2b4\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll
MOD - [2011/10/19 09:21:05 | 004,466,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\0cce5398a7880d696ea923295a44008b\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll
MOD - [2011/10/19 09:21:02 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\24331b719aa25ac2b21099e32232840c\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/19 09:20:57 | 000,462,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\55173fd691166565dc73dae0d3433e73\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll
MOD - [2011/10/19 09:20:57 | 000,391,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\836da45c2077634827a3455a646cba36\Iris.Mapi.MessageStore.ni.dll
MOD - [2011/10/19 09:20:48 | 003,826,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BusinessLayer\e5a25944e9b0b1279062d66db9bebe7a\BusinessLayer.ni.dll
MOD - [2011/10/19 09:20:45 | 002,267,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\a9942828767c5549849c82accbdbcedc\Microsoft.Office.Interop.Outlook.ni.dll
MOD - [2011/10/19 09:20:42 | 001,039,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\e17238fd24d0d5cc73044fa16f699ec1\Microsoft.Interop.Mapi.Impl.ni.dll
MOD - [2011/10/19 09:20:42 | 000,177,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\07021d10c3bc8a0ea378435a258f7b1b\Microsoft.Interop.Mapi.PropTags.ni.dll
MOD - [2011/10/19 09:20:40 | 001,526,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BCMRes\faf5382cda8cd1adeef899c9e3d33f5c\BCMRes.ni.dll
MOD - [2011/10/19 09:20:39 | 000,963,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\office\e004a967869320dece615cb985e09ea5\office.ni.dll
MOD - [2011/10/19 09:20:39 | 000,044,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\stdole\401897de602682e663fca1d0dccebcd7\stdole.ni.dll
MOD - [2011/10/19 09:20:38 | 000,062,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\00cc95b92fb21663d07f94e15cab3be0\Microsoft.Interop.eCRM.Ole.ni.dll
MOD - [2011/10/19 09:20:37 | 000,152,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\daa68c80020eb582452ec3173450505d\Microsoft.Interop.Mapi.Interfaces.ni.dll
MOD - [2011/10/19 09:20:36 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/19 09:20:22 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
MOD - [2011/10/19 09:20:22 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.Wrapper.dll
MOD - [2011/10/19 09:20:21 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MOD - [2011/10/19 09:20:17 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/19 09:20:16 | 000,484,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BCMCommon\1b38913d7b398cc42238ea4aff37955d\BCMCommon.ni.dll
MOD - [2011/10/19 09:19:46 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll
MOD - [2011/10/19 09:18:20 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/19 09:18:15 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/19 09:18:03 | 000,208,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\896eca06e2d9377b2dc4fad56ce49b07\System.Drawing.Design.ni.dll
MOD - [2011/10/19 09:18:02 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/19 09:17:59 | 010,683,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Design\c6374d32e4af7b7e3e46b32176f76558\System.Design.ni.dll
MOD - [2011/10/19 09:17:46 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/10/19 09:16:17 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/19 09:16:07 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/19 09:15:20 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/19 09:14:57 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2011/10/19 09:14:55 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2011/10/19 09:14:52 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/08/04 14:29:05 | 000,757,760 | ---- | M] () -- C:\WINDOWS\assembly\GAC\C1.Win.C1Chart\1.0.20034.13244__a22e16972c085838\C1.Win.C1Chart.dll
MOD - [2010/12/21 21:17:46 | 000,027,456 | ---- | M] () -- C:\WINDOWS\system32\solidlocalmon.dll
MOD - [2009/11/21 13:11:05 | 000,310,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll
MOD - [2009/11/21 12:44:18 | 000,591,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll
MOD - [2009/09/07 08:22:33 | 000,844,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC\ActiveReports\3.3.1.2009__cc4967777c49a3ff\ActiveReports.dll
MOD - [2009/09/07 08:22:30 | 000,733,184 | ---- | M] () -- C:\WINDOWS\assembly\GAC\C1.Win.C1TrueDBGrid\1.2.20033.30829__75ae3fb0e2b1e0da\C1.Win.C1TrueDBGrid.dll
MOD - [2009/09/07 08:22:30 | 000,614,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC\C1.C1PrintDocument\1.0.20023.101__1a6f4158ebe6d3b8\C1.C1PrintDocument.dll
MOD - [2009/09/07 08:22:30 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC\C1.Win.C1Command\1.0.20023.1__e808566f358766d8\C1.Win.C1Command.dll
MOD - [2009/09/07 08:22:30 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC\C1.Win.C1PrintPreview\1.0.20023.101__3af768410ba0a64f\C1.Win.C1PrintPreview.dll
MOD - [2009/09/07 08:22:30 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC\C1.Common\1.0.20031.116__e272bb32d11b1948\C1.Common.dll
MOD - [2009/02/14 05:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2008/10/26 05:42:14 | 000,065,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/02/22 10:22:32 | 000,055,792 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2008/01/11 17:50:32 | 000,529,512 | ---- | M] () -- C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll
MOD - [2007/08/14 12:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 12:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 12:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2007/04/02 12:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/10/29 14:32:58 | 000,064,328 | ---- | M] () -- C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US\BusinessLayer.resources.dll
MOD - [2006/10/29 14:32:42 | 000,012,104 | ---- | M] () -- C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US\Microsoft.Interop.Mapi.Interfaces.resources.dll
MOD - [2006/10/27 15:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2006/07/10 17:53:08 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe
MOD - [2005/03/30 12:15:50 | 001,925,185 | R--- | M] () -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Onix32.dll
MOD - [2002/09/09 07:51:48 | 000,084,992 | ---- | M] () -- C:\WINDOWS\system32\qrpdflib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/08 10:59:59 | 000,177,784 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\WINDOWS\Installer\MSI1770.tmp -- (SCPDFReadSpool)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/13 21:56:59 | 001,623,552 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DIAL GmbH\DIAL Communication Framework\DialComService.exe -- (DialComService)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/12/04 17:18:11 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/05 02:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Disabled | Running] -- -- (pctEFA)
DRV - File not found [Kernel | Disabled | Running] -- -- (pctDS)
DRV - File not found [Kernel | Disabled | Running] -- -- (PCTCore)
DRV - [2011/11/21 08:24:58 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A7DD6D4-3F8C-499D-8C1C-3CEB41F7EE14}\MpKslf1362b80.sys -- (MpKslf1362b80)
DRV - [2011/11/21 08:20:57 | 000,065,808 | ---- | M] (trend_company_name) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tmrkb.sys -- (tmrkb)
DRV - [2011/11/21 07:50:20 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A7DD6D4-3F8C-499D-8C1C-3CEB41F7EE14}\MpKsle393465b.sys -- (MpKsle393465b)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/02/22 10:22:54 | 000,009,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2008/02/22 10:22:38 | 000,094,384 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2008/02/22 10:22:38 | 000,034,832 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2008/02/22 10:22:36 | 000,097,584 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2008/02/22 10:22:36 | 000,026,032 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2008/02/22 10:22:34 | 000,032,208 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2008/02/22 10:22:34 | 000,014,256 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2008/02/22 10:22:32 | 000,104,240 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2008/01/03 22:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/11/06 17:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/19 20:23:44 | 000,013,696 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fnetusb.sys -- (fnetusb)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2004/08/03 17:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/03 17:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/03 17:29:46 | 000,025,471 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/03 17:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/03 17:29:46 | 000,022,271 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/03 17:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/03 17:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/03 17:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/03 17:29:42 | 000,011,871 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/03 17:29:40 | 000,011,807 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/03 17:29:40 | 000,011,295 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/03 17:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 17:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/03 17:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/03 17:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/04/04 05:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1279318860-2237719119-1038282657-1149\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.brownelectrical.co.uk/
IE - HKU\S-1-5-21-1279318860-2237719119-1038282657-1149\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1279318860-2237719119-1038282657-1149\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-1279318860-2237719119-1038282657-1149\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/16 11:18:54 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: SiteAdvisor = C:\Documents and Settings\ian\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\ian\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

O1 HOSTS File: ([2006/02/28 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DIALux 3.1 ULDBrowserHelper Class) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-1279318860-2237719119-1038282657-1149\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1279318860-2237719119-1038282657-1149\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [JobHisInit] C:\Program Files\RDS\RMClient\JobHisInit.exe (RICOH COMPANY,LTD.)
O4 - HKLM..\Run: [MplSetUp] C:\Program Files\RDS\RMClient\MplSetUp.exe (RICOH COMPANY,LTD.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [pdfFactory Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1279318860-2237719119-1038282657-1149..\Run: [EstLiveUpd] C:\Program Files\Common Files\Estimation Group\LiveUpdate\LiveUpd.exe (Estimation Ltd)
O4 - HKU\S-1-5-21-1279318860-2237719119-1038282657-1149..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Document Link.lnk = C:\Program Files\RDS\PLDLnk.exe (RICOH Company Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartDeviceMonitor for Client.lnk = C:\Program Files\RDS\RMClient\PMClient.exe (RICOH COMPANY,LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1279318860-2237719119-1038282657-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1279318860-2237719119-1038282657-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O16 - DPF: {13AEBFDE-CA17-4423-AADE-59BD76C7BDA7} http://rmft.piggotta...ex_packager.ocx (bhub_packager Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1258806241431 (MUWebControl Class)
O16 - DPF: {88448E4B-4286-401F-BB90-A1765E8B104C} http://rmft.piggotta...ent_activex.ocx (LiteCopyJS Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Brownelectrical.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA63D865-AABB-40D4-BDC1-6407C0298956}: DhcpNameServer = 192.168.0.2
O18 - Protocol\Handler\dialux {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files\DIALux\DLXToolBox.dll (DIAL GmbH, Germany)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ian\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/19 07:28:02 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/11/17 15:01:19 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/05/01 00:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{c6ac8287-c235-11df-98c9-001f29d8d90f}\Shell - "" = AutoRun
O33 - MountPoints2\{c6ac8287-c235-11df-98c9-001f29d8d90f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c6ac8287-c235-11df-98c9-001f29d8d90f}\Shell\AutoRun\command - "" = L:\laucher.exe
O33 - MountPoints2\{ca541f7f-af42-11de-987a-001f29d8d90f}\Shell - "" = AutoRun
O33 - MountPoints2\{ca541f7f-af42-11de-987a-001f29d8d90f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca541f7f-af42-11de-987a-001f29d8d90f}\Shell\AutoRun\command - "" = L:\laucher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 15:15:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ian\Desktop\OTL.exe
[2011/11/21 10:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/11/21 10:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/21 10:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/11/21 10:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/11/21 08:20:58 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/11/21 08:20:57 | 000,065,808 | ---- | C] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/11/18 11:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/11/18 10:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/11/18 09:35:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/11/18 08:51:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ian\Application Data\Sammsoft
[2011/11/18 08:50:20 | 000,000,000 | ---D | C] -- C:\Firefox
[2011/11/18 08:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/11/18 08:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ian\Local Settings\Application Data\AskToolbar
[2011/11/18 07:57:49 | 000,094,896 | ---- | C] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\94024816.sys
[2011/11/17 15:00:05 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/11/17 15:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/11/17 13:38:45 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/11/17 11:36:54 | 001,564,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ian\Desktop\tdsskiller.exe
[2011/11/15 09:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ian\Desktop\Auto Cad Symbols and Legend
[2011/11/10 23:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/11/03 12:08:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ian\Application Data\Malwarebytes
[2011/11/03 12:08:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/03 12:07:56 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ian\Desktop\mbam-setup.exe
[2011/11/03 11:41:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/03 11:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/03 11:15:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ian\Recent
[2011/11/03 10:27:40 | 000,000,000 | ---D | C] -- C:\573d8408c4b6a444fa02c8972077ec5f
[2011/11/03 10:27:31 | 000,000,000 | ---D | C] -- C:\38e8213a79ecd1ca46
[2011/10/25 09:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ian\Local Settings\Application Data\IsolatedStorage
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/21 15:14:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ian\Desktop\OTL.exe
[2011/11/21 14:52:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/21 14:29:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/21 11:19:09 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\ian\Desktop\aswMBR.exe
[2011/11/21 10:27:08 | 000,693,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/11/21 08:48:04 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/11/21 08:30:02 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/11/21 08:27:59 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/11/21 08:27:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/21 08:27:06 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/11/21 08:27:05 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/21 08:24:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/21 08:24:35 | 2137,313,280 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/21 08:20:57 | 000,065,808 | ---- | M] (trend_company_name) -- C:\WINDOWS\System32\drivers\tmrkb.sys
[2011/11/21 08:20:51 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2011/11/18 15:29:40 | 000,000,083 | ---- | M] () -- C:\WINDOWS\ccolwiz.ini
[2011/11/18 10:06:03 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\ian\Desktop\xl05fhwt.exe
[2011/11/18 07:57:49 | 000,094,896 | ---- | M] (Kaspersky Lab, GERT) -- C:\WINDOWS\System32\drivers\94024816.sys
[2011/11/17 17:00:13 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/17 15:01:19 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/11/17 14:32:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/11/17 11:36:45 | 001,564,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\ian\Desktop\tdsskiller.exe
[2011/11/17 08:07:28 | 000,672,148 | ---- | M] () -- C:\Documents and Settings\ian\Desktop\08600809.ZDP
[2011/11/16 10:03:17 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/11/16 10:01:12 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/15 12:09:46 | 000,030,541 | ---- | M] () -- C:\Documents and Settings\ian\Desktop\287-70986R.pdf
[2011/11/15 08:06:06 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AMTECH SingleCable (17th Edition).lnk
[2011/11/08 15:18:35 | 000,837,990 | ---- | M] () -- C:\Documents and Settings\ian\Desktop\W.bmp
[2011/11/03 12:17:59 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\ian\Desktop\unhide.exe
[2011/11/03 12:07:56 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ian\Desktop\mbam-setup.exe
[2011/11/03 11:36:09 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\ian\Desktop\iExplore.exe
[2011/11/03 10:20:08 | 000,000,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/11/03 10:17:14 | 000,553,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/03 10:17:14 | 000,107,240 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/03 10:16:26 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/11/03 10:16:26 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/10/25 09:31:08 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\ian\Local Settings\Application Data\d3d9caps.dat
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/21 10:26:47 | 000,693,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/11/21 07:36:43 | 2137,313,280 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/18 11:00:29 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/11/18 10:06:00 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\ian\Desktop\xl05fhwt.exe
[2011/11/18 08:52:46 | 000,000,230 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/11/17 15:01:19 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/11/17 08:07:28 | 000,672,148 | ---- | C] () -- C:\Documents and Settings\ian\Desktop\08600809.ZDP
[2011/11/16 10:03:17 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/11/15 12:09:46 | 000,030,541 | ---- | C] () -- C:\Documents and Settings\ian\Desktop\287-70986R.pdf
[2011/11/08 15:18:35 | 000,837,990 | ---- | C] () -- C:\Documents and Settings\ian\Desktop\W.bmp
[2011/11/03 14:30:51 | 000,002,537 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Solid Converter PDF.lnk
[2011/11/03 14:30:51 | 000,002,337 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\designgenie.lnk
[2011/11/03 14:30:51 | 000,002,275 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AMTECH SingleCable (17th Edition).lnk
[2011/11/03 14:30:51 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DWG TrueView 2011.lnk
[2011/11/03 14:30:51 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/11/03 14:30:51 | 000,001,526 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DIALux 4.6 Light.lnk
[2011/11/03 14:30:51 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DIALux 4.6.lnk
[2011/11/03 14:30:51 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2011/11/03 14:30:51 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/11/03 14:30:51 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Weather.url
[2011/11/03 14:30:50 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/03 14:30:50 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/11/03 14:30:50 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Met Office- Weather and climate change.url
[2011/11/03 14:30:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/11/03 14:30:49 | 000,001,636 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartDeviceMonitor for Client.lnk
[2011/11/03 14:30:49 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/11/03 14:30:48 | 000,002,335 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011/11/03 14:30:48 | 000,001,949 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2011/11/03 14:30:48 | 000,001,441 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Auto Document Link.lnk
[2011/11/03 14:30:41 | 000,002,363 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Designer 7.0.lnk
[2011/11/03 14:30:41 | 000,002,331 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2011/11/03 14:30:41 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
[2011/11/03 14:30:41 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/03 14:30:41 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/11/03 14:30:41 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/11/03 12:17:57 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\ian\Desktop\unhide.exe
[2011/11/03 11:58:21 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\ian\Desktop\iExplore.exe
[2011/11/03 10:16:26 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjk
[2011/11/03 10:16:26 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~6DSS92c31Apgjkr
[2011/11/03 10:16:20 | 000,000,440 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk
[2011/10/25 09:31:08 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\ian\Local Settings\Application Data\d3d9caps.dat
[2011/06/08 11:01:44 | 000,000,116 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2011/06/08 11:00:01 | 000,027,456 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2011/06/08 11:00:01 | 000,018,752 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2010/12/22 07:41:52 | 000,013,696 | R--- | C] () -- C:\WINDOWS\System32\drivers\fnetusb.sys
[2010/12/22 07:41:46 | 000,013,696 | R--- | C] () -- C:\WINDOWS\System32\fnetusb.sys
[2010/12/22 07:40:22 | 000,000,372 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/12/03 08:35:56 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/12/03 08:35:55 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/11/17 08:29:09 | 000,000,095 | ---- | C] () -- C:\WINDOWS\Dialux.ini
[2010/11/01 10:10:37 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Riconv.ini
[2010/10/14 06:35:19 | 000,583,968 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/01 13:46:08 | 000,482,304 | ---- | C] () -- C:\WINDOWS\System32\ImageDB.dll
[2009/12/08 18:01:19 | 000,000,226 | ---- | C] () -- C:\WINDOWS\PMJobCli.ini
[2009/12/08 18:01:17 | 000,012,309 | ---- | C] () -- C:\WINDOWS\PMRicMb.ini
[2009/12/08 18:01:17 | 000,007,873 | ---- | C] () -- C:\WINDOWS\PMRicPMb.ini
[2009/12/08 18:01:17 | 000,005,390 | ---- | C] () -- C:\WINDOWS\PMPrtMb.ini
[2009/12/08 18:01:17 | 000,004,644 | ---- | C] () -- C:\WINDOWS\PMRicFMb.ini
[2009/12/08 18:01:17 | 000,003,149 | ---- | C] () -- C:\WINDOWS\PMDvPrn.ini
[2009/12/08 18:01:17 | 000,002,102 | ---- | C] () -- C:\WINDOWS\PMDvDev.ini
[2009/12/08 18:01:17 | 000,002,047 | ---- | C] () -- C:\WINDOWS\PMDIOMb.ini
[2009/12/08 18:01:17 | 000,002,036 | ---- | C] () -- C:\WINDOWS\PMHostMb.ini
[2009/12/08 18:01:17 | 000,001,885 | ---- | C] () -- C:\WINDOWS\PMPSIOMb.ini
[2009/12/08 18:01:17 | 000,001,727 | ---- | C] () -- C:\WINDOWS\PMRicSMb.ini
[2009/12/08 18:01:17 | 000,001,706 | ---- | C] () -- C:\WINDOWS\PMRicCMb.ini
[2009/12/08 18:01:17 | 000,001,494 | ---- | C] () -- C:\WINDOWS\PMMib2Mb.ini
[2009/12/08 18:01:17 | 000,001,168 | ---- | C] () -- C:\WINDOWS\PMDvFax.ini
[2009/12/08 18:01:17 | 000,001,143 | ---- | C] () -- C:\WINDOWS\PMDPIMb.ini
[2009/12/08 18:01:17 | 000,001,094 | ---- | C] () -- C:\WINDOWS\PMAxsMb.ini
[2009/12/08 18:01:17 | 000,000,842 | ---- | C] () -- C:\WINDOWS\PMDvScan.ini
[2009/12/08 18:01:17 | 000,000,423 | ---- | C] () -- C:\WINDOWS\PMDvCopy.ini
[2009/12/08 18:01:17 | 000,000,332 | ---- | C] () -- C:\WINDOWS\PMSnmpMb.ini
[2009/12/08 18:01:05 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PMObservps.dll
[2009/12/08 18:00:59 | 000,002,255 | ---- | C] () -- C:\WINDOWS\PmData.Dat
[2009/12/08 18:00:15 | 000,000,035 | ---- | C] () -- C:\WINDOWS\RidocPrn.ini
[2009/12/01 08:54:34 | 000,000,462 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2009/11/24 10:15:30 | 000,000,072 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2009/11/24 10:15:27 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2009/09/04 09:41:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2009/08/03 15:07:42 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/05 12:24:59 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2009/01/19 16:31:27 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\ian\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/05 10:51:27 | 000,000,311 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2008/12/04 17:35:57 | 000,055,792 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/12/04 17:35:57 | 000,000,169 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/08/03 01:38:48 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/08/03 01:19:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/08/03 01:19:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/08/03 01:19:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/08/03 01:19:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/08/03 01:19:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/08/03 01:19:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/08/03 01:18:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/08/03 01:05:17 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2008/02/28 16:02:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/08/16 16:17:50 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2006/09/24 23:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/24 23:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2006/04/25 18:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/25 17:43:54 | 000,553,072 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/25 17:43:54 | 000,107,240 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/25 17:39:48 | 000,404,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/25 17:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/25 17:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/28 02:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 02:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 02:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 02:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 02:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 02:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 02:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 02:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2002/09/09 07:51:48 | 000,084,992 | ---- | C] () -- C:\WINDOWS\System32\qrpdflib.dll
[2002/05/28 07:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 07:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/05/08 10:12:22 | 000,000,829 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== LOP Check ==========

[2008/12/04 17:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2008/08/03 01:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2008/08/03 01:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.BROWNELECTRICAL\Application Data\SampleView
[2010/05/19 07:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/11/17 17:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/10 16:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIAL GmbH
[2011/03/11 08:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIALux
[2010/07/30 06:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Estimation
[2011/10/11 09:33:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Febdok
[2011/10/10 10:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FebdokSetup
[2011/11/18 10:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/06/08 10:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolidDocuments
[2011/11/21 11:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/03 01:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2008/08/03 01:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2010/02/17 12:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ian\Application Data\AlpCAD Software
[2010/05/19 07:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ian\Application Data\Autodesk
[2011/01/27 07:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ian\Application Data\Boocco
[2011/08/16 06:27:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ian\Application Data\InterVideo
[2009/12/01 08:54:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ian\Application Data\iScreensaver
[2010/10/01 09:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ian\Application Data\Relux Informatik AG
[2011/01/27 07:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ian\Application Data\Rese
[2011/11/18 10:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ian\Application Data\Sammsoft
[2008/08/03 01:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ian\Application Data\SampleView
[2011/11/14 10:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ian\Application Data\SolidDocuments
[2011/11/21 08:30:02 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/11/21 08:27:06 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/11/21 14:52:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2011/10/04 13:41:49 | 000,602,456 | ---- | M] (Google Inc.) -- C:\GoogleEarthPluginSetup.exe
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX1\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX3\procs\explorer.exe
[2006/02/28 02:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX0\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX1\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX2\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX3\h\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 00:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 02:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX0\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX1\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX2\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX3\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 02:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX0\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX1\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX2\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Documents and Settings\ian\Local Settings\Temp\RarSFX3\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#4
Shaw86

Shaw86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL Extras logfile created on: 21/11/2011 15:16:47 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\ian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.92% Memory free
3.84 Gb Paging File | 2.94 Gb Available in Paging File | 76.56% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 455.74 Gb Total Space | 398.81 Gb Free Space | 87.51% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.53 Gb Free Space | 65.25% Space Free | Partition Type: NTFS
Drive J: | 34.16 Gb Total Space | 18.86 Gb Free Space | 55.23% Space Free | Partition Type: NTFS
Drive K: | 34.17 Gb Total Space | 26.84 Gb Free Space | 78.55% Space Free | Partition Type: NTFS
Drive L: | 558.88 Gb Total Space | 470.32 Gb Free Space | 84.15% Space Free | Partition Type: NTFS
Drive M: | 558.88 Gb Total Space | 470.32 Gb Free Space | 84.15% Space Free | Partition Type: NTFS
Drive Z: | 54.66 Gb Total Space | 35.27 Gb Free Space | 64.52% Space Free | Partition Type: NTFS

Computer Name: HP20581498458 | User Name: ian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1279318860-2237719119-1038282657-1149\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\RDS\PLTBar.exe" = C:\Program Files\RDS\PLTBar.exe:*:Enabled:Ridoc Document System Ridoc Desk ToolLauncher Module -- (RICOH Company Ltd.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent
"C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EE4CF60-C85C-48E5-8E13-F4495C098936}" = Estimation LiveUpdate
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{392EAD36-81D6-4A96-8E6C-579764F3C707}" = Extreme Estimating
"{3A599FB6-F536-4DDA-97C1-FCCA7C4611C0}" = AMTECH ProDesign Domestic 2008 V15 (17th Edition) SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50E68539-F841-4EDB-A725-D1267541E5DB}" = AMTECH Common 2008 SP1
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{562D0D31-FBAF-4505-8B27-4EC92EEA91D6}" = DIAL Communication Framework
"{56BFAA6E-2BCC-4AED-9233-84731E66B205}" = Solid Converter PDF
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5B66BD3D-5988-4F16-8E7C-748BDA3DD598}" = AMTECH Protect 2008 V14 SP1
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97A962E9-6F97-4870-BFE0-7B33C221BE50}" = Designgenie
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1B86357-BF78-4DF5-96B3-A46ED02937FE}" = TypeC2530 TWAIN Driver Ver.4
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3DA2A67-CA2D-4B15-8FDA-3A8AE796F3FD}" = Crystal Reports XI for Amtech
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AE6288B8-D16F-4CE3-8E05-81282A870506}" = Whitecroft Lighting PlugIn 07 / 2010
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8EE8264-238C-430A-9D5F-DB9139B09364}" = Thorn - Product Explorer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C138D676-4F0F-4FDE-8BE5-26CFD3566DCD}" = DeskTopBinder - SmartDeviceMonitor for Client
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD3B8A65-DFFE-4BD5-8430-5E376F61136E}" = Fagerhult catalogue 02 / 2011
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
"{D159DCA0-EDC4-48B7-A61C-8C04462CA829}" = AMTECH SingleCable 2008 V15 (17th Edition) SP2
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DD30D7C5-DD1A-46E7-9CA6-03CF6A398990}" = DeskTopBinder Lite
"{DD598687-9310-46BA-B461-D6738AD0247C}" = AMTECH Protect Data 2008 v14 SP1
"{E3E9E995-11A6-49F8-9665-9EF8F86D87C4}" = AMTECH FastTest 2008 v9 (17th Edition) SP2
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EFB2E415-772F-4197-82A5-671CCDBEF6D3}" = AMTECH ProDesign 2008 V15 (17th Edition) SP2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.0.8 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Toolbar" = AOL Toolbar 5.0
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Create your own Event Reminder_is1" = Create your own Event Reminder
"Create your own Labels_is1" = Create your own Labels
"DIALux" = DIALux 4.6
"DWG TrueView 2011" = DWG TrueView 2011
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2EE4CF60-C85C-48E5-8E13-F4495C098936}" = Estimation LiveUpdate
"InstallShield_{392EAD36-81D6-4A96-8E6C-579764F3C707}" = Extreme Estimating
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF Complete" = PDF Complete
"pdfFactory" = pdfFactory
"POV-Ray for Windows v3.6" = POV-Ray for Windows v3.6.0
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1279318860-2237719119-1038282657-1149\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Cadlibrary2009" = Cadlibrary2009

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/11/2011 04:29:24 | Computer Name = HP20581498458 | Source = MSSQL$MSSMLBIZ | ID = 5118
Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf"
is compressed but does not reside in a read-only database or filegroup. The file
must be decompressed.

Error - 21/11/2011 05:27:52 | Computer Name = HP20581498458 | Source = MSSQL$MSSMLBIZ | ID = 5118
Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf"
is compressed but does not reside in a read-only database or filegroup. The file
must be decompressed.

Error - 21/11/2011 05:27:52 | Computer Name = HP20581498458 | Source = MSSQL$MSSMLBIZ | ID = 5118
Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf"
is compressed but does not reside in a read-only database or filegroup. The file
must be decompressed.

Error - 21/11/2011 06:59:56 | Computer Name = HP20581498458 | Source = Application Error | ID = 1000
Description = Faulting application sdsetup_revwire207[1].exe, version 1.0.0.58,
faulting module sdsetup_revwire207[1].exe, version 1.0.0.58, fault address 0x0008be10.

Error - 21/11/2011 07:29:31 | Computer Name = HP20581498458 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.6562.5003, stamp 4e2f99fb,
faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address
0x0d2a12b0.

Error - 21/11/2011 07:29:41 | Computer Name = HP20581498458 | Source = MSSQL$MSSMLBIZ | ID = 5118
Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf"
is compressed but does not reside in a read-only database or filegroup. The file
must be decompressed.

Error - 21/11/2011 07:29:41 | Computer Name = HP20581498458 | Source = MSSQL$MSSMLBIZ | ID = 5118
Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf"
is compressed but does not reside in a read-only database or filegroup. The file
must be decompressed.

Error - 21/11/2011 09:48:37 | Computer Name = HP20581498458 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 21/11/2011 10:54:32 | Computer Name = HP20581498458 | Source = MSSQL$MSSMLBIZ | ID = 5118
Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf"
is compressed but does not reside in a read-only database or filegroup. The file
must be decompressed.

Error - 21/11/2011 10:54:32 | Computer Name = HP20581498458 | Source = MSSQL$MSSMLBIZ | ID = 5118
Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf"
is compressed but does not reside in a read-only database or filegroup. The file
must be decompressed.

[ OSession Events ]
Error - 20/10/2009 02:45:51 | Computer Name = HP20581498458 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 637
seconds with 240 seconds of active time. This session ended with a crash.

Error - 13/01/2011 04:39:45 | Computer Name = HP20581498458 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3794
seconds with 360 seconds of active time. This session ended with a crash.

Error - 21/04/2011 04:17:30 | Computer Name = HP20581498458 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/06/2011 04:20:22 | Computer Name = HP20581498458 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/06/2011 04:20:35 | Computer Name = HP20581498458 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/06/2011 11:18:51 | Computer Name = HP20581498458 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/06/2011 11:19:04 | Computer Name = HP20581498458 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/06/2011 11:19:21 | Computer Name = HP20581498458 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05/09/2011 09:52:04 | Computer Name = HP20581498458 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 81
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/11/2011 07:29:23 | Computer Name = HP20581498458 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7322
seconds with 840 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 21/11/2011 03:42:23 | Computer Name = HP20581498458 | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

Error - 21/11/2011 04:06:36 | Computer Name = HP20581498458 | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition2
(Type 17) Detection Origin: %%845 Detection Type: %%822 Detection Source: %%815 User:
BROWNELECTRICAL\Ian Process Name: Unknown Action: %%808 Action Status: To finish
removing malware and other potentially unwanted software, restart the computer.
To see how to finish removing malware and other potentially unwanted software, see
the support article on the Microsoft Security website. Error Code: 0x800704ec Error
description: Windows cannot open this program because it has been prevented by
a software restriction policy. For more information, open Event Viewer or contact
your system administrator. Signature Version: AV: 1.115.2274.0, AS: 1.115.2274.0,
NIS: 0.0.0.0 Engine Version: AM: 1.1.7801.0, NIS: 0.0.0.0

Error - 21/11/2011 04:06:37 | Computer Name = HP20581498458 | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\\.\PHYSICALDRIVE0\Partition2
(Type 17) Detection Origin: %%845 Detection Type: %%822 Detection Source: %%815 User:
BROWNELECTRICAL\Ian Process Name: Unknown Action: %%809 Action Status: To finish
removing malware and other potentially unwanted software, restart the computer.
To see how to finish removing malware and other potentially unwanted software, see
the support article on the Microsoft Security website. Error Code: 0x80070032 Error
description: The request is not supported. Signature Version: AV: 1.115.2274.0,
AS: 1.115.2274.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.7801.0, NIS: 0.0.0.0

Error - 21/11/2011 04:24:42 | Computer Name = HP20581498458 | Source = Service Control Manager | ID = 7003
Description = The tmrkb service depends on the following nonexistent service: tmcomm

Error - 21/11/2011 04:29:24 | Computer Name = HP20581498458 | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

Error - 21/11/2011 05:27:53 | Computer Name = HP20581498458 | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

Error - 21/11/2011 07:29:41 | Computer Name = HP20581498458 | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

Error - 21/11/2011 09:48:36 | Computer Name = HP20581498458 | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: BROWNELECTRICAL\Ian

Process
Name: System Action: %%808 Action Status: To finish removing malware and other potentially
unwanted software, restart the computer. To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x800704ec Error description: Windows cannot open
this program because it has been prevented by a software restriction policy. For
more information, open Event Viewer or contact your system administrator. Signature
Version: AV: 1.115.2274.0, AS: 1.115.2274.0, NIS: 0.0.0.0 Engine Version: AM: 1.1.7801.0,
NIS: 0.0.0.0

Error - 21/11/2011 09:48:36 | Computer Name = HP20581498458 | Source = Microsoft Antimalware | ID = 1119
Description = %%860 has encountered a critical error when taking action on malware
or other potentially unwanted software. For more information please see the following:
http://go.microsoft....atid=2147650952

Name:
Trojan:DOS/Alureon.E ID: 2147650952 Severity: Severe Category: Trojan Path: boot:_\Device\HarddiskVolume3;boot:_\Device\HarddiskVolume3\

Detection
Origin: %%845 Detection Type: %%822 Detection Source: %%818 User: BROWNELECTRICAL\Ian

Process
Name: System Action: %%809 Action Status: To finish removing malware and other potentially
unwanted software, restart the computer. To see how to finish removing malware
and other potentially unwanted software, see the support article on the Microsoft
Security website. Error Code: 0x80070032 Error description: The request is not supported.
Signature Version: AV: 1.115.2274.0, AS: 1.115.2274.0, NIS: 0.0.0.0 Engine Version:
AM: 1.1.7801.0, NIS: 0.0.0.0

Error - 21/11/2011 10:54:32 | Computer Name = HP20581498458 | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).


< End of report >
  • 0

#5
Shaw86

Shaw86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-21 15:26:02
-----------------------------
15:26:02.814 OS Version: Windows 5.1.2600 Service Pack 3
15:26:02.814 Number of processors: 2 586 0xF0D
15:26:02.814 ComputerName: HP20581498458 UserName: ian
15:26:03.376 Initialize success
15:26:13.485 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:26:13.485 Disk 0 Vendor: ST3500620AS HP12 Size: 476940MB BusType: 3
15:26:15.485 Disk 0 MBR read successfully
15:26:15.485 Disk 0 MBR scan
15:26:15.485 Disk 0 unknown MBR code
15:26:15.485 Disk 0 scanning sectors +976773152
15:26:15.501 Disk 0 scanning C:\WINDOWS\system32\drivers
15:26:21.970 Service scanning
15:26:24.470 Service MpKslf1362b80 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A7DD6D4-3F8C-499D-8C1C-3CEB41F7EE14}\MpKslf1362b80.sys **LOCKED** 32
15:26:25.032 Modules scanning
15:26:28.314 Disk 0 trace - called modules:
15:26:28.314 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
15:26:28.314 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a659ab8]
15:26:28.314 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000062[0x8a6c4f18]
15:26:28.314 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a65fd98]
15:26:28.314 Scan finished successfully
15:26:40.532 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ian\Desktop\MBR.dat"
15:26:40.657 The log file has been saved successfully to "C:\Documents and Settings\ian\Desktop\aswMBR.txt"
  • 0

#6
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,203 posts
File Scanner
There are some files I need you to upload for checking

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
C:\Documents and Settings\ian\Desktop\MBR.dat
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

  • 0

#7
Shaw86

Shaw86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
VirSCAN.org Scanned Report :
Scanned time : 2011/11/21 16:13:59 (GMT)
Scanner results: Scanners did not find malware!
File Name : MBR.dat
File Size : 512 byte
File Type : x86 boot sector; partition 1
MD5 : 16c56be9727817fda51348c4170d5bf6
SHA1 : 397c165a2dd6a59ba86c9ac426e05405efa51578
Online report : http://r.virscan.org...9170ab2899535f8

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.4 20111121200514 2011-11-21 1.06 -
AhnLab V3 2011.11.22.00 2011.11.22 2011-11-22 19.93 -
AntiVir 8.2.6.116 7.11.17.244 2011-11-21 0.74 -
Antiy 2.0.18 20111120.14299883 2011-11-20 0.02 -
Arcavir 2011 201111210540 2011-11-21 8.89 -
Authentium 5.1.1 201111211543 2011-11-21 3.04 -
AVAST! 4.7.4 111121-0 2011-11-21 0.00 -
AVG 10.0.1405 2090/4030 2011-11-21 1.09 -
BitDefender 7.90123.8999358 7.39919 2011-11-21 11.83 -
ClamAV 0.97.1 13971 2011-11-21 0.07 -
Comodo 5.1 10780 2011-11-17 3.25 -
CP Secure 1.3.0.5 2011.11.19 2011-11-19 0.01 -
Dr.Web 5.0.2.3300 2011.11.21 2011-11-21 43.99 -
F-Prot 4.6.2.117 20111120 2011-11-20 1.91 -
F-Secure 7.02.73807 2011.11.21.03 2011-11-21 0.29 -
Fortinet 4.2.257 14.379 2011-11-21 0.33 -
GData 22.2845 20111121 2011-11-21 13.39 -
ViRobot 20111121 2011.11.21 2011-11-21 1.29 -
Ikarus T3.1.32.20.0 2011.11.21.79842 2011-11-21 7.29 -
JiangMin 13.0.900 2011.11.21 2011-11-21 22.61 -
Kaspersky 5.5.10 2011.11.21 2011-11-21 0.03 -
KingSoft 2009.2.5.15 2011.11.21.20 2011-11-21 31.55 -
McAfee 5400.1158 6536 2011-11-20 0.00 -
Microsoft 1.7801 2011.11.21 2011-11-21 36.71 -
NOD32 3.0.21 6648 2011-11-21 0.79 -
Norman 6.07.11 6.07.00 2011-09-17 118.62 -
Panda 9.05.01 2011.11.21 2011-11-21 30.52 -
Trend Micro 9.500-1005 8.588.06 2011-11-21 0.27 -
Quick Heal 11.00 2011.11.21 2011-11-21 4.62 -
Rising 20.0 23.84.04.02 2011-11-18 0.38 -
Sophos 3.24.4 4.70 2011-11-21 5.88 -
Sunbelt 3.9.2515.2 11106 2011-11-21 10.44 -
Symantec 1.3.0.24 20111120.009 2011-11-20 0.16 -
nProtect 20111121.02 12850232 2011-11-21 40.10 -
The Hacker 6.7.0.1 v00345 2011-11-20 40.12 -
VBA32 3.12.16.4 20111121.0730 2011-11-21 5.34 -
VirusBuster 5.4.0.10 14.1.76.0/6849501 2011-11-21 0.01 -
  • 0

#8
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,203 posts
Are you getting any other symptoms? Redirects etc?
  • 0

#9
Shaw86

Shaw86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Computer speed is up and down but sometimes that can be down to the server. Other than that it MSE keeps popping up on Start up of my computer saying its detected the virus and asks me to restart the computer to complete the clean up.

Security Essentials encountered the following error: Error code 0x80070032. The request is not supported.

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
boot:\Device\HarddiskVolume3
boot:\Device\HarddiskVolume3\
  • 0

#10
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,203 posts
Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
  • 0

Advertisements


#11
Shaw86

Shaw86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Screen Shot as requested. Thanks for your time. Not quire sure what the 10MB partition is! Im about to leave work now so i will pick up where i left of in the morning.

Attached Thumbnails

  • Screen Shot 1.JPG

Edited by Shaw86, 21 November 2011 - 11:06 AM.

  • 0

#12
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,203 posts
Preferably from a clean computer, I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)
Windows XP Recovery Console rc.iso

Create a bootable CD, 1 for Gparted and 1 for the Windows XP Recovery Console, from the ISO images. You can use ImgBurn do this.

Now boot off of the newly created Gparted CD.

Posted Image
You should be here...
Press ENTER

Posted Image
By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.

Posted Image
Choose your language and press ENTER. English is default [33]

Posted Image
Once again, at this prompt, press ENTER

You will now be taken to the main GUI screen below



According to your logs, the partition that you want to delete is 10mb and should have the flag set as boot
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:
Posted Image

Now you should be here:
Posted Image

Posted Image
Is "boot" next to your OS drive?

If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags

In the menu that pops up, place a checkmark in boot like the picture below:
Posted Image

Now double-click the Posted Image button.

You should receive a small pop up like this:
Posted Image
Choose reboot and then press OK.

Now reboot from the Windows XP Recovery Console CD and execute the following commands:

  • fixmbr \Device\HardDisk0
  • fixboot c:
  • exit

Once back in Windows.

Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Attach that file.

  • 0

#13
Shaw86

Shaw86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thanks for this. I will give it a go tomoz and post the results. can i do this from a USB stick?
  • 0

#14
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,203 posts
As long as it's a bootable one - gParted is a bootable Linux utility

http://gparted.sourc...net/liveusb.php maybe?
  • 0

#15
Shaw86

Shaw86

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Computer is back up and running but im not quite sure if the RC disc worked. I got a blue screen and the it shut down and when i rebooted it worked fine. I never got the option to use the commands you posted but the virus seems to have gone. Did i do something wrong and do i need to enter the commands you posted?

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00001ffc

Kernel Drivers (total 117):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9ED9000 sr.sys
0xB9EC3000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9EAC000 KSecDD.sys
0xB9E1F000 Ntfs.sys
0xB9DF2000 NDIS.sys
0xB9DD8000 Mup.sys
0xBA298000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB97FB000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB97E7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA3C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB97C3000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB979B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9781000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5C6000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA2C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB975E000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA753000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA554000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9747000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA308000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9736000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA318000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB9706000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA128000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5C8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xBA570000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA138000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA198000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5D0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA8F17000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA8EF3000 \SystemRoot\system32\drivers\portcls.sys
0xBA1A8000 \SystemRoot\system32\drivers\drmk.sys
0xA8E5C000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xBA602000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA789000 \SystemRoot\System32\Drivers\Null.SYS
0xBA604000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA420000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xBA428000 \SystemRoot\System32\drivers\vga.sys
0xBA606000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA608000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA430000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA438000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA8EEB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8E29000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8DD0000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA8DA8000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8D82000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA8D60000 \SystemRoot\System32\drivers\afd.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA8D35000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8CC5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA228000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA278000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA440000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA8C85000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA60C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xBA578000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA450000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6B9000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBF47A000 \SystemRoot\System32\ATMFD.DLL
0xBA218000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA742000 \SystemRoot\System32\DLA\DLADResM.SYS
0xA8B2D000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xBA490000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA620000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA498000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0xBA4A0000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xA8B17000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xA8B00000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA8C1D000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA8AFC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA887B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA870B000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA398000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{13D5C8E1-23FD-4D90-91C5-C2E7F18B3B1A}\MpKsl30aca3c0.sys
0xA80DE000 \SystemRoot\system32\drivers\wdmaud.sys
0xA81A3000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7FD7000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
644 C:\WINDOWS\system32\smss.exe
692 csrss.exe
716 C:\WINDOWS\system32\winlogon.exe
760 C:\WINDOWS\system32\services.exe
772 C:\WINDOWS\system32\lsass.exe
976 C:\WINDOWS\system32\svchost.exe
1044 svchost.exe
1140 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1176 C:\WINDOWS\system32\svchost.exe
1288 svchost.exe
1416 svchost.exe
1524 C:\WINDOWS\system32\spoolsv.exe
1628 svchost.exe
1684 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
1956 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1972 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
160 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
192 C:\Program Files\PDF Complete\pdfsvc.exe
456 C:\WINDOWS\Installer\MSI1770.tmp
532 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
840 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
1092 wdfmgr.exe
1680 C:\WINDOWS\system32\wuauclt.exe
628 alg.exe
2920 C:\WINDOWS\explorer.exe
2928 C:\WINDOWS\system32\rundll32.exe
3632 C:\WINDOWS\system32\hkcmd.exe
3656 C:\WINDOWS\system32\igfxpers.exe
3884 C:\WINDOWS\system32\igfxsrvc.exe
4036 C:\WINDOWS\SMINST\Scheduler.exe
4044 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
4052 C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
4088 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
260 C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe
492 C:\Program Files\Microsoft Security Client\msseces.exe
564 C:\Program Files\Ask.com\Updater\Updater.exe
1484 C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
1588 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
2300 C:\Program Files\Common Files\Estimation Group\LiveUpdate\LiveUpd.exe
2356 C:\WINDOWS\system32\ctfmon.exe
2528 C:\Program Files\Messenger\msmsgs.exe
2824 C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
2804 C:\Program Files\RDS\PLDLnk.exe
2768 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3096 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
3284 C:\Program Files\RDS\RMClient\PMCTray.exe
4016 C:\Program Files\Internet Explorer\iexplore.exe
264 C:\Program Files\Internet Explorer\iexplore.exe
1336 C:\Program Files\Windows Live\Toolbar\wltuser.exe
3460 C:\Documents and Settings\ian\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`efd1cc00 (NTFS)

PhysicalDrive0 Model Number: ST3500620AS, Rev: HP12

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected
SHA1: 6DE5B7C1EEAFBE901B2807597A84F9F19604E031


Done!

Edited by Shaw86, 22 November 2011 - 06:52 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP