Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

View previous topic View next topic Go down

Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Spuzzana on 15th September 2011, 5:34 pm

OTL logfile created on: 9/15/2011 5:11:44 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Greg\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 62.51% Memory free
4.59 Gb Paging File | 3.54 Gb Available in Paging File | 77.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 270.54 Gb Free Space | 72.61% Space Free | Partition Type: NTFS
Drive D: | 2.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: FASTERMACHINE | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/15 17:10:37 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Greg\My Documents\Downloads\OTL.com
PRC - [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/04/26 18:50:54 | 004,514,992 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2011/04/26 18:50:52 | 000,070,832 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2011/04/26 18:50:48 | 000,902,320 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinc.exe
PRC - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
PRC - [2011/03/25 13:34:00 | 004,371,768 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe
PRC - [2011/03/25 13:34:00 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe
PRC - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe
PRC - [2011/03/23 14:12:34 | 002,032,952 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe
PRC - [2010/10/03 02:13:42 | 000,470,544 | ---- | M] () -- C:\Program Files\Core Temp\Core Temp.exe
PRC - [2010/07/15 14:53:02 | 000,546,200 | ---- | M] (Oberon Media ) -- C:\Program Files\GamesBar\SearchEngineProtection.exe
PRC - [2010/01/04 12:17:30 | 000,377,576 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Security\RPS.exe
PRC - [2010/01/04 12:17:30 | 000,165,408 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe
PRC - [2010/01/04 12:16:30 | 000,371,920 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Security\Fws.exe
PRC - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe
PRC - [2009/10/17 19:50:42 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EasySaver\essvr.exe
PRC - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/08/04 17:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2008/09/16 14:02:26 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/01/27 17:16:58 | 000,376,912 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
PRC - [1997/07/11 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (No Company Name) ==========

MOD - [2011/09/14 11:32:03 | 000,056,224 | ---- | M] () -- \\?\C:\Program Files\Virgin Media\Security\BitDefender\BDCoreEngines\BDCoreSet2\avxdisk.dll
MOD - [2011/09/03 13:28:23 | 000,400,440 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll
MOD - [2011/09/03 13:28:22 | 004,118,072 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\pdf.dll
MOD - [2011/09/03 13:27:18 | 000,300,088 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\Locales\en-US.dll
MOD - [2011/09/03 13:26:51 | 000,104,520 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\avutil-50.dll
MOD - [2011/09/03 13:26:49 | 000,203,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\avformat-52.dll
MOD - [2011/09/03 13:26:48 | 001,846,344 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
MOD - [2011/09/03 11:35:01 | 006,338,720 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\13.0.782.220\gcswf32.dll
MOD - [2011/04/22 10:44:44 | 000,081,920 | ---- | M] () -- C:\Program Files\BOINC\zlib1.dll
MOD - [2011/03/25 13:25:14 | 000,158,208 | ---- | M] () -- C:\Program Files\Virgin Media\Service Manager\Windows7Features.dll
MOD - [2010/10/03 02:13:42 | 000,470,544 | ---- | M] () -- C:\Program Files\Core Temp\Core Temp.exe
MOD - [2009/11/06 11:53:08 | 000,202,752 | ---- | M] () -- C:\Program Files\Virgin Media\Security\BitDefender\smartscn.dll
MOD - [2009/11/02 15:26:48 | 000,077,824 | ---- | M] () -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\bin\boost_log-vc71-mt-1_32.dll
MOD - [2009/11/02 15:26:48 | 000,057,344 | ---- | M] () -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\bin\boost_thread-vc71-mt-1_32.dll
MOD - [2009/10/23 13:25:54 | 000,225,280 | ---- | M] () -- C:\Program Files\Virgin Media\Security\BitDefender\bdfltlib.dll
MOD - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files\GIGABYTE\EasySaver\essvr.exe
MOD - [2009/07/30 18:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/03/13 11:30:44 | 000,109,096 | ---- | M] () -- C:\Program Files\GIGABYTE\EasySaver\ycc.dll
MOD - [2003/01/27 17:16:58 | 000,376,912 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
MOD - [2002/10/18 13:34:42 | 000,184,432 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\TimerManager.DLL
MOD - [2002/10/18 13:31:58 | 000,045,169 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComSRCManager.DLL
MOD - [2002/10/18 13:29:12 | 000,069,746 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\AppProperties.DLL
MOD - [2002/10/15 13:03:30 | 000,032,862 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\Marshaller.dll
MOD - [2002/06/18 13:19:28 | 000,102,541 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BasicLoaderService.dll
MOD - [2002/06/18 13:19:16 | 000,139,387 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\BJComRT.dll
MOD - [2001/09/23 15:41:10 | 000,524,377 | ---- | M] () -- C:\WINDOWS\system32\stlport_4_0_0_DDR.dll
MOD - [1997/07/11 00:00:00 | 003,782,416 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1997/07/11 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (sdCoreService)
SRV - File not found [On_Demand | Stopped] -- -- (sdAuxService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/14 14:38:31 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll -- (scan)
SRV - [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService)
SRV - [2011/03/23 14:12:38 | 001,406,264 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe -- (HsdService)
SRV - [2010/01/04 12:17:30 | 000,165,408 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe -- (Radialpoint Security Services)
SRV - [2010/01/04 12:16:30 | 000,371,920 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Security\Fws.exe -- (RP_FWS)
SRV - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent)
SRV - [2009/08/24 14:46:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/08/04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/08 12:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV - [2009/06/08 12:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2008/09/16 14:02:26 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (ALSysIO)
DRV - [2011/09/15 08:54:55 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011/09/14 11:17:39 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - [2009/11/26 09:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys -- (Trufos)
DRV - [2009/11/26 09:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys -- (Profos)
DRV - [2009/11/02 15:27:02 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver)
DRV - [2009/11/02 15:27:02 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter)
DRV - [2009/11/02 15:27:02 | 000,025,736 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim)
DRV - [2009/11/02 15:27:02 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH)
DRV - [2009/10/23 13:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/08/18 10:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/08 10:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS)
DRV - [2007/11/22 15:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/08/14 17:02:04 | 000,082,248 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2007/08/14 17:02:02 | 000,057,672 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IkSysFlt)
DRV - [2007/08/14 17:02:00 | 000,040,264 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/04/02 06:18:54 | 000,042,368 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/03/22 07:24:02 | 000,018,944 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/22 07:24:00 | 000,052,736 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/02/07 12:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/03/03 18:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/02/23 16:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004/12/03 11:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004/08/03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2004/04/10 09:42:36 | 000,002,944 | ---- | M] (cansoft@livewiredev.com) [Kernel | System | Running] -- C:\WINDOWS\system32\mbmiodrvr.sys -- (mbmiodrvr)
DRV - [2002/10/03 12:48:16 | 000,004,328 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2002/05/21 13:40:18 | 000,038,528 | R--- | M] (Sitecom ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FASTNIC.sys -- (FASTNIC)
DRV - [2002/04/11 16:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)
DRV - [2001/08/17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.virginmedia.com/"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@vivox.com/WebVoice: C:\Documents and Settings\Greg\Local Settings\Application Data\Vivox\Vivox Voice ActiveX Object 1.18.3\npvivoxvoiceplugin.dll (Vivox, Inc)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/08 22:21:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/27 22:58:11 | 000,000,000 | ---D | M]

[2008/08/26 22:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Extensions
[2011/05/08 13:41:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\2c7n6l2p.default\extensions
[2010/05/13 19:19:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\2c7n6l2p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/24 17:41:36 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\2c7n6l2p.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/03/02 02:04:58 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\2c7n6l2p.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/09/09 19:10:54 | 000,000,423 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\2c7n6l2p.default\searchplugins\virgin-media.xml
[2011/06/17 08:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/16 21:21:30 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/04/18 12:40:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/17 15:06:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/17 12:21:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/17 11:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/17 14:10:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/17 08:11:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010/04/18 12:39:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 17:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/02/27 18:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/08/24 14:05:48 | 000,151,552 | ---- | M] (PopCap Games) -- C:\Program Files\mozilla firefox\plugins\nppopcaploader.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/08/08 15:01:42 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober7794375.xml

O1 HOSTS File: ([2006/02/28 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.59\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.59\oberontb.dll (Oberon Media Ltd.)
O3: - HKCU\..\Toolbar\WebBrowser - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [DHSClient.exe] C:\Program Files\Virgin Media\Digital Home Support\DHSClient.exe (Virgin Media)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Core Temp] C:\Program Files\Core Temp\Core Temp.exe ()
O4 - HKCU..\Run: [EVEMon] C:\Documents and Settings\Greg\My Documents\Downloads\EVEMon_2252_2010-05-29\EVEMon.exe (EVEMon Development Team)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O4 - Startup: C:\Documents and Settings\Greg\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe (Nuance Communications, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 99
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O8 - Extra context menu item: Add to Windows &Live Favorites - [You must be registered and logged in to see this link.] File not found
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37EA284D-326B-4DC4-BAE4-F35C10F51FAF}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0C565E4-24B0-48C4-B7FB-C2386A2D30A2}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCADDD9E-D7D7-41CE-AE08-FAE1A96D1004}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEA8D36D-3905-4892-8652-141FCF5C0BA5}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Greg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/31 22:35:30 | 000,146,900 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2009/05/31 22:35:30 | 000,147,140 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O32 - AutoRun File - [2007/06/16 19:26:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/04/23 10:42:25 | 000,000,050 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{798c4316-eee4-11df-a8f5-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{798c4316-eee4-11df-a8f5-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{798c4316-eee4-11df-a8f5-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.now.exe -- [2004/07/29 14:12:50 | 000,101,376 | R--- | M] (Sold Out Software Ltd.)
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "aawservice"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HsdService - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: Radialpoint Security Services - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Virgin Media)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - File not found
SafeBootMin: sdcoreservice - File not found
SafeBootMin: sermouse.sys - Driver
SafeBootMin: ServicepointService - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HsdService - C:\Program Files\Virgin Media\Digital Home Support\HsdService.exe (Virgin Media)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: Radialpoint Security Services - C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe (Virgin Media)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - File not found
SafeBootNet: sdcoreservice - File not found
SafeBootNet: sermouse.sys - Driver
SafeBootNet: ServicepointService - C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {0FE85CF8-CC75-0BB7-FBE2-863BCCA42088} - Browser Customizations
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6BFD244D-5E2F-102C-FB8C-D0BA8C075DFF} - Browser Customizations
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/14 11:17:58 | 000,025,608 | ---- | C] (AVG Technologies ) -- C:\WINDOWS\System32\drivers\AVGIDSEH.sys
[2011/09/14 11:17:42 | 000,285,704 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2011/09/14 11:17:39 | 000,053,192 | ---- | C] (Radialpoint Inc.) -- C:\WINDOWS\System32\drivers\rp_skt32.sys
[2011/09/14 11:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Raxco
[2011/09/14 11:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Raxco
[2011/09/14 11:17:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Virgin Media Security
[2011/09/14 10:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\Virgin Media
[2011/09/14 10:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Virgin Media
[2011/09/14 10:04:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Doctor
[2011/09/14 10:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Greg\Application Data\PC Tools
[2011/09/03 11:17:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/15 17:05:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/15 14:12:28 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\fxTrade Practice.lnk
[2011/09/15 11:26:43 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/15 09:03:50 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/15 08:54:55 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2011/09/15 08:54:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/15 03:00:28 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\NatSpeak Periodic Language Model Optimization.job
[2011/09/14 22:46:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/14 22:01:49 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Digital Home Support.lnk
[2011/09/14 11:46:19 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/09/14 11:17:39 | 000,053,192 | ---- | M] (Radialpoint Inc.) -- C:\WINDOWS\System32\drivers\rp_skt32.sys
[2011/09/14 11:17:11 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Security.lnk
[2011/09/14 10:11:12 | 000,436,310 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/09/14 10:11:12 | 000,069,856 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/09/13 19:33:05 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/12 02:00:19 | 000,000,488 | ---- | M] () -- C:\WINDOWS\tasks\NatSpeak Periodic Acoustic Optimization.job
[2011/09/11 04:28:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2011/09/09 10:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/09/09 10:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\crypt32(2)(3).dll
[2011/09/03 20:01:01 | 000,001,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/09/02 23:11:42 | 000,035,306 | ---- | M] () -- C:\WINDOWS\Greg.acl
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/14 22:01:49 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Digital Home Support.lnk
[2011/09/14 11:17:10 | 000,001,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virgin Media Security.lnk
[2011/04/30 21:06:19 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2011/04/30 21:06:19 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2011/02/19 21:07:20 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/05 18:52:56 | 000,232,968 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/12/05 18:52:54 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/12/05 18:52:54 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/15 05:06:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/13 06:23:40 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/07/10 06:38:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/10/29 23:07:54 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/10/21 13:20:08 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen_x86.sys
[2009/10/16 20:40:54 | 036,436,768 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/16 20:40:54 | 001,570,336 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/29 20:19:29 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Greg\Application Data\Services
[2009/08/29 20:19:29 | 000,000,268 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Sound Effects
[2009/08/29 20:19:29 | 000,000,012 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\Automatic Filter
[2009/08/29 20:11:35 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
[2009/05/24 15:33:52 | 000,039,015 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2009/05/24 14:42:23 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008/11/15 14:04:32 | 000,001,919 | ---- | C] () -- C:\Documents and Settings\Greg\Application Data\SAS7_000.DAT
[2008/08/17 01:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/08/16 13:54:58 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Greg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/08 12:22:18 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2007/09/08 12:22:15 | 000,000,611 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/08/31 18:14:04 | 000,004,328 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2007/07/28 13:02:58 | 000,000,586 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/07/24 01:43:31 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/07/24 01:43:31 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2007/07/24 01:43:30 | 000,000,150 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/06/29 20:37:17 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/06/29 20:37:17 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/06/29 20:37:17 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/06/16 21:56:35 | 000,001,716 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/06/16 20:27:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/06/16 20:10:53 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/06/16 19:43:12 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/06/16 19:42:13 | 000,154,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/06/16 19:40:24 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2007/06/16 19:40:24 | 000,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2007/06/16 19:40:24 | 000,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2007/06/16 19:40:24 | 000,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2007/06/16 19:40:24 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2007/06/16 19:28:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/06/16 19:24:27 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/28 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 13:00:00 | 000,436,310 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 13:00:00 | 000,069,856 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1997/07/11 00:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1997/07/11 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/07/11 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/11 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/11 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2008/07/24 15:41:05 | 000,001,562 | ---- | M] () -- C:\Documents and Settings\Greg\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2008/11/05 22:08:57 | 006,167,304 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Greg\Desktop\BBC-iPlayer_Setup.exe
[2009/09/09 19:09:21 | 001,506,760 | ---- | M] (Virgin Broadband) -- C:\Documents and Settings\Greg\Desktop\broadband_advisor.exe
[2010/01/06 20:34:19 | 003,240,990 | ---- | M] (battleclinic.com) -- C:\Documents and Settings\Greg\Desktop\EVEMon-install-1.3.0.1912.exe
[2009/10/17 19:49:50 | 000,621,496 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\EVE_Premium_Setup_101786_m.exe-downloader.exe
[2009/12/01 19:43:48 | 001,889,920 | ---- | M] (CCP hf.) -- C:\Documents and Settings\Greg\Desktop\EVE_Premium_Setup_117956.exe
[2007/07/19 13:50:34 | 000,835,128 | ---- | M] () -- C:\Documents and Settings\Greg\Desktop\Google Updater.exe
[2009/09/13 09:08:39 | 001,925,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Greg\Desktop\install_flash_player.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2008/11/14 12:30:36 | 000,060,744 | ---- | M] () -- C:\Documents and Settings\Greg\g2mdlhlpx.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/04/14 17:25:40 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/04/14 17:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/04/14 17:25:55 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/04/14 17:25:59 | 000,261,080 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/10/08 16:28:08 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/04/30 21:15:40 | 000,000,000 | ---D | M] -- C:\Program Files\AMD
[2011/08/07 05:20:44 | 000,000,000 | ---D | M] -- C:\Program Files\BOINC
[2011/09/13 01:25:46 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2007/06/16 19:40:23 | 000,000,000 | ---D | M] -- C:\Program Files\BroadJump
[2009/10/17 21:24:34 | 000,000,000 | ---D | M] -- C:\Program Files\CCP
[2008/08/16 14:24:17 | 000,000,000 | ---D | M] -- C:\Program Files\CENEGA
[2008/11/14 12:30:51 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/06/11 19:36:41 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/11/23 21:53:03 | 000,000,000 | ---D | M] -- C:\Program Files\Core Temp
[2011/04/30 21:07:42 | 000,000,000 | -H-D | M] -- C:\Program Files\DeviceVM
[2011/04/30 19:35:39 | 000,000,000 | ---D | M] -- C:\Program Files\Diablo II
[2011/09/15 09:04:34 | 000,000,000 | ---D | M] -- C:\Program Files\DNA
[2008/09/27 23:55:46 | 000,000,000 | ---D | M] -- C:\Program Files\DreamCatcher
[2010/11/22 00:20:24 | 000,000,000 | ---D | M] -- C:\Program Files\eFMer
[2007/06/27 20:06:01 | 000,000,000 | ---D | M] -- C:\Program Files\Eidos Interactive
[2010/04/14 15:39:06 | 000,000,000 | ---D | M] -- C:\Program Files\Enlight
[2008/10/25 12:30:07 | 000,000,000 | ---D | M] -- C:\Program Files\EVE-Central MarketUploader
[2010/11/09 01:03:43 | 000,000,000 | ---D | M] -- C:\Program Files\EveHQ
[2010/12/11 22:51:14 | 000,000,000 | ---D | M] -- C:\Program Files\EVGA Precision
[2010/03/04 20:36:42 | 000,000,000 | ---D | M] -- C:\Program Files\FreeMind
[2010/08/08 15:01:42 | 000,000,000 | ---D | M] -- C:\Program Files\GamesBar
[2008/08/16 14:36:52 | 000,000,000 | ---D | M] -- C:\Program Files\GameShadow
[2008/08/10 09:40:17 | 000,000,000 | ---D | M] -- C:\Program Files\GameSpy Arcade
[2011/04/30 21:07:23 | 000,000,000 | ---D | M] -- C:\Program Files\GIGABYTE
[2009/04/10 16:12:46 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2011/02/19 20:54:37 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/04/30 21:15:39 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/08/12 19:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/06/17 08:11:24 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/04/22 14:13:03 | 000,000,000 | ---D | M] -- C:\Program Files\K-3D 0.8.0.1
[2010/09/09 20:26:40 | 000,000,000 | ---D | M] -- C:\Program Files\Kontiki
[2009/05/23 13:22:25 | 000,000,000 | ---D | M] -- C:\Program Files\Lionhead Studios Ltd
[2008/09/04 20:29:19 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2011/06/11 19:39:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/07/28 01:58:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2007/06/16 19:26:59 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/08/17 12:46:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/06/28 16:13:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/06/11 19:39:59 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/02/02 20:10:23 | 000,000,000 | ---D | M] -- C:\Program Files\Motherboard Monitor 5
[2010/08/12 18:40:53 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/05/08 22:21:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/09 02:06:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/06/16 19:23:39 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/06/16 19:24:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/11/12 02:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/07/20 18:07:46 | 000,000,000 | ---D | M] -- C:\Program Files\NAMCO BANDAI Games
[2009/12/17 20:33:29 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Software
[2008/09/04 00:15:36 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/08/29 20:14:54 | 000,000,000 | ---D | M] -- C:\Program Files\Nikon
[2007/06/16 20:11:08 | 000,000,000 | ---D | M] -- C:\Program Files\ntl
[2008/11/15 13:23:12 | 000,000,000 | ---D | M] -- C:\Program Files\Nuance
[2011/04/24 21:26:25 | 000,000,000 | ---D | M] -- C:\Program Files\NVIDIA Corporation
[2010/08/08 15:43:36 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2009/11/07 15:20:04 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/08/16 14:33:36 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2010/12/18 04:37:22 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/05/31 21:45:35 | 000,000,000 | ---D | M] -- C:\Program Files\PATRICIAN II
[2008/11/06 01:40:17 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2008/08/10 09:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\Plastic Reality Technologies
[2009/08/24 14:05:47 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2008/11/06 01:40:20 | 000,000,000 | ---D | M] -- C:\Program Files\Railroad Tycoon 3
[2011/09/14 11:17:22 | 000,000,000 | ---D | M] -- C:\Program Files\Raxco
[2011/04/30 21:14:20 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/08/09 02:06:46 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/08/16 21:20:27 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra
[2011/06/06 09:30:17 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/04/20 13:26:28 | 000,000,000 | ---D | M] -- C:\Program Files\Solid Edge 2D Drafting ST
[2011/05/13 21:27:25 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedFan
[2008/07/15 11:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2009/08/25 17:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2008/04/28 22:10:47 | 000,000,000 | ---D | M] -- C:\Program Files\Teamspeak2_RC2
[2007/06/29 20:43:39 | 000,000,000 | ---D | M] -- C:\Program Files\The Creative Assembly
[2010/05/06 17:42:22 | 000,000,000 | ---D | M] -- C:\Program Files\Thief2
[2007/06/16 21:42:58 | 000,000,000 | ---D | M] -- C:\Program Files\TIGER ONE
[2008/10/09 16:45:55 | 000,000,000 | ---D | M] -- C:\Program Files\Tomb Raider - Legend
[2011/07/23 13:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\Total War
[2010/08/20 19:11:16 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2009/09/06 16:49:27 | 000,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2009/10/29 23:07:59 | 000,000,000 | ---D | M] -- C:\Program Files\Ventrilo
[2011/09/14 22:01:52 | 000,000,000 | ---D | M] -- C:\Program Files\Virgin Media
[2011/06/11 19:40:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2007/07/05 20:50:52 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Favorites
[2011/06/11 19:39:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2011/06/11 19:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2009/10/22 08:32:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/03/11 16:50:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2007/09/08 12:21:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Messaging
[2009/11/07 15:18:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/06/16 19:27:00 | 000,000,000 | ---D | M] -- C:\Program Files\xerox


< MD5 for: AGP440.SYS >
[2006/02/28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/04 00:10:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/04 00:10:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/04 00:10:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/04 00:10:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2006/02/28 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/09/04 00:10:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/09/04 00:10:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-14 21:48:48


Spuzzana
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-15
Gender Gender : Male
OS OS : XP Pro
Protection Protection : Virgin Media Security full package including Identity Theft, Privacy, Firewall and Ad Blocker
Points Points : 19352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Spuzzana on 15th September 2011, 5:35 pm


< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 17:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 17:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 13:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 13:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 13:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 17:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 17:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 17:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 17:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 17:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 17:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/09/03 13:28:25 | 001,017,912 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/06/23 13:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/06/23 13:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/06/23 13:05:37 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -HS- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2009/10/16 20:38:53 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/10/16 20:38:53 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

========== Alternate Data Streams ==========

@Alternate Data Stream - 184 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10517E
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AE68282
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA3C6C07

< End of report >


EXTRAS.Txt


OTL Extras logfile created on: 9/15/2011 5:11:44 PM - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Documents and Settings\Greg\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 62.51% Memory free
4.59 Gb Paging File | 3.54 Gb Available in Paging File | 77.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 270.54 Gb Free Space | 72.61% Space Free | Partition Type: NTFS
Drive D: | 2.65 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: FASTERMACHINE | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"86:TCP" = 86:TCP:*:Enabled:BroadCam Video Streaming Server Web Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sitecom\C2SLoad.exe" = C:\Program Files\Sitecom\C2SLoad.exe:*:Enabled:C2SLoad
"C:\Program Files\CCP\EVE\bin\ExeFile.exe" = C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- (CCP hf.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\DreamCatcher\Genesis Rising\bin\GenesisRising.exe" = C:\Program Files\DreamCatcher\Genesis Rising\bin\GenesisRising.exe:*:Enabled:GenesisRising -- ()
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
"C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe" = C:\Program Files\Lionhead Studios Ltd\Black & White\runblack.exe:*:Enabled:lh -- (LionHead Studios Ltd.)
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Program Files\NAMCO BANDAI Games\Warhammer Mark of Chaos\Warhammer.exe" = C:\Program Files\NAMCO BANDAI Games\Warhammer Mark of Chaos\Warhammer.exe:*:Enabled:Warhammer®: Mark of Chaos™ -- (Black Hole Entertainment)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- ()
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- ()
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay -- (Ubisoft Entertainment)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"C:\Program Files\BOINC\boincmgr.exe" = C:\Program Files\BOINC\boincmgr.exe:*:Enabled:BOINC Manager -- (Space Sciences Laboratory)
"C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe" = C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe:*:Enabled:Servicepoint Service -- (Radialpoint Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)
"{1707BF02-0F5C-4A6C-8F17-053BB73E443F}" = Tabbed Browsing (Windows Live Toolbar)
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24F2E03B-ACF2-42FB-8A2A-5F015ACBDD16}" = TIGER ONE
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3699BC50-DA7B-4DA7-BB43-2981C9178FAD}" = UFO Aftermath
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JRAID
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4796EDEE-3550-46ED-9455-23F23A9A8CA8}" = Solid Edge 2D Drafting ST
"{47AF4245-CD81-4353-BFC0-0A21A6EF483A}" = UFO Afterlight
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{5AD839E7-BFA7-4796-B2CA-B1D824ECCDF7}" = Virgin Media Security
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5F374D5D-DB43-4263-9C29-BAB2C93FEFE6}" = Warhammer Mark of Chaos
"{639555DF-952A-4161-97F6-AB9807E421D7}" = UFO Aftershock
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714048C6-7703-4059-A8EC-17B31AAB73A2}" = RPS RpsCore
"{7673108D-9DED-4454-9712-FB2771D94446}" = RPS PerfectDiskStub
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{7E1A7395-0378-43A4-9131-2ADA48524E32}" = EveHQ
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111438590}" = Virtual Villagers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11231247}" = Peggle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112376770}" = Virtual Villagers The Lost Children
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A03FE64-0C8B-4E8F-B488-F36BA40A8640}" = Shogun - Total War - Gold Edition
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C0A9803-4592-11D7-B796-0050BFE4DB80}" = Restaurant Empire
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT
"{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT
"{A60A8A11-A607-46CA-BCA2-3D110A8D91DE}" = BOINC
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC8AF92-DAEC-45D2-B77D-36699E3751A9}" = Praetorians
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C30FF04E-7F4C-461D-9861-0E864223CBDF}" = Vivox Web Voice 1.18.3.4133
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}" = Windows Live Favorites for Windows Live Toolbar
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
"{F060FB53-71DA-41B6-A536-EFA88A092B8F}" = Leisure Suit Larry Collection(TM)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F41D7749-D973-42E7-BD80-64309766C39E}" = Dungeon Lords
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"BoincTasks_is1" = Boinc Tasks 32 and 64 Bit by eFMer V 1.09
"BroadJump Client Foundation" = BroadJump Client Foundation
"Capture NX" = Capture NX
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo II" = Diablo II
"EVE" = EVE Online (remove only)
"EVE-Central.com MarketUploader" = EVE-Central.com MarketUploader 1.3.1
"EVEMon" = EVEMon
"GamesBar" = GamesBar 2.0.1.59
"Genesis Rising_is1" = Genesis Rising
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Loco-Commotion" = Loco-Commotion
"Lunatics Unified Win32" = Lunatics Unified Win32 5.05.409
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Motherboard Monitor 5_is1" = Motherboard Monitor 5
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Office8.0" = Microsoft Office 97, Professional Edition
"OpenAL" = OpenAL
"PATRICIAN II_is1" = PATRICIAN II
"Picasa2" = Picasa 2
"PopCap Browser Plugin" = PopCap Browser Plugin
"Precision" = EVGA Precision 2.0.1
"RadialpointClientGateway_is1" = Virgin Media Service Manager 3.7.47
"RadialpointHomeSecurityDashboard_is1" = Virgin Media Digital Home Support 2.1.27
"RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.19
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"Shockwave" = Shockwave
"SpeedFan" = SpeedFan (remove only)
"System Tweaker_is1" = Uniblue System Tweaker
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Thief - The Dark Project" = Thief - The Dark Project (Remove Only)
"Thief 2 - The Metal Age" = Thief 2 - The Metal Age (Remove Only)
"Tomb Raider: Legend" = Tomb Raider: Legend 1.2
"Train Simulator 1.0" = Microsoft Train Simulator
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"fxTrade Practice" = fxTrade Practice
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Spuzzana
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-15
Gender Gender : Male
OS OS : XP Pro
Protection Protection : Virgin Media Security full package including Identity Theft, Privacy, Firewall and Ad Blocker
Points Points : 19352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Spuzzana on 15th September 2011, 5:36 pm

aswMBR. Txt


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-15 17:24:22
-----------------------------
17:24:22.406 OS Version: Windows 5.1.2600 Service Pack 3
17:24:22.406 Number of processors: 6 586 0xA00
17:24:22.406 ComputerName: FASTERMACHINE UserName: Greg
17:24:23.531 Initialize success
17:28:18.125 AVAST engine defs: 11091500
17:28:34.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:28:34.546 Disk 0 Vendor: ST3400633AS 3.AAH Size: 381554MB BusType: 3
17:28:36.562 Disk 0 MBR read successfully
17:28:36.578 Disk 0 MBR scan
17:28:36.625 Disk 0 Windows XP default MBR code
17:28:36.625 Disk 0 scanning sectors +781401600
17:28:36.671 Disk 0 scanning C:\WINDOWS\system32\drivers
17:28:44.359 Service scanning
17:28:47.640 Modules scanning
17:29:04.093 Disk 0 trace - called modules:
17:29:04.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS
17:29:04.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b46cab8]
17:29:04.109 3 CLASSPNP.SYS[b8118fd7] -> nt!IofCallDriver -> \Device\00000080[0x8b496cd8]
17:29:04.437 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b445d98]
17:29:04.437 \Driver\atapi[0x8b4f4ed8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xb8338d60]
17:29:05.109 AVAST engine scan C:\WINDOWS
17:29:18.890 AVAST engine scan C:\WINDOWS\system32
17:30:33.359 AVAST engine scan C:\WINDOWS\system32\drivers
17:30:42.734 AVAST engine scan C:\Documents and Settings\Greg
18:09:51.265 AVAST engine scan C:\Documents and Settings\All Users
18:19:36.015 Scan finished successfully
18:21:51.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Greg\Desktop\MBR.dat"
18:21:51.421 The log file has been saved successfully to "C:\Documents and Settings\Greg\Desktop\aswMBR.txt"

checkup.txt


Results of screen317's Security Check version 0.99.18
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
OneCare Advisor (Windows Live Toolbar)
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.3.181.14
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

Spuzzana
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-15
Gender Gender : Male
OS OS : XP Pro
Protection Protection : Virgin Media Security full package including Identity Theft, Privacy, Firewall and Ad Blocker
Points Points : 19352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Spuzzana on 15th September 2011, 5:58 pm

The problems I have are
1. a suspected RootKit: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak locked into my security software which showed up after scanning with RootkitRevealer v1.71

However, this does not show on the logs generated today.

2. Loss of memory: Although I have 4gig installed only about 1.99gig show in system. When originally installed there was more than 3.7gig available

3. Started getting Security Certificate Warnings when browsing to many of my favorite places on the net.

4. CPU is running hot so suspect the memory may have either been hijacked and running in the background at full pelt or my Fan is just not up to the job. I run BOINC 24/7. After installation of the CPU it sat at a steady 42-45c when under 100% chrunching load and clocked to 3666.29mhz. Now it runs often over 62c and I dare not clock the CPU. The fans and all internals of the PC are cleaned on a regular basis of about 2-4 weeks.

I use Servisol paste and not had this problem until recently.

One other fact:

I was scammed by a telephone call and remote access to my puter with the EVENTVWR scam.

Currently I am not very well and was used to regular remote connections while in my previous job. Ergo I was an easy target.

This has been fully reported to Microsoft, Police, Fraud Squad, Paypal, my Bank and online crunching buddies.

Hope you can help and thanks in advance.

Spuzzana Smile

Spuzzana
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-15
Gender Gender : Male
OS OS : XP Pro
Protection Protection : Virgin Media Security full package including Identity Theft, Privacy, Firewall and Ad Blocker
Points Points : 19352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Spuzzana on 15th September 2011, 6:04 pm

Sorry I missed the please read this before posting at the top of the forum Sad tearing

Spuzzana
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-15
Gender Gender : Male
OS OS : XP Pro
Protection Protection : Virgin Media Security full package including Identity Theft, Privacy, Firewall and Ad Blocker
Points Points : 19352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Spuzzana on 15th September 2011, 6:45 pm

Since my original post something has eaten more of my memory. Its now down to:

Total Physical Memory 4,096.00 MB
Available Physical Memory 1.84 GB


Spuzzana
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-15
Gender Gender : Male
OS OS : XP Pro
Protection Protection : Virgin Media Security full package including Identity Theft, Privacy, Firewall and Ad Blocker
Points Points : 19352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Belahzur on 16th September 2011, 1:23 am

Hello.

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Spuzzana on 16th September 2011, 4:41 am

Thank you for your quick reply. Maybe as we go through this process I can ask some questions so that I can understand more about what has happened, how I can spot these things faster, where the likely sources of these nasties are so I can avoid in the future, how long I have been infected, what are the chances that this has been passed to others by email, due to being familiar with remote connection in my previous job role what the likelihood is that this could have come from my former workplace or that I may have passed this onto them and where I can toughen up my security properly if that is alright with you?

Just checked my memory it has gone back up and is now:

Total Physical Memory 4,096.00 MB
Available Physical Memory 2.28 GB



Scan Report From TDSSKiller:


2011/09/16 05:30:35.0796 6024 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/16 05:30:36.0125 6024 ================================================================================
2011/09/16 05:30:36.0125 6024 SystemInfo:
2011/09/16 05:30:36.0125 6024
2011/09/16 05:30:36.0125 6024 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/16 05:30:36.0125 6024 Product type: Workstation
2011/09/16 05:30:36.0125 6024 ComputerName: FASTERMACHINE
2011/09/16 05:30:36.0125 6024 UserName: Greg
2011/09/16 05:30:36.0125 6024 Windows directory: C:\WINDOWS
2011/09/16 05:30:36.0125 6024 System windows directory: C:\WINDOWS
2011/09/16 05:30:36.0125 6024 Processor architecture: Intel x86
2011/09/16 05:30:36.0125 6024 Number of processors: 6
2011/09/16 05:30:36.0125 6024 Page size: 0x1000
2011/09/16 05:30:36.0125 6024 Boot type: Normal boot
2011/09/16 05:30:36.0125 6024 ================================================================================
2011/09/16 05:30:36.0968 6024 Initialize success
2011/09/16 05:30:53.0171 3036 ================================================================================
2011/09/16 05:30:53.0171 3036 Scan started
2011/09/16 05:30:53.0171 3036 Mode: Manual;
2011/09/16 05:30:53.0171 3036 ================================================================================
2011/09/16 05:30:55.0296 3036 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/16 05:30:55.0593 3036 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/16 05:30:56.0187 3036 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/16 05:30:56.0484 3036 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/16 05:30:58.0031 3036 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/09/16 05:30:58.0625 3036 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
2011/09/16 05:30:58.0921 3036 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/16 05:31:00.0046 3036 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/16 05:31:00.0359 3036 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/16 05:31:00.0953 3036 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/16 05:31:01.0265 3036 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/16 05:31:01.0562 3036 bdfsfltr (9b281f5f673cbc5b9ec886d59e0b4f26) C:\WINDOWS\system32\drivers\bdfsfltr.sys
2011/09/16 05:31:01.0875 3036 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/16 05:31:02.0203 3036 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/09/16 05:31:02.0218 3036 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/09/16 05:31:02.0531 3036 bvrp_pci (f45232470e6759a6a7e59add0d27bf0a) C:\WINDOWS\system32\drivers\bvrp_pci.sys
2011/09/16 05:31:02.0828 3036 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/16 05:31:03.0437 3036 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/16 05:31:03.0734 3036 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/16 05:31:04.0046 3036 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/16 05:31:05.0734 3036 DefragFS (65c7122d1115a4e1db3e8c11df919a40) C:\WINDOWS\system32\drivers\DefragFS.sys
2011/09/16 05:31:06.0046 3036 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/16 05:31:06.0359 3036 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/16 05:31:06.0687 3036 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/16 05:31:06.0984 3036 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/16 05:31:07.0281 3036 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/16 05:31:07.0859 3036 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/16 05:31:08.0171 3036 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/16 05:31:08.0468 3036 FASTNIC (a2a85c1375fa4037419b94d91437c21c) C:\WINDOWS\system32\DRIVERS\FASTNIC.sys
2011/09/16 05:31:08.0781 3036 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/16 05:31:09.0093 3036 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/16 05:31:09.0390 3036 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/16 05:31:09.0687 3036 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/16 05:31:10.0218 3036 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/16 05:31:10.0500 3036 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/16 05:31:10.0718 3036 gdrv (d556cb79967e92b5cc69686d16c1d846) C:\WINDOWS\gdrv.sys
2011/09/16 05:31:12.0265 3036 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/09/16 05:31:12.0640 3036 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/16 05:31:13.0187 3036 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/16 05:31:13.0781 3036 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/16 05:31:14.0640 3036 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/16 05:31:15.0218 3036 IKFileSec (dead59a2bfbf5cc08693584c608006c5) C:\WINDOWS\system32\drivers\ikfilesec.sys
2011/09/16 05:31:15.0515 3036 IkSysFlt (457813fd0b3c6c52b2583b0997a8096a) C:\WINDOWS\system32\drivers\iksysflt.sys
2011/09/16 05:31:15.0812 3036 IKSysSec (d7c6c835c4818d5c4a853f474fb5a9fc) C:\WINDOWS\system32\drivers\iksyssec.sys
2011/09/16 05:31:16.0140 3036 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/16 05:31:16.0828 3036 IntcAzAudAddService (e8656858d8b2da7c9cf59fb4e5ce32ed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/16 05:31:17.0437 3036 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/16 05:31:17.0734 3036 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/16 05:31:18.0046 3036 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/16 05:31:18.0359 3036 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/16 05:31:18.0656 3036 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/16 05:31:18.0937 3036 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/09/16 05:31:19.0250 3036 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/16 05:31:19.0546 3036 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/09/16 05:31:19.0859 3036 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/16 05:31:20.0156 3036 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDOWS\system32\DRIVERS\JGOGO.sys
2011/09/16 05:31:20.0453 3036 JRAID (d8619261b2be23ccb3f4f5fbd2ce4408) C:\WINDOWS\system32\DRIVERS\jraid.sys
2011/09/16 05:31:20.0781 3036 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/16 05:31:21.0078 3036 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/16 05:31:21.0359 3036 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/16 05:31:21.0968 3036 mbmiodrvr (290fb01f7f51eff0960599404a09f8d6) C:\WINDOWS\system32\mbmiodrvr.sys
2011/09/16 05:31:22.0375 3036 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/16 05:31:22.0687 3036 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/16 05:31:23.0000 3036 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/16 05:31:23.0296 3036 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/16 05:31:23.0875 3036 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/16 05:31:24.0187 3036 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/16 05:31:24.0515 3036 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/16 05:31:24.0984 3036 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/16 05:31:25.0281 3036 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/16 05:31:25.0593 3036 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/16 05:31:25.0906 3036 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/16 05:31:26.0203 3036 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/16 05:31:26.0531 3036 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/16 05:31:26.0828 3036 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/16 05:31:27.0125 3036 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/16 05:31:27.0421 3036 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/16 05:31:27.0734 3036 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/16 05:31:28.0046 3036 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/16 05:31:28.0343 3036 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/16 05:31:28.0640 3036 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/16 05:31:28.0953 3036 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/16 05:31:29.0265 3036 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/16 05:31:29.0609 3036 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/16 05:31:30.0312 3036 nv (5e640f37801f2d4152d11595218915cd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/16 05:31:30.0703 3036 NVENETFD (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/09/16 05:31:31.0109 3036 nvnetbus (46fdb8d07dd4fc81093b0acb243a525d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/09/16 05:31:31.0531 3036 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/16 05:31:31.0843 3036 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/16 05:31:32.0140 3036 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/16 05:31:32.0468 3036 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/16 05:31:32.0765 3036 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/16 05:31:33.0078 3036 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/16 05:31:33.0359 3036 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/16 05:31:33.0984 3036 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/16 05:31:34.0296 3036 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/16 05:31:36.0296 3036 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/16 05:31:36.0593 3036 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/09/16 05:31:36.0781 3036 Profos (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Virgin Media\Security\BitDefender\profos.sys
2011/09/16 05:31:37.0140 3036 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/16 05:31:37.0437 3036 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/16 05:31:39.0015 3036 RadialpointIDSDriver (9dc4b985729c8ae26b0fd607d2081048) C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys
2011/09/16 05:31:39.0359 3036 RadialpointIDSEH (2457250ca176e7fde9c3d3b2c94341f0) C:\WINDOWS\system32\drivers\AVGIDSEH.sys
2011/09/16 05:31:39.0546 3036 RadialpointIDSFilter (0871aad56c4960e311150fd724e106ae) C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSFilter.sys
2011/09/16 05:31:39.0578 3036 RadialpointIDSShim (2b949205f1c53b6e4002a3c38327c9a2) C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys
2011/09/16 05:31:39.0984 3036 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/16 05:31:40.0281 3036 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/09/16 05:31:40.0609 3036 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/16 05:31:40.0890 3036 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/16 05:31:41.0203 3036 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/16 05:31:41.0500 3036 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/16 05:31:41.0828 3036 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/16 05:31:42.0140 3036 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/16 05:31:42.0453 3036 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/16 05:31:42.0781 3036 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/16 05:31:43.0078 3036 RPPKT (b7e136986bb3dac249a00e760281f0a9) C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys
2011/09/16 05:31:43.0390 3036 RPSKT (750d83c39d60964b6bc2b8a75ed7a165) C:\WINDOWS\system32\DRIVERS\rp_skt32.sys
2011/09/16 05:31:43.0703 3036 RTLE8023xp (6ebfbbf24fed8285928b825a46618f8a) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/09/16 05:31:44.0015 3036 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/16 05:31:44.0312 3036 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/16 05:31:44.0625 3036 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/16 05:31:44.0921 3036 sfdrv01 (00de597b81b381053cb5b21a7f20e365) C:\WINDOWS\system32\drivers\sfdrv01.sys
2011/09/16 05:31:45.0234 3036 sfhlp02 (64b9ab76f1b16eb059cb6cdd906c067a) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/09/16 05:31:45.0515 3036 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/16 05:31:45.0828 3036 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
2011/09/16 05:31:46.0703 3036 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2011/09/16 05:31:47.0015 3036 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/16 05:31:47.0296 3036 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/16 05:31:47.0640 3036 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/16 05:31:48.0218 3036 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/16 05:31:48.0500 3036 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/16 05:31:49.0921 3036 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/16 05:31:50.0234 3036 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/16 05:31:50.0531 3036 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/16 05:31:50.0812 3036 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/16 05:31:51.0140 3036 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/16 05:31:51.0593 3036 Trufos (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys
2011/09/16 05:31:51.0921 3036 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/16 05:31:52.0515 3036 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/16 05:31:52.0812 3036 usbcm (a31c1f4b2448eeeff7c0d4e4d58bd9b3) C:\WINDOWS\system32\DRIVERS\usbcm.sys
2011/09/16 05:31:53.0125 3036 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/16 05:31:53.0437 3036 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/16 05:31:53.0734 3036 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/16 05:31:54.0031 3036 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/16 05:31:54.0312 3036 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/16 05:31:54.0968 3036 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/16 05:31:55.0265 3036 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/16 05:31:56.0031 3036 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/16 05:31:56.0328 3036 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/16 05:31:56.0640 3036 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/16 05:31:56.0968 3036 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/16 05:31:57.0000 3036 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/09/16 05:31:57.0093 3036 Boot (0x1200) (1def1d3284e1a6fce34a4bc2d0ee568e) \Device\Harddisk0\DR0\Partition0
2011/09/16 05:31:57.0093 3036 ================================================================================
2011/09/16 05:31:57.0093 3036 Scan finished
2011/09/16 05:31:57.0093 3036 ================================================================================
2011/09/16 05:31:57.0109 3180 Detected object count: 0
2011/09/16 05:31:57.0109 3180 Actual detected object count: 0

Spuzzana
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-15
Gender Gender : Male
OS OS : XP Pro
Protection Protection : Virgin Media Security full package including Identity Theft, Privacy, Firewall and Ad Blocker
Points Points : 19352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Spuzzana on 17th September 2011, 10:27 am

New Information

Had an error show up while booting up this morning:

BIOS CHECKSUM ERROR

The PC continued to boot up as normal. Since then the temperature and CPU speeds have dropped from:

3322MHZ
3314MHZ

Temperature has dropped when under no load to as low as 34C as well and is now sitting generally around 35C- 38C rather than the previous 45-48C. However it still ranges up to 43C when under minimal load of about 15%. When Chrunching the BOINC projects it goes up to as high as 67C which is cutting it to fine for the rated temp of this chip of 71C.

In my original erroneous post where I didn't read the before posting guide on what I should do I posted:

This is the full Rootkit Reveal log:


HKLM\SECURITY\Policy\Secrets\SAC* 6/16/2007 7:44 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 6/16/2007 7:44 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\GIGABYTE\ESLITE\CPU_MAX 9/15/2011 9:18 AM 20 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\Greg\Local Settings\Temp\MessengerCache 9/15/2011 9:05 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Greg\Local Settings\Temp\Temporary Directory 1 for RootkitRevealer.zip 9/15/2011 9:16 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Greg\Local Settings\Temp\Temporary Directory 1 for RootkitRevealer.zip\Eula.txt 7/28/2006 8:32 AM 6.84 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Greg\Local Settings\Temp\Temporary Directory 2 for RootkitRevealer.zip 9/15/2011 9:17 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Greg\Local Settings\Temp\WPDNSE 9/15/2011 9:03 AM 0 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Greg\Recent\RootkitRevealer (2).lnk 9/15/2011 9:17 AM 809 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Greg\Recent\RootkitRevealer.lnk 9/15/2011 9:17 AM 1.07 KB Visible in Windows API, but not in MFT or directory index.
C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\profile\C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak 9/14/2011 11:41 AM 130 bytes Hidden from Windows API.
C:\System Volume Information\_restore{B5D4352E-DC04-4F0B-BB65-78BB7509B061}\RP788\A0154365.old 9/15/2011 3:21 AM 1.32 KB Hidden from Windows API.
C:\System Volume Information\_restore{B5D4352E-DC04-4F0B-BB65-78BB7509B061}\RP788\A0154366.out 9/15/2011 2:08 AM 1.25 KB Hidden from Windows API.

It was this part which has alerted me because its in my security software folder

C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

In another post here on the forum there is reference to this being deleted. What I am not sure about is what will happen if I just delete it.

This is what I had done prior to arriving at GeekPolice.

If there is any other information you would like or need let me know.

Spuzzana
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-15
Gender Gender : Male
OS OS : XP Pro
Protection Protection : Virgin Media Security full package including Identity Theft, Privacy, Firewall and Ad Blocker
Points Points : 19352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Spuzzana on 20th September 2011, 9:21 am

Bump

Spuzzana
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-15
Gender Gender : Male
OS OS : XP Pro
Protection Protection : Virgin Media Security full package including Identity Theft, Privacy, Firewall and Ad Blocker
Points Points : 19352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Belahzur on 21st September 2011, 12:36 am

Download the [You must be registered and logged in to see this link.]. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Spuzzana on 26th September 2011, 11:59 am

Hi Belahzur

Sorry I have not been able to respond to this reply. I am having to use an internet cafe because my MB has stopped working and had to be returned to the people I purchsed it from under warranty.

Until I get it back I won't be able to go any further. Hopefuly it will be retuned by the end of this week.

If not then it may be another month as it will have been sent to the manufacturer.

Sorry for the delay.

Spuzzana
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-15
Gender Gender : Male
OS OS : XP Pro
Protection Protection : Virgin Media Security full package including Identity Theft, Privacy, Firewall and Ad Blocker
Points Points : 19352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Belahzur on 26th September 2011, 5:54 pm

Okay, standing by.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Spuzzana on 30th September 2011, 6:36 pm

Contents of GMER posted.

Not sure if this is relevant or not.

Been informed that my MB has had to be returned to the manufacturer and it will take about 28 days before it is returned. Purchased a temporary MB to tide me over.

The board is a GIGABYTE 880GM-D2H
Original MD is a GIGABYTE MA770T-UD3

Will this make any difference to the outcome of the scan. If so what steps would you like me to take?

GMER 1.0.15.15641 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-09-30 19:28:55
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3400633AS rev.3.AAH
Running: u1lqeyoo.exe; Driver: C:\DOCUME~1\Greg\LOCALS~1\Temp\pwddikob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xB8489470]
SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xB8489520]
SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xB84895C0]
SSDT \??\C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xB8489660]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB284C3A0, 0x88C445, 0xE8000020]
? System32\Drivers\743a382c.sys The system cannot find the path specified. !
? System32\Drivers\1bee618f.sys The system cannot find the path specified. !
? C:\DOCUME~1\Greg\LOCALS~1\Temp\ALSysIO.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \FileSystem\Ntfs \Ntfs trufos.sys (Trufos Kernel Module/BitDefender S.R.L.)
AttachedDevice \Driver\Tcpip \Device\Ip rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

AttachedDevice \Driver\Tcpip \Device\Udp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp rp_skt32.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \FileSystem\Fastfat \Fat trufos.sys (Trufos Kernel Module/BitDefender S.R.L.)

---- EOF - GMER 1.0.15 ----

Spuzzana
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-15
Gender Gender : Male
OS OS : XP Pro
Protection Protection : Virgin Media Security full package including Identity Theft, Privacy, Firewall and Ad Blocker
Points Points : 19352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Belahzur on 1st October 2011, 2:01 pm

Hello.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Files to delete:
C:\WINDOWS\system32\Drivers\743a382c.sys
C:\WINDOWS\system32\Drivers\1bee618f.sys

Drivers to delete:
743a382c
1bee618f

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Spuzzana on 1st October 2011, 4:41 pm

Contents of Avenger Logfile

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "C:\WINDOWS\system32\Drivers\743a382c.sys" not found!
Deletion of file "C:\WINDOWS\system32\Drivers\743a382c.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\Drivers\1bee618f.sys" not found!
Deletion of file "C:\WINDOWS\system32\Drivers\1bee618f.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\743a382c" not found!
Deletion of driver "743a382c" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\1bee618f" not found!
Deletion of driver "1bee618f" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Spuzzana
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-15
Gender Gender : Male
OS OS : XP Pro
Protection Protection : Virgin Media Security full package including Identity Theft, Privacy, Firewall and Ad Blocker
Points Points : 19352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Spuzzana on 13th October 2011, 6:39 pm

Bump

Next steps please Smile

Spuzzana
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-15
Gender Gender : Male
OS OS : XP Pro
Protection Protection : Virgin Media Security full package including Identity Theft, Privacy, Firewall and Ad Blocker
Points Points : 19352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Belahzur on 22nd October 2011, 11:18 pm

Sorry for the long delay, been super busy.

Any difference to the machine lately?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Spuzzana on 13th November 2011, 12:46 pm

Hi Belahzur

Likewise. Funny how life can suddenly change.

Had been out of work for a couple of months. Now back in full time employment and very strangely for me met a lovely lovely lady.

Puter time is currently almost zero.

Sorted out the Heat issues I had. now sitting at a steady 38-41C under 100% loading and re-clocked to 3715MHZ. At Base 3333MHZ it runs at a beautiful 32C under 100% load. Basically replaced the fan because I realized that it had become very noisy. So concluded that the bearings may have been breaking down. That also sorted out the MHZ issue I was having. Think the MB was automatically reducing the speed in an effort to reduce the temperature.

Manufacturer replaced the MB and this is now stable.

Puter is not behaving properly. Not sure what is wrong. Java is screwing around with quite a few things on the machine. Uninstalled and re-installed several times to no avail.

Thinking that I may have to have a dual boot system one for when I need to use programs dependent on Java and one for programs which Java is interfering with.

Did find a Java virus which may have started all this off. It was neatly tucked away in one of my mail archives which didn't get scanned regularly. What I don't get though is how it managed to slip past my Anti Virus which gets updated on a daily basis automatically.

Which brings me back to the title of the thread:

C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak This is still lodged in my Anti Virus folder. Is it a rootkit?

Still don't know if I had a rootkit or not though?

Advise would be good.

Thanks and take care.

Spuzzana
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-09-15
Gender Gender : Male
OS OS : XP Pro
Protection Protection : Virgin Media Security full package including Identity Theft, Privacy, Firewall and Ad Blocker
Points Points : 19352
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Think I have this: C__WINDOWS_EXPLORER.EXE.ndb_ndb.bak

Post by Belahzur on 14th November 2011, 12:18 am

If it's in an antivirus folder, it's a quarantine, it's harmless and you can delete it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum