Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Virus


  • This topic is locked This topic is locked
11 replies to this topic

#1 JemmaM85

JemmaM85

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 21 February 2010 - 03:57 AM

Hi,

I have a trojan virus currently active on my laptop. I have tried several removal tools but when it looks like the threat has been removed it reappears after restart. I googled the problem and was advised to run hijack this and create a log which could be posted and someone would help identify the error. I would appreciate any help you can provide and have attached the log that was created.

Many thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 PM

Posted 23 February 2010 - 05:39 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 JemmaM85

JemmaM85
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 23 February 2010 - 04:43 PM

Hi Elise,

Thank you so much for the quick response. I have run the scans as requested and below are the received results.

OTL logfile created on: 23/02/2010 13:07:49 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Jemma\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 167.86 Gb Free Space | 75.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 3.32 Gb Free Space | 33.96% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEMMA-PC
Current User Name: Jemma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/23 13:07:25 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Jemma\Desktop\OTL.exe
PRC - [2010/02/23 13:03:45 | 000,095,232 | -HS- | M] () -- C:\Users\Jemma\AppData\Roaming\SystemProc\lsass.exe
PRC - [2010/02/17 20:48:14 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/17 20:48:14 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/17 20:48:14 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/17 20:48:14 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/17 20:48:13 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/17 20:48:09 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/02/17 20:48:09 | 000,827,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/02/17 20:48:09 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/30 07:25:25 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/01/27 00:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2010/01/02 06:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 06:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 06:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/06 21:39:25 | 001,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/01/02 12:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/27 21:20:09 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/10/04 19:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/09/24 04:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/09/17 05:17:12 | 000,225,362 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\stacsv.exe
PRC - [2008/09/17 05:17:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\AEstSrv.exe
PRC - [2008/08/05 12:17:22 | 000,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2008/08/05 12:17:20 | 003,563,520 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2008/08/05 12:16:24 | 002,654,208 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2008/07/10 13:11:10 | 002,605,056 | ---- | M] (O2) -- C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
PRC - [2008/05/07 23:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/02/21 22:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/02/18 18:37:42 | 000,214,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2007/08/22 08:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe


========== Modules (SafeList) ==========

MOD - [2010/02/23 13:07:25 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Jemma\Desktop\OTL.exe
MOD - [2010/02/17 20:48:55 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 06:28:23 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
MOD - [2009/04/11 06:28:19 | 000,444,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
MOD - [2009/04/11 06:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/17 20:48:09 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/02/17 20:48:09 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/30 09:58:07 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2010/01/22 19:16:30 | 000,545,576 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/12/04 08:35:12 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/06/05 10:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/26 15:34:08 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/06 21:39:25 | 001,245,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/01/02 12:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/12/12 11:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/27 21:25:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 15:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/10/04 19:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/09/24 04:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/09/17 05:17:12 | 000,225,362 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\stacsv.exe -- (STacSV)
SRV - [2008/09/17 05:17:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\AEstSrv.exe -- (AESTFilters)
SRV - [2008/09/05 11:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/08/05 12:17:22 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/05/07 23:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/03/24 13:35:22 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/02/21 22:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/02/18 18:37:42 | 000,214,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2008/02/01 18:08:50 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/22 08:21:30 | 000,055,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/02 12:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/02/17 20:48:55 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/02/17 20:48:54 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/17 20:48:37 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/17 20:48:37 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/03 09:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100220.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/03 09:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100220.022\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/20 03:02:57 | 000,286,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20100210.001\IDSvix86.sys -- (IDSvix86)
DRV - [2009/09/17 08:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/03 08:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/05/18 14:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/02/19 11:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/02/19 11:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/02/19 11:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 11:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 11:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 11:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/01/12 20:42:04 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/01/10 17:16:55 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/11/07 14:23:30 | 000,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/09/17 05:23:10 | 002,369,536 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/09/17 05:17:22 | 000,382,976 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/09/05 14:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/09/04 05:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/02 09:19:22 | 000,069,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/09/01 10:19:40 | 000,304,128 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/09/01 10:15:54 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/08/05 12:17:08 | 001,207,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/08/05 12:16:06 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/02/01 01:51:16 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/02/01 01:51:16 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/02/01 01:51:16 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/01/21 02:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/01/21 02:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 02:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/14 09:00:00 | 000,043,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/08/09 00:39:56 | 000,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007/04/19 11:09:42 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 06:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 47 D1 88 16 5F FA A6 4D AF 77 ED 0E 5A BE 89 B8 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 47 D1 88 16 5F FA A6 4D AF 77 ED 0E 5A BE 89 B8 [binary data]

IE - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&...amp;ibd=4081127
IE - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 47 D1 88 16 5F FA A6 4D AF 77 ED 0E 5A BE 89 B8 [binary data]
IE - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\S-1-5-21-2008054569-2245208186-1310476645-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\S-1-5-21-2008054569-2245208186-1310476645-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2009/01/26 22:53:31 | 000,000,000 | ---D | M] -- C:\Users\Jemma\AppData\Roaming\Mozilla\Firefox\extensions
[2009/01/26 22:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jemma\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010/02/15 22:43:32 | 000,000,743 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1688D147-FA5F-4DA6-AF77-ED0E5ABE89B8} - C:\Windows\System32\comsnap32.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [O2Start] C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton 360\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000..\Run: [RTHDBPL] C:\Users\Jemma\AppData\Roaming\SystemProc\lsass.exe ()
O4 - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\..Trusted Domains: game.co.uk ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\..Trusted Domains: hotmail.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\..Trusted Domains: msn.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\..Trusted Domains: 14 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2008054569-2245208186-1310476645-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\SYSTEM32\COMREPL32.DLL) - C:\Windows\System32\comrepl32.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\comrepl32.dll) - C:\Windows\System32\comrepl32.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Jemma\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jemma\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{056ea974-dc33-11dd-96b8-0023ae08524d}\Shell - "" = AutoRun
O33 - MountPoints2\{056ea974-dc33-11dd-96b8-0023ae08524d}\Shell\AutoRun\command - "" = D:\LiteAuto.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/23 13:07:06 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Jemma\Desktop\OTL.exe
[2010/02/21 08:40:17 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jemma\Desktop\HiJackThis.exe
[2010/02/20 19:04:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/02/20 19:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/20 17:57:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/02/20 17:46:54 | 000,000,000 | -HSD | C] -- C:\Users\Jemma\AppData\Roaming\SystemProc
[2010/02/19 23:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2010/02/17 20:48:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/17 20:48:55 | 000,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/02/17 20:48:55 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/02/17 20:48:54 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/02/17 20:48:37 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/02/17 20:48:37 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/02/17 20:48:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/02/17 20:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/02/17 20:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/02/17 20:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/02/15 22:43:10 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe
[2010/02/15 22:43:10 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe
[2010/02/15 22:43:10 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe
[2010/02/15 22:43:10 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe
[2010/02/15 22:43:10 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe
[2010/02/15 21:45:00 | 000,000,000 | ---D | C] -- C:\Users\Jemma\AppData\Roaming\Malwarebytes
[2010/02/15 21:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/15 19:04:14 | 000,000,000 | ---D | C] -- C:\Users\Jemma\AppData\Local\ElevatedDiagnostics
[2010/02/15 19:01:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/02/15 18:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS
[2010/02/15 09:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/02/14 21:45:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\1558801517
[2010/02/14 10:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec Temporary Files
[2010/02/14 09:46:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010/02/14 09:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/02/14 09:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/02/14 09:46:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207000.034
[2010/02/14 09:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/02/14 09:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/02/14 09:22:13 | 000,000,000 | ---D | C] -- C:\Users\Jemma\AppData\Roaming\Windows Live Writer
[2010/02/14 09:22:13 | 000,000,000 | ---D | C] -- C:\Users\Jemma\AppData\Local\Windows Live Writer
[2010/02/14 09:22:13 | 000,000,000 | ---D | C] -- C:\Users\Jemma\Documents\My Weblog Posts
[2010/02/13 13:10:37 | 000,000,000 | ---D | C] -- C:\Users\Jemma\Documents\My Received Files
[2010/02/13 13:09:17 | 000,000,000 | ---D | C] -- C:\Users\Jemma\Tracing
[2010/02/13 13:09:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/02/13 13:05:56 | 000,054,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fssfltr.sys
[2010/02/13 13:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/02/13 13:04:12 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010/02/13 13:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/02/13 13:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/02/13 13:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/02/13 12:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/02/13 12:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/02/13 12:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/02/13 11:01:43 | 000,181,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/10 13:47:22 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 13:47:22 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 13:47:14 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 13:47:13 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/10 13:47:13 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 13:47:13 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/03 23:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/03 09:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/02/03 08:13:03 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/02/03 08:13:02 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/02/03 08:13:02 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/02/03 08:12:36 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/02/03 08:12:36 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/02/03 08:12:35 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/02/03 08:12:35 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/02/03 08:12:35 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/02/03 08:12:35 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/02/03 08:12:35 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/02/03 08:12:35 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/02/03 08:12:35 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/02/03 08:12:35 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/02/03 08:12:35 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/02/03 08:12:35 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/02/03 08:12:35 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/02/03 08:12:35 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/02/03 08:12:34 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/02/03 08:12:34 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/02/03 08:12:34 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/02/03 08:12:34 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/02/03 08:12:34 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/02/03 08:12:34 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/02/03 08:12:34 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/02/03 08:12:34 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/02/03 08:12:34 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/02/03 08:12:34 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/02/03 08:12:34 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/02/03 08:12:09 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/02/03 08:12:09 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/02/03 08:12:07 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/02/03 08:12:05 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2010/02/03 08:12:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2010/02/03 08:12:04 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/02/03 08:12:04 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/02/03 08:12:04 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/02/03 08:12:04 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2010/02/03 08:12:04 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/02/03 08:12:04 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/02/03 08:12:04 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/02/03 08:11:11 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/02/03 08:11:11 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/02/02 10:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010/02/02 10:08:12 | 000,000,000 | ---D | C] -- C:\Users\Jemma\Office Genuine Advantage
[2010/02/02 08:20:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/02/02 08:19:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/02/02 08:19:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/02/02 07:58:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[4 C:\Users\Jemma\AppData\Roaming\*.tmp files -> C:\Users\Jemma\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/23 13:12:05 | 002,883,584 | -HS- | M] () -- C:\Users\Jemma\NTUSER.DAT
[2010/02/23 13:09:49 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/23 13:09:49 | 000,601,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/23 13:09:49 | 000,106,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/23 13:07:25 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Jemma\Desktop\OTL.exe
[2010/02/23 13:07:05 | 056,121,581 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/02/23 13:05:22 | 000,002,468 | -HS- | M] () -- C:\Users\Jemma\AppData\Roaming\02000000e307bb5f792P.manifest
[2010/02/23 13:01:30 | 000,000,615 | -HS- | M] () -- C:\Users\Jemma\AppData\Roaming\02000000e307bb5f792O.manifest
[2010/02/23 13:01:30 | 000,000,344 | -HS- | M] () -- C:\Users\Jemma\AppData\Roaming\02000000e307bb5f792C.manifest
[2010/02/23 13:01:30 | 000,000,011 | -HS- | M] () -- C:\Users\Jemma\AppData\Roaming\02000000e307bb5f792S.manifest
[2010/02/23 13:01:27 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/23 13:01:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/23 13:01:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/23 13:01:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/23 13:01:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/21 10:46:27 | 000,524,288 | -HS- | M] () -- C:\Users\Jemma\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/21 10:46:27 | 000,065,536 | -HS- | M] () -- C:\Users\Jemma\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/21 10:32:11 | 000,001,356 | ---- | M] () -- C:\Users\Jemma\AppData\Local\d3d9caps.dat
[2010/02/21 09:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/21 08:41:12 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jemma\Desktop\HiJackThis.exe
[2010/02/21 08:39:24 | 000,261,149 | ---- | M] () -- C:\Users\Jemma\Documents\Hijack this.docx
[2010/02/20 19:05:09 | 000,001,057 | ---- | M] () -- C:\Users\Jemma\Desktop\Spybot - Search & Destroy.lnk
[2010/02/20 18:34:30 | 000,299,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/20 17:52:18 | 000,000,020 | ---- | M] () -- C:\Users\Jemma\AppData\Roaming\3e5b0c0d
[2010/02/19 20:14:43 | 000,000,945 | ---- | M] () -- C:\Users\Jemma\Desktop\Launch Internet Explorer Browser.lnk
[2010/02/17 20:48:55 | 000,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/02/17 20:48:55 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/02/17 20:48:55 | 000,001,649 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/02/17 20:48:54 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/02/17 20:48:37 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/02/17 20:48:37 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/02/17 20:48:37 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/02/17 20:48:26 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/02/17 20:48:26 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/02/17 20:48:26 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/02/15 22:43:35 | 000,002,768 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/02/15 22:43:35 | 000,000,691 | ---- | M] () -- C:\Users\Jemma\AppData\Roaming\GetValue.vbs
[2010/02/15 22:43:35 | 000,000,035 | ---- | M] () -- C:\Users\Jemma\AppData\Roaming\SetValue.bat
[2010/02/15 19:00:42 | 003,276,800 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/02/15 19:00:41 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/02/15 19:00:41 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/02/14 21:46:06 | 000,000,000 | ---- | M] () -- C:\Windows\System32\]
[2010/02/14 21:45:00 | 000,203,776 | -HS- | M] () -- C:\Windows\System32\unrar.exe
[2010/02/14 11:00:02 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Jemma.job
[2010/02/14 09:46:48 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207000.034\isolate.ini
[2010/02/13 16:50:14 | 000,008,248 | ---- | M] () -- C:\Users\Jemma\AppData\Local\en.ini
[2010/02/12 22:17:07 | 000,064,512 | ---- | M] () -- C:\Users\Jemma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/12 20:11:29 | 000,198,144 | ---- | M] () -- C:\Windows\System32\comsnap32.dll
[2010/02/12 20:11:27 | 000,128,512 | ---- | M] () -- C:\Windows\System32\comrepl32.dll
[2010/02/03 23:20:05 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/03 09:53:31 | 000,070,176 | ---- | M] () -- C:\Users\Jemma\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/03 09:44:12 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/02/03 09:43:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/02/01 07:52:59 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/29 11:16:26 | 002,213,888 | ---- | M] () -- C:\Users\Jemma\Documents\cgq03585.xls
[2010/01/25 13:29:25 | 000,014,173 | ---- | M] () -- C:\Users\Jemma\Documents\Jemma Morris CV.docx
[4 C:\Users\Jemma\AppData\Roaming\*.tmp files -> C:\Users\Jemma\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/21 08:39:21 | 000,261,149 | ---- | C] () -- C:\Users\Jemma\Documents\Hijack this.docx
[2010/02/20 19:05:09 | 000,001,057 | ---- | C] () -- C:\Users\Jemma\Desktop\Spybot - Search & Destroy.lnk
[2010/02/20 17:52:18 | 000,000,020 | ---- | C] () -- C:\Users\Jemma\AppData\Roaming\3e5b0c0d
[2010/02/19 20:14:43 | 000,000,945 | ---- | C] () -- C:\Users\Jemma\Desktop\Launch Internet Explorer Browser.lnk
[2010/02/17 20:48:55 | 000,001,649 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/02/17 20:48:37 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/02/17 20:48:26 | 056,121,581 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/02/17 20:48:26 | 006,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/02/17 20:48:26 | 000,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/02/17 20:48:26 | 000,142,495 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/02/15 22:43:10 | 000,075,776 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2010/02/15 22:43:10 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2010/02/15 22:43:10 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2010/02/15 20:51:46 | 000,000,691 | ---- | C] () -- C:\Users\Jemma\AppData\Roaming\GetValue.vbs
[2010/02/15 20:51:46 | 000,000,035 | ---- | C] () -- C:\Users\Jemma\AppData\Roaming\SetValue.bat
[2010/02/15 20:51:45 | 000,002,768 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010/02/15 19:00:07 | 003,276,800 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/02/15 19:00:07 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/02/15 19:00:07 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/02/14 21:46:06 | 000,000,000 | ---- | C] () -- C:\Windows\System32\]
[2010/02/14 21:45:00 | 000,203,776 | -HS- | C] () -- C:\Windows\System32\unrar.exe
[2010/02/14 09:46:51 | 000,000,474 | ---- | C] () -- C:\Windows\tasks\Norton Security Scan for Jemma.job
[2010/02/14 09:46:48 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207000.034\isolate.ini
[2010/02/13 16:50:14 | 000,008,248 | ---- | C] () -- C:\Users\Jemma\AppData\Local\en.ini
[2010/02/12 20:11:28 | 000,198,144 | ---- | C] () -- C:\Windows\System32\comsnap32.dll
[2010/02/12 20:11:28 | 000,002,468 | -HS- | C] () -- C:\Users\Jemma\AppData\Roaming\02000000e307bb5f792P.manifest
[2010/02/12 20:11:28 | 000,000,615 | -HS- | C] () -- C:\Users\Jemma\AppData\Roaming\02000000e307bb5f792O.manifest
[2010/02/12 20:11:28 | 000,000,344 | -HS- | C] () -- C:\Users\Jemma\AppData\Roaming\02000000e307bb5f792C.manifest
[2010/02/12 20:11:28 | 000,000,011 | -HS- | C] () -- C:\Users\Jemma\AppData\Roaming\02000000e307bb5f792S.manifest
[2010/02/12 20:11:27 | 000,128,512 | ---- | C] () -- C:\Windows\System32\comrepl32.dll
[2010/02/03 23:20:05 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/03 09:44:12 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/02/03 09:43:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/02/01 07:52:59 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/01/30 13:08:38 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/30 13:08:31 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/25 13:29:24 | 000,014,173 | ---- | C] () -- C:\Users\Jemma\Documents\Jemma Morris CV.docx
[2010/01/24 21:41:26 | 002,213,888 | ---- | C] () -- C:\Users\Jemma\Documents\cgq03585.xls
[2009/10/23 18:40:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/01/12 20:16:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/01/12 20:11:18 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/01/12 19:11:54 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/01/12 19:11:54 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/12 19:06:24 | 000,040,960 | ---- | C] () -- C:\Windows\unS4105.dll
[2009/01/10 14:37:37 | 000,001,356 | ---- | C] () -- C:\Users\Jemma\AppData\Local\d3d9caps.dat
[2009/01/06 22:45:39 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2009/01/04 19:59:32 | 000,064,512 | ---- | C] () -- C:\Users\Jemma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/27 22:53:53 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1489.dll
[2008/11/27 21:15:10 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/06/29 09:25:12 | 000,033,664 | ---- | C] () -- C:\Windows\System32\drivers\TsWlan.sys
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >


OTL Extras logfile created on: 23/02/2010 13:07:50 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Jemma\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 167.86 Gb Free Space | 75.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 3.32 Gb Free Space | 33.96% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JEMMA-PC
Current User Name: Jemma
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20524ED2-36A9-437D-82E4-D8057BF37244}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5E5613C4-7FF1-44A7-8183-1592A008FB75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{044DD4B1-D2F6-4961-9E66-72D35369C45E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{07BA8189-04C0-40C5-9102-C2BED5443E74}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{24A500F1-E56B-4C0D-98EF-C389C8FF0415}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{31ABB0E6-8D70-4099-8376-B9D5A2F2712F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3358265D-7F75-413F-B592-FBC10708AB27}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{56F3BE6A-0988-4BFE-B7F8-307F68BD625A}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{6C9BB21F-49BB-495F-8425-FB76C2390AB6}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{76918ACF-B68D-4893-B72E-15C09A136953}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{7A0E2CCD-DFAF-401C-9B31-837B402A33D7}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{8459424C-1A37-46C8-9F51-118D348791F9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8DFF7428-FE5B-4D82-A918-64626F507CBE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{909DFCDF-0935-4956-B7C3-40C5003602FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ABE5D2E0-3B29-436C-AC24-9033C838EE21}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AD57E076-A0D4-4CB9-9C48-5C0A29F36AFA}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{AFB714A1-512E-4E02-9932-989C7C8B83DA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B74D2954-EF03-46C1-907F-5ED4D3A210C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C2B531C2-D6BF-4AB1-82AE-D7463B594250}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{C66A059A-D149-485C-BCBA-69D47766ADB1}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{CA00FD68-B7EE-4828-85FE-8B548A88DE65}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{DC8BD128-F48A-461C-BA24-B5819FD6FEB8}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{EAFB1AB5-9858-455F-8A93-F805DCCF26D6}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{EE321F9F-0B0D-4010-B6E7-B33AA13BBC0B}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{EEC1A96D-4458-4F6B-BF2D-115F93A82FDB}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{FB71F08D-E647-480A-A00A-A33F702E545D}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"TCP Query User{398908A9-960E-4135-97DF-BBD4B7541228}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{3B4ED08B-B150-48A9-83F2-3B818C510781}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0590062B-1E79-4717-B1AC-45B6DCA43B36}" = GEAR driver installer for x86 and x64
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{39EEEA22-34DE-46E2-8F17-A88948B635EE}" = Samsung USB Driver
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3D44E610-A7DF-4015-9F64-0686346AC169}" = SymNet
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}" = Bonus
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69CCCF13-601F-43FC-A4A7-4A2ADF0821D1}" = Norton AntiVirus Help
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{779F426C-A8F3-414B-B7AF-B6BDC9B8E040}" = CC_ccProxyExt
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85C411A0-9A9F-4C74-9EEB-BA50EB9D2E4D}" = O2 Connection Manager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB70ABEC-771B-47CB-9E41-DF77DE4FFC5C}" = ccPxyCore
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8176C35-0C2D-4142-9ED4-81861ECAB403}" = CIB
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F413B69D-4AD6-42AB-AEA5-0548989FAD50}" = Norton 360
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"4oD" = 4oD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ask Toolbar_is1" = Ask Toolbar
"AVG9Uninstall" = AVG 9.0
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NSS" = Norton Security Scan
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SymSetup.{420F8FCF-8F5E-4518-A5B3-FBBD56B98FEC}" = Norton Add-on Pack (Symantec Corporation)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/02/2010 08:13:05 | Computer Name = Jemma-PC | Source = Google Update | ID = 20
Description =

Error - 08/02/2010 09:13:05 | Computer Name = Jemma-PC | Source = Google Update | ID = 20
Description =

Error - 08/02/2010 10:13:05 | Computer Name = Jemma-PC | Source = Google Update | ID = 20
Description =

Error - 08/02/2010 10:16:03 | Computer Name = Jemma-PC | Source = EventSystem | ID = 4621
Description =

Error - 08/02/2010 16:08:46 | Computer Name = Jemma-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/02/2010 16:58:15 | Computer Name = Jemma-PC | Source = EventSystem | ID = 4621
Description =

Error - 09/02/2010 05:42:09 | Computer Name = Jemma-PC | Source = WinMgmt | ID = 10
Description =

Error - 09/02/2010 08:38:58 | Computer Name = Jemma-PC | Source = WinMgmt | ID = 10
Description =

Error - 09/02/2010 11:13:06 | Computer Name = Jemma-PC | Source = Google Update | ID = 20
Description =

Error - 09/02/2010 20:04:40 | Computer Name = Jemma-PC | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 06/01/2010 19:10:54 | Computer Name = Jemma-PC | Source = WLAN-Tray | ID = 0
Description = 23:10:54, Wed, Jan 06, 10 Error - User "" does not have administrative
privileges on this system

Error - 13/01/2010 11:44:19 | Computer Name = Jemma-PC | Source = WLAN-Tray | ID = 0
Description = 15:44:19, Wed, Jan 13, 10 Error - User "" does not have administrative
privileges on this system

Error - 14/01/2010 15:19:23 | Computer Name = Jemma-PC | Source = WLAN-Tray | ID = 0
Description = 19:19:23, Thu, Jan 14, 10 Error - User "" does not have administrative
privileges on this system

Error - 14/01/2010 19:02:22 | Computer Name = Jemma-PC | Source = WLAN-Tray | ID = 0
Description = 23:02:22, Thu, Jan 14, 10 Error - User "" does not have administrative
privileges on this system

Error - 15/01/2010 19:11:22 | Computer Name = Jemma-PC | Source = WLAN-Tray | ID = 0
Description = 23:11:22, Fri, Jan 15, 10 Error - User "" does not have administrative
privileges on this system

Error - 16/01/2010 18:42:19 | Computer Name = Jemma-PC | Source = WLAN-Tray | ID = 0
Description = 22:42:19, Sat, Jan 16, 10 Error - User "" does not have administrative
privileges on this system

Error - 14/02/2010 17:47:17 | Computer Name = Jemma-PC | Source = WLAN-Tray | ID = 0
Description = 21:47:17, Sun, Feb 14, 10 Error - User "" does not have administrative
privileges on this system

Error - 14/02/2010 17:47:17 | Computer Name = Jemma-PC | Source = WLAN-Tray | ID = 0
Description = 21:47:17, Sun, Feb 14, 10 Error - User "" does not have administrative
privileges on this system

Error - 15/02/2010 17:00:49 | Computer Name = Jemma-PC | Source = WLAN-Tray | ID = 0
Description = 21:00:49, Mon, Feb 15, 10 Error - Unable to gain access to user store


Error - 21/02/2010 05:17:28 | Computer Name = Jemma-PC | Source = WLAN-Tray | ID = 0
Description = 09:17:28, Sun, Feb 21, 10 Error - User "" does not have administrative
privileges on this system

[ OSession Events ]
Error - 24/01/2009 10:03:55 | Computer Name = Jemma-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 849
seconds with 420 seconds of active time. This session ended with a crash.

Error - 24/01/2009 10:06:01 | Computer Name = Jemma-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 115
seconds with 60 seconds of active time. This session ended with a crash.

Error - 25/01/2009 18:18:25 | Computer Name = Jemma-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 799
seconds with 60 seconds of active time. This session ended with a crash.

Error - 26/01/2009 16:58:08 | Computer Name = Jemma-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1369
seconds with 360 seconds of active time. This session ended with a crash.

Error - 26/01/2009 17:00:09 | Computer Name = Jemma-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 102
seconds with 60 seconds of active time. This session ended with a crash.

Error - 26/01/2009 17:40:12 | Computer Name = Jemma-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1197
seconds with 840 seconds of active time. This session ended with a crash.

Error - 26/01/2009 18:18:32 | Computer Name = Jemma-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 851
seconds with 300 seconds of active time. This session ended with a crash.

Error - 07/03/2009 18:44:36 | Computer Name = Jemma-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2523
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 08/03/2009 16:07:00 | Computer Name = Jemma-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1116
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 13/07/2009 14:22:32 | Computer Name = Jemma-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 99
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 21/02/2010 06:30:53 | Computer Name = Jemma-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/02/2010 06:30:53 | Computer Name = Jemma-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/02/2010 06:30:53 | Computer Name = Jemma-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/02/2010 06:31:00 | Computer Name = Jemma-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 21/02/2010 06:34:50 | Computer Name = Jemma-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/02/2010 06:34:50 | Computer Name = Jemma-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/02/2010 06:37:11 | Computer Name = Jemma-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/02/2010 06:37:11 | Computer Name = Jemma-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23/02/2010 09:01:48 | Computer Name = Jemma-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 23/02/2010 09:01:48 | Computer Name = Jemma-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-23 21:28:38
Windows 6.0.6002 Service Pack 2
Running: msmg0688.exe; Driver: C:\Users\Jemma\AppData\Local\Temp\uglcypoc.sys


---- System - GMER 1.0.15 ----

SSDT 870E1AF8 ZwAlertResumeThread
SSDT 86A72BF8 ZwAlertThread
SSDT 86A814A8 ZwAllocateVirtualMemory
SSDT 870504F0 ZwAlpcConnectPort
SSDT 86F82620 ZwCreateMutant
SSDT 870223D0 ZwCreateThread
SSDT 87104D18 ZwDebugActiveProcess
SSDT 87052458 ZwFreeVirtualMemory
SSDT 86F826F0 ZwImpersonateAnonymousToken
SSDT 87102A30 ZwImpersonateThread
SSDT 87052378 ZwMapViewOfSection
SSDT 87104688 ZwOpenEvent
SSDT 8710E820 ZwOpenProcessToken
SSDT 87104DF8 ZwOpenSection
SSDT 87054500 ZwOpenThreadToken
SSDT 870F7EA8 ZwResumeThread
SSDT 87054440 ZwSetContextThread
SSDT 87100F80 ZwSetInformationProcess
SSDT 86F97368 ZwSetInformationThread
SSDT 87104EB8 ZwSuspendProcess
SSDT 86A7E978 ZwSuspendThread
SSDT \??\C:\Windows\system32\drivers\CO_Mon.sys ZwTerminateProcess [0x811FC760]
SSDT 86F972E8 ZwTerminateThread
SSDT 870FF8F0 ZwUnmapViewOfSection
SSDT 87062DA0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 81EF4880 8 Bytes [F8, 1A, 0E, 87, F8, 2B, A7, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 81EF4894 4 Bytes [A8, 14, A8, 86] {TEST AL, 0x14; TEST AL, 0x86}
.text ntkrnlpa.exe!KeSetEvent + 13D 81EF48A0 4 Bytes [F0, 04, 05, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81EF4958 4 Bytes [20, 26, F8, 86]
.text ntkrnlpa.exe!KeSetEvent + 221 81EF4984 4 Bytes [D0, 23, 02, 87]
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Thanks again I look forward to your response.

Jemma

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 PM

Posted 24 February 2010 - 05:59 AM

Hello JemmaM85,

UNINSTALL PROGRAMS
--------------------------------
Go to Start > Control Panel > Add or Remove Programs.

Remove the following programs, if they are present.

    Ask Toolbar
If you are unsure of how to use Add or Remove Programs, then please see this tutorial:
How To Remove An Installed Program From Your Computer


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 JemmaM85

JemmaM85
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 24 February 2010 - 04:40 PM

Hi Elise,

I have uninstalled the Ask Toolbar and then run the Combofix tool the report is below.

ComboFix 10-02-24.01 - Jemma 24/02/2010 21:00:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3034.1555 [GMT 0:00]
Running from: c:\users\Jemma\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: Norton 360 *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2008054569-2245208186-1310476645-500
c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\users\Jemma\AppData\Roaming\02000000e307bb5f792C.manifest
c:\users\Jemma\AppData\Roaming\02000000e307bb5f792O.manifest
c:\users\Jemma\AppData\Roaming\02000000e307bb5f792P.manifest
c:\users\Jemma\AppData\Roaming\02000000e307bb5f792S.manifest
c:\users\Jemma\AppData\Roaming\759C.tmp
c:\users\Jemma\AppData\Roaming\SystemProc
c:\users\Jemma\AppData\Roaming\SystemProc\lsass.exe
c:\windows\system32\1558801517
c:\windows\system32\comrepl32.dll
c:\windows\system32\comsnap32.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\oem5.inf
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\unrar.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-24 to 2010-02-24 )))))))))))))))))))))))))))))))
.

2010-02-24 21:06 . 2010-02-24 21:08 -------- d-----w- c:\users\Jemma\AppData\Local\temp
2010-02-24 20:37 . 2010-02-24 20:37 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-02-23 20:31 . 2010-02-23 20:31 -------- d-----w- c:\users\Jemma\AppData\Roaming\AVG9
2010-02-20 19:04 . 2010-02-20 19:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-20 19:04 . 2010-02-20 19:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-20 17:57 . 2010-02-20 17:57 -------- d-----w- c:\windows\Sun
2010-02-19 23:18 . 2010-02-20 18:11 -------- d-----w- c:\programdata\RegCure
2010-02-17 20:48 . 2010-02-17 20:51 -------- d-----w- C:\$AVG
2010-02-17 20:48 . 2010-02-17 20:48 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-17 20:48 . 2010-02-17 20:48 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-17 20:48 . 2010-02-17 20:48 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-17 20:48 . 2010-02-17 20:48 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-17 20:48 . 2010-02-17 20:48 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-17 20:48 . 2010-02-23 13:07 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-17 20:48 . 2010-02-17 20:50 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-02-17 20:48 . 2010-02-17 20:48 -------- d-----w- c:\program files\AVG
2010-02-17 20:48 . 2010-02-17 20:48 -------- d-----w- c:\programdata\avg9
2010-02-15 21:45 . 2010-02-15 21:45 -------- d-----w- c:\users\Jemma\AppData\Roaming\Malwarebytes
2010-02-15 21:44 . 2010-02-15 21:44 -------- d-----w- c:\programdata\Malwarebytes
2010-02-15 19:04 . 2010-02-15 19:04 -------- d-----w- c:\users\Jemma\AppData\Local\ElevatedDiagnostics
2010-02-15 18:59 . 2010-02-15 18:59 -------- d-----w- c:\program files\Microsoft ATS
2010-02-15 09:28 . 2010-02-15 09:28 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-14 10:56 . 2010-02-14 10:56 -------- d-----w- c:\programdata\Symantec Temporary Files
2010-02-14 09:46 . 2010-02-14 09:46 -------- d-----w- c:\programdata\Norton
2010-02-14 09:46 . 2010-02-14 09:46 -------- d-----w- c:\windows\system32\drivers\NSS
2010-02-14 09:46 . 2010-02-14 09:46 -------- d-----w- c:\program files\Norton Security Scan
2010-02-14 09:46 . 2010-02-14 09:46 -------- d-----w- c:\programdata\NortonInstaller
2010-02-14 09:46 . 2010-02-14 09:46 -------- d-----w- c:\program files\NortonInstaller
2010-02-14 09:22 . 2010-02-14 09:22 -------- d-----w- c:\users\Jemma\AppData\Roaming\Windows Live Writer
2010-02-14 09:22 . 2010-02-14 09:22 -------- d-----w- c:\users\Jemma\AppData\Local\Windows Live Writer
2010-02-13 13:09 . 2010-02-24 20:25 -------- d-----w- c:\users\Jemma\Tracing
2010-02-13 13:05 . 2009-08-05 22:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-02-13 13:05 . 2010-02-13 13:05 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-13 13:04 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-02-13 13:04 . 2010-02-13 13:04 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-13 13:02 . 2010-02-13 13:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-02-13 13:02 . 2010-02-13 13:05 -------- d-----w- c:\program files\Windows Live
2010-02-13 12:51 . 2010-02-13 12:51 -------- d-----w- c:\program files\Common Files\Windows Live
2010-02-13 12:50 . 2010-02-13 13:03 -------- d-----w- c:\program files\Microsoft
2010-02-13 12:50 . 2010-02-13 12:50 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-13 11:01 . 2010-01-14 11:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-08 20:16 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-02-07 18:19 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-02-07 18:19 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2010-02-03 23:19 . 2010-02-03 23:20 -------- d-----w- c:\program files\iTunes
2010-02-03 09:49 . 2010-02-03 09:49 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-03 08:13 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-02-03 08:13 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-02-03 08:13 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-02-03 08:11 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-02-03 08:11 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-02-03 08:11 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-02-02 10:08 . 2010-02-02 10:08 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-02-02 10:08 . 2010-02-02 10:08 -------- d-----w- c:\users\Jemma\Office Genuine Advantage
2010-02-02 08:20 . 2010-02-02 08:20 -------- d-----w- c:\windows\system32\ca-ES
2010-02-02 08:19 . 2010-02-02 08:20 -------- d-----w- c:\windows\system32\eu-ES
2010-02-02 08:19 . 2010-02-02 08:20 -------- d-----w- c:\windows\system32\vi-VN
2010-02-02 07:58 . 2010-02-02 07:58 -------- d-----w- c:\windows\system32\EventProviders

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 21:11 . 2009-02-28 18:44 -------- d-----w- c:\programdata\Kontiki
2010-02-21 10:32 . 2009-01-10 14:37 1356 ----a-w- c:\users\Jemma\AppData\Local\d3d9caps.dat
2010-02-19 19:12 . 2010-02-19 19:12 749568 --sha-w- c:\users\Jemma\AppData\Roaming\109.tmp
2010-02-17 20:50 . 2010-02-17 20:50 737280 --sha-w- c:\users\Jemma\AppData\Roaming\D00B.tmp
2010-02-17 20:48 . 2010-02-18 18:31 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-02-17 20:48 . 2010-02-18 18:31 1260800 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-02-15 22:43 . 2010-02-15 20:51 691 ----a-w- c:\users\Jemma\AppData\Roaming\GetValue.vbs
2010-02-15 22:43 . 2010-02-15 20:51 35 ----a-w- c:\users\Jemma\AppData\Roaming\SetValue.bat
2010-02-15 22:43 . 2010-02-15 20:51 35 ----a-w- c:\users\Jemma\AppData\Roaming\SetValue.bat
2010-02-14 22:54 . 2008-11-27 21:25 -------- d-----w- c:\program files\Common Files\SureThing Shared
2010-02-14 22:54 . 2009-01-04 17:24 -------- d-----w- c:\programdata\Microsoft Help
2010-02-14 22:54 . 2008-11-27 21:23 -------- d-----w- c:\program files\Roxio
2010-02-14 22:54 . 2008-11-27 21:23 -------- d-----w- c:\program files\Microsoft Works
2010-02-14 22:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-14 10:58 . 2009-01-06 21:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-14 10:58 . 2009-01-06 21:30 -------- d-----w- c:\programdata\Symantec
2010-02-14 10:58 . 2010-02-14 10:56 22768552 ----a-w- c:\programdata\Symantec Temporary Files\ADDON_ESD.exe
2010-02-12 20:11 . 2010-02-12 20:11 738304 --sha-w- c:\users\Jemma\AppData\Roaming\E554.tmp
2010-02-03 23:19 . 2009-01-04 19:05 -------- d-----w- c:\program files\iPod
2010-02-03 23:19 . 2009-01-06 22:03 -------- d-----w- c:\program files\Common Files\Apple
2010-02-03 23:14 . 2010-02-03 23:14 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-03 09:53 . 2009-01-04 17:10 70176 ----a-w- c:\users\Jemma\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-03 09:49 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-03 09:44 . 2010-02-03 09:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-03 09:43 . 2010-02-03 09:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-03 09:00 . 2010-02-23 21:40 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100223.004\NAVENG.SYS
2010-02-03 09:00 . 2010-02-23 21:40 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100223.004\NAVEX15.SYS
2010-02-03 09:00 . 2010-02-21 08:39 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100220.022\NAVENG.SYS
2010-02-03 09:00 . 2010-02-21 08:39 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100220.022\NAVEX15.SYS
2010-02-03 09:00 . 2010-02-15 18:47 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100215.002\NAVENG.SYS
2010-02-03 09:00 . 2010-02-15 18:47 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100215.002\NAVEX15.SYS
2010-02-02 08:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-02 08:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-02 08:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-02-02 08:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-02 08:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-02 08:20 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-01 07:52 . 2008-11-27 21:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-30 09:58 . 2008-11-27 21:19 -------- d-----w- c:\program files\Google
2010-01-30 07:12 . 2010-01-30 07:12 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbDA2A.tmp.exe
2010-01-25 18:15 . 2009-02-28 18:44 -------- d-----w- c:\program files\Kontiki
2010-01-02 06:38 . 2010-01-21 22:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 22:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 22:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 22:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-16 21:53 . 2009-12-16 21:53 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-11 11:43 . 2010-02-10 13:47 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 13:47 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-10 09:00 . 2010-02-23 21:40 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100223.004\CCERASER.DLL
2009-12-10 09:00 . 2010-02-21 08:39 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100220.022\CCERASER.DLL
2009-12-10 09:00 . 2010-02-15 18:47 2747440 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100215.002\CCERASER.DLL
2009-12-08 20:01 . 2010-02-10 13:47 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 13:47 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 13:47 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 13:47 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 13:47 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 13:47 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 13:47 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 13:47 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 13:47 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 13:47 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 13:47 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 13:47 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 13:47 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 13:47 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 13:47 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-03 09:52 . 2009-12-03 09:52 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb905E.tmp.exe
2009-11-27 20:49 . 2009-11-27 20:47 13944160 ----a-w- c:\users\Jemma\AppData\Roaming\OpenCandy\IE8-WindowsVista-x86-ENU.exe
2009-11-27 20:46 . 2009-11-27 20:46 265768 ----a-w- c:\users\Jemma\AppData\Roaming\OpenCandy\IE8Wrapper.exe
2008-11-27 22:40 . 2008-11-27 22:39 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-27 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"O2Start"="c:\program files\O2CM-CE\O2 Connection Manager\tscui.exe" [2008-07-10 2605056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-27 21:25 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
2009-01-02 12:05 1041960 ----a-w- c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 15:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 01:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-09-04 05:29 200704 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 15:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-12-04 08:35 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-09-17 05:23 170520 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-05-07 23:41 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-09-17 05:23 150040 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-01-22 19:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 20:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-09-17 05:23 145944 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]
2008-08-27 06:29 1662032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-09-17 05:17 442460 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:66,98,bc,81,e1,a3,ca,01

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [17/02/2010 20:48 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [17/02/2010 20:48 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [17/02/2010 20:48 360584]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100210.001\IDSvix86.sys [13/02/2010 08:57 286768]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\AEstSrv.exe [27/11/2008 22:53 73728]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [17/02/2010 20:48 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/02/2010 20:48 285392]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [24/09/2008 04:09 155648]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 19:37 149352]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [20/02/2010 19:05 1153368]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [17/02/2010 20:46 102448]
R3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [13/02/2010 13:05 54632]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 11:31 41008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/01/2010 09:58 135664]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [13/01/2008 02:32 23888]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27/11/2008 21:20 30192]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 09:58]

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 09:58]

2010-02-14 c:\windows\Tasks\Norton Security Scan for Jemma.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-02-14 11:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4081127
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: game.co.uk\www
Trusted Zone: hotmail.com\www
Trusted Zone: msn.com\www
.
- - - - ORPHANS REMOVED - - - -

BHO-{1688D147-FA5F-4DA6-AF77-ED0E5ABE89B8} - c:\windows\System32\comsnap32.dll
HKCU-Run-RTHDBPL - c:\users\Jemma\AppData\Roaming\SystemProc\lsass.exe
MSConfigStartUp-RTHDBPL - c:\users\Jemma\AppData\Local\Temp\A749.tmp



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
RTHDBPL = c:\users\Jemma\AppData\Roaming\SystemProc\lsass.exe?????????????????????????????????#???????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(488)
c:\windows\system32\WSCAPI.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\System32\drprov.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_85b55258\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\VAScanner\comHost.exe
c:\progra~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Kontiki\KService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-02-24 21:14:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-24 21:13

Pre-Run: 180,207,083,520 bytes free
Post-Run: 180,145,463,296 bytes free

- - End Of File - - FEA9B0DE12E64448EE207E85CE95A3C7

Thanks

Jemma

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 PM

Posted 25 February 2010 - 03:15 AM

Hello JemmaM85,

TWO ANTIVIRUS PROGRAMS
---------------------------------------
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG or Norton.


UPDATE JAVA
------------------
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include the following:
  • MBAM log

Edited by elise025, 25 February 2010 - 03:17 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 JemmaM85

JemmaM85
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 25 February 2010 - 06:33 AM

Hi Elise,

I have removed AVG so I now just have Norton running. I normally only have Norton, I downloaded AVG to see if it could pick up the virus when Norton didn't seem to know it was there. But it's gone now I am back to just having Norton.

I have updated to the new version of Java and removed the old one, it is also set to automatically update when the new versions become available so hopefully it won't get so out of date again.

I have installed and run the Malwarebytes scan and here are the results after completing all steps mentioned in your last response.

Malwarebytes' Anti-Malware 1.44
Database version: 3788
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

25/02/2010 11:23:31
mbam-log-2010-02-25 (11-23-31).txt

Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 261682
Time elapsed: 1 hour(s), 24 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Users\Jemma\AppData\Roaming\759C.tmp.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Users\Jemma\AppData\Roaming\SystemProc\lsass.exe.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\COMREPL32.DLL.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\System32\comsnap32.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Jemma\AppData\Roaming\109.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Jemma\AppData\Roaming\D00B.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Jemma\AppData\Roaming\E554.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.

Thanks again for all your help so far.

Jemma

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 PM

Posted 25 February 2010 - 06:38 AM

Hello JemmaM85,

Well done! Things are looking good now. Do you have any problem left?

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

In your next reply, please include the following:
  • ESET online scan results

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 JemmaM85

JemmaM85
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 25 February 2010 - 11:56 AM

Hi Elise,

It seems to be better the start-up and shut down and general running are much faster and smoother. Also when I am online I am no longer getting the random websites appear at all which was happening everytime I opened a website.

I have run the ESET Online scanner and it came back saying that it found no threats at all.

Does this mean that I no longer have a virus am I fixed.

Jemma

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 PM

Posted 25 February 2010 - 12:13 PM

Hello JemmaM85,

Indeed, your computer now has a clean bill of health dry.gif

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean smile.gif

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing sad.gif.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 JemmaM85

JemmaM85
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 25 February 2010 - 01:14 PM

Hi Elise,

Thank you sooooo much for sorting that out for me I really appreciate it and I will make sure I follow the steps to keep it clean in future.

Thank you again thumbup.gif

Jemma

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 PM

Posted 25 February 2010 - 01:20 PM

Hi Jemma, you are welcome smile.gif

This topic will now be closed. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users