PC Slow and hangs

Hi

I am running a modern dual core PC with Vista Ultimate x64, 4 Gig RAM and a GT220 graphics card, and a 600Gig hard drive 70% free space on it.

Recently my PC started hanging, while it hangs there is a lot of disk activity going on, also IE8 hangs when opened and does not connect, I have to open another session, which does connect but only works for a while then hangs, the same thing happens when I use Firefox which I installed to see if it fixed this issue.

Hope you can help, I have done all of the updates in the "Read this first" section and below is my Hijackthis log contents.

thanks

Daniel

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:34 AM, on 2/04/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
F:\Downloads\Hijackthis\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rail-sim.de/railsim/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: MP3Bar - {F6BD6330-76F8-44d9-B775-87614E2D8374} - C:\Program Files (x86)\Fiesta Download Manager\mp3bar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.62.0.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9579 bytes

Last edited by daniellouwrens on 1st April 2010, 5:16 pm; edited 1 time in total (Reason for editing : Added data re Firefox)

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Hi

here is the OTL.txt, I will post the Extras.txt next.

OTL logfile created on: 2/04/2010 11:19:37 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Everybody\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.13 Gb Total Space | 422.08 Gb Free Space | 72.63% Space Free | Partition Type: NTFS
Drive D: | 15.02 Gb Total Space | 3.69 Gb Free Space | 24.57% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 465.83 Gb Total Space | 126.21 Gb Free Space | 27.09% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.77 Gb Total Space | 0.10 Gb Free Space | 2.72% Space Free | Partition Type: FAT32
Drive K: | 465.68 Gb Total Space | 329.30 Gb Free Space | 70.71% Space Free | Partition Type: NTFS

Computer Name: GAMING
Current User Name: Everybody
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/02 11:18:51 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Everybody\Desktop\OTL.exe
PRC - [2009/11/13 22:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (SafeList) ==========

MOD - [2010/04/02 11:18:51 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Everybody\Desktop\OTL.exe
MOD - [2009/04/10 23:28:20 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/10/04 17:53:34 | 000,039,424 | ---- | M] (KSE - Korndörfer Software Engineering) [Auto | Running] -- C:\Program Files\nHancer\nHancerService.exe -- (nHancer)
SRV:64bit: - [2009/09/25 12:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/09/15 10:20:34 | 000,324,928 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool)
SRV:64bit: - [2009/04/11 00:11:28 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009/04/11 00:11:16 | 000,604,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009/04/11 00:11:06 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2008/01/19 01:06:52 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/19 01:00:54 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/01/19 01:00:18 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV - [2009/11/13 22:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/11/02 05:00:57 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/15 10:17:16 | 000,061,760 | ---- | M] (Nalpeiron Ltd.) [Disabled | Stopped] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc)
SRV - [2009/07/03 15:56:14 | 000,303,376 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2009/06/26 09:26:20 | 000,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/03/29 21:39:56 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006/11/03 00:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 17:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 17:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
SRV - [2006/10/26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/03/23 03:29:23 | 000,330,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\klif.sys -- (KLIF)
DRV:64bit: - [2009/10/07 09:44:00 | 000,138,896 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/08/28 19:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/08/21 20:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/15 14:01:06 | 000,156,688 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kl1.sys -- (kl1)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/16 20:59:30 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/05/15 18:50:26 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/04/11 00:15:32 | 000,160,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\fvevol.sys -- (fvevol)
DRV:64bit: - [2009/04/10 22:39:52 | 000,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009/04/10 21:56:26 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009/01/17 07:14:30 | 000,860,672 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2008/12/15 20:41:52 | 000,038,416 | ---- | M] (Kaspersky Lab) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\klbg.sys -- (KLBG)
DRV - [2009/10/04 07:15:09 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2008/04/14 02:21:50 | 000,017,920 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\Ntaccess.sys -- (WEBNTACCESS)
DRV - [2006/09/19 08:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/19 08:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rail-sim.de/railsim/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/03/26 03:34:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/02 02:50:09 | 000,000,000 | ---D | M]

[2010/03/26 03:34:11 | 000,000,000 | ---D | M] -- C:\Users\Everybody\AppData\Roaming\Mozilla\Extensions
[2009/10/25 11:20:53 | 000,000,000 | ---D | M] -- C:\Users\Everybody\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/03/26 03:34:11 | 000,000,000 | ---D | M] -- C:\Users\Everybody\AppData\Roaming\Mozilla\Firefox\Profiles\h7q61in9.default\extensions
[2010/03/26 03:34:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/02 09:01:33 | 000,000,806 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MP3Bar) - {F6BD6330-76F8-44d9-B775-87614E2D8374} - C:\Program Files (x86)\Fiesta Download Manager\mp3bar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MP3Bar) - {F6BD6330-76F8-44D9-B775-87614E2D8374} - C:\Program Files (x86)\Fiesta Download Manager\mp3bar.dll ()
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.62.0.cab (SysInfo Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/25 05:45:50 | 000,000,000 | ---D | M] - C:\Autostitch -- [ NTFS ]
O32 - AutoRun File - [2010/02/25 05:45:50 | 000,000,000 | ---D | M] - K:\Autostitch -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/02 11:18:47 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Everybody\Desktop\OTL.exe
[2010/04/02 04:34:37 | 000,000,000 | ---D | C] -- C:\Users\Everybody\DoctorWeb
[2010/04/02 02:56:46 | 000,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2010/04/02 02:56:46 | 000,182,784 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/04/02 02:56:46 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/04/02 02:56:46 | 000,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/04/02 02:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/02 02:42:38 | 002,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010/04/02 02:42:38 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/04/02 02:42:37 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010/04/02 02:42:37 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010/04/02 02:42:37 | 001,147,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/04/02 02:42:37 | 001,062,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/04/02 02:42:37 | 000,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/04/02 02:42:37 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/04/02 02:42:37 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/04/02 02:42:37 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/04/02 02:42:37 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/04/02 02:42:37 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/04/02 02:42:37 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010/04/02 02:42:37 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/04/02 02:42:37 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010/04/02 02:42:37 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/04/02 02:42:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010/04/02 02:42:37 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/04/02 02:42:37 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010/04/02 02:42:37 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010/04/02 02:42:37 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010/04/02 02:42:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010/04/02 02:42:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010/04/02 02:42:37 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010/04/02 02:42:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/04/02 02:42:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010/04/02 02:42:37 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010/04/02 02:42:37 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010/04/02 02:42:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/04/02 02:42:37 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2010/04/02 02:42:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2010/04/02 02:42:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/04/02 02:42:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/03/26 09:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oregon Scientific
[2010/03/26 04:45:29 | 000,000,000 | ---D | C] -- C:\Windows\3DTrains
[2010/03/26 03:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/03/25 05:48:19 | 000,000,000 | ---D | C] -- C:\Users\Everybody\AppData\Roaming\nHancer
[2010/03/25 05:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer
[2010/03/25 05:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\nHancer
[2010/03/23 03:29:23 | 000,330,768 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/03/22 17:39:14 | 000,000,000 | ---D | C] -- C:\Users\Everybody\AppData\Local\Microsoft Game Studios
[2010/03/22 17:28:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/03/22 17:19:07 | 000,000,000 | ---D | C] -- C:\Users\Everybody\Documents\Flight Simulator X Files
[2010/03/22 10:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games
[2010/03/22 05:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EngMod
[2010/03/21 05:06:54 | 000,000,000 | ---D | C] -- C:\Users\Everybody\Documents\Downloads
[2010/03/21 04:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo
[2010/03/19 11:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/19 11:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/03/19 11:14:49 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/03/19 11:14:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/03/19 11:14:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/03/19 09:37:57 | 000,000,000 | ---D | C] -- C:\Users\Everybody\AppData\Roaming\Malwarebytes
[2010/03/19 09:37:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/19 09:37:52 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/19 09:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/19 09:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/19 09:14:02 | 000,000,000 | ---D | C] -- C:\Users\Everybody\AppData\Local\Mozilla
[2010/03/13 09:41:10 | 000,000,000 | ---D | C] -- C:\Users\Everybody\AppData\Roaming\gtk-2.0
[2010/03/13 09:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Fiesta Download Manager
[2010/03/13 09:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fiesta Download Manager
[2010/03/13 09:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD Recovery Toolbox Free
[2010/03/13 08:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Disk Investigator
[2010/03/13 05:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCAnalyzer
[2010/03/12 11:03:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digital Image Recovery
[2010/03/11 05:08:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConBuilderv5
[2010/03/10 06:42:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/10 06:42:27 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/10 06:42:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/10 06:42:25 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/02 11:19:34 | 003,932,160 | -HS- | M] () -- C:\Users\Everybody\NTUSER.DAT
[2010/04/02 11:18:51 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Everybody\Desktop\OTL.exe
[2010/04/02 10:32:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/02 09:53:47 | 000,004,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/02 09:53:47 | 000,004,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/02 09:01:33 | 000,000,806 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/04/02 08:22:24 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{930503F3-A4B4-4A04-ADFF-88F44F4C5B80}.job
[2010/04/02 03:53:58 | 000,084,735 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/04/02 03:53:58 | 000,084,735 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/04/02 03:53:49 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/02 03:53:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/02 03:53:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/02 03:52:56 | 000,524,288 | -HS- | M] () -- C:\Users\Everybody\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TMContainer00000000000000000001.regtrans-ms
[2010/04/02 03:52:56 | 000,065,536 | -HS- | M] () -- C:\Users\Everybody\NTUSER.DAT{a7bdf3ed-6a85-11db-b5ae-f1534be43d84}.TM.blf
[2010/04/02 03:52:46 | 003,403,967 | -H-- | M] () -- C:\Users\Everybody\AppData\Local\IconCache.db
[2010/04/02 02:56:33 | 000,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2010/04/02 02:56:33 | 000,182,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010/04/02 02:56:33 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010/04/02 02:56:33 | 000,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010/04/02 02:50:10 | 000,001,951 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/02 02:30:49 | 000,002,657 | ---- | M] () -- C:\Users\Everybody\Desktop\Microsoft Office Outlook 2007.lnk
[2010/04/01 18:25:09 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010/04/01 18:25:09 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010/04/01 04:21:09 | 000,694,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/01 04:21:09 | 000,602,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/01 04:21:09 | 000,106,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/30 15:43:29 | 000,277,454 | ---- | M] () -- C:\Users\Everybody\Desktop\Internet Explorer 8 Problems How to Fix and Repair IE 8 When it Hangs or Freezes.mht
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/28 04:58:50 | 000,002,094 | ---- | M] () -- C:\Users\Everybody\Desktop\TrainSim Bernina.lnk
[2010/03/27 09:18:33 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/03/27 07:39:00 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Weather OS.lnk
[2010/03/27 04:49:16 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010/03/26 03:52:52 | 000,002,413 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/26 03:34:06 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/25 05:47:18 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\nHancer.lnk
[2010/03/24 05:14:35 | 000,000,889 | ---- | M] () -- C:\Users\Everybody\Desktop\SView.exe.lnk
[2010/03/24 03:31:27 | 000,383,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/03/23 07:14:23 | 000,104,808 | ---- | M] () -- C:\Users\Everybody\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/23 03:37:31 | 000,143,387 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/03/23 03:37:31 | 000,104,987 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/03/23 03:29:23 | 000,330,768 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010/03/22 17:21:15 | 000,000,136 | ---- | M] () -- C:\Users\Everybody\Desktop\Microsoft Flight Simulator X - Shortcut.lnk
[2010/03/22 08:52:01 | 000,000,035 | ---- | M] () -- C:\Windows\iltwain.ini
[2010/03/22 05:17:11 | 000,000,852 | ---- | M] () -- C:\Users\Everybody\Desktop\EngMod.exe.lnk
[2010/03/21 05:09:59 | 000,001,139 | ---- | M] () -- C:\Users\Everybody\Desktop\Revo Uninstaller.lnk
[2010/03/21 04:51:05 | 000,001,859 | ---- | M] () -- C:\Users\Everybody\Desktop\CrystalDiskInfo.lnk
[2010/03/19 11:22:46 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\MSTSmanager.lnk
[2010/03/19 11:22:31 | 000,136,082 | ---- | M] () -- C:\Users\Everybody\Desktop\Connection Problem 1.jpg
[2010/03/19 11:20:36 | 000,002,880 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/03/19 11:20:16 | 000,260,236 | ---- | M] () -- C:\Users\Everybody\Desktop\Connection Problem.jpg
[2010/03/19 10:46:24 | 000,000,943 | ---- | M] () -- C:\Users\Everybody\Desktop\32 iexplore.exe.lnk
[2010/03/19 10:44:28 | 000,000,901 | ---- | M] () -- C:\Users\Everybody\Desktop\64 bitiexplore.exe.lnk
[2010/03/19 09:37:56 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/19 09:14:10 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/03/13 12:03:29 | 000,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2010/03/13 11:38:19 | 000,000,218 | ---- | M] () -- C:\Users\Everybody\.recently-used.xbel
[2010/03/13 09:38:57 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\Fiesta Download Manager.lnk
[2010/03/13 09:09:57 | 000,000,924 | ---- | M] () -- C:\Users\Everybody\Desktop\CD Recovery Toolbox Free.lnk
[2010/03/13 08:47:30 | 000,000,915 | ---- | M] () -- C:\Users\Everybody\Desktop\Disk Investigator.lnk
[2010/03/13 06:04:02 | 000,002,455 | ---- | M] () -- C:\Users\Everybody\Desktop\PHOTORECOVERY LE.lnk
[2010/03/13 05:18:53 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\PCAnalyzer.lnk
[2010/03/12 11:03:58 | 000,000,869 | ---- | M] () -- C:\Users\Everybody\Desktop\Digital Image Recovery.lnk
[2010/03/11 05:08:21 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\ConBuilder.lnk
[2010/03/11 05:08:20 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\ConBuilder system check.lnk
[2010/03/09 04:26:12 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\Qimage.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/02 02:50:09 | 000,001,951 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/02 02:43:47 | 000,233,710 | ---- | C] () -- C:\Users\Everybody\AppData\Local\dd_ATL90SP1_KB973924MSI5D67.txt
[2010/04/02 02:43:46 | 000,011,754 | ---- | C] () -- C:\Users\Everybody\AppData\Local\dd_ATL90SP1_KB973924UI5D67.txt
[2010/03/30 15:43:28 | 000,277,454 | ---- | C] () -- C:\Users\Everybody\Desktop\Internet Explorer 8 Problems How to Fix and Repair IE 8 When it Hangs or Freezes.mht
[2010/03/27 07:37:56 | 000,361,650 | ---- | C] () -- C:\Users\Everybody\AppData\Local\dd_vcredistMSI698C.txt
[2010/03/27 07:37:40 | 000,012,782 | ---- | C] () -- C:\Users\Everybody\AppData\Local\dd_vcredistUI698C.txt
[2010/03/27 07:37:32 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Weather OS.lnk
[2010/03/26 09:24:57 | 000,590,974 | ---- | C] () -- C:\Users\Everybody\AppData\Local\dd_vcredistMSI6D73.txt
[2010/03/26 09:24:51 | 000,014,286 | ---- | C] () -- C:\Users\Everybody\AppData\Local\dd_vcredistUI6D73.txt
[2010/03/26 03:34:06 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/03/25 05:47:18 | 000,000,888 | ---- | C] () -- C:\Users\Public\Desktop\nHancer.lnk
[2010/03/24 05:13:57 | 000,000,889 | ---- | C] () -- C:\Users\Everybody\Desktop\SView.exe.lnk
[2010/03/23 03:30:43 | 000,143,387 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010/03/23 03:30:43 | 000,104,987 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010/03/22 17:21:15 | 000,000,136 | ---- | C] () -- C:\Users\Everybody\Desktop\Microsoft Flight Simulator X - Shortcut.lnk
[2010/03/22 05:16:40 | 000,000,852 | ---- | C] () -- C:\Users\Everybody\Desktop\EngMod.exe.lnk
[2010/03/21 04:51:05 | 000,001,859 | ---- | C] () -- C:\Users\Everybody\Desktop\CrystalDiskInfo.lnk
[2010/03/19 11:21:56 | 000,136,082 | ---- | C] () -- C:\Users\Everybody\Desktop\Connection Problem 1.jpg
[2010/03/19 11:20:16 | 000,260,236 | ---- | C] () -- C:\Users\Everybody\Desktop\Connection Problem.jpg
[2010/03/19 10:46:01 | 000,000,943 | ---- | C] () -- C:\Users\Everybody\Desktop\32 iexplore.exe.lnk
[2010/03/19 10:44:00 | 000,000,901 | ---- | C] () -- C:\Users\Everybody\Desktop\64 bitiexplore.exe.lnk
[2010/03/19 09:37:56 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/19 09:14:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/03/13 12:03:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/03/13 11:38:19 | 000,000,218 | ---- | C] () -- C:\Users\Everybody\.recently-used.xbel
[2010/03/13 09:38:57 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\Fiesta Download Manager.lnk
[2010/03/13 09:09:57 | 000,000,924 | ---- | C] () -- C:\Users\Everybody\Desktop\CD Recovery Toolbox Free.lnk
[2010/03/13 08:47:30 | 000,000,915 | ---- | C] () -- C:\Users\Everybody\Desktop\Disk Investigator.lnk
[2010/03/13 05:18:53 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\PCAnalyzer.lnk
[2010/03/12 11:03:58 | 000,000,869 | ---- | C] () -- C:\Users\Everybody\Desktop\Digital Image Recovery.lnk
[2010/03/11 05:08:21 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\MSTSmanager.lnk
[2010/03/11 05:08:20 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\ConBuilder system check.lnk
[2010/03/11 05:06:49 | 000,001,069 | ---- | C] () -- C:\Windows\SysWow64\vbrun60.inf
[2010/02/08 17:07:38 | 000,000,552 | ---- | C] () -- C:\Users\Everybody\AppData\Local\d3d8caps.dat
[2010/01/19 04:19:15 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009/12/23 09:55:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/12/19 09:11:24 | 000,006,656 | ---- | C] () -- C:\Users\Everybody\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/24 07:54:51 | 000,000,688 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/10/20 07:26:06 | 000,546,378 | ---- | C] () -- C:\Users\Everybody\AppData\Local\dd_ATL80SP1_KB973923MSI27AF.txt
[2009/10/20 07:26:06 | 000,011,780 | ---- | C] () -- C:\Users\Everybody\AppData\Local\dd_ATL80SP1_KB973923UI27AF.txt
[2009/10/14 04:29:37 | 000,000,294 | ---- | C] () -- C:\Users\Everybody\AppData\Roaming\TsUtilDlg.xml
[2009/10/12 07:29:56 | 000,004,157 | ---- | C] () -- C:\ProgramData\bwxcldpn.mmu
[2009/10/12 07:14:13 | 000,021,411 | ---- | C] () -- C:\Users\Everybody\AppData\Local\dd_depcheck_NETFX20_EXP_35.txt
[2009/10/12 07:14:11 | 000,076,718 | ---- | C] () -- C:\Users\Everybody\AppData\Local\dd_dotnetfx20install.txt
[2009/10/12 07:14:11 | 000,004,946 | ---- | C] () -- C:\Users\Everybody\AppData\Local\uxeventlog.txt
[2009/10/12 07:14:11 | 000,002,258 | ---- | C] () -- C:\Users\Everybody\AppData\Local\dd_dotnetfx20error.txt
[2009/10/05 12:59:58 | 000,000,035 | ---- | C] () -- C:\Windows\iltwain.ini
[2009/10/05 12:37:28 | 000,002,880 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/10/05 12:37:28 | 000,000,008 | RHS- | C] () -- C:\ProgramData\7131F26684.sys
[2009/10/05 04:42:52 | 000,000,000 | ---- | C] () -- C:\Users\Everybody\AppData\Roaming\FileOut.cns
[2009/10/05 04:42:52 | 000,000,000 | ---- | C] () -- C:\Users\Everybody\AppData\Roaming\FileIn.cns
[2009/10/04 15:18:58 | 000,700,310 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/10/04 09:19:51 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/04 09:19:41 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/10/04 08:29:24 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009/10/04 08:19:46 | 000,000,732 | ---- | C] () -- C:\Users\Everybody\AppData\Local\d3d9caps64.dat
[2009/10/04 08:03:11 | 000,084,735 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/10/04 08:03:09 | 000,084,735 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/17 10:13:30 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009/04/21 18:22:18 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/04/21 18:22:18 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/02/01 08:18:14 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\FlashSys.sys
[2005/11/07 10:01:19 | 000,121,562 | ---- | C] () -- C:\Windows\SysWow64\PicFormat32.dll
[2003/07/13 14:40:28 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\SAWZipNG.dll
[2002/03/13 16:46:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 877 bytes -> C:\Users\Everybody\Desktop\PC Pitstop.eml:OECustomProperty
< End of report >

Here is the Extras.txt

OTL Extras logfile created on: 2/04/2010 11:19:37 AM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Everybody\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.13 Gb Total Space | 422.08 Gb Free Space | 72.63% Space Free | Partition Type: NTFS
Drive D: | 15.02 Gb Total Space | 3.69 Gb Free Space | 24.57% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 465.83 Gb Total Space | 126.21 Gb Free Space | 27.09% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.77 Gb Total Space | 0.10 Gb Free Space | 2.72% Space Free | Partition Type: FAT32
Drive K: | 465.68 Gb Total Space | 329.30 Gb Free Space | 70.71% Space Free | Partition Type: NTFS

Computer Name: GAMING
Current User Name: Everybody
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 94 FD 37 73 76 44 CA 01 [binary data]
"VistaSp2" = C0 71 A9 B3 7A 44 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3037667337-302706344-1336644936-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{250A2A6F-87F1-4CCE-9543-AC3304FC6B27}" = lport=445 | protocol=6 | dir=in | app=system |
"{43245562-C74C-4C32-B441-F9C9D52AFCD3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{474A2073-E21B-4D92-8ED5-58D84D85BF0E}" = rport=139 | protocol=6 | dir=out | app=system |
"{4B0C16EC-0CF0-4B94-B8EB-D19B87B8C67E}" = lport=139 | protocol=6 | dir=in | app=system |
"{6084BF75-FA34-44BE-AF52-B1262FB8D6A3}" = lport=138 | protocol=17 | dir=in | app=system |
"{7F24EFFF-AD7A-441A-8B8D-A95C88774201}" = lport=137 | protocol=17 | dir=in | app=system |
"{8502C038-4931-4B97-A0E2-EE295E1F3670}" = rport=137 | protocol=17 | dir=out | app=system |
"{B12F93FA-E01D-4034-A971-6FCBF8247063}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C7A3A468-6F9A-40FF-9A47-76EB5C5592C4}" = rport=445 | protocol=6 | dir=out | app=system |
"{F7989289-8DF0-4C75-88DB-57F7E6C0A3A1}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B37503E-575C-48DA-8CD6-CE9BEAF0980B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1FED491A-F1B9-4B79-B36E-27F704910071}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21E4A444-B1C1-4FC2-8A6D-8FC0890DC2AB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3007489A-BAE2-4C8E-A69F-9EF3941606A4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{313A148A-9002-474E-A36B-E1272EBB9E5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4C1DEB5C-17E4-4387-B5E3-9B2453ED952A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe |
"{6E78DAD2-BD6A-4682-A82D-07EC5305FFC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe |
"{83E636B8-F909-4398-BB0B-417775C87361}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe |
"{8CB321CE-1D09-41B5-B086-FEEC39F9069E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9E7C62F0-C0BF-4891-95EE-1EBA2A6E733D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A881439B-0BE9-4EC3-98BF-181850A8C465}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ACB03F00-EBB5-44AD-9353-94148F7F0F31}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe |
"{D3E8FAD7-FAEA-4493-B9F4-2526F33BBD8D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D5CEA881-AB37-4C53-BB2A-3869B9603BFF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D76229B1-D693-4013-B65C-62856556007B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D9B6EC09-6DFB-42F9-BDC2-9C7E8ADE59A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E05B0D91-F8B3-4DE3-B89F-DEF29070295D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E7925DCC-A6B6-4C58-8D75-BBD1E34A7F02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{C6D18A05-B9B0-4E6C-8E58-7E7EDA752685}C:\program files (x86)\microsoft games\mechwarrior mercenaries downloadable trial\mw4mercs.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\mechwarrior mercenaries downloadable trial\mw4mercs.exe |
"UDP Query User{22FF9472-1304-4170-A454-0F3A0ACDD49A}C:\program files (x86)\microsoft games\mechwarrior mercenaries downloadable trial\mw4mercs.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\mechwarrior mercenaries downloadable trial\mw4mercs.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416019FF}" = Java(TM) 6 Update 19 (64-bit)
"{2ABC3A5A-CDC9-4251-A525-F49D6340FBC8}" = Sun VirtualBox
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4DE93F01-0488-417E-B65B-612586CA7548}" = Casper 5.0
"{634A0A5C-9B34-11DE-87AE-C7A555D89593}" = Nitro PDF Professional
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{84BC87D4-0480-4E10-B15D-1E7886D55180}" = iTunes
"{8ACE41AA-6262-43F7-B3E6-217C50803BBA}" = nHancer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99AE837E-BDD3-4163-860A-EEAA77289286}" = Microsoft Image Composite Editor
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{053A7E07-3D44-4CDB-B79C-EE8755BFD7D6}" = Class_50_Content_Update
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{1AC91509-E17B-46F7-A032-B54DCCA6E8BB}" = Microsoft Flight Simulator X Photo Scenery Display Update
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 18
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}" = Windows 7 Upgrade Advisor Beta
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49369237-6712-4376-8497-D9666BB2D34D}" = OpdiTracker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FCAA65E-086D-4D49-A292-A5E764667263}" = pptPlex from Microsoft Office Labs
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}" = MSTS Patch 1.8.0521 EN
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{88DA244E-4CEA-49E4-AD6A-301B65131E25}" = Shape Viewer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D03A164-B586-4318-AFE6-870A5E2739C1}" = PHOTORECOVERY LE
"{8EC99A51-84F2-4601-8675-151C41ADF77B}" = Weather OS
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Premium
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A527318B-95A1-4E8B-B7C6-70A02021D857}" = Movavi Video Editor - FREE Edition
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AD25A8FE-964F-48DB-B5C5-AD4DDB3895AD}" = System Requirements Lab
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF7C1B99-A250-45EF-B186-0C33B7308F95}" = SD40-2_Content_Update
"{CA5CC89E-23C7-4C11-B834-27CBB8AEB199}" = RWDecal2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype 4.1
"{DF270969-CDFB-4005-B0A1-0CE6F19AB76A}_is1" = MSTS Bernina Bahn v0.7.3
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"3DPM 3D-Sound Package" = 3DPM 3D-Sound Package
"3DPM 86' HI-CUBE BOXCAR "DT&I"" = 3DPM 86' HI-CUBE BOXCAR "DT&I"
"3DTS_SEARCH_LIGHT_SIGNALS_1.0" = 3DTS SEARCH LIGHT SIGNALS 1.0
"AceIt_is1" = AceIt v1.3.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alice Law" = Alice Law
"Audacity_is1" = Audacity 1.2.6
"Belarc Advisor" = Belarc Advisor 8.1
"CD Recovery Toolbox Free_is1" = CD Recovery Toolbox Free 1.1
"Color Efex Pro 3.0 Corel Sampler" = Color Efex Pro 3.0 Corel Sampler
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ConBuilder" = ConBuilder
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.5.3a
"Digital Image Recovery_is1" = Digital Image Recovery 1.0
"Disk Investigator" = Disk Investigator 1.4
"Easy Video Downloader_is1" = Easy Video Downloader v. 2.0
"EngMod 2.0" = EngMod 2.0
"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration
"F-Manager" = Fiesta Download Manager
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Game Booster_is1" = Game Booster
"HijackThis" = HijackThis 2.0.2
"ImageSkill Background Remover 3" = ImageSkill Background Remover 3
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"Kosmos 1.0" = Kosmos 1.0
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MechWarrior Mercenaries Downloadable Demo" = MechWarrior 4 Mercenaries Downloadable Trial
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"OpenAL" = OpenAL
"PC Pitstop Driver Alert2_is1" = PC Pitstop Driver Alert2 2.0.0.0
"PCAnalyzer_is1" = PCAnalyzer 0.1.2.1
"PDF Reader for Windows_is1" = PDF Reader for Windows 7
"PDFZilla_is1" = PDFZilla V1.0.8
"Product_Name" = Route Control
"PROR" = Microsoft Office Professional 2007
"Qimage" = Qimage
"RawShooter essentials 2006" = RawShooter essentials 2006
"Revo Uninstaller" = Revo Uninstaller 1.85
"Rigs of Rods" = Rigs of Rods 0.36.2
"RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X
"SD40-2 Sound Addon" = SD40-2 Sound Addon
"Soo Line Mega Pack" = Soo Line Mega Pack
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Flight Simulator X Service Pack 1
"ST6UNST #1" = MSTS Activity Analysis
"Steam App 24010" = RailWorks
"SystemRequirementsLab" = System Requirements Lab
"TA CP Holiday Express Add-on" = TA CP Holiday Express Add-on
"Tehachapi_Pass_Route_II_1.10" = Tehachapi Pass Route II 1.10
"Tehachapi_Pass_Route_II_UPDATE_1.1" = Tehachapi Pass Route II UPDATE 1.1
"TGATool2A_is1" = TGATool2A version 4.00.34
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Train Artisan RS-11 Trainset Add-on for MSTS" = Train Artisan RS-11 Trainset Add-on for MSTS
"Train Artisan USRA Mountain Loco Beta Release" = Train Artisan USRA Mountain Loco Beta Release
"Train Artisan VIA Passenger Car Set version 2.0" = Train Artisan VIA Passenger Car Set version 2.0
"Train Simulator 1.0" = Microsoft Train Simulator
"Train Store V3.2" = Train Store V3.2
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 1.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CNET TechTracker" = CNET TechTracker
"Quick Run Activity for Tokyo Hakone route" = Quick Run Activity for Tokyo Hakone route
"Route_Riter v7.1.32" = Route_Riter v7.1.32
"RW_Tools V2" = RW_Tools V2

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Bump

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Hi

Malwarebytes did not detect anything, here is the log,

cheers

Daniel

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3954

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/04/2010 8:31:36 AM
mbam-log-2010-04-05 (08-31-36).txt

Scan type: Quick scan
Objects scanned: 102956
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)