Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

generic trojan downloader and others


  • This topic is locked This topic is locked
6 replies to this topic

#1 brotherwarren

brotherwarren

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 10 February 2011 - 03:18 PM

Hi all,

Please could you help, I've reached the limit of my knowledge and can't fix a problem.

My Wife's laptop has VIsta installed. She disabled windows update, as far as I can tell, well over a year ago. Recently the laptop has been behaving unpredictably. I use the firefox browser and periodically a new tab opens whilst I am browsing. I cannot run windows update, I get various error messages whenever I try. I've run the samsung recover software which reinstalls key files from a hidden partition, but this hasn't helped.

I ran a full scan using AVG free edition. It reported several infections, most of which AVG said it removed. It couldn't remove 2 infections. This is what the AVG report said . . .

"";"C:\Windows\System32\wuauclt.exe (1144):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"";"C:\Windows\System32\wuauclt.exe (1144)";"Trojan horse Agent_r.XJ";""
"";"C:\Windows\explorer.exe (916):\memory_00010000";"Trojan horse Agent_r.XJ";"Object is inaccessible."
"";"C:\Windows\explorer.exe (916)";"Trojan horse Agent_r.XJ";""

I've managed to attach the ark.txt file, (EDIT)I've added the attach.txt file in a reply to this post as I was having probs getting it to work.

Many thanks in advance for any help you can offer.
Here are the results of the DDS scan . . .


DDS (Ver_10-12-12.02) - NTFSx86
Run by Claire at 19:43:13.80 on 10/02/2011
Internet Explorer: 7.0.6000.16830 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2814.1423 [GMT 0:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Users\Claire\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUSelfUpdateClient.exe
C:\Program Files\Samsung\Samsung Update Plus\Downloads\SupUpdateNotice.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Claire\Downloads\Defogger.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Claire\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp:\\www.samsungcomputer.com
uDefault_Page_URL = hxxp:\\www.samsungcomputer.com
mDefault_Page_URL = hxxp:\\www.samsungcomputer.com
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\claire\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: NoHotStart = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\claire\appdata\roaming\mozilla\firefox\profiles\7vn263sz.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\claire\appdata\local\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\drivers\KMDFMEMIO.sys [2008-2-19 13312]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-2-10 517448]
S3 NETw2v32;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2011-02-10 19:34:20 -------- d-----w- c:\users\claire\appdata\local\AVG Security Toolbar
2011-02-10 18:51:51 -------- d-----w- c:\users\claire\appdata\roaming\AVG10
2011-02-10 18:50:53 -------- d--h--w- c:\progra~2\Common Files
2011-02-10 18:50:44 -------- d-----w- c:\progra~2\AVG Security Toolbar
2011-02-10 18:49:37 -------- d-----w- c:\windows\system32\drivers\AVG
2011-02-10 18:49:37 -------- d-----w- c:\progra~2\AVG10
2011-02-10 18:47:08 -------- d-----w- c:\program files\AVG
2011-02-10 18:21:27 -------- d-----w- c:\progra~2\MFAData
2011-02-06 17:12:04 -------- d-----w- c:\windows\pss
2011-02-06 16:50:05 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-02-06 16:50:04 472808 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================


=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: SAMSUNG_HM121HI rev.LZ100-06 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x859F759F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x859fd7b0]; MOV EAX, [0x859fd82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x81C66443] -> \Device\Harddisk0\DR0[0x85357990]
3 nt[0x81CA813F] -> nt!IofCallDriver[0x81C66443] -> [0x84E8D928]
5 acpi[0x8047B32A] -> nt!IofCallDriver[0x81C66443] -> [0x84E5FBB0]
\Driver\atapi[0x84E8B940] -> IRP_MJ_CREATE -> 0x859F759F
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskSAMSUNG_HM121HI_________________________LZ100-06#5&22323e77&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 19:43:56.69 ===============

Attached File  ark.txt   9.3KB   0 downloads

AAAAHHHH, had to zip the attach file first, didn't I!!!

Merged posts. ~ OB

Attached Files


Edited by Orange Blossom, 10 February 2011 - 04:12 PM.


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:43 AM

Posted 12 February 2011 - 02:45 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 brotherwarren

brotherwarren
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 12 February 2011 - 03:19 PM

Hi,

Thank you so much for agreeing to help me and for the time you have already given. The logs you requested are below . . .

2011/02/12 20:08:40.0511 4860 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/12 20:08:40.0869 4860 ================================================================================
2011/02/12 20:08:40.0869 4860 SystemInfo:
2011/02/12 20:08:40.0869 4860
2011/02/12 20:08:40.0869 4860 OS Version: 6.0.6000 ServicePack: 0.0
2011/02/12 20:08:40.0869 4860 Product type: Workstation
2011/02/12 20:08:40.0869 4860 ComputerName: CLAIRE-PC
2011/02/12 20:08:40.0870 4860 UserName: Claire
2011/02/12 20:08:40.0870 4860 Windows directory: C:\Windows
2011/02/12 20:08:40.0870 4860 System windows directory: C:\Windows
2011/02/12 20:08:40.0870 4860 Processor architecture: Intel x86
2011/02/12 20:08:40.0870 4860 Number of processors: 1
2011/02/12 20:08:40.0870 4860 Page size: 0x1000
2011/02/12 20:08:40.0870 4860 Boot type: Normal boot
2011/02/12 20:08:40.0870 4860 ================================================================================
2011/02/12 20:08:41.0469 4860 Initialize success
2011/02/12 20:08:44.0898 1748 ================================================================================
2011/02/12 20:08:44.0898 1748 Scan started
2011/02/12 20:08:44.0898 1748 Mode: Manual;
2011/02/12 20:08:44.0898 1748 ================================================================================
2011/02/12 20:08:47.0393 1748 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2011/02/12 20:08:47.0673 1748 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/02/12 20:08:48.0045 1748 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/02/12 20:08:48.0160 1748 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/02/12 20:08:48.0276 1748 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/02/12 20:08:48.0479 1748 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2011/02/12 20:08:48.0755 1748 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/02/12 20:08:49.0066 1748 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/02/12 20:08:49.0197 1748 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/12 20:08:49.0353 1748 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/02/12 20:08:49.0468 1748 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/02/12 20:08:49.0570 1748 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/02/12 20:08:49.0670 1748 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/02/12 20:08:49.0788 1748 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/02/12 20:08:49.0899 1748 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/02/12 20:08:49.0998 1748 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/02/12 20:08:50.0098 1748 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/12 20:08:50.0171 1748 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
2011/02/12 20:08:50.0288 1748 athr (91e15b0a1d6f7b99ace55d04c6d1544a) C:\Windows\system32\DRIVERS\athr.sys
2011/02/12 20:08:50.0477 1748 atikmdag (e46f2fb11cfe13187a4e3ef512c0d226) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/12 20:08:50.0570 1748 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/02/12 20:08:50.0784 1748 AVGIDSDriver (5f6c56305ea73760cdafc7604d64bbe0) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/02/12 20:08:50.0822 1748 AVGIDSEH (20a2d48722cf055c846bdeafa4f733ce) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/02/12 20:08:50.0884 1748 AVGIDSFilter (0a95333ca80ca8b79d612f3965466cc0) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/02/12 20:08:50.0923 1748 AVGIDSShim (ab7e4b37126447ffe4fb639901012fb3) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/02/12 20:08:51.0002 1748 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/02/12 20:08:51.0054 1748 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/02/12 20:08:51.0093 1748 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/02/12 20:08:51.0158 1748 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/02/12 20:08:51.0271 1748 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2011/02/12 20:08:51.0372 1748 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/12 20:08:51.0424 1748 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/12 20:08:51.0455 1748 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/12 20:08:51.0530 1748 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/12 20:08:51.0562 1748 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/12 20:08:51.0592 1748 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/12 20:08:51.0624 1748 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/12 20:08:51.0708 1748 BthEnum (064fbc56921051de1075495d628b815f) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/02/12 20:08:51.0758 1748 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/12 20:08:51.0815 1748 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2011/02/12 20:08:52.0088 1748 BTHPORT (b24757d9154cca035e1bbd3db92966d7) C:\Windows\system32\Drivers\BTHport.sys
2011/02/12 20:08:52.0496 1748 BTHUSB (d42cf5f0c7635b3f1578810fe34d9e41) C:\Windows\system32\Drivers\BTHUSB.sys
2011/02/12 20:08:52.0590 1748 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
2011/02/12 20:08:52.0635 1748 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
2011/02/12 20:08:52.0719 1748 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/02/12 20:08:52.0815 1748 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/12 20:08:52.0873 1748 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/12 20:08:52.0932 1748 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/02/12 20:08:52.0992 1748 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2011/02/12 20:08:53.0072 1748 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/02/12 20:08:53.0103 1748 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/02/12 20:08:53.0134 1748 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/02/12 20:08:53.0173 1748 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/12 20:08:53.0215 1748 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/02/12 20:08:53.0284 1748 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2011/02/12 20:08:53.0388 1748 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2011/02/12 20:08:53.0471 1748 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2011/02/12 20:08:53.0538 1748 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/12 20:08:53.0606 1748 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/12 20:08:53.0675 1748 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
2011/02/12 20:08:53.0763 1748 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/02/12 20:08:53.0842 1748 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2011/02/12 20:08:53.0894 1748 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/12 20:08:53.0940 1748 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2011/02/12 20:08:53.0971 1748 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2011/02/12 20:08:54.0012 1748 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/12 20:08:54.0180 1748 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2011/02/12 20:08:54.0244 1748 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/12 20:08:54.0287 1748 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/12 20:08:54.0373 1748 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/02/12 20:08:54.0428 1748 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/12 20:08:54.0459 1748 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/12 20:08:54.0491 1748 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/12 20:08:54.0569 1748 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/12 20:08:54.0631 1748 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/02/12 20:08:54.0688 1748 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
2011/02/12 20:08:54.0741 1748 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/02/12 20:08:54.0799 1748 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/12 20:08:54.0856 1748 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/02/12 20:08:54.0898 1748 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/12 20:08:55.0078 1748 IntcAzAudAddService (7bd4e0428776d11c8e8e26f9f5508690) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/12 20:08:55.0236 1748 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/02/12 20:08:55.0271 1748 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/12 20:08:55.0373 1748 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/12 20:08:55.0452 1748 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/12 20:08:55.0514 1748 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/12 20:08:55.0546 1748 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2011/02/12 20:08:55.0578 1748 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/02/12 20:08:55.0687 1748 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/12 20:08:55.0718 1748 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/12 20:08:55.0759 1748 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/12 20:08:55.0842 1748 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/12 20:08:55.0888 1748 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/02/12 20:08:55.0968 1748 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
2011/02/12 20:08:56.0025 1748 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/12 20:08:56.0177 1748 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/12 20:08:56.0234 1748 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/12 20:08:56.0284 1748 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/12 20:08:56.0352 1748 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/12 20:08:56.0401 1748 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2011/02/12 20:08:56.0457 1748 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/02/12 20:08:56.0493 1748 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2011/02/12 20:08:56.0543 1748 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/12 20:08:56.0626 1748 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/12 20:08:56.0677 1748 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/12 20:08:56.0716 1748 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2011/02/12 20:08:56.0760 1748 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/02/12 20:08:56.0803 1748 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/12 20:08:56.0831 1748 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/12 20:08:56.0878 1748 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2011/02/12 20:08:56.0934 1748 mrxsmb (529b64f9735d27fef1b8ea1678f8c79e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/12 20:08:56.0986 1748 mrxsmb10 (2bbd3970018270d2c6a0b069f568154e) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/12 20:08:57.0027 1748 mrxsmb20 (30a67c7d8b80281028916ded6a64aec9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/12 20:08:57.0071 1748 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/02/12 20:08:57.0129 1748 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/02/12 20:08:57.0184 1748 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2011/02/12 20:08:57.0241 1748 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
2011/02/12 20:08:57.0313 1748 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/12 20:08:57.0345 1748 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/12 20:08:57.0376 1748 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2011/02/12 20:08:57.0446 1748 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2011/02/12 20:08:57.0501 1748 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/12 20:08:57.0573 1748 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2011/02/12 20:08:57.0617 1748 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2011/02/12 20:08:57.0706 1748 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/12 20:08:57.0802 1748 NDIS (fffe00134c554e113ee186eeddb0ff30) C:\Windows\system32\drivers\ndis.sys
2011/02/12 20:08:57.0879 1748 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/12 20:08:57.0947 1748 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/12 20:08:57.0993 1748 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/12 20:08:58.0045 1748 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2011/02/12 20:08:58.0088 1748 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/12 20:08:58.0175 1748 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/12 20:08:58.0323 1748 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
2011/02/12 20:08:58.0397 1748 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/12 20:08:58.0452 1748 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2011/02/12 20:08:58.0527 1748 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/12 20:08:58.0625 1748 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2011/02/12 20:08:58.0685 1748 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/12 20:08:58.0728 1748 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2011/02/12 20:08:58.0760 1748 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/02/12 20:08:58.0794 1748 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/02/12 20:08:58.0833 1748 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/02/12 20:08:58.0943 1748 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/02/12 20:08:59.0030 1748 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/12 20:08:59.0073 1748 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2011/02/12 20:08:59.0136 1748 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/12 20:08:59.0283 1748 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
2011/02/12 20:08:59.0408 1748 pciide (b2fc76090ef1003463ccb07cabb35cff) C:\Windows\system32\drivers\pciide.sys
2011/02/12 20:08:59.0469 1748 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/02/12 20:08:59.0547 1748 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/12 20:08:59.0734 1748 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/12 20:08:59.0798 1748 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/02/12 20:08:59.0910 1748 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/12 20:09:00.0053 1748 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/02/12 20:09:00.0108 1748 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/12 20:09:00.0196 1748 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/12 20:09:00.0522 1748 R300 (e46f2fb11cfe13187a4e3ef512c0d226) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/02/12 20:09:00.0782 1748 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/12 20:09:00.0847 1748 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/12 20:09:00.0893 1748 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/12 20:09:00.0941 1748 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/12 20:09:00.0977 1748 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/12 20:09:01.0046 1748 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/02/12 20:09:01.0081 1748 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/12 20:09:01.0122 1748 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2011/02/12 20:09:01.0209 1748 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/02/12 20:09:01.0280 1748 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/12 20:09:01.0331 1748 RTL8023xp (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/02/12 20:09:01.0415 1748 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/12 20:09:01.0495 1748 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2011/02/12 20:09:01.0555 1748 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/12 20:09:01.0602 1748 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/12 20:09:01.0643 1748 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/12 20:09:01.0699 1748 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2011/02/12 20:09:01.0767 1748 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/02/12 20:09:01.0800 1748 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/12 20:09:01.0831 1748 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/12 20:09:01.0863 1748 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/12 20:09:01.0911 1748 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/02/12 20:09:01.0959 1748 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/02/12 20:09:01.0992 1748 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/02/12 20:09:02.0080 1748 Smb (46baf398809a0f3b2d3300a1760e4b91) C:\Windows\system32\DRIVERS\smb.sys
2011/02/12 20:09:02.0140 1748 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2011/02/12 20:09:02.0241 1748 srv (c962e98179e54b769028c025c7e470a5) C:\Windows\system32\DRIVERS\srv.sys
2011/02/12 20:09:02.0322 1748 srv2 (e8c4d5bca3c7b5c2a040052aa467b5bf) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/12 20:09:02.0357 1748 srvnet (cd11a0767e82dd8b1a3a26d305dbec0f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/12 20:09:02.0447 1748 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/12 20:09:02.0501 1748 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/12 20:09:02.0535 1748 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/12 20:09:02.0572 1748 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/12 20:09:02.0634 1748 SynTP (451e8037e2eb6da6bdf0a66f65d1810b) C:\Windows\system32\DRIVERS\SynTP.sys
2011/02/12 20:09:02.0796 1748 Tcpip (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\drivers\tcpip.sys
2011/02/12 20:09:02.0861 1748 Tcpip6 (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/12 20:09:02.0909 1748 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/12 20:09:02.0974 1748 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2011/02/12 20:09:03.0007 1748 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2011/02/12 20:09:03.0040 1748 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/12 20:09:03.0110 1748 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/12 20:09:03.0243 1748 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/12 20:09:03.0308 1748 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2011/02/12 20:09:03.0397 1748 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/12 20:09:03.0430 1748 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/02/12 20:09:03.0484 1748 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/12 20:09:03.0546 1748 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/12 20:09:03.0640 1748 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/02/12 20:09:03.0686 1748 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/12 20:09:03.0720 1748 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/12 20:09:03.0779 1748 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/12 20:09:03.0860 1748 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/12 20:09:03.0930 1748 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/12 20:09:03.0986 1748 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/12 20:09:04.0039 1748 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/12 20:09:04.0104 1748 usbohci (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys
2011/02/12 20:09:04.0281 1748 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/02/12 20:09:04.0368 1748 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/12 20:09:04.0551 1748 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/12 20:09:04.0624 1748 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2011/02/12 20:09:04.0704 1748 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/12 20:09:04.0764 1748 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2011/02/12 20:09:04.0882 1748 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/02/12 20:09:04.0922 1748 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/02/12 20:09:04.0955 1748 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/02/12 20:09:05.0055 1748 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
2011/02/12 20:09:05.0101 1748 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2011/02/12 20:09:05.0155 1748 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2011/02/12 20:09:05.0240 1748 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/02/12 20:09:05.0316 1748 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/12 20:09:05.0375 1748 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/12 20:09:05.0412 1748 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/12 20:09:05.0620 1748 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/02/12 20:09:05.0743 1748 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/12 20:09:06.0049 1748 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/02/12 20:09:06.0294 1748 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/12 20:09:06.0446 1748 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/12 20:09:06.0596 1748 yukonwlh (ade7a4943003020216952b56a6741ec7) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/02/12 20:09:06.0686 1748 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/12 20:09:06.0732 1748 ================================================================================
2011/02/12 20:09:06.0732 1748 Scan finished
2011/02/12 20:09:06.0732 1748 ================================================================================
2011/02/12 20:09:06.0747 5012 Detected object count: 1
2011/02/12 20:09:16.0088 5012 \HardDisk0 - will be cured after reboot
2011/02/12 20:09:16.0089 5012 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/12 20:09:32.0101 4292 Deinitialize success



OTL logfile created on: 12/02/2011 20:15:16 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Claire\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16830)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.79 Gb Total Space | 22.90 Gb Free Space | 45.09% Space Free | Partition Type: NTFS
Drive D: | 51.00 Gb Total Space | 7.69 Gb Free Space | 15.07% Space Free | Partition Type: NTFS
Drive F: | 3.74 Gb Total Space | 3.74 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: CLAIRE-PC | User Name: Claire | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/12 20:15:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Claire\Downloads\OTL.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2009/06/02 20:38:17 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/24 06:00:56 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/30 03:00:14 | 001,926,144 | ---- | M] () -- C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
PRC - [2008/01/02 08:40:14 | 000,348,160 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2007/12/28 01:44:10 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2007/07/04 22:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2007/06/28 09:54:42 | 000,073,728 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
PRC - [2007/06/13 04:11:30 | 004,489,216 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/06/01 10:36:00 | 000,684,032 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2007/05/10 18:06:32 | 000,040,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2007/04/24 09:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/10/05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/02/12 20:15:03 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Claire\Downloads\OTL.exe
MOD - [2008/02/19 04:15:29 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/02/19 03:10:31 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/28 09:54:42 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2006/10/05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:58 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:54 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:52 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2008/02/19 02:51:36 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2007/10/26 05:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/09/13 06:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/06/13 14:21:30 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/06/13 14:21:30 | 002,600,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/06/11 22:05:34 | 001,787,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/03 01:14:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/04/26 01:15:26 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2007/03/29 18:46:22 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/02/27 05:20:28 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/02/27 05:20:24 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/28 07:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 09:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 09:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 09:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 09:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 07:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 07:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/10 18:49:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/02/10 18:50:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/06 16:09:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/06 16:50:05 | 000,000,000 | ---D | M]

[2009/06/01 17:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claire\AppData\Roaming\Mozilla\Extensions
[2011/02/11 20:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\7vn263sz.default\extensions
[2009/06/06 16:41:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\7vn263sz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/02/10 19:34:08 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\7vn263sz.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2011/02/10 19:34:08 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Claire\AppData\Roaming\Mozilla\Firefox\Profiles\7vn263sz.default\extensions\personas@christopher.beard
[2011/02/06 16:50:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/06 16:50:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/10 18:49:44 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/02/10 18:50:44 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.011.025.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2009/06/02 19:37:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/01/04 15:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 15:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2008/09/22 19:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 15:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Sec\Wallpapers\wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/12 20:16:19 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011/02/12 20:16:19 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011/02/12 20:15:16 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011/02/12 20:15:16 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/02/12 20:08:22 | 000,000,000 | ---D | C] -- C:\Users\Claire\Desktop\tdsskiller
[2011/02/10 21:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/02/10 21:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/02/10 19:44:46 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/02/10 19:44:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/02/10 19:34:20 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Local\AVG Security Toolbar
[2011/02/10 18:51:51 | 000,000,000 | ---D | C] -- C:\Users\Claire\AppData\Roaming\AVG10
[2011/02/10 18:50:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/02/10 18:50:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011/02/10 18:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/02/10 18:49:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/02/10 18:49:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/02/10 18:47:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/02/10 18:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/02/06 17:12:04 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/02/06 16:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/02/06 16:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/06 16:50:04 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/02/06 16:50:04 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/06 16:50:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/06 16:50:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2006/11/24 05:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006/11/24 05:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll

========== Files - Modified Within 30 Days ==========

[2011/02/12 20:11:33 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/12 20:11:31 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/12 20:11:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/12 20:11:05 | 2950,873,088 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/12 20:10:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/02/12 20:07:24 | 001,246,857 | ---- | M] () -- C:\Users\Claire\Desktop\tdsskiller.zip
[2011/02/12 20:07:17 | 106,017,596 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/02/11 21:18:57 | 000,670,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/11 21:18:57 | 000,126,048 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/11 20:49:16 | 000,000,291 | ---- | M] () -- C:\Windows\System32\dmlg.dat
[2011/02/11 09:40:25 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2380606135-1058032337-4017540388-1003.job
[2011/02/10 20:20:08 | 000,002,793 | ---- | M] () -- C:\Users\Claire\Desktop\Attach.zip
[2011/02/10 19:42:10 | 000,000,000 | ---- | M] () -- C:\Users\Claire\defogger_reenable
[2011/02/10 18:50:37 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk

========== Files Created - No Company Name ==========

[2011/02/12 20:07:17 | 106,017,596 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/02/12 20:07:17 | 001,246,857 | ---- | C] () -- C:\Users\Claire\Desktop\tdsskiller.zip
[2011/02/11 08:57:15 | 000,000,038 | ---- | C] () -- C:\Users\Claire\AppData\Local\xobni_installer_updater.log
[2011/02/10 20:20:08 | 000,002,793 | ---- | C] () -- C:\Users\Claire\Desktop\Attach.zip
[2011/02/10 19:42:10 | 000,000,000 | ---- | C] () -- C:\Users\Claire\defogger_reenable
[2011/02/10 18:50:37 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/02/10 18:26:13 | 000,000,291 | ---- | C] () -- C:\Windows\System32\dmlg.dat
[2011/02/06 17:19:57 | 000,000,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2008/02/19 03:06:19 | 000,004,744 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008/02/19 02:59:36 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008/02/19 02:59:36 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008/02/18 09:20:12 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/04/24 09:32:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/02/15 07:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006/11/29 08:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/10/09 01:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2001/11/14 04:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

< End of report >



OTL Extras logfile created on: 12/02/2011 20:15:16 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Claire\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16830)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50.79 Gb Total Space | 22.90 Gb Free Space | 45.09% Space Free | Partition Type: NTFS
Drive D: | 51.00 Gb Total Space | 7.69 Gb Free Space | 15.07% Space Free | Partition Type: NTFS
Drive F: | 3.74 Gb Total Space | 3.74 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: CLAIRE-PC | User Name: Claire | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01436B49-06F1-49B8-84B9-FF410C0039CC}" = lport=137 | protocol=17 | dir=in | app=system |
"{1C008CD1-26AB-4033-AFAC-36CA43860DEB}" = rport=138 | protocol=17 | dir=out | app=system |
"{41E29592-BD4C-4D46-94F9-676377617553}" = rport=445 | protocol=6 | dir=out | app=system |
"{4D78407E-8922-4908-9B58-540AE2E5DC01}" = lport=138 | protocol=17 | dir=in | app=system |
"{5F007BDC-381C-4022-B5AA-D16793C02F00}" = rport=137 | protocol=17 | dir=out | app=system |
"{7D460FD8-1E87-49BB-BDFA-27AAA172354E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{96BADF53-7F20-40F4-8D5F-4A339F890793}" = lport=139 | protocol=6 | dir=in | app=system |
"{A72CA2F1-73AB-459E-B190-49AE501F4602}" = rport=139 | protocol=6 | dir=out | app=system |
"{AD7A9D5B-F5C1-484A-810B-2E950733DC5A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C868E5E1-3337-4D81-A5FF-70538D6FB262}" = lport=445 | protocol=6 | dir=in | app=system |
"{F13FFA9E-2FC7-4999-BAF2-C24656D5D3D5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C0A92B3-157F-47C2-8214-E4DECA06BE0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1D331162-B215-4A0F-AE60-74AE347851EF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{1E7F0B56-7FFA-4AEA-8968-9C63FA687FF1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{47F9F61D-210C-4EC2-BFB3-5CC9915A89BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4B1D116D-2607-4305-9A1F-A04B2091B0C3}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{5B6B8C8B-B778-4A90-AC89-E6382B66D1E8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{97941D06-2408-4677-8201-4A95C02283A7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{98DFB029-A73A-4660-9588-02F7CF991F73}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{B035C176-5308-445C-A0D2-A132B7BC70D6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C54BDA2E-13A6-4DDE-91C9-9606F552B915}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F4AE520C-D856-47B9-9F9F-38D3887D7F21}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{F6B51798-5B26-44C4-B8C5-27B8D5397D52}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{082DF5B7-6572-6B88-F9F3-E1A41707F4A7}" = CCC Help Czech
"{0EE315C8-0081-8B6B-12AF-D26BBF275A82}" = CCC Help Korean
"{10F29C04-6DFA-65AD-B5AA-744255B4D7C8}" = CCC Help Polish
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 23
"{287A32EF-A420-6596-ADDA-A9DE9A897796}" = CCC Help Portuguese
"{2AE84E70-5E53-C8B0-F423-C6494B4FEBED}" = CCC Help German
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EB709B5-0355-B855-8CC0-00821C49DA8B}" = Catalyst Control Center Localization Dutch
"{2F00CF0D-C670-9BD6-51FD-8DD1A0A42E37}" = Catalyst Control Center Localization Czech
"{2F2BB2EC-8494-3C43-6ABF-FEF5C05F3DA6}" = Catalyst Control Center Localization Polish
"{313EAEC4-F4E1-31B9-4F38-107FF621B31F}" = CCC Help Turkish
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{32E64DF2-8426-C9E0-2829-5485AB959225}" = Catalyst Control Center Core Implementation
"{3345B08C-5CAF-AF8C-301C-1B159BB51556}" = Catalyst Control Center Localization Japanese
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C25440D-FBA4-A668-D088-26842B689ADB}" = CCC Help French
"{3DFAF6BC-4FE2-5B0D-1C9B-F2055968277B}" = Catalyst Control Center Localization German
"{3FFE6A7B-13B9-494C-29D7-EB46E9E6646C}" = Catalyst Control Center Localization Russian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{436B50D2-4CA3-A53D-00CF-482A886A1524}" = CCC Help Finnish
"{46623DE3-FDA8-2141-C951-1A2DFA420D03}" = Skins
"{480F7F23-279B-96A4-FAD2-7014D36B79C4}" = Catalyst Control Center Localization Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56682EAB-48F1-7187-4F48-1FF9645A1D07}" = Catalyst Control Center Localization Finnish
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5E031BFC-0827-26D4-FDD3-B8D68472DAE1}" = Catalyst Control Center Localization Portuguese
"{5F29B192-AE83-2636-747D-C5D83E79E8FE}" = Catalyst Control Center Localization Chinese Traditional
"{5FE21275-8D6C-CD0F-5B36-394636C0D264}" = CCC Help Thai
"{6001A55E-2A00-C407-67DB-DCFB3E0CD6F2}" = Catalyst Control Center Graphics Previews Vista
"{6290211A-CB26-FD7E-F214-21B15A5F7C87}" = Catalyst Control Center Localization Korean
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681C334E-6E93-84BF-E371-26109B7BF8B8}" = Catalyst Control Center Localization Italian
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B898739-AE0B-574E-9E7F-DCC7907372A0}" = CCC Help English
"{6B991234-EB5B-4FB3-5873-3946854F0850}" = Catalyst Control Center Localization Hungarian
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{79538CDE-83AC-0264-3125-145F33D63B88}" = Catalyst Control Center Graphics Light
"{7A00BF8A-A7E5-D3E0-B17F-06BC5AEC48F6}" = CCC Help Japanese
"{7D97029D-B047-F3A1-D6C0-BFF3647AC943}" = Catalyst Control Center Localization French
"{87009005-9492-1307-F01A-25C1554F4F32}" = ccc-core-static
"{87824C5E-2830-63FC-177E-05E16F55F596}" = CCC Help Swedish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E8FFB67-9316-F95E-969F-402722568272}" = CCC Help Italian
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{961DC9E8-DDAF-6271-AD0A-689909295476}" = CCC Help Chinese Standard
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A413023B-583C-4BDD-A639-346B1579DC01}" = Catalyst Control Center Localization Thai
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A54A1F3D-E2E0-C9F9-8112-8F0C5A6B06E0}" = Catalyst Control Center Localization Swedish
"{A5C67209-3FC7-A6FF-F7FB-079586F223CC}" = Catalyst Control Center Localization Danish
"{A7A27439-E5CD-AF54-FD49-8A08354D5122}" = Catalyst Control Center Localization Chinese Standard
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AD92E291-E249-4AAD-C8FF-BAF0FC7AFE9C}" = CCC Help Greek
"{B15C935A-8944-937D-6FA4-D69BEFFEA643}" = CCC Help Spanish
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B7263C56-AED3-3D55-918C-E0BAFCCBF0C7}" = CCC Help Russian
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BB219FC1-008E-7D0D-91A0-CAE6D03DAC8C}" = Catalyst Control Center Localization Norwegian
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C550F812-14C4-23F5-F369-6761A9C0E864}" = CCC Help Dutch
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CAED2BFB-E4D5-D367-7179-D09E73C85938}" = Catalyst Control Center Localization Greek
"{CAF81DB8-F5DC-DF09-18A6-DD61635305E8}" = CCC Help Chinese Traditional
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4186013-EE74-7570-17D3-38BC3632D51A}" = CCC Help Norwegian
"{D9CE4019-982E-BF95-18CE-5EBB5D75D939}" = Catalyst Control Center Graphics Full New
"{DDD45306-E4F0-D309-447F-7B1A0F6F9CAB}" = Catalyst Control Center Localization Spanish
"{E28201F3-2C09-FCD1-6934-84A3A9E4F0BF}" = CCC Help Danish
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A7EE8F-94F0-374C-E4F2-B7CDDE56ECA8}" = Catalyst Control Center Graphics Full Existing
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F790AD19-127F-9BD7-2655-13E3DA0D7BC2}" = ccc-utility
"{FC20E3FB-60DB-8CFB-4649-CB2F2092F6B2}" = CCC Help Hungarian
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG" = AVG 2011
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"PROHYBRIDR" = 2007 Microsoft Office system
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/02/2011 15:52:54 | Computer Name = Claire-PC | Source = Perflib | ID = 1010
Description =

Error - 10/02/2011 18:10:23 | Computer Name = Claire-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc000071b, fault offset 0x0008ac88, process id 0xb8c, application
start time 0x01cbc95ba5654079.

Error - 11/02/2011 04:02:22 | Computer Name = Claire-PC | Source = WerSvc | ID = 5007
Description =

Error - 11/02/2011 05:41:25 | Computer Name = Claire-PC | Source = System Restore | ID = 8193
Description =

Error - 11/02/2011 05:41:25 | Computer Name = Claire-PC | Source = System Restore | ID = 8210
Description =

Error - 11/02/2011 16:04:20 | Computer Name = Claire-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc000071b, fault offset 0x0008ac88, process id 0x50c, application
start time 0x01cbc9c1f94e28fd.

Error - 11/02/2011 16:47:21 | Computer Name = Claire-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000005, fault offset 0x00040026, process id 0x860, application
start time 0x01cbca26fcbe6800.

Error - 11/02/2011 17:11:55 | Computer Name = Claire-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6000.16386, time stamp
0x4549adc4, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc000071b, fault offset 0x0008ac88, process id 0x1324, application
start time 0x01cbca2d21525cc0.

Error - 12/02/2011 16:10:14 | Computer Name = Claire-PC | Source = EventSystem | ID = 4621
Description =

Error - 12/02/2011 16:11:29 | Computer Name = Claire-PC | Source = WerSvc | ID = 5007
Description =

[ System Events ]
Error - 12/02/2011 16:17:31 | Computer Name = Claire-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 12/02/2011 16:17:31 | Computer Name = Claire-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 12/02/2011 16:17:31 | Computer Name = Claire-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 12/02/2011 16:17:31 | Computer Name = Claire-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 12/02/2011 16:17:31 | Computer Name = Claire-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 12/02/2011 16:17:31 | Computer Name = Claire-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 12/02/2011 16:17:31 | Computer Name = Claire-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 12/02/2011 16:17:31 | Computer Name = Claire-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 12/02/2011 16:17:31 | Computer Name = Claire-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 12/02/2011 16:17:31 | Computer Name = Claire-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =


< End of report >

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:43 AM

Posted 12 February 2011 - 03:27 PM

Hello brotherwarren,

2011/02/12 20:09:06.0747 5012 Detected object count: 1
2011/02/12 20:09:16.0088 5012 \HardDisk0 - will be cured after reboot
2011/02/12 20:09:16.0089 5012 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/12 20:09:32.0101 4292 Deinitialize success


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 brotherwarren

brotherwarren
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 12 February 2011 - 03:45 PM

Oh dear!

I think that a complete format and reinstall is in order.

Do you know how I might go about reinstalling windows without a disk? When we bought this laptop Windows was already installed on it. We've never had the dvd.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:43 AM

Posted 12 February 2011 - 03:56 PM

I think that a complete format and reinstall is in order.

That's the best option sometimes.

Do you know how I might go about reinstalling windows without a disk? When we bought this laptop Windows was already installed on it. We've never had the dvd.

With Windows Vista, there is usually a recovery partition on your drive which enables you to create a recovery disc to perform the installation.

You could try and contact the manufacturer of your computer and see if they will send you out a Windows Vista disc.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:43 AM

Posted 22 February 2011 - 07:47 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users