Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

win32 heur? - Please help


  • This topic is locked This topic is locked
13 replies to this topic

#1 footstuck

footstuck

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 09 September 2010 - 01:59 AM

Hi guys,
I wondered if you can help me?
My system started slowing 3 days ago and I began receiving warnings from AVG of various threats including one that I remember as being called win32/heur. I realized that it was something more serious than I had encountered before, so I then downloaded:

1. malwarebytes
2. adaware
3. Spybot

I ran all three and they all found multiple trojans, droppers, agents etc.
Once again, realizing the seriousness of the infection, I started following your pre-posting instructions. I created dds logs and was in the process of running a gmer scan when my laptop shut down.
I then started in safe mode and was preparing the gmer log when the computer froze as a result of
Isass.exe and winlogon.exe using 100% of the cpu. The machine then blue screened. I didn't get the error message as it was right at the end of the memory dump when I spotted it. It auto-restarted and I finally succeeded in saving a version of the gmer log.

Help me Obi-Wan Kenobi. You're my only hope.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Spongo at 8:06:35.10 on 08/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2215 [GMT 1:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Spongo\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG9\avgtray .exe
C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Spongo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://uk.yahoo.co.uk/
uSearch Page = About:Blank
uSearch Bar = About:Blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\spongo\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\spongo\application data\dropbox\bin\Dropbox.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\spongo\applic~1\mozilla\firefox\profiles\1scg4u75.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.co.uk/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\spongo\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-8-26 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-26 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-26 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-26 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-26 243024]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2007-7-15 8576]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-26 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-8-26 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-8-26 5897808]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-8-11 90112]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-8-26 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-8-26 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-8-26 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-8-26 26192]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355928]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-11-24 27632]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1c9efe5cd8f2c12;Google Update Service (gupdate1c9efe5cd8f2c12);c:\program files\google\update\GoogleUpdate.exe [2009-6-18 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-8-26 30104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-5-3 13224]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [2009-10-12 30984]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
S3 ma763008;M-Audio Ozone;c:\windows\system32\drivers\ma763008.sys --> c:\windows\system32\drivers\MA763008.sys [?]
S3 MADFU008;MADFU008;c:\windows\system32\drivers\madfu008.sys --> c:\windows\system32\drivers\MADFU008.sys [?]
S3 MADFUOZONE;Service for M-Audio Ozone DFU;c:\windows\system32\drivers\maudioozone_dfu.sys --> c:\windows\system32\drivers\MAudioOzone_DFU.sys [?]
S3 MAUSBOZONE;Service for M-Audio Ozone;c:\windows\system32\drivers\maudioozone.sys --> c:\windows\system32\drivers\MAudioOzone.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-7-13 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-7-13 8320]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-11-24 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-11-24 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-11-24 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-11-24 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-11-24 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-11-24 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-11-24 115752]
S3 SaiHFF12;SaiHFF12;c:\windows\system32\drivers\SaiHFF12.sys [2007-5-1 132232]
S3 SaiIFF12;Immersion's HID USB Driver (FF12);c:\windows\system32\drivers\SaiIFF12.sys [2007-5-1 16256]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2007-11-30 23288]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\drivers\tascusb2.sys [2010-6-21 399424]
S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2010-6-21 26688]
S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [2010-6-21 39488]
S3 USBNZ1X1;M-Audio Ozone Midi;c:\windows\system32\drivers\usbnz1x1.sys --> c:\windows\system32\drivers\usbnz1x1.sys [?]

=============== Created Last 30 ================

2010-09-07 18:56:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-07 16:04:04 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-07 08:27:35 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-07 07:17:26 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-07 07:16:52 0 d-----w- c:\program files\Lavasoft
2010-09-06 20:52:07 112 ----a-w- c:\docume~1\alluse~1\applic~1\c402n641e.dat
2010-09-06 07:06:12 0 d--h--w- C:\$AVG
2010-09-06 07:05:58 0 d-sh--w- c:\documents and settings\spongo\.COMMgr
2010-08-26 09:31:07 0 d-----w- c:\docume~1\spongo\applic~1\Malwarebytes
2010-08-26 09:30:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 09:30:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-26 09:30:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-26 09:30:55 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-25 23:37:00 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-25 23:35:38 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-25 23:35:36 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-25 23:35:31 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-25 23:35:22 0 d-----w- c:\windows\system32\drivers\Avg
2010-08-25 23:34:08 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-08-25 23:34:07 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-08-25 23:33:24 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-08-25 23:33:24 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-08-25 23:32:07 0 d-----w- c:\program files\AVG
2010-08-25 23:31:41 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-08-11 09:04:23 148736 ----a-w- c:\docume~1\alluse~1\applic~1\hpeE8.dll

==================== Find3M ====================

2010-09-06 23:03:47 159470 ----a-w- c:\windows\system32\nvModes.dat
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-01-29 23:09:18 2198 ----a-w- c:\program files\unins000.dat
2003-06-16 15:23:22 131072 ----a-w- c:\program files\T2DXi.dll
2003-06-16 15:17:50 4317184 ----a-w- c:\program files\Triangle II.dll
2003-06-03 12:33:38 90112 ----a-w- c:\program files\Triangle II.exe
2002-12-17 03:00:00 82253 ----a-w- c:\program files\unins000.exe

============= FINISH: 8:08:17.56 ===============

Attached Files


Edited by footstuck, 09 September 2010 - 02:27 AM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:34 PM

Posted 15 September 2010 - 06:41 AM

Hello footstuck, My name is Syler and I will be helping you to solve your malware issues. Sorry for the delay
in replying, we are very busy at the moment.

Please note because we are very busy, if I don't hear from you within 5 days the topic will be closed, If you
have since resolved your issues I would appreciate if you would let me no so I can close this topic.


Please follow these instructions to disable any CD Emulation programs using DeFogger, you can enable them again when we are done.

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check all of the boxes. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • RKUnHooker report
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#3 footstuck

footstuck
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 15 September 2010 - 04:56 PM

Hi Syler,
I'd like to start by thanking you for your help mate. I'm really stuck here.
Here are the logs that you've asked for. Sorry about the delay in getting them over to you but my laptop's internet connection has shut down as a result of the infection. Thanks again, Jon.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805CB3FA-->B5D39670 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D2982-->B5D39720 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x805D2B7C-->B5D397C0 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805B4378-->B5D39860 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserGetAsyncKeyState, Type: Address change 0xBF8A3E9C-->B5D38BE0 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys]
win32k.sys-->NtUserGetKeyboardState, Type: Address change 0xBF8AD34B-->B5D38B20 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys]
win32k.sys-->NtUserGetKeyState, Type: Address change 0xBF823E97-->B5D38B70 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF8AD40B-->B5D38A90 [C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys]
==============================================
>Processes
==============================================
0x8B775490 [4] System
0x89780500 [244] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
0x8993E5F0 [360] C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG, incdsrv)
0x8B32CDA0 [372] C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o., AVG Cache Server)
0x89BB7990 [380] C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o., AVG Resident Shield Service)
0x8B2AD740 [436] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8972CB28 [472] C:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation, WMI Performance Adapter Service)
0x89774AE8 [600] C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel Corporation, WLANKEEPER)
0x8B2F8310 [724] C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x89B6E8E8 [752] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x898E86A0 [848] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0x8B292678 [1088] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8B3CB020 [1156] C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, Run a DLL as an App)
0x8B32DDA0 [1276] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x8B30F440 [1296] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8B280DA0 [1340] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x89BD1DA0 [1344] C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o., AVG IDS application)
0x89C75618 [1368] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x8B2861F8 [1416] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x89B6DBC8 [1436] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x8B3A8D10 [1624] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8B2A7580 [1716] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8974D6E8 [1756] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8B324020 [1868] C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, Run a DLL as an App)
0x89B76D78 [1964] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89B756D8 [2020] C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation , Wireless Management Service)
0x8B4244B0 [2104] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x899A4378 [2112] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java™ Update Scheduler)
0x8B5EC460 [2160] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated, Adobe Reader and Acrobat Manager)
0x89C35DA0 [2188] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x89818B98 [2204] C:\Documents and Settings\Spongo\Application Data\Dropbox\bin\Dropbox.exe (-, Dropbox)
0x89917B98 [2248] C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x896F3788 [2368] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x8983FB98 [2428] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x89854DA0 [2528] C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x898DDDA0 [2592] C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (-, MA_CMIDI USB MIDI Installer Service)
0x8994FDA0 [2692] C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o., AVG Firewall Service)
0x89806C88 [2764] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x89938990 [2840] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x898C64D8 [3000] C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation, NVIDIA Driver Helper Service, Version 175.32)
0x8980DDA0 [3280] C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation, Intel® PROSet/Wireless Event Log)
0x8980ADA0 [3292] C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o., AVG Alert Manager)
0x898B84F0 [3332] C:\WINDOWS\system32\HPZipm12.exe (HP, PML Driver)
0x8974F790 [3420] C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation, Intel® PROSet/Wireless Registry Service)
0x89934B28 [3432] C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o., AVG Network scanner Service)
0x898734D0 [3776] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89749990 [4068] C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation, Windows User Mode Driver Manager)
0x880AADA0 [4636] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8930EDA0 [5344] C:\Documents and Settings\Spongo\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
==============================================
>Drivers
==============================================
0xB8FA3000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6557696 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 175.32 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 6111232 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 175.32 )
0xB8D45000 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2236416 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB6A5F000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
0xB690A000 C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys 1011712 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB6854000 C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 745472 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9DEA000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB63B8000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8BA5000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB6784000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB4840000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB8CD5000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 311296 bytes (REDC, RICOH XD SM Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB4414000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB674A000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xB6A01000 C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys 237568 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB62E4000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xB8C03000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB8CA6000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB9F48000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB5517000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DBD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB33CC000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB6428000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB596F000 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xB8F67000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB649D000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F03000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB6724000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB62C0000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB6A3B000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8D21000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8C83000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB647B000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9EB3000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F87000 imagesrv.sys 131072 bytes (Ahead Software AG, Nero Image Server)
0xB9F29000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB67F0000 C:\WINDOWS\system32\drivers\InCDFs.sys 114688 bytes (Nero AG, InCD File System Driver)
0xB9DA3000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9EEB000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9ED3000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9E8A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8C6C000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB5752000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB8F8F000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB67DD000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB9E77000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9EA1000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB54B6000 C:\WINDOWS\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0xB9F76000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8C33000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA198000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xB9614000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA288000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA208000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB5D67000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA298000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 57344 bytes (REDC, RICOH MMC Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA228000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 53248 bytes (REDC, RICOH MS Driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA128000 avgrkx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA2B8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA1E8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA238000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB5B0F000 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xB5D37000 C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA278000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA268000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA138000 AVGIDSxx.sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA218000 C:\WINDOWS\system32\drivers\InCDRm.sys 36864 bytes (Nero AG, Nero MRW Filter Driver)
0xBA188000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA258000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB3447000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA118000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA2C8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0xBA488000 C:\WINDOWS\system32\drivers\InCDPass.sys 32768 bytes (Nero AG, Ahead RW Filter Driver)
0xBA370000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA3C0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA470000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA490000 C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 28672 bytes (AVG Technologies CZ, s.r.o., AVG Firewall intermediate miniport driver)
0xBA3A8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA340000 risdptsk.sys 28672 bytes (REDC, RICOH SD/MMC Driver)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA3D8000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xBA480000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA478000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\seehcri.sys 24576 bytes (Sony Ericsson Mobile Communications, seehcri Driver)
0xBA468000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA3B0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA398000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Cisco Systems, Inc., IEEE 802.1X Protocol Driver)
0xBA3B8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA498000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA430000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9D26000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB52EE000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xBA58C000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB5DF7000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB6463000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9BAC000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0xB9D36000 C:\WINDOWS\System32\Drivers\InCDrec.SYS 12288 bytes (Nero AG, InCD File System Recognizer)
0xB9B9C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9D32000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB5DF3000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xB8C60000 C:\WINDOWS\system32\drivers\VCdRom.sys 12288 bytes (Microsoft Corporation, Driver for Virtual CD-ROMs)
0xB9D2A000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA60E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA60C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5AE000 imagedrv.sys 8192 bytes (Ahead Software AG, NERO IMAGEDRIVE SCSI miniport)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA610000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA612000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5FE000 C:\WINDOWS\system32\DRIVERS\serscan.sys 8192 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0xBA600000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5FC000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7BE000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6C3000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6CD000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
!!!!!!!!!!!Hidden driver: 0x89AC0AEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x8B59D6A0 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xB9EEB000 WARNING: suspicious driver modification [atapi.sys::0x89AC0AEA]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\Spongo\Application Data\Dropbox\cache\l\4c910505
!-->[Hidden] C:\Program Files\Common Files\Akamai\debug.log.172.upload
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D668, Type: Inline - RelativeJump 0x80504668-->80504604 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
[1088]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1088]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1088]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1088]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1088]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1088]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1088]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[1088]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1088]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1088]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1088]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[4636]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[4636]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[4636]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[4636]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]







OTL logfile created on: 15/09/2010 22:37:30 - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Spongo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 16.20 Gb Free Space | 21.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HALBOOK
Current User Name: Spongo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/15 18:19:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spongo\Desktop\OTL.exe
PRC - [2010/08/26 00:34:51 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/26 00:34:51 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/26 00:34:50 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/26 00:34:47 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/08/26 00:34:28 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/08/26 00:34:06 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/08/26 00:34:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/08/26 00:33:52 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/10/08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/10/08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/06/25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/01/08 17:08:10 | 000,094,208 | ---- | M] () -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/09/15 18:19:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spongo\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- -- (KodakCCS)
SRV - [2010/09/15 18:41:00 | 002,854,488 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3746.dll -- (Akamai)
SRV - [2010/09/07 17:03:45 | 001,355,928 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/08/26 00:34:28 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/08/26 00:34:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/08/26 00:33:52 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/08/07 21:45:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/03/11 10:12:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/10/08 15:27:02 | 000,794,624 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/10/08 15:06:44 | 001,183,744 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/10/08 15:01:54 | 000,483,328 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/06/25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/01/08 17:08:10 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbnz1x1.sys -- (USBNZ1X1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\MAudioOzone.sys -- (MAUSBOZONE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\MAudioOzone_DFU.sys -- (MADFUOZONE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\MADFU008.sys -- (MADFU008)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MA763008.sys -- (ma763008)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/08/26 00:35:38 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/26 00:35:31 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/26 00:35:30 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/08/26 00:34:08 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/08/26 00:34:07 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/08/26 00:33:55 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/08/26 00:33:54 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/08/26 00:33:54 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/08/26 00:33:24 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/08/26 00:33:24 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/08/12 13:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/05/03 22:39:08 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/05/03 22:39:07 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2010/01/13 17:24:40 | 006,598,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/11/26 16:08:46 | 000,399,424 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tascusb2.sys -- (TASCAM_US122144)
DRV - [2009/11/26 16:08:42 | 000,039,488 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tscusb2a.sys -- (TASCAM_US122L_WDM)
DRV - [2009/11/26 16:08:40 | 000,026,688 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tscusb2m.sys -- (TASCAM_US122L_MIDI)
DRV - [2009/09/18 20:23:37 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/19 14:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/03/19 14:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/02/09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/02 21:33:00 | 006,554,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/05/16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/10/24 12:47:26 | 000,023,288 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2007/09/26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/07/04 10:48:34 | 000,132,904 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2007/07/04 10:48:32 | 000,011,304 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2007/06/25 09:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 09:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 09:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/01 15:34:56 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiHFF12.sys -- (SaiHFF12)
DRV - [2007/05/01 15:34:56 | 000,016,256 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiIFF12.sys -- (SaiIFF12) Immersion's HID USB Driver (FF12)
DRV - [2007/04/03 13:57:54 | 000,099,080 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 13:57:52 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 13:57:52 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 13:57:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:57:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 13:57:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 13:57:42 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/08/16 10:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2006/04/28 17:27:48 | 000,086,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006/04/28 17:26:46 | 000,088,688 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006/04/28 17:25:44 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/04/28 17:25:40 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/04/28 17:24:42 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/04/28 17:24:06 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006/04/28 17:24:00 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006/03/08 12:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/07/14 18:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/14 13:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005/07/12 20:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2003/04/10 11:42:56 | 000,048,384 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiNtHid.sys -- (SaiNtHid)
DRV - [2002/12/04 15:59:40 | 000,030,984 | ---- | M] (Immersion Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\imhidusb.sys -- (imhidusb)
DRV - [2001/12/19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-117609710-2000478354-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = About:Blank
IE - HKU\S-1-5-21-117609710-2000478354-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.co.uk/
IE - HKU\S-1-5-21-117609710-2000478354-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-117609710-2000478354-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.co.uk/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: GoogCal@bitdrip.com:0.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/26 00:33:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/26 16:31:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/08 06:48:53 | 000,000,000 | ---D | M]

[2009/04/10 10:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spongo\Application Data\Mozilla\Extensions
[2010/09/07 23:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spongo\Application Data\Mozilla\Firefox\Profiles\1scg4u75.default\extensions
[2010/05/17 07:39:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Spongo\Application Data\Mozilla\Firefox\Profiles\1scg4u75.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/17 07:39:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Spongo\Application Data\Mozilla\Firefox\Profiles\1scg4u75.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/07/26 17:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spongo\Application Data\Mozilla\Firefox\Profiles\1scg4u75.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2008/09/08 23:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spongo\Application Data\Mozilla\Firefox\Profiles\1scg4u75.default\extensions\GoogCal@bitdrip(2).com
[2010/05/17 07:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spongo\Application Data\Mozilla\Firefox\Profiles\1scg4u75.default\extensions\GoogCal@bitdrip.com
[2010/09/07 23:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/07 09:27:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/09/07 23:00:02 | 000,417,834 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14419 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKU\S-1-5-21-117609710-2000478354-839522115-1003..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Documents and Settings\Spongo\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Spongo\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-2000478354-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f...tualEarth3D.cab (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Spongo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Spongo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/19 18:08:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{89b73039-5a09-11df-b3a9-0015c5539fa8}\Shell\AutoRun\command - "" = E:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{89b73039-5a09-11df-b3a9-0015c5539fa8}\Shell\menu1\command - "" = E:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c107384e-d8de-11de-b270-0015c5539fa8}\Shell\AutoRun\command - "" = E:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c107384e-d8de-11de-b270-0015c5539fa8}\Shell\menu1\command - "" = E:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c49ededb-a50a-11df-b444-00188ba729ba}\Shell\AutoRun\command - "" = E:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c49ededb-a50a-11df-b444-00188ba729ba}\Shell\menu1\command - "" = E:\pccompanion\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe - (Eastman Kodak Company)
MsConfig - StartUpFolder: C:^Documents and Settings^Spongo^Start Menu^Programs^Startup^ubisoft register.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe File not found
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
MsConfig - StartUpReg: InCD - hkey= - key= - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: kargenhi - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: M-Audio Taskbar Icon - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: NBHGui - hkey= - key= - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SecurDisc - hkey= - key= - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG)
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - Reg Error: Value error. File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: midi3 - C:\WINDOWS\System32\ma_cmidn.dll (M-Audio)
Drivers32: midi6 - C:\WINDOWS\System32\ma_cmidn.dll (M-Audio)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()
Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/15 18:37:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Spongo\Desktop\OTL.exe
[2010/09/07 17:04:04 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/07 09:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/07 09:27:35 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/09/07 09:27:35 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/07 09:27:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/07 09:27:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/09/07 08:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spongo\Local Settings\Application Data\Sunbelt Software
[2010/09/07 08:17:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/07 08:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/09/06 19:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/09/06 19:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/09/06 08:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/09/06 08:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/06 08:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/06 08:06:12 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/09/06 08:05:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Spongo\.COMMgr
[2010/08/26 10:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spongo\Application Data\Malwarebytes
[2010/08/26 10:30:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/26 10:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/26 10:30:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/26 10:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/26 00:37:00 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/08/26 00:35:38 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/08/26 00:35:36 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/08/26 00:35:31 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/08/26 00:35:29 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/08/26 00:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/08/26 00:34:08 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/08/26 00:34:07 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/08/26 00:33:24 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/08/26 00:33:24 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/08/26 00:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/26 00:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/08/11 10:04:23 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpeE8.dll
[2003/06/16 16:17:50 | 004,317,184 | ---- | C] (rgc:audio software) -- C:\Program Files\Triangle II.dll
[2002/12/17 04:00:00 | 000,082,253 | ---- | C] (Jordan Russell) -- C:\Program Files\unins000.exe
[21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/15 22:26:08 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/15 22:24:42 | 000,159,470 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/09/15 22:23:39 | 000,181,982 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/15 22:23:35 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/15 22:23:34 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/09/15 22:23:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/15 22:23:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/15 22:22:14 | 016,515,072 | ---- | M] () -- C:\Documents and Settings\Spongo\ntuser.dat
[2010/09/15 22:22:14 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Spongo\ntuser.ini
[2010/09/15 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/09/15 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/09/15 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/09/15 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/09/15 21:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/09/15 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/09/15 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/09/15 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/09/15 21:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/09/15 20:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/09/15 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/09/15 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/09/15 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/09/15 20:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/09/15 19:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/09/15 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/09/15 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/09/15 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/09/15 19:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/09/15 18:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/09/15 18:45:42 | 000,620,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/09/15 18:45:41 | 064,637,111 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/15 18:38:19 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Spongo\defogger_reenable
[2010/09/15 18:24:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/15 18:19:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spongo\Desktop\OTL.exe
[2010/09/15 18:18:24 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\RKUnhookerLE.EXE
[2010/09/15 18:15:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\Defogger.exe
[2010/09/08 08:46:49 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/09/08 08:18:07 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\c402n641e.dat
[2010/09/08 08:04:47 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\dds.scr
[2010/09/08 08:03:10 | 000,529,368 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\dixmlsetup.exe
[2010/09/08 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/09/08 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/09/08 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/09/08 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/09/08 07:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/09/08 07:35:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/08 07:06:36 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Spongo\Desktop\utorrent.exe
[2010/09/08 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/09/08 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/09/08 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/09/08 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/09/08 06:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/09/07 23:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/09/07 23:00:02 | 000,417,834 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/07 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/09/07 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/09/07 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/09/07 23:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/09/07 22:54:26 | 000,000,767 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100907-230002.backup
[2010/09/07 22:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/09/07 22:45:38 | 000,640,439 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\My Syncro.JPG
[2010/09/07 22:31:42 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/09/07 22:31:41 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/07 22:31:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/09/07 18:19:25 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\Spybot - Search & Destroy.lnk
[2010/09/07 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/09/07 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/09/07 18:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/09/07 17:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/09/07 17:04:02 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/07 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/09/07 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/09/07 17:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/09/07 16:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/09/07 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/09/07 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/09/07 10:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/09/07 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/09/07 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/09/07 09:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/09/07 08:17:22 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Spongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/07 08:17:22 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/09/07 07:38:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/09/07 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/09/07 00:49:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/09/07 00:46:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/09/07 00:03:47 | 000,159,470 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/09/06 21:51:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/09/06 09:39:15 | 000,010,309 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\Dream machine Insurance.docx
[2010/09/06 08:57:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/05 19:04:34 | 000,104,448 | ---- | M] () -- C:\Documents and Settings\Spongo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/03 14:28:05 | 000,010,185 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\Eds dad.docx
[2010/08/28 08:13:28 | 002,243,198 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\quickassetstream.pdf
[2010/08/27 21:49:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/27 20:14:17 | 009,129,563 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\sept-cat-84-181.pdf
[2010/08/26 10:54:42 | 000,037,003 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\Back Stretching Exercises.docx
[2010/08/26 10:31:00 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Spongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/08/26 10:31:00 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/26 08:39:53 | 002,247,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/26 01:20:10 | 000,565,438 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/26 01:20:10 | 000,124,328 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/26 01:20:10 | 000,004,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/26 00:35:40 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/08/26 00:35:40 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/08/26 00:35:38 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/08/26 00:35:31 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/08/26 00:35:30 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/08/26 00:35:28 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/08/26 00:34:08 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/08/26 00:34:07 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/08/26 00:33:24 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/08/26 00:33:24 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/08/25 11:02:05 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/25 08:16:33 | 038,807,458 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\cornwauctionSep2010.pdf
[21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[17 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/15 18:37:38 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Spongo\defogger_reenable
[2010/09/15 18:37:26 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\RKUnhookerLE.EXE
[2010/09/15 18:37:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\Defogger.exe
[2010/09/08 08:19:34 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\gmer.exe
[2010/09/08 08:04:31 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\dds.scr
[2010/09/08 07:47:48 | 000,529,368 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\dixmlsetup.exe
[2010/09/07 22:26:58 | 000,640,439 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\My Syncro.JPG
[2010/09/07 19:56:46 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/09/07 19:11:48 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/09/07 19:11:47 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/09/07 18:19:25 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\Spybot - Search & Destroy.lnk
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2010/09/07 11:14:27 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2010/09/07 08:17:22 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Spongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/07 08:17:22 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/09/07 07:38:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2010/09/07 07:38:20 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2010/09/07 07:38:19 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2010/09/06 21:52:07 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\c402n641e.dat
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/09/06 21:51:55 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/09/06 20:08:28 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/09/06 17:46:34 | 000,000,338 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/09/06 09:34:41 | 000,010,309 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\Dream machine Insurance.docx
[2010/09/03 14:50:35 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\Spongo\dxva_sig.txt
[2010/09/03 14:28:05 | 000,010,185 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\Eds dad.docx
[2010/09/02 14:31:08 | 005,387,355 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\English.pdf
[2010/08/28 07:55:00 | 002,243,198 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\quickassetstream.pdf
[2010/08/27 20:14:16 | 009,129,563 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\sept-cat-84-181.pdf
[2010/08/26 10:54:42 | 000,037,003 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\Back Stretching Exercises.docx
[2010/08/26 10:31:00 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Spongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/08/26 00:35:40 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/08/26 00:35:29 | 000,620,398 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/08/26 00:35:28 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/08/26 00:35:22 | 064,637,111 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/25 08:16:32 | 038,807,458 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\cornwauctionSep2010.pdf
[2009/10/12 21:14:25 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\SaiCfg.dll
[2009/10/11 14:30:36 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/10/11 14:30:19 | 000,000,687 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/10/11 14:28:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.old.dll
[2009/02/14 22:11:34 | 000,006,658 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/01/30 00:08:28 | 000,002,198 | ---- | C] () -- C:\Program Files\unins000.dat
[2009/01/22 23:42:52 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/31 12:34:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\DCMVWR.INI
[2008/08/17 00:22:07 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\RpDays.ini
[2007/12/27 20:48:22 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/12/26 12:34:50 | 000,000,212 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/12 22:13:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/01 22:43:17 | 000,000,121 | ---- | C] () -- C:\WINDOWS\gfscore.ini
[2007/10/21 11:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/10/09 23:25:58 | 000,000,467 | -H-- | C] () -- C:\WINDOWS\vp.ini
[2007/06/19 22:13:20 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2007/06/19 22:06:20 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/06/19 22:00:42 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\Spongo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/19 21:50:24 | 008,396,800 | ---- | C] () -- C:\WINDOWS\System32\PSP 608.dll
[2007/06/19 21:49:55 | 008,278,016 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon HR.dll
[2007/06/19 21:49:55 | 008,151,040 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon.dll
[2007/06/19 21:49:39 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pspmcdx.dll
[2007/06/19 21:49:38 | 004,059,136 | ---- | C] () -- C:\WINDOWS\System32\PSP MasterComp.dll
[2007/06/19 21:02:46 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/06/19 19:47:15 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/19 19:47:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/19 19:47:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/19 19:47:08 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/05/01 15:34:56 | 002,011,136 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12.Dll
[2007/05/01 15:34:56 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_0C.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_10.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_0A.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_07.dll
[2007/05/01 15:34:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_09.dll
[2007/05/01 15:34:56 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_0402.dll
[2007/05/01 15:34:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_11.dll
[2007/02/26 22:24:20 | 000,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/02/26 22:22:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/02/26 22:22:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/02/26 22:22:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/02/26 22:22:30 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/02/26 22:22:24 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/02/26 22:22:14 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/02/26 22:22:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/02/26 22:21:46 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/02/26 22:21:38 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/02/26 22:21:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/02/12 20:21:22 | 003,426,304 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/02/12 20:21:22 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/02/12 20:21:22 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/02/12 20:21:22 | 000,399,872 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/02/12 20:21:22 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/02/12 20:21:22 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/02/12 20:21:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/02/12 20:21:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/02/12 20:21:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/02/12 20:21:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/02/12 20:21:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/02/12 20:21:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/02/12 20:21:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/02/12 20:21:22 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/02/12 20:21:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/02/12 20:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/02/12 20:21:22 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/02/12 20:21:22 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/12 20:21:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/01/30 06:03:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/11/01 15:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/01 15:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/08/27 21:32:33 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2006/07/07 16:51:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2003/06/16 16:23:22 | 000,131,072 | ---- | C] () -- C:\Program Files\T2DXi.dll
[2003/06/03 13:33:38 | 000,090,112 | ---- | C] () -- C:\Program Files\Triangle II.exe
[2002/05/17 23:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %systemroot%\system32\*.dll/lockedfiles >
Invalid Switch: lockedfiles

< %systemroot%\Tasks\*job l/lockedfiles >
Invalid Switch: lockedfiles


< %systemroot%\system32\config\*.sav >
[2008/09/13 07:53:55 | 000,532,480 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/09/12 11:36:51 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2008/09/13 07:53:55 | 038,273,024 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/09/13 07:53:55 | 012,320,768 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Spongo\My Documents\100_2725.JPG:Roxio EMC Stream

< End of report >









OTL Extras logfile created on: 15/09/2010 22:37:30 - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Spongo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 81.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 16.20 Gb Free Space | 21.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HALBOOK
Current User Name: Spongo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-117609710-2000478354-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1078:TCP" = 1078:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Spongo\Desktop\utorrent.exe" = C:\Documents and Settings\Spongo\Desktop\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- File not found
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Podmailing\podmailing.exe" = C:\Program Files\Podmailing\podmailing.exe:*:Enabled:Podmailing Beta -- File not found
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- File not found
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Documents and Settings\Spongo\Local Settings\Temp\7zS0B84\setup\HPZnet01.exe" = C:\Documents and Settings\Spongo\Local Settings\Temp\7zS0B84\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- File not found
"C:\Documents and Settings\Spongo\Local Settings\Temp\7zS0B84\setup\hponicifs01.exe" = C:\Documents and Settings\Spongo\Local Settings\Temp\7zS0B84\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- File not found
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Documents and Settings\Spongo\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Spongo\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0C321D1F-2262-42C2-94C5-5E5765507C72}" = Star Wars Starfighter
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17C4BEEA-D6E8-4975-B2CC-53F6F5CE9959}" = Navman SmartST Desktop Version 3 for iCN500 Series
"{1DBD3B7F-41E9-43C7-8F1C-4C93DB2D104A}" = Steinberg Sequel Trial Content
"{1F145099-1224-4C5B-84F2-7AE6DC699F1A}" = Enigma
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 21
"{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = M-Audio Series II MIDI
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank 2.5
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{847CAE64-4CD2-4B2D-AF00-978FF5431033}" = Nero 7 Ultra Edition
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DA2D4D11-1811-4A24-B719-BF9F048C6106}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FED7C046-6E28-4492-87F6-EF1BA20E1EC5}" = Steinberg Cubase 4
"3635FC5A3FE7DACCEF2123BDBDA808BA811B977B" = Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
"452416B030C25BAA383F3DA368FECD5D48FAE727" = Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Akamai" = Akamai NetSession Interface
"ALZip_is1" = ALZip
"Antares Autotune Evo VST RTAS_is1" = Antares Autotune Evo VST RTAS v6.0.9
"Antares AVOX Vocal Kit Bundle VST v1.02" = Antares AVOX Vocal Kit Bundle VST v1.02
"AnyToISO_is1" = AnyToISO
"Atmosphere_is1" = Atmosphere
"AVG9Uninstall" = AVG 9.0
"Belkin Range Extender" = Belkin Range Extender
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 6.0.9
"Condor: The Competition Soaring Simulator" = Condor: The Competition Soaring Simulator 1.1.2
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows Driver Package - Nokia Modem (06/01/2009 4.1)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EtudiX Piano Tutor_is1" = EtudiX Piano Tutor 1.2.0.1
"F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7" = Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
"FontCreator55_is1" = FontCreator 5.6
"GoToAssist" = GoToAssist 8.0.0.514
"HS2_is1" = Steinberg Hypersonic 2
"ie8" = Windows Internet Explorer 8
"impOSCar" = GForce - impOSCar
"Lexicon PSP 42 VST DX v1.0" = Lexicon PSP 42 VST DX v1.0
"Linplug SaxLab v1.0.2" = Linplug SaxLab v1.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Native Instruments Battery v1.0" = Native Instruments Battery v1.0
"Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS" = Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
"Nokia PC Suite" = Nokia PC Suite
"Nomad Factory Analog Signature Pack " = Nomad Factory Analog Signature Pack
"Nomad Factory Blue Tubes Bundle v2.0" = Nomad Factory Blue Tubes Bundle v2.0
"Nomad Factory EQP-4 v1.1" = Nomad Factory EQP-4 v1.1
"Nomad Factory Liquid Bundle VST v1.6" = Nomad Factory Liquid Bundle VST v1.6
"Nomad Factory LM-662" = Nomad Factory LM-662
"Nomad Factory Rock Amp Legends VST v1.0" = Nomad Factory Rock Amp Legends VST v1.0
"Nomad Factory SC-226" = Nomad Factory SC-226
"NomadFactory Blue Tubes Analog TrackBox_is1" = NomadFactory Blue Tubes Analog TrackBox VST RTAS v1.1
"Nomadfactory Liquid Bundle VST RTAS v2.1" = Nomadfactory Liquid Bundle VST RTAS v2.1
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel® PROSet/Wireless Software
"PSP 84 v1.0" = PSP 84 v1.0
"PSP Audioware Neon HR VST RTAS" = PSP Audioware Neon HR VST RTAS
"PSP VintageWarmer v1.5d" = PSP VintageWarmer v1.5d
"PSP_Audioware_Mastercomp_DX_RTAS_VST_v1.0-PLZ" = PSP_Audioware_Mastercomp_DX_RTAS_VST_v1.0-PLZ
"RealPlayer 6.0" = RealPlayer
"Remove Empty Directories" = Remove Empty Directories 2.1
"ReValver Mk III_is1" = ReValver Mk III
"rgc:audio Triangle II Monophonic Synthesizer_is1" = rgc:audio Triangle II
"Spotify" = Spotify
"Syncrosoft License Control" = Syncrosoft License Control
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Update Service" = Update Service
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"VB:StripTool V1 Full Demo DX" = VB:StripTool V1 Full Demo DX
"Virtual Music Composer 4.0.0_is1" = VMC The KEY
"VLC media player" = VLC media player 1.0.2
"Vodei Multimedia Processor" = Vodei Multimedia Processor 1.09
"Warp VST V1.0" = Warp VST V1.0
"Waves Diamond Bundle v5.0" = Waves Diamond Bundle v5.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 11
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 3 Free 3.92
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-117609710-2000478354-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{DBFF7A38-F460-419A-A2E7-2D55BD2D9AD4}" = Dynasty Warriors 4 Hyper
"309a46b1dc89b774" = Dell Driver Download Manager
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager - 1
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/09/2010 13:42:05 | Computer Name = HALBOOK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 15/09/2010 13:42:37 | Computer Name = HALBOOK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 15/09/2010 13:43:08 | Computer Name = HALBOOK | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 15/09/2010 14:09:43 | Computer Name = HALBOOK | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module wzcsvc.dll, version 5.1.2600.5512, fault address 0x0002d3ae.

Error - 15/09/2010 14:26:06 | Computer Name = HALBOOK | Source = Google Update | ID = 20
Description =

Error - 15/09/2010 15:26:06 | Computer Name = HALBOOK | Source = Google Update | ID = 20
Description =

Error - 15/09/2010 16:26:05 | Computer Name = HALBOOK | Source = Google Update | ID = 20
Description =

Error - 15/09/2010 17:15:31 | Computer Name = HALBOOK | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 15/09/2010 17:24:15 | Computer Name = HALBOOK | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 15/09/2010 17:26:08 | Computer Name = HALBOOK | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 15/09/2010 17:00:00 | Computer Name = HALBOOK | Source = Schedule | ID = 7901
Description = The At47.job command failed to start due to the following error: %%2147942402

Error - 15/09/2010 17:00:00 | Computer Name = HALBOOK | Source = Schedule | ID = 7901
Description = The At71.job command failed to start due to the following error: %%2147942402

Error - 15/09/2010 17:00:00 | Computer Name = HALBOOK | Source = Schedule | ID = 7901
Description = The At95.job command failed to start due to the following error: %%2147942402

Error - 15/09/2010 17:15:59 | Computer Name = HALBOOK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 15/09/2010 17:16:09 | Computer Name = HALBOOK | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 340 (0x154).

Error - 15/09/2010 17:19:57 | Computer Name = HALBOOK | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001B77193FEA. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 15/09/2010 17:24:41 | Computer Name = HALBOOK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 15/09/2010 17:24:50 | Computer Name = HALBOOK | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 340 (0x154).

Error - 15/09/2010 17:29:23 | Computer Name = HALBOOK | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 15/09/2010 17:29:23 | Computer Name = HALBOOK | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:34 PM

Posted 15 September 2010 - 05:59 PM

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.



Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If any suspicious items are found, let it skip them for now
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

unite.jpg


#5 footstuck

footstuck
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 16 September 2010 - 01:48 AM

Hey Syler,
Not great news eh.
Can you tell me which files are safe to back up and a reliable method of doing so without cross infecting the new install? Also, is there a date for infection? Lastly, I have a second computer on the same network which has started to display suspicious behaviour. It is one which I migrate files between with the infected machine. Could this machine have been compromised? If so, can we check it also? Thanks, Jon.

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:34 PM

Posted 16 September 2010 - 09:58 AM

Hi Jon., sorry for the bad news. It's not possible for me to give you a definite date of infection, as for backing up, the links explain what you need to know there. If you want to check your other you computer you will need to start a new thread.

unite.jpg


#7 footstuck

footstuck
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 16 September 2010 - 02:53 PM

Ok Syler,
After careful consideration, I'd like to clean the computer. Here's the log.


2010/09/16 20:24:40.0203 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/16 20:24:40.0203 ================================================================================
2010/09/16 20:24:40.0203 SystemInfo:
2010/09/16 20:24:40.0203
2010/09/16 20:24:40.0203 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/16 20:24:40.0203 Product type: Workstation
2010/09/16 20:24:40.0203 ComputerName: HALBOOK
2010/09/16 20:24:40.0203 UserName: Spongo
2010/09/16 20:24:40.0203 Windows directory: C:\WINDOWS
2010/09/16 20:24:40.0203 System windows directory: C:\WINDOWS
2010/09/16 20:24:40.0203 Processor architecture: Intel x86
2010/09/16 20:24:40.0203 Number of processors: 2
2010/09/16 20:24:40.0203 Page size: 0x1000
2010/09/16 20:24:40.0203 Boot type: Normal boot
2010/09/16 20:24:40.0203 ================================================================================
2010/09/16 20:24:40.0484 Initialize success
2010/09/16 20:24:43.0203 ================================================================================
2010/09/16 20:24:43.0203 Scan started
2010/09/16 20:24:43.0203 Mode: Manual;
2010/09/16 20:24:43.0203 ================================================================================
2010/09/16 20:24:44.0421 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/16 20:24:44.0468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/16 20:24:44.0531 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2010/09/16 20:24:44.0578 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/16 20:24:44.0625 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/09/16 20:24:44.0781 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/16 20:24:44.0953 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/09/16 20:24:45.0125 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/16 20:24:45.0140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/16 20:24:45.0187 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/16 20:24:45.0234 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/16 20:24:45.0468 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2010/09/16 20:24:45.0515 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2010/09/16 20:24:45.0718 AVGIDSDriverxpx (97670687f6c8f35e7b611f2ce1f94472) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys
2010/09/16 20:24:45.0953 AVGIDSErHrxpx (277fc6b0f0be23bae7e63f184034b2fe) C:\WINDOWS\system32\Drivers\AVGIDSxx.sys
2010/09/16 20:24:45.0984 AVGIDSFilterxpx (dba65f23b686bdf043bbb54e55c72887) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys
2010/09/16 20:24:46.0000 AVGIDSShimxpx (a552461aab7a36c2465ff19e59af08bf) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys
2010/09/16 20:24:46.0046 AvgLdx86 (0fabe087b9cece5550ed67e63b10ca61) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/09/16 20:24:46.0062 Suspicious file (Forged): C:\WINDOWS\system32\Drivers\avgldx86.sys. Real md5: 0fabe087b9cece5550ed67e63b10ca61, Fake md5: b8c187439d27aba430dd69fdcf1fa657
2010/09/16 20:24:46.0062 AvgLdx86 - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/16 20:24:46.0078 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\system32\Drivers\avgmfx86.sys
2010/09/16 20:24:46.0093 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2010/09/16 20:24:46.0140 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\system32\Drivers\avgtdix.sys
2010/09/16 20:24:46.0203 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2010/09/16 20:24:46.0390 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/16 20:24:46.0437 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/09/16 20:24:46.0468 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2010/09/16 20:24:46.0500 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/09/16 20:24:46.0562 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/09/16 20:24:46.0609 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/09/16 20:24:46.0656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/16 20:24:46.0765 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/16 20:24:46.0843 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/16 20:24:46.0875 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/16 20:24:46.0906 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/16 20:24:46.0953 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/09/16 20:24:47.0015 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/09/16 20:24:47.0078 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/09/16 20:24:47.0187 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/16 20:24:47.0250 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/16 20:24:47.0421 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/09/16 20:24:47.0468 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/16 20:24:47.0531 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/16 20:24:47.0578 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/16 20:24:47.0640 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/16 20:24:47.0687 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/09/16 20:24:47.0734 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/16 20:24:47.0765 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/09/16 20:24:47.0796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/16 20:24:47.0921 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/16 20:24:47.0968 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/16 20:24:48.0015 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/09/16 20:24:48.0062 ggflt (007aea2e06e7cef7372e40c277163959) C:\WINDOWS\system32\DRIVERS\ggflt.sys
2010/09/16 20:24:48.0093 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\WINDOWS\system32\DRIVERS\ggsemc.sys
2010/09/16 20:24:48.0125 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/16 20:24:48.0187 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/16 20:24:48.0281 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/16 20:24:48.0421 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2010/09/16 20:24:48.0484 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2010/09/16 20:24:48.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/16 20:24:48.0703 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/16 20:24:48.0765 imagedrv (99de6575092b9c61c4a8e0c09c2edc06) C:\WINDOWS\system32\Drivers\imagedrv.sys
2010/09/16 20:24:48.0796 imagesrv (79ec3eaf139a26ce8bb71a89fbb1e2c1) C:\WINDOWS\system32\DRIVERS\imagesrv.sys
2010/09/16 20:24:48.0828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/16 20:24:48.0875 imhidusb (0836f03aa73ee78f1c884c4e9211aa72) C:\WINDOWS\system32\DRIVERS\imhidusb.sys
2010/09/16 20:24:48.0984 InCDfs (580a81790cd0a48d85da322267da7ac4) C:\WINDOWS\system32\drivers\InCDFs.sys
2010/09/16 20:24:49.0015 InCDPass (aaa2789d2ce21b31be9406ba1ceb7285) C:\WINDOWS\system32\drivers\InCDPass.sys
2010/09/16 20:24:49.0046 InCDrec (4d022577e9072b5d22e0a383a7806bbb) C:\WINDOWS\system32\drivers\InCDrec.sys
2010/09/16 20:24:49.0062 incdrm (c258e57321a3c3737f4fa815fa69ee0b) C:\WINDOWS\system32\drivers\InCDRm.sys
2010/09/16 20:24:49.0171 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/16 20:24:49.0203 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/16 20:24:49.0250 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/16 20:24:49.0312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/16 20:24:49.0453 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/16 20:24:49.0500 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/16 20:24:49.0546 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/16 20:24:49.0640 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/16 20:24:49.0687 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/16 20:24:49.0718 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/16 20:24:49.0828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/16 20:24:49.0859 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/16 20:24:50.0015 Lavasoft Kernexplorer (32da3fde01f1bb080c2e69521dd8881e) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/09/16 20:24:50.0203 MA_CMIDI (6d03a526eeded908759ca8c0e581494d) C:\WINDOWS\system32\drivers\ma_cmidi.sys
2010/09/16 20:24:50.0296 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/09/16 20:24:50.0359 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/16 20:24:50.0500 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/16 20:24:50.0515 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/16 20:24:50.0593 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/16 20:24:50.0625 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/16 20:24:50.0671 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/16 20:24:50.0750 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/16 20:24:50.0890 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/16 20:24:50.0937 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/16 20:24:50.0984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/16 20:24:51.0015 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/16 20:24:51.0062 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/16 20:24:51.0093 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/16 20:24:51.0125 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/16 20:24:51.0171 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/16 20:24:51.0250 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/16 20:24:51.0296 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/16 20:24:51.0406 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/16 20:24:51.0453 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/16 20:24:51.0484 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/16 20:24:51.0531 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/16 20:24:51.0578 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/16 20:24:51.0609 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/16 20:24:51.0781 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2010/09/16 20:24:52.0218 NETw5x32 (3bc15801f7b9dd2d16897a38a962ce56) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2010/09/16 20:24:52.0421 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/09/16 20:24:52.0500 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/09/16 20:24:52.0562 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/09/16 20:24:52.0609 nmwcdnsu (02e96113511171ba7559386d10d3daea) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2010/09/16 20:24:52.0671 nmwcdnsuc (fb09150cfc7a499a53c308d04841a3bd) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2010/09/16 20:24:52.0703 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/16 20:24:52.0843 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/16 20:24:52.0921 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/16 20:24:53.0265 nv (7180ce4394a76af0638f1ed74584a2dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/16 20:24:53.0468 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/16 20:24:53.0500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/16 20:24:53.0546 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/09/16 20:24:53.0593 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/09/16 20:24:53.0609 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/16 20:24:53.0671 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/16 20:24:53.0703 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/09/16 20:24:53.0750 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/16 20:24:53.0890 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/16 20:24:53.0937 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/16 20:24:54.0078 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/16 20:24:54.0109 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/16 20:24:54.0140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/16 20:24:54.0171 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/16 20:24:54.0281 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/16 20:24:54.0312 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/16 20:24:54.0437 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/16 20:24:54.0453 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/16 20:24:54.0484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/16 20:24:54.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/16 20:24:54.0531 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/16 20:24:54.0578 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/16 20:24:54.0609 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/16 20:24:54.0656 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/09/16 20:24:54.0703 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/09/16 20:24:54.0750 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/09/16 20:24:54.0796 risdptsk (ace2ce73d7b04eac48fb80482e05e770) C:\WINDOWS\system32\DRIVERS\risdptsk.sys
2010/09/16 20:24:55.0078 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/09/16 20:24:55.0281 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\WINDOWS\system32\DRIVERS\s0016bus.sys
2010/09/16 20:24:55.0312 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys
2010/09/16 20:24:55.0421 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\WINDOWS\system32\DRIVERS\s0016mdm.sys
2010/09/16 20:24:55.0453 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys
2010/09/16 20:24:55.0500 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\WINDOWS\system32\DRIVERS\s0016nd5.sys
2010/09/16 20:24:55.0531 s0016obex (36792935847143e4a3cda0dc87248487) C:\WINDOWS\system32\DRIVERS\s0016obex.sys
2010/09/16 20:24:55.0578 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\WINDOWS\system32\DRIVERS\s0016unic.sys
2010/09/16 20:24:55.0609 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
2010/09/16 20:24:55.0718 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
2010/09/16 20:24:55.0750 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
2010/09/16 20:24:55.0796 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
2010/09/16 20:24:55.0828 s116nd5 (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys
2010/09/16 20:24:55.0875 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
2010/09/16 20:24:55.0890 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys
2010/09/16 20:24:55.0937 s24trans (c26a053e4db47f6cdd8653c83aaf22ee) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/09/16 20:24:56.0046 SaiHFF12 (de7a2fc379671998865122a08fd9db52) C:\WINDOWS\system32\DRIVERS\SaiHFF12.sys
2010/09/16 20:24:56.0093 SaiIFF12 (ec45ab6754e931e4335a99933da133f5) C:\WINDOWS\system32\DRIVERS\SaiIFF12.sys
2010/09/16 20:24:56.0156 SaiNtHid (a007103ef0e50fb0e0ed08b511d721d7) C:\WINDOWS\system32\DRIVERS\SaiNtHid.sys
2010/09/16 20:24:56.0234 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/09/16 20:24:56.0281 SE27bus (59a9eb4073a39895af314780d0a032fa) C:\WINDOWS\system32\DRIVERS\SE27bus.sys
2010/09/16 20:24:56.0312 SE27mdfl (d53e7e53107d1796825540129f8fe89f) C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys
2010/09/16 20:24:56.0343 SE27mdm (2afa2f65a6e91da5b5070e734769827e) C:\WINDOWS\system32\DRIVERS\SE27mdm.sys
2010/09/16 20:24:56.0453 SE27mgmt (5a33a8d7b44c7bd8abe248b4dcd1ff3c) C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys
2010/09/16 20:24:56.0484 se27nd5 (bb30139683bbf3ee89ec931393d9335c) C:\WINDOWS\system32\DRIVERS\se27nd5.sys
2010/09/16 20:24:56.0531 SE27obex (5da6ff71e94b9134ddd094ebb09f05e6) C:\WINDOWS\system32\DRIVERS\SE27obex.sys
2010/09/16 20:24:56.0562 se27unic (4d54a9d7c22157ab3d2442e8bcf5ecd2) C:\WINDOWS\system32\DRIVERS\se27unic.sys
2010/09/16 20:24:56.0609 Secdrv (72dffa33f8ed1c847075eee2c1e790ee) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/16 20:24:56.0671 seehcri (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
2010/09/16 20:24:56.0687 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/09/16 20:24:56.0750 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/09/16 20:24:56.0843 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/09/16 20:24:56.0890 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/16 20:24:56.0953 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/16 20:24:57.0015 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/16 20:24:57.0093 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\System32\Drivers\sptd.sys
2010/09/16 20:24:57.0218 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/16 20:24:57.0250 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/16 20:24:57.0500 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2010/09/16 20:24:57.0609 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/09/16 20:24:57.0718 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/16 20:24:57.0765 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/16 20:24:57.0796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/16 20:24:57.0953 SynasUSB (e46088b882e6315518630e249ddf958c) C:\WINDOWS\system32\drivers\SynasUSB.sys
2010/09/16 20:24:58.0015 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/09/16 20:24:58.0125 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/16 20:24:58.0250 TASCAM_US122144 (be3d9cddd7f607b8990353cf06b0c0df) C:\WINDOWS\system32\Drivers\tascusb2.sys
2010/09/16 20:24:58.0328 TASCAM_US122L_MIDI (e606debbf2c7f59e043db01dc60f4299) C:\WINDOWS\system32\drivers\tscusb2m.sys
2010/09/16 20:24:58.0437 TASCAM_US122L_WDM (b3e1e0b03d54900ed877cdf285079082) C:\WINDOWS\system32\drivers\tscusb2a.sys
2010/09/16 20:24:58.0515 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/16 20:24:58.0562 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/16 20:24:58.0625 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/16 20:24:58.0671 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/16 20:24:58.0781 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/16 20:24:58.0875 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/16 20:24:58.0937 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/09/16 20:24:59.0046 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/16 20:24:59.0125 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/16 20:24:59.0203 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/16 20:24:59.0281 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/16 20:24:59.0328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/16 20:24:59.0421 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/16 20:24:59.0484 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/16 20:24:59.0531 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/09/16 20:24:59.0640 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/09/16 20:24:59.0718 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/16 20:24:59.0750 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/16 20:24:59.0828 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/09/16 20:24:59.0890 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\WINDOWS\system32\drivers\VCdRom.sys
2010/09/16 20:24:59.0921 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/16 20:25:00.0015 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/16 20:25:00.0156 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/09/16 20:25:00.0281 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/16 20:25:00.0343 wceusbsh (b85b448fd2c398970382a28e47cf4bc6) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/09/16 20:25:00.0453 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/09/16 20:25:00.0546 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/16 20:25:00.0640 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2010/09/16 20:25:00.0765 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/09/16 20:25:00.0828 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/09/16 20:25:00.0890 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/16 20:25:00.0953 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/16 20:25:00.0984 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/16 20:25:01.0093 ================================================================================
2010/09/16 20:25:01.0093 Scan finished
2010/09/16 20:25:01.0093 ================================================================================
2010/09/16 20:25:01.0109 Detected object count: 1
2010/09/16 20:25:20.0171 AvgLdx86 (0fabe087b9cece5550ed67e63b10ca61) C:\WINDOWS\system32\Drivers\avgldx86.sys
2010/09/16 20:25:20.0171 Suspicious file (Forged): C:\WINDOWS\system32\Drivers\avgldx86.sys. Real md5: 0fabe087b9cece5550ed67e63b10ca61, Fake md5: b8c187439d27aba430dd69fdcf1fa657
2010/09/16 20:25:20.0484 Backup copy found, using it..
2010/09/16 20:25:20.0500 C:\WINDOWS\system32\Drivers\avgldx86.sys - will be cured after reboot
2010/09/16 20:25:20.0500 Rootkit.Win32.TDSS.tdl3(AvgLdx86) - User select action: Cure
2010/09/16 20:25:26.0500 Deinitialize success


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:34 PM

Posted 17 September 2010 - 09:31 AM

Hi footstuck,

It looks like the rootkit has been taken care of, can you tell me how the machine is running and if you still have any problems?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :FILES
    C:\WINDOWS\tasks\At*.job
    :OTL
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe File not found
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKLM..\Run: [UserFaultCheck] File not foundfound
    O4 - HKU\S-1-5-21-117609710-2000478354-839522115-1003..\Run: [AdobeBridge] File not found
    O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/0/f...tualEarth3D.cab (Reg Error: Value error.)
    MsConfig - StartUpFolder: C:^Documents and Settings^Spongo^Start Menu^Programs^Startup^ubisoft register.lnk - Reg Error: Value error. - File not found
    MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found
    MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
    MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe File not found
    MsConfig - StartUpReg: kargenhi - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
    MsConfig - StartUpReg: M-Audio Taskbar Icon - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
    MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
    MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
    MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - Reg Error: Value error. File not found
    [2010/09/06 08:05:58 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Spongo\.COMMgr
    [2010/09/08 08:18:07 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\c402n641e.dat
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Grisoft\AVG7\avginet.exe"=-
    "C:\Program Files\Grisoft\AVG7\avgamsvr.exe"=-
    "C:\Program Files\Grisoft\AVG7\avgcc.exe"=-
    "C:\Program Files\SopCast\adv\SopAdver.exe"=-
    "C:\Program Files\SopCast\SopCast.exe"=-
    "C:\Program Files\Podmailing\podmailing.exe"=-
    "C:\WINDOWS\system32\ZoneLabs\vsmon.exe"=-
    "C:\Documents and Settings\Spongo\Local Settings\Temp\7zS0B84\setup\HPZnet01.exe"=-
    "C:\Documents and Settings\Spongo\Local Settings\Temp\7zS0B84\setup\hponicifs01.exe"=-
    :Commands
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan by clicking Run Scan and post the new OTL log.

unite.jpg


#9 footstuck

footstuck
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 19 September 2010 - 03:39 AM

Hey Syler,
Here's the first OTL log. I'll run the next OTL scan now and post as soon as it's ready. =)

All processes killed
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At100.job moved successfully.
C:\WINDOWS\tasks\At101.job moved successfully.
C:\WINDOWS\tasks\At102.job moved successfully.
C:\WINDOWS\tasks\At103.job moved successfully.
C:\WINDOWS\tasks\At104.job moved successfully.
C:\WINDOWS\tasks\At105.job moved successfully.
C:\WINDOWS\tasks\At106.job moved successfully.
C:\WINDOWS\tasks\At107.job moved successfully.
C:\WINDOWS\tasks\At108.job moved successfully.
C:\WINDOWS\tasks\At109.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At110.job moved successfully.
C:\WINDOWS\tasks\At111.job moved successfully.
C:\WINDOWS\tasks\At112.job moved successfully.
C:\WINDOWS\tasks\At113.job moved successfully.
C:\WINDOWS\tasks\At114.job moved successfully.
C:\WINDOWS\tasks\At115.job moved successfully.
C:\WINDOWS\tasks\At116.job moved successfully.
C:\WINDOWS\tasks\At117.job moved successfully.
C:\WINDOWS\tasks\At118.job moved successfully.
C:\WINDOWS\tasks\At119.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At120.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
C:\WINDOWS\tasks\At97.job moved successfully.
C:\WINDOWS\tasks\At98.job moved successfully.
C:\WINDOWS\tasks\At99.job moved successfully.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IntelWireless deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully.
Registry value HKEY_USERS\S-1-5-21-117609710-2000478354-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Starting removal of ActiveX control {0DB074F0-617E-4EE9-912C-2965CF2AA5A4}
C:\WINDOWS\Downloaded Program Files\VE3DInstall.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DB074F0-617E-4EE9-912C-2965CF2AA5A4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^Spongo^Start Menu^Programs^Startup^ubisoft register.lnk\ deleted successfully.
C:\WINDOWS\pss\ubisoft register.lnkStartup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\BluetoothAuthenticationAgent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ctfmon.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\GrooveMonitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\kargenhi\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\KernelFaultCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\M-Audio Taskbar Icon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvCplDaemon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvMediaCenter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\nwiz\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PC Suite Tray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PWRISOVM.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Sony Ericsson PC Suite\ deleted successfully.
C:\Documents and Settings\Spongo\.COMMgr folder moved successfully.
C:\Documents and Settings\All Users\Application Data\c402n641e.dat moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SopCast\adv\SopAdver.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SopCast\SopCast.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Podmailing\podmailing.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\ZoneLabs\vsmon.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Spongo\Local Settings\Temp\7zS0B84\setup\HPZnet01.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Spongo\Local Settings\Temp\7zS0B84\setup\hponicifs01.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 11870870 bytes
->Flash cache emptied: 2296 bytes

User: Spongo
->Temp folder emptied: 8832454 bytes
->Temporary Internet Files folder emptied: 685447 bytes
->Java cache emptied: 59969402 bytes
->FireFox cache emptied: 250818425 bytes
->Flash cache emptied: 648013 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6546405 bytes
%systemroot%\System32 .tmp files removed: 19880977 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103201 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 136914132 bytes

Total Files Cleaned = 473.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Spongo
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.12.1 log created on 09172010_183233

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_254.dat not found!

Registry entries deleted on Reboot...


#10 footstuck

footstuck
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 19 September 2010 - 03:50 AM

Hey Syler,
Here's the second OTL log file mate.


OTL logfile created on: 19/09/2010 09:40:03 - Run 2
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Spongo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
7.00 Gb Paging File | 7.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 15.50 Gb Free Space | 20.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HALBOOK
Current User Name: Spongo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/15 18:19:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spongo\Desktop\OTL.exe
PRC - [2010/08/26 00:34:51 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/26 00:34:51 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/26 00:34:50 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/26 00:34:47 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/08/26 00:34:28 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/08/26 00:34:06 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/08/26 00:34:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/08/26 00:33:52 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/03/05 09:58:12 | 000,364,544 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2010/03/05 09:57:28 | 001,396,736 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010/03/05 09:46:22 | 001,206,544 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/02/26 06:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Spongo\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2007/01/08 17:08:10 | 000,094,208 | ---- | M] () -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/09/15 18:19:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spongo\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- -- (KodakCCS)
SRV - [2010/09/15 18:41:00 | 002,854,488 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3746.dll -- (Akamai)
SRV - [2010/09/07 17:03:45 | 001,355,928 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/08/26 00:34:28 | 002,331,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/08/26 00:34:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/08/26 00:33:52 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/03/05 09:58:12 | 000,364,544 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/08/07 21:45:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/04/30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/03/11 10:12:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2007/06/25 09:47:12 | 001,552,680 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2007/01/08 17:08:10 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbnz1x1.sys -- (USBNZ1X1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\MAudioOzone.sys -- (MAUSBOZONE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\MAudioOzone_DFU.sys -- (MADFUOZONE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\MADFU008.sys -- (MADFU008)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MA763008.sys -- (ma763008)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/09/16 20:26:11 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/26 00:35:38 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/26 00:35:30 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/08/26 00:34:08 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys -- (AVGIDSErHrxpx)
DRV - [2010/08/26 00:34:07 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/08/26 00:33:55 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys -- (AVGIDSDriverxpx)
DRV - [2010/08/26 00:33:54 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys -- (AVGIDSFilterxpx)
DRV - [2010/08/26 00:33:54 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys -- (AVGIDSShimxpx)
DRV - [2010/08/26 00:33:24 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010/08/26 00:33:24 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2010/08/12 13:15:19 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/05/31 11:58:36 | 006,608,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2010/05/03 22:39:08 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/05/03 22:39:07 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/11/26 16:08:46 | 000,399,424 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tascusb2.sys -- (TASCAM_US122144)
DRV - [2009/11/26 16:08:42 | 000,039,488 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tscusb2a.sys -- (TASCAM_US122L_WDM)
DRV - [2009/11/26 16:08:40 | 000,026,688 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tscusb2m.sys -- (TASCAM_US122L_MIDI)
DRV - [2009/09/18 20:23:37 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/08/10 01:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/03/19 14:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/03/19 14:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/02/09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/02/09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/02/09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/02/09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/02 21:33:00 | 006,554,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/05/16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/10/24 12:47:26 | 000,023,288 | ---- | M] (SIA Syncrosoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasUSB.sys -- (SynasUSB)
DRV - [2007/09/26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/07/04 10:48:34 | 000,132,904 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2007/07/04 10:48:32 | 000,011,304 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2007/06/25 09:47:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/06/25 09:47:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/06/25 09:47:02 | 000,119,080 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/05/01 15:34:56 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiHFF12.sys -- (SaiHFF12)
DRV - [2007/05/01 15:34:56 | 000,016,256 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiIFF12.sys -- (SaiIFF12) Immersion's HID USB Driver (FF12)
DRV - [2007/04/03 13:57:54 | 000,099,080 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007/04/03 13:57:52 | 000,098,696 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex)
DRV - [2007/04/03 13:57:52 | 000,023,176 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007/04/03 13:57:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/03 13:57:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007/04/03 13:57:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007/04/03 13:57:42 | 000,083,336 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/08/16 10:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2006/04/28 17:27:48 | 000,086,560 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006/04/28 17:26:46 | 000,088,688 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006/04/28 17:25:44 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/04/28 17:25:40 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/04/28 17:24:42 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/04/28 17:24:06 | 000,018,704 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006/04/28 17:24:00 | 000,090,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006/03/08 12:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/12/05 00:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 01:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 01:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 01:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/07/14 18:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/14 13:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005/07/12 20:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2003/04/10 11:42:56 | 000,048,384 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiNtHid.sys -- (SaiNtHid)
DRV - [2002/12/04 15:59:40 | 000,030,984 | ---- | M] (Immersion Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\imhidusb.sys -- (imhidusb)
DRV - [2001/12/19 11:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\VCdRom.sys -- (vcdrom)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = About:Blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.co.uk/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: GoogCal@bitdrip.com:0.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/26 00:33:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/26 16:31:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/19 09:33:34 | 000,000,000 | ---D | M]

[2009/04/10 10:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spongo\Application Data\Mozilla\Extensions
[2010/09/07 23:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spongo\Application Data\Mozilla\Firefox\Profiles\1scg4u75.default\extensions
[2010/05/17 07:39:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Spongo\Application Data\Mozilla\Firefox\Profiles\1scg4u75.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/17 07:39:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Spongo\Application Data\Mozilla\Firefox\Profiles\1scg4u75.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2008/07/26 17:16:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spongo\Application Data\Mozilla\Firefox\Profiles\1scg4u75.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2008/09/08 23:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spongo\Application Data\Mozilla\Firefox\Profiles\1scg4u75.default\extensions\GoogCal@bitdrip(2).com
[2010/05/17 07:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Spongo\Application Data\Mozilla\Firefox\Profiles\1scg4u75.default\extensions\GoogCal@bitdrip.com
[2010/09/07 23:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/07 09:27:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/09/07 23:00:02 | 000,417,834 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14419 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\Spongo\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Spongo\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Spongo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Spongo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/19 18:08:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{89b73039-5a09-11df-b3a9-0015c5539fa8}\Shell\AutoRun\command - "" = E:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{89b73039-5a09-11df-b3a9-0015c5539fa8}\Shell\menu1\command - "" = E:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c107384e-d8de-11de-b270-0015c5539fa8}\Shell\AutoRun\command - "" = E:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c107384e-d8de-11de-b270-0015c5539fa8}\Shell\menu1\command - "" = E:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c49ededb-a50a-11df-b444-00188ba729ba}\Shell\AutoRun\command - "" = E:\pccompanion\Startme.exe -- File not found
O33 - MountPoints2\{c49ededb-a50a-11df-b444-00188ba729ba}\Shell\menu1\command - "" = E:\pccompanion\Startme.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/19 09:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spongo\Application Data\Intel
[2010/09/19 09:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2010/09/19 09:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2010/09/19 09:20:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2010/09/19 09:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/09/17 18:32:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/16 20:24:33 | 001,293,400 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Spongo\Desktop\TDSSKiller.exe
[2010/09/15 18:37:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Spongo\Desktop\OTL.exe
[2010/09/07 17:04:04 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/07 09:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/09/07 09:27:35 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/09/07 09:27:35 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/09/07 09:27:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/09/07 09:27:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/09/07 08:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spongo\Local Settings\Application Data\Sunbelt Software
[2010/09/07 08:17:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/07 08:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/09/06 19:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/09/06 19:58:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/09/06 08:57:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/09/06 08:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/06 08:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/06 08:06:12 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/08/26 10:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Spongo\Application Data\Malwarebytes
[2010/08/26 10:30:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/26 10:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/26 10:30:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/26 10:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/26 00:37:00 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/08/26 00:35:38 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/08/26 00:35:36 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/08/26 00:35:31 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/08/26 00:35:29 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/08/26 00:35:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/08/26 00:34:08 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/08/26 00:34:07 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/08/26 00:33:24 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/08/26 00:33:24 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/08/26 00:32:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/26 00:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/08/11 10:04:23 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Application Data\hpeE8.dll
[2003/06/16 16:17:50 | 004,317,184 | ---- | C] (rgc:audio software) -- C:\Program Files\Triangle II.dll
[2002/12/17 04:00:00 | 000,082,253 | ---- | C] (Jordan Russell) -- C:\Program Files\unins000.exe

========== Files - Modified Within 30 Days ==========

[2010/09/19 09:33:35 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/09/19 09:30:06 | 000,159,470 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/09/19 09:29:04 | 000,181,982 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/19 09:29:02 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/19 09:29:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/09/19 09:28:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/19 09:28:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/19 09:27:28 | 016,515,072 | ---- | M] () -- C:\Documents and Settings\Spongo\ntuser.dat
[2010/09/19 09:27:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Spongo\ntuser.ini
[2010/09/19 09:27:03 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Spongo\defogger_reenable
[2010/09/19 09:26:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/19 09:18:56 | 064,964,869 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/19 09:18:20 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/09/19 08:13:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/16 20:26:11 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/09/15 18:45:42 | 000,620,398 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/09/15 18:19:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Spongo\Desktop\OTL.exe
[2010/09/15 18:18:24 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\RKUnhookerLE.EXE
[2010/09/15 18:15:00 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\Defogger.exe
[2010/09/08 08:04:47 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\dds.scr
[2010/09/08 08:03:10 | 000,529,368 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\dixmlsetup.exe
[2010/09/08 07:35:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/08 07:06:36 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Spongo\Desktop\utorrent.exe
[2010/09/07 23:00:02 | 000,417,834 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/07 22:54:26 | 000,000,767 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100907-230002.backup
[2010/09/07 22:45:38 | 000,640,439 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\My Syncro.JPG
[2010/09/07 22:31:42 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/09/07 22:31:41 | 000,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/07 22:31:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/07 18:19:25 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\Spybot - Search & Destroy.lnk
[2010/09/07 17:04:02 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/09/07 14:44:52 | 001,293,400 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Spongo\Desktop\TDSSKiller.exe
[2010/09/07 08:17:22 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Spongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/07 08:17:22 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/09/07 00:03:47 | 000,159,470 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/09/06 09:39:15 | 000,010,309 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\Dream machine Insurance.docx
[2010/09/06 08:57:42 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/05 19:04:34 | 000,104,448 | ---- | M] () -- C:\Documents and Settings\Spongo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/03 14:28:05 | 000,010,185 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\Eds dad.docx
[2010/08/28 08:13:28 | 002,243,198 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\quickassetstream.pdf
[2010/08/27 21:49:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/27 20:14:17 | 009,129,563 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\sept-cat-84-181.pdf
[2010/08/26 10:54:42 | 000,037,003 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\Back Stretching Exercises.docx
[2010/08/26 10:31:00 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Spongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/08/26 10:31:00 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/26 08:39:53 | 002,247,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/26 01:20:10 | 000,565,438 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/26 01:20:10 | 000,124,328 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/26 01:20:10 | 000,004,794 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/26 00:35:40 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/08/26 00:35:40 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/08/26 00:35:38 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/08/26 00:35:30 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/08/26 00:35:28 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/08/26 00:34:08 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/08/26 00:34:07 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/08/26 00:33:24 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/08/26 00:33:24 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/08/25 11:02:05 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/25 08:16:33 | 038,807,458 | ---- | M] () -- C:\Documents and Settings\Spongo\Desktop\cornwauctionSep2010.pdf

========== Files Created - No Company Name ==========

[2010/09/19 09:33:35 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/09/19 09:26:29 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Spongo\defogger_reenable
[2010/09/19 09:18:19 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/09/15 18:37:26 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\RKUnhookerLE.EXE
[2010/09/15 18:37:26 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\Defogger.exe
[2010/09/08 08:19:34 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\gmer.exe
[2010/09/08 08:04:31 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\dds.scr
[2010/09/08 07:47:48 | 000,529,368 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\dixmlsetup.exe
[2010/09/07 22:26:58 | 000,640,439 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\My Syncro.JPG
[2010/09/07 19:56:46 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/09/07 18:19:25 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\Spybot - Search & Destroy.lnk
[2010/09/07 08:17:22 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Spongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/07 08:17:22 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/09/06 20:08:28 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/06 09:34:41 | 000,010,309 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\Dream machine Insurance.docx
[2010/09/03 14:50:35 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\Spongo\dxva_sig.txt
[2010/09/03 14:28:05 | 000,010,185 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\Eds dad.docx
[2010/09/02 14:31:08 | 005,387,355 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\English.pdf
[2010/08/28 07:55:00 | 002,243,198 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\quickassetstream.pdf
[2010/08/27 20:14:16 | 009,129,563 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\sept-cat-84-181.pdf
[2010/08/26 10:54:42 | 000,037,003 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\Back Stretching Exercises.docx
[2010/08/26 10:31:00 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Spongo\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/08/26 00:35:40 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/08/26 00:35:29 | 000,620,398 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/08/26 00:35:28 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/08/26 00:35:22 | 064,964,869 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/25 08:16:32 | 038,807,458 | ---- | C] () -- C:\Documents and Settings\Spongo\Desktop\cornwauctionSep2010.pdf
[2009/10/12 21:14:25 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\SaiCfg.dll
[2009/10/11 14:30:36 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/10/11 14:30:19 | 000,000,687 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2009/10/11 14:28:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.old.dll
[2009/02/14 22:11:34 | 000,006,658 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/01/30 00:08:28 | 000,002,198 | ---- | C] () -- C:\Program Files\unins000.dat
[2009/01/22 23:42:52 | 000,000,073 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/31 12:34:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\DCMVWR.INI
[2008/08/17 00:22:07 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\RpDays.ini
[2007/12/27 20:48:22 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/12/26 12:34:50 | 000,000,212 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/12 22:13:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/01 22:43:17 | 000,000,121 | ---- | C] () -- C:\WINDOWS\gfscore.ini
[2007/10/21 11:56:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2007/10/09 23:25:58 | 000,000,467 | -H-- | C] () -- C:\WINDOWS\vp.ini
[2007/06/19 22:13:20 | 000,000,048 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2007/06/19 22:06:20 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/06/19 22:00:42 | 000,104,448 | ---- | C] () -- C:\Documents and Settings\Spongo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/19 21:50:24 | 008,396,800 | ---- | C] () -- C:\WINDOWS\System32\PSP 608.dll
[2007/06/19 21:49:55 | 008,278,016 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon HR.dll
[2007/06/19 21:49:55 | 008,151,040 | ---- | C] () -- C:\WINDOWS\System32\PSP Neon.dll
[2007/06/19 21:49:39 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pspmcdx.dll
[2007/06/19 21:49:38 | 004,059,136 | ---- | C] () -- C:\WINDOWS\System32\PSP MasterComp.dll
[2007/06/19 21:02:46 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/06/19 19:47:15 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/19 19:47:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/19 19:47:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/19 19:47:08 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/05/01 15:34:56 | 002,011,136 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12.Dll
[2007/05/01 15:34:56 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_0C.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_10.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_0A.dll
[2007/05/01 15:34:56 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_07.dll
[2007/05/01 15:34:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_09.dll
[2007/05/01 15:34:56 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_0402.dll
[2007/05/01 15:34:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiCFF12_11.dll
[2007/02/26 22:24:20 | 000,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/02/26 22:22:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/02/26 22:22:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/02/26 22:22:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/02/26 22:22:30 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/02/26 22:22:24 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/02/26 22:22:14 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/02/26 22:22:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/02/26 22:21:46 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/02/26 22:21:38 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/02/26 22:21:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/02/12 20:21:22 | 003,426,304 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/02/12 20:21:22 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007/02/12 20:21:22 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/02/12 20:21:22 | 000,399,872 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/02/12 20:21:22 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007/02/12 20:21:22 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007/02/12 20:21:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007/02/12 20:21:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007/02/12 20:21:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/02/12 20:21:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007/02/12 20:21:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007/02/12 20:21:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007/02/12 20:21:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007/02/12 20:21:22 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007/02/12 20:21:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007/02/12 20:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007/02/12 20:21:22 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007/02/12 20:21:22 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/12 20:21:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/01/30 06:03:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/11/01 15:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/11/01 15:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/08/27 21:32:33 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2006/07/07 16:51:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2003/06/16 16:23:22 | 000,131,072 | ---- | C] () -- C:\Program Files\T2DXi.dll
[2003/06/03 13:33:38 | 000,090,112 | ---- | C] () -- C:\Program Files\Triangle II.exe
[2002/05/17 23:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Spongo\My Documents\100_2725.JPG:Roxio EMC Stream
< End of report >


#11 footstuck

footstuck
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 19 September 2010 - 04:43 AM

Just for the record mate, the machine seems to be running perfectly well now. All the previous symptoms have disappeared and I'm not getting any redirects now.

Fingers crossed, Footstuck.

#12 footstuck

footstuck
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:34 PM

Posted 20 September 2010 - 04:30 AM

Hey Syler,
AVG has detected a new wave of threats this morning after booting up. The log is listed below.

Resident Shield detection
"Infection" "Object" "Result" "Detection time" "Object Type" "Process"
"Trojan horse Generic19.HSB" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000708.exe" "Moved to Virus Vault" "20/09/2010, 09:58:11" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.HSB" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000708.exe" "Object is inaccessible." "19/09/2010, 12:57:33" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.HSB" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000708.exe" "Object is inaccessible." "19/09/2010, 12:43:25" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.HSB" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000708.exe" "Object is inaccessible." "19/09/2010, 10:26:10" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse Generic19.HOD" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0001776.exe" "Moved to Virus Vault" "15/09/2010, 21:36:14" "file" ""
"Trojan horse Generic19.HOD" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000945.exe" "Moved to Virus Vault" "15/09/2010, 21:36:14" "file" ""
"Trojan horse Generic19.HOD" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000944.exe" "Moved to Virus Vault" "15/09/2010, 21:36:14" "file" ""
"Trojan horse Generic19.HOD" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000943.exe" "Moved to Virus Vault" "15/09/2010, 21:36:14" "file" ""
"Trojan horse Generic19.HOD" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000936.exe" "Moved to Virus Vault" "15/09/2010, 21:36:14" "file" ""
"Trojan horse Generic19.HSB" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000708.exe" "Object is inaccessible." "15/09/2010, 21:35:59" "file" ""
"Trojan horse Generic19.HOD" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0001776.exe" "Object is inaccessible." "15/09/2010, 20:14:41" "file" "C:\WINDOWS\system32\A2D7014E.exe"
"Trojan horse Generic19.HOD" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000945.exe" "Object is inaccessible." "15/09/2010, 20:14:41" "file" "C:\WINDOWS\system32\A2D7014E.exe"
"Trojan horse Generic19.HOD" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000944.exe" "Object is inaccessible." "15/09/2010, 20:14:41" "file" "C:\WINDOWS\system32\A2D7014E.exe"
"Trojan horse Generic19.HOD" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000943.exe" "Object is inaccessible." "15/09/2010, 20:14:41" "file" "C:\WINDOWS\system32\A2D7014E.exe"
"Trojan horse Generic19.HOD" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000936.exe" "Object is inaccessible." "15/09/2010, 20:14:41" "file" "C:\WINDOWS\system32\A2D7014E.exe"
"Trojan horse Generic19.HSB" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000708.exe" "Object is inaccessible." "15/09/2010, 20:14:41" "file" "C:\WINDOWS\system32\A2D7014E.exe"
"Trojan horse Generic19.HOD" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0001776.exe" "Object is inaccessible." "15/09/2010, 19:28:09" "file" "C:\WINDOWS\system32\F3F62872.exe"
"Trojan horse Generic19.HOD" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000945.exe" "Object is inaccessible." "15/09/2010, 19:28:09" "file" "C:\WINDOWS\system32\F3F62872.exe"
"Trojan horse Generic19.HOD" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000944.exe" "Object is inaccessible." "15/09/2010, 19:28:09" "file" "C:\WINDOWS\system32\F3F62872.exe"
"Trojan horse Generic19.HOD" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000943.exe" "Object is inaccessible." "15/09/2010, 19:28:08" "file" "C:\WINDOWS\system32\F3F62872.exe"
"Trojan horse Generic19.HOD" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000936.exe" "Object is inaccessible." "15/09/2010, 19:28:08" "file" "C:\WINDOWS\system32\F3F62872.exe"
"Trojan horse Generic19.HSB" "c:\System Volume Information\_restore{07D7D442-0430-4524-84BD-011982651666}\RP3\A0000708.exe" "Object is inaccessible." "15/09/2010, 19:28:02" "file" "C:\WINDOWS\system32\F3F62872.exe"
"Trojan horse Generic19.HSB" "c:\Documents and Settings\Spongo\Local Settings\Temp\hki7439.exe" "Object is inaccessible." "08/09/2010, 08:18:06" "file" "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"Trojan horse Generic19.HOD" "c:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" "Moved to Virus Vault" "08/09/2010, 07:35:47" "file" "C:\WINDOWS\Explorer.EXE"
"Virus found Win32/Heur" "c:\WINDOWS\Temp\tmyk.tmp\setup.exe" "Object is inaccessible." "06/09/2010, 13:50:09" "file" "C:\WINDOWS\System32\svchost.exe"
"Virus found Win32/Heur" "c:\WINDOWS\Temp\ihxt.tmp\setup.exe" "Object is inaccessible." "06/09/2010, 13:40:02" "file" "C:\WINDOWS\System32\svchost.exe"
"Virus found Win32/Heur" "c:\WINDOWS\Temp\bimo.tmp\setup.exe" "Object is inaccessible." "06/09/2010, 13:29:52" "file" "C:\WINDOWS\System32\svchost.exe"
"Virus found Win32/Heur" "c:\WINDOWS\Temp\drmw.tmp\setup.exe" "Object is inaccessible." "06/09/2010, 13:19:44" "file" "C:\WINDOWS\System32\svchost.exe"
"Virus found Win32/Heur" "c:\WINDOWS\Temp\orwt.tmp\setup.exe" "Object is inaccessible." "06/09/2010, 13:09:37" "file" "C:\WINDOWS\System32\svchost.exe"
"Virus found Win32/Heur" "c:\WINDOWS\Temp\nmmv.tmp\setup.exe" "Object is inaccessible." "06/09/2010, 12:59:30" "file" "C:\WINDOWS\System32\svchost.exe"
"Virus found Win32/Heur" "c:\WINDOWS\Temp\fsek.tmp\setup.exe" "Object is inaccessible." "06/09/2010, 12:49:23" "file" "C:\WINDOWS\System32\svchost.exe"
"Virus found Win32/Heur" "c:\WINDOWS\Temp\bgvw.tmp\setup.exe" "Object is inaccessible." "06/09/2010, 12:39:15" "file" "C:\WINDOWS\System32\svchost.exe"
"Virus found Win32/Heur" "c:\WINDOWS\Temp\naca.tmp\setup.exe" "Object is inaccessible." "06/09/2010, 12:29:08" "file" "C:\WINDOWS\System32\svchost.exe"
"Virus found Win32/Heur" "c:\WINDOWS\Temp\nhwf.tmp\setup.exe" "Object is inaccessible." "06/09/2010, 12:19:00" "file" "C:\WINDOWS\System32\svchost.exe"
"Trojan horse SHeur3.AXXW" "c:\Documents and Settings\Spongo\.COMMgr\complmgr.exe" "Object is inaccessible." "06/09/2010, 08:06:01" "file" "C:\DOCUME~1\Spongo\LOCALS~1\Temp\rcxwaeosnm.tmp"
"Trojan horse SHeur3.AXXW" "c:\Documents and Settings\Spongo\.COMMgr\complmgr.exe" "Moved to Virus Vault" "06/09/2010, 08:06:00" "file" "C:\DOCUME~1\Spongo\LOCALS~1\Temp\rcxwaeosnm.tmp"
"Trojan horse SHeur3.AXXW" "c:\Documents and Settings\Spongo\.COMMgr\complmgr.exe" "Object is inaccessible." "06/09/2010, 08:06:00" "file" "C:\DOCUME~1\Spongo\LOCALS~1\Temp\rcxwaeosnm.tmp"
"Trojan horse Generic2_c.BTIR" "c:\Documents and Settings\Spongo\Local Settings\Application Data\Windows Server\sphlp.dll" "Object is inaccessible." "06/09/2010, 08:05:49" "file" "C:\WINDOWS\system32\spoolsv.exe"


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:34 PM

Posted 20 September 2010 - 08:15 AM

Hello Footstuck,

The recent threats detected there are nothing to worry about, your logs are looking fine to me now smile.gif

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will
prevent you from getting the malware which uses vulnerabilities found in windows to exploit your computer.
The easiest way to do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware
to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed
applications that are regularly patched to fix vulnerabilities. You can check these by visiting
Calendar of Updates or you can install Secunia PSI.

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically
mean that, what you are doing will not make a permenant changes to your system, unless you allow it too.
So you can be surfing the web inside Sandboxie then if you happen to stumble upon a bad site and get
infected, you can simply delete the Sanbox and all is gone. Having said that, it can not be considered 100%
secure as no program can be, but it can be a great help and is an excellent program. You can find a download
link and more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install
Firefox and install some addons that will make the browser even safer. You can download the latest version
of Firefox here, if you already have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:34 PM

Posted 26 September 2010 - 12:12 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users