Can't run MBAM/GMER - Google redirects to ad sites

[crunchygirl]

Hi guys, thanks for taking the time to read this.

It seems I'm having a similar problem to quite a few people here. Up until last night my laptop was working perfectly, until I noticed that Firefox was redirecting me to random sites when I was clicking through from a Google search result. Obviously upon noticing this I fired up Malwarebytes and it scanned for about 5 seconds before disappearing and the icon turned into a little blue and white box. I tried starting up in Safe Mode and re-downloading Malwarebytes but with the same result. I have tried to follow the instructions in the "I'm infected - What do I do now?" thread but GMER wouldn't run for me. It scanned for about a minute but then disappeared and now refuses to open... so unfortunatly I can only attach the DDS text files. From having a little wander around these forums it'd guess it's some sort of rootkit problem, but obviously you guys are the experts and probably knew that straight away.

Thank you so, so much in advance for any help you can provide.

Here is the DSS.txt file:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26

Run by Sean Whitaker at 15:29:42 on 2011-09-25

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.441 [GMT 1:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\2027473414:4181010311.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\WINDOWS\system32\basfipm.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ie/

uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No File

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [Google Update] "c:\documents and settings\sean whitaker\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe

mRun: [intelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions

mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 89.101.160.5 89.101.160.4

TCP: Interfaces\{E18534E2-736E-4468-9983-18FA77665B37} : DhcpNameServer = 89.101.160.5 89.101.160.4

TCP: Interfaces\{FB1E280B-5F2B-429C-AB31-BC0FB43ED309} : NameServer = 89.101.160.4,89.101.160.5

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\sean whitaker\application data\mozilla\firefox\profiles\gi9s5k3e.default\

FF - prefs.js: browser.search.selectedEngine - Google.co.uk

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll

FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\documents and settings\sean whitaker\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\sean whitaker\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\sean whitaker\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

.

=============== Created Last 30 ================

.

2011-09-25 14:01:59 -------- d--h--w- C:\$AVG

2011-09-25 01:34:51 -------- d-----w- c:\documents and settings\sean whitaker\local settings\application data\uTorrent

2011-09-20 14:43:52 -------- d-----w- c:\documents and settings\sean whitaker\application data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

2011-09-20 14:43:27 -------- d-----w- c:\program files\TweetDeck

2011-09-06 21:26:23 -------- d-----w- c:\program files\iPod

2011-09-03 10:17:37 599040 ------w- c:\windows\system32\dllcache\crypt32.dll

2011-09-01 02:23:47 -------- d-----w- c:\documents and settings\all users\application data\Last.fm

2011-09-01 02:22:22 -------- d-----w- c:\documents and settings\sean whitaker\local settings\application data\Last.fm

2011-09-01 02:21:51 -------- d-----w- c:\program files\Last.fm

.

==================== Find3M ====================

.

2011-09-25 04:00:28 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-08 16:05:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-25 15:17:44 5969920 ----a-w- c:\windows\system32\SET1E.tmp

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 10:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 10:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 10:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 14:52:37 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-06 14:52:36 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-05 17:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 17:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts

.

============= FINISH: 15:32:11.76 ===============

attach.zip

[B-boy/StyLe/]

Hello crunchygirl ! Welcome to Malwarebytes Forums!

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  
• The logs can take some time to research, so please be patient with me.
  
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  
• Instructions that I give are for your system only!
  
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

IMPORTANT NOTE: One or more of the identified infections is related to the rootkit ZeroAccess. Rootkits, backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used be the attacker for malicious purposes. Rootkits are used be Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bepasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

• What danger is presented be rootkits?
  
• Rootkits and how to combat them
  
• r00tkit Analysis: What Is A Rootkit
  

If your computer was used for online banking, has credit card information or other sensitive data on it, you should stay disconnected from the Internet until your system is fully cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:

• How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
  
• What Should I Do If I've Become A Victim Of Identity Theft?
  
• Identity Theft Victims Guide - What to do
  

Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

• When should I re-format? How should I reinstall?
  
• Help: I Got Hacked. Now What Do I Do?
  
• Where to draw the line? When to recommend a format and reinstall?

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you decide to continue please do this:

STEP 1

Please download DummyCreator.zip and unzip it.

• Run the tool.
  
• Copy and paste the following into the edit box:

  C:\WINDOWS\2027473414

• Press Create button and post the content of the Result.txt.
  Important: Restart the computer.

STEP 2

Next please:

Please download ComboFix from the link below:

Combofix

Save it to your Desktop <-- Important!!!

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.
  
• Double click it & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Regards,

Georgi

[crunchygirl]

Hi Georgi, I'm Lucy. Thank you so much for your prompt response, that was so quick! As per your advice, I've changed my online banking password on a different computer, I probably wouldn't even have thought to do this so thank you very much! (Not that there's much in there, anyway!)

The link for 'DummyCreator.zip' doesn't appear to be working, could you please provide an alternative and I'll get right to it?!

[B-boy/StyLe/]

Hello,

Sorry. Try the link below:

Click here.

Regards,

Georgi

[crunchygirl]

Georgi,

When I ComboFix, it did its thing and a dialogue box came up saying that it had found something,some sort of rootkit something or other... I didn't really take note as I presumed it would all be contained in the log at the end, I just clicked okay. It said that it had to reboot my computer and that if anything went wrong, to restart my computer once and re-run Combofix. The computer re-booted but it didn't start up properly... there was no taskbar or desktop icons or anything, and just a window from Combofix saying something along the lines of 'Combofix is preparing to start'... I left it like this for half an hour and there was sttill no change at all, so I did what Combofix said to do and restarted my computer and attempted to run Combofix again. Now when I try to run it nothing happens, Combofix won't start. Is that my fault or the fault of the infection?

DummyCreator result:

DummyCreator by Farbar

Ran by Sean Whitaker (administrator) on 25-09-2011 at 17:19:07

**************************************************************

C:\WINDOWS\2027473414 [25-09-2011 17:19:07]

== End of log ==

[B-boy/StyLe/]

Hi again,

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Check the box beside Verify Driver Digital Signature, then click OK.
  
  
• Click the Start Scan button.
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Regards,

Georgi

[crunchygirl]

Thanks Georgi...

Ran TDSKIller and it found 29 'suspicious objects', but no maliciopus objects. Here is the log:

18:27:15.0078 4092 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37

18:27:15.0234 4092 ============================================================

18:27:15.0234 4092 Current date / time: 2011/09/25 18:27:15.0234

18:27:15.0234 4092 SystemInfo:

18:27:15.0234 4092

18:27:15.0234 4092 OS Version: 5.1.2600 ServicePack: 3.0

18:27:15.0234 4092 Product type: Workstation

18:27:15.0234 4092 ComputerName: LAPTOP

18:27:15.0234 4092 UserName: Sean Whitaker

18:27:15.0234 4092 Windows directory: C:\WINDOWS

18:27:15.0234 4092 System windows directory: C:\WINDOWS

18:27:15.0234 4092 Processor architecture: Intel x86

18:27:15.0234 4092 Number of processors: 1

18:27:15.0234 4092 Page size: 0x1000

18:27:15.0234 4092 Boot type: Normal boot

18:27:15.0234 4092 ============================================================

18:27:17.0406 4092 Initialize success

18:27:42.0453 2872 ============================================================

18:27:42.0453 2872 Scan started

18:27:42.0453 2872 Mode: Manual; SigCheck; TDLFS;

18:27:42.0453 2872 ============================================================

18:27:43.0328 2872 6cad878 - ok

18:27:43.0453 2872 Abiosdsk - ok

18:27:43.0515 2872 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

18:27:48.0125 2872 abp480n5 - ok

18:27:48.0265 2872 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:27:48.0562 2872 ACPI - ok

18:27:48.0593 2872 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:27:48.0890 2872 ACPIEC - ok

18:27:49.0046 2872 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

18:27:49.0312 2872 adpu160m - ok

18:27:49.0359 2872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:27:49.0609 2872 aec - ok

18:27:49.0953 2872 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys

18:27:50.0015 2872 AegisP ( UnsignedFile.Multi.Generic ) - warning

18:27:50.0015 2872 AegisP - detected UnsignedFile.Multi.Generic (1)

18:27:50.0515 2872 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

18:27:51.0062 2872 AFD - ok

18:27:51.0171 2872 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

18:27:51.0531 2872 agp440 - ok

18:27:51.0578 2872 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

18:27:51.0812 2872 agpCPQ - ok

18:27:51.0859 2872 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

18:27:52.0015 2872 Aha154x - ok

18:27:52.0031 2872 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

18:27:52.0343 2872 aic78u2 - ok

18:27:52.0421 2872 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

18:27:52.0671 2872 aic78xx - ok

18:27:53.0078 2872 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

18:27:53.0312 2872 AliIde - ok

18:27:53.0484 2872 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

18:27:53.0765 2872 alim1541 - ok

18:27:53.0812 2872 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

18:27:54.0109 2872 amdagp - ok

18:27:54.0171 2872 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

18:27:54.0328 2872 amsint - ok

18:27:54.0390 2872 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS

18:27:54.0406 2872 APPDRV ( UnsignedFile.Multi.Generic ) - warning

18:27:54.0406 2872 APPDRV - detected UnsignedFile.Multi.Generic (1)

18:27:54.0500 2872 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

18:27:54.0781 2872 Arp1394 - ok

18:27:54.0843 2872 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

18:27:55.0140 2872 asc - ok

18:27:55.0296 2872 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

18:27:55.0406 2872 asc3350p - ok

18:27:55.0703 2872 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

18:27:56.0078 2872 asc3550 - ok

18:27:56.0125 2872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:27:56.0328 2872 AsyncMac - ok

18:27:56.0453 2872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:27:56.0671 2872 atapi - ok

18:27:56.0687 2872 Atdisk - ok

18:27:56.0734 2872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:27:56.0953 2872 Atmarpc - ok

18:27:56.0984 2872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:27:57.0203 2872 audstub - ok

18:27:57.0281 2872 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

18:27:57.0359 2872 AVGIDSDriver - ok

18:27:57.0484 2872 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

18:27:57.0500 2872 AVGIDSEH - ok

18:27:57.0546 2872 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

18:27:57.0578 2872 AVGIDSFilter - ok

18:27:57.0875 2872 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

18:27:57.0906 2872 AVGIDSShim - ok

18:27:58.0140 2872 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

18:27:58.0187 2872 Avgldx86 - ok

18:27:58.0250 2872 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

18:27:58.0281 2872 Avgmfx86 - ok

18:27:58.0312 2872 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

18:27:58.0343 2872 Avgrkx86 - ok

18:27:58.0437 2872 Avgtdix (c03e473a938f83c0c3dafb86b44a09eb) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

18:27:58.0500 2872 Avgtdix ( UnsignedFile.Multi.Generic ) - warning

18:27:58.0500 2872 Avgtdix - detected UnsignedFile.Multi.Generic (1)

18:27:58.0640 2872 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

18:27:58.0750 2872 b57w2k - ok

18:27:58.0812 2872 BASFND (3d87b0484be1093c6614062701f375c5) C:\WINDOWS\system32\Drivers\BASFND.sys

18:27:58.0843 2872 BASFND ( UnsignedFile.Multi.Generic ) - warning

18:27:58.0843 2872 BASFND - detected UnsignedFile.Multi.Generic (1)

18:27:58.0890 2872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:27:59.0250 2872 Beep - ok

18:27:59.0281 2872 bvrp_pci - ok

18:27:59.0484 2872 catchme - ok

18:27:59.0578 2872 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

18:27:59.0828 2872 cbidf - ok

18:27:59.0859 2872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:28:00.0156 2872 cbidf2k - ok

18:28:00.0265 2872 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:28:00.0484 2872 CCDECODE - ok

18:28:00.0515 2872 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

18:28:00.0640 2872 cd20xrnt - ok

18:28:00.0734 2872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:28:00.0953 2872 Cdaudio - ok

18:28:01.0000 2872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:28:01.0218 2872 Cdfs - ok

18:28:01.0250 2872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:28:01.0468 2872 Cdrom - ok

18:28:01.0484 2872 Changer - ok

18:28:01.0546 2872 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

18:28:01.0781 2872 CmBatt - ok

18:28:01.0828 2872 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

18:28:02.0062 2872 CmdIde - ok

18:28:02.0171 2872 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

18:28:02.0375 2872 Compbatt - ok

18:28:02.0421 2872 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

18:28:02.0671 2872 Cpqarray - ok

18:28:02.0718 2872 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

18:28:02.0953 2872 dac2w2k - ok

18:28:02.0984 2872 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

18:28:03.0187 2872 dac960nt - ok

18:28:03.0250 2872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:28:03.0453 2872 Disk - ok

18:28:03.0562 2872 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:28:03.0828 2872 dmboot - ok

18:28:04.0000 2872 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:28:04.0218 2872 dmio - ok

18:28:04.0296 2872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:28:04.0531 2872 dmload - ok

18:28:04.0562 2872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:28:04.0796 2872 DMusic - ok

18:28:04.0843 2872 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

18:28:05.0062 2872 dpti2o - ok

18:28:05.0093 2872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:28:05.0312 2872 drmkaud - ok

18:28:05.0421 2872 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys

18:28:05.0453 2872 drvmcdb ( UnsignedFile.Multi.Generic ) - warning

18:28:05.0453 2872 drvmcdb - detected UnsignedFile.Multi.Generic (1)

18:28:05.0500 2872 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys

18:28:05.0531 2872 drvnddm ( UnsignedFile.Multi.Generic ) - warning

18:28:05.0531 2872 drvnddm - detected UnsignedFile.Multi.Generic (1)

18:28:05.0609 2872 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

18:28:05.0859 2872 E100B - ok

18:28:05.0921 2872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:28:06.0140 2872 Fastfat - ok

18:28:06.0187 2872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:28:06.0375 2872 Fdc - ok

18:28:06.0421 2872 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:28:06.0625 2872 Fips - ok

18:28:06.0718 2872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:28:06.0937 2872 Flpydisk - ok

18:28:07.0000 2872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:28:07.0218 2872 FltMgr - ok

18:28:07.0265 2872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:28:07.0468 2872 Fs_Rec - ok

18:28:07.0531 2872 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:28:07.0750 2872 Ftdisk - ok

18:28:07.0812 2872 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

18:28:07.0843 2872 GEARAspiWDM - ok

18:28:07.0953 2872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:28:08.0171 2872 Gpc - ok

18:28:08.0234 2872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:28:08.0453 2872 HidUsb - ok

18:28:08.0531 2872 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

18:28:08.0750 2872 hpn - ok

18:28:08.0796 2872 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys

18:28:08.0906 2872 HSFHWICH - ok

18:28:09.0046 2872 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

18:28:09.0171 2872 HSF_DP - ok

18:28:09.0250 2872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:28:09.0328 2872 HTTP - ok

18:28:09.0468 2872 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

18:28:09.0812 2872 i2omgmt - ok

18:28:09.0859 2872 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

18:28:10.0078 2872 i2omp - ok

18:28:10.0109 2872 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

18:28:10.0312 2872 i8042prt - ok

18:28:10.0453 2872 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

18:28:10.0640 2872 ialm - ok

18:28:10.0781 2872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:28:11.0125 2872 Imapi - ok

18:28:11.0218 2872 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

18:28:11.0453 2872 ini910u - ok

18:28:11.0484 2872 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

18:28:11.0703 2872 IntelIde - ok

18:28:11.0765 2872 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:28:11.0984 2872 intelppm - ok

18:28:12.0078 2872 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:28:12.0296 2872 Ip6Fw - ok

18:28:12.0343 2872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:28:12.0578 2872 IpFilterDriver - ok

18:28:12.0656 2872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:28:12.0859 2872 IpInIp - ok

18:28:12.0890 2872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:28:13.0109 2872 IpNat - ok

18:28:13.0156 2872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:28:13.0375 2872 IPSec - ok

18:28:13.0468 2872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:28:13.0671 2872 IRENUM - ok

18:28:13.0734 2872 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:28:13.0937 2872 isapnp - ok

18:28:14.0000 2872 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys

18:28:14.0140 2872 IWCA - ok

18:28:14.0265 2872 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:28:14.0484 2872 Kbdclass - ok

18:28:14.0531 2872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:28:14.0843 2872 kmixer - ok

18:28:14.0921 2872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:28:15.0062 2872 KSecDD - ok

18:28:15.0140 2872 lbrtfdc - ok

18:28:15.0218 2872 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

18:28:15.0265 2872 mdmxsdk - ok

18:28:15.0296 2872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:28:15.0531 2872 mnmdd - ok

18:28:15.0609 2872 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:28:15.0875 2872 Modem - ok

18:28:15.0906 2872 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:28:16.0109 2872 Mouclass - ok

18:28:16.0187 2872 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:28:16.0406 2872 mouhid - ok

18:28:16.0468 2872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:28:16.0687 2872 MountMgr - ok

18:28:16.0718 2872 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

18:28:16.0937 2872 mraid35x - ok

18:28:16.0968 2872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:28:17.0187 2872 MRxDAV - ok

18:28:17.0281 2872 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:28:17.0406 2872 MRxSmb - ok

18:28:17.0515 2872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:28:17.0718 2872 Msfs - ok

18:28:17.0781 2872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:28:18.0078 2872 MSKSSRV - ok

18:28:18.0125 2872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:28:18.0390 2872 MSPCLOCK - ok

18:28:18.0406 2872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:28:18.0609 2872 MSPQM - ok

18:28:18.0671 2872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:28:18.0906 2872 mssmbios - ok

18:28:18.0968 2872 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

18:28:19.0187 2872 MSTEE - ok

18:28:19.0250 2872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:28:19.0312 2872 Mup - ok

18:28:19.0390 2872 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:28:19.0609 2872 NABTSFEC - ok

18:28:19.0718 2872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:28:19.0953 2872 NDIS - ok

18:28:20.0000 2872 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:28:20.0203 2872 NdisIP - ok

18:28:20.0250 2872 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:28:20.0328 2872 NdisTapi - ok

18:28:20.0406 2872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:28:20.0625 2872 Ndisuio - ok

18:28:20.0750 2872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:28:21.0046 2872 NdisWan - ok

18:28:21.0109 2872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:28:21.0203 2872 NDProxy - ok

18:28:21.0234 2872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:28:21.0500 2872 NetBIOS - ok

18:28:21.0593 2872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:28:21.0890 2872 NetBT - ok

18:28:22.0109 2872 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

18:28:22.0406 2872 NIC1394 - ok

18:28:22.0453 2872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:28:22.0718 2872 Npfs - ok

18:28:22.0781 2872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:28:23.0031 2872 Ntfs - ok

18:28:23.0093 2872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:28:23.0328 2872 Null - ok

18:28:23.0625 2872 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:28:24.0062 2872 nv - ok

18:28:24.0218 2872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:28:24.0421 2872 NwlnkFlt - ok

18:28:24.0437 2872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:28:24.0671 2872 NwlnkFwd - ok

18:28:24.0718 2872 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

18:28:24.0953 2872 NwlnkIpx - ok

18:28:25.0000 2872 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

18:28:25.0234 2872 NwlnkNb - ok

18:28:25.0281 2872 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

18:28:25.0500 2872 NwlnkSpx - ok

18:28:25.0656 2872 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys

18:28:25.0906 2872 NWRDR - ok

18:28:25.0937 2872 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

18:28:26.0156 2872 ohci1394 - ok

18:28:26.0203 2872 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys

18:28:26.0234 2872 omci ( UnsignedFile.Multi.Generic ) - warning

18:28:26.0234 2872 omci - detected UnsignedFile.Multi.Generic (1)

18:28:26.0281 2872 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

18:28:26.0500 2872 Parport - ok

18:28:26.0562 2872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:28:26.0796 2872 PartMgr - ok

18:28:26.0906 2872 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:28:27.0125 2872 ParVdm - ok

18:28:27.0156 2872 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:28:27.0375 2872 PCI - ok

18:28:27.0390 2872 PCIDump - ok

18:28:27.0437 2872 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:28:27.0671 2872 PCIIde - ok

18:28:27.0687 2872 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

18:28:27.0921 2872 Pcmcia - ok

18:28:27.0937 2872 PDCOMP - ok

18:28:27.0968 2872 PDFRAME - ok

18:28:27.0984 2872 PDRELI - ok

18:28:28.0015 2872 PDRFRAME - ok

18:28:28.0062 2872 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

18:28:28.0296 2872 perc2 - ok

18:28:28.0437 2872 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

18:28:28.0671 2872 perc2hib - ok

18:28:28.0750 2872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:28:28.0968 2872 PptpMiniport - ok

18:28:29.0000 2872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:28:29.0203 2872 PSched - ok

18:28:29.0234 2872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:28:29.0453 2872 Ptilink - ok

18:28:29.0515 2872 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:28:29.0562 2872 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning

18:28:29.0562 2872 PxHelp20 - detected UnsignedFile.Multi.Generic (1)

18:28:29.0734 2872 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

18:28:29.0968 2872 ql1080 - ok

18:28:30.0000 2872 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

18:28:30.0265 2872 Ql10wnt - ok

18:28:30.0296 2872 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

18:28:30.0500 2872 ql12160 - ok

18:28:30.0546 2872 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

18:28:30.0796 2872 ql1240 - ok

18:28:30.0828 2872 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

18:28:31.0062 2872 ql1280 - ok

18:28:31.0093 2872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:28:31.0312 2872 RasAcd - ok

18:28:31.0359 2872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:28:31.0578 2872 Rasl2tp - ok

18:28:31.0734 2872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:28:31.0984 2872 RasPppoe - ok

18:28:32.0015 2872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:28:32.0234 2872 Raspti - ok

18:28:32.0281 2872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:28:32.0500 2872 Rdbss - ok

18:28:32.0531 2872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:28:32.0750 2872 RDPCDD - ok

18:28:32.0812 2872 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:28:33.0046 2872 rdpdr - ok

18:28:33.0187 2872 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

18:28:33.0281 2872 RDPWD - ok

18:28:33.0312 2872 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:28:33.0531 2872 redbook - ok

18:28:33.0593 2872 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

18:28:33.0828 2872 ROOTMODEM - ok

18:28:33.0906 2872 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys

18:28:33.0937 2872 s24trans ( UnsignedFile.Multi.Generic ) - warning

18:28:33.0937 2872 s24trans - detected UnsignedFile.Multi.Generic (1)

18:28:34.0125 2872 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

18:28:34.0343 2872 sdbus - ok

18:28:34.0390 2872 SE27bus (59a9eb4073a39895af314780d0a032fa) C:\WINDOWS\system32\DRIVERS\SE27bus.sys

18:28:34.0781 2872 SE27bus - ok

18:28:34.0937 2872 SE27mdfl (d53e7e53107d1796825540129f8fe89f) C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys

18:28:35.0062 2872 SE27mdfl - ok

18:28:35.0125 2872 SE27mdm (2afa2f65a6e91da5b5070e734769827e) C:\WINDOWS\system32\DRIVERS\SE27mdm.sys

18:28:35.0218 2872 SE27mdm - ok

18:28:35.0265 2872 SE27mgmt (5a33a8d7b44c7bd8abe248b4dcd1ff3c) C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys

18:28:35.0375 2872 SE27mgmt - ok

18:28:35.0437 2872 SE27obex (5da6ff71e94b9134ddd094ebb09f05e6) C:\WINDOWS\system32\DRIVERS\SE27obex.sys

18:28:35.0515 2872 SE27obex - ok

18:28:35.0703 2872 se27unic (4d54a9d7c22157ab3d2442e8bcf5ecd2) C:\WINDOWS\system32\DRIVERS\se27unic.sys

18:28:35.0796 2872 se27unic - ok

18:28:35.0859 2872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:28:36.0234 2872 Secdrv - ok

18:28:36.0296 2872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:28:36.0515 2872 serenum - ok

18:28:36.0546 2872 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

18:28:36.0796 2872 Serial - ok

18:28:36.0968 2872 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

18:28:37.0203 2872 sffdisk - ok

18:28:37.0234 2872 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

18:28:37.0453 2872 sffp_sd - ok

18:28:37.0484 2872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:28:37.0703 2872 Sfloppy - ok

18:28:37.0750 2872 Simbad - ok

18:28:37.0781 2872 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

18:28:38.0015 2872 sisagp - ok

18:28:38.0062 2872 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:28:38.0281 2872 SLIP - ok

18:28:38.0468 2872 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

18:28:38.0687 2872 SONYPVU1 - ok

18:28:38.0734 2872 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

18:28:38.0859 2872 Sparrow - ok

18:28:38.0906 2872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:28:39.0125 2872 splitter - ok

18:28:39.0187 2872 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:28:39.0421 2872 sr - ok

18:28:39.0515 2872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:28:39.0609 2872 Srv - ok

18:28:39.0734 2872 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

18:28:39.0796 2872 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning

18:28:39.0796 2872 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)

18:28:39.0828 2872 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

18:28:39.0859 2872 ssrtln ( UnsignedFile.Multi.Generic ) - warning

18:28:39.0859 2872 ssrtln - detected UnsignedFile.Multi.Generic (1)

18:28:39.0937 2872 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys

18:28:40.0062 2872 STAC97 - ok

18:28:40.0140 2872 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:28:40.0515 2872 streamip - ok

18:28:40.0656 2872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:28:40.0906 2872 swenum - ok

18:28:40.0937 2872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:28:41.0171 2872 swmidi - ok

18:28:41.0250 2872 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

18:28:41.0468 2872 symc810 - ok

18:28:41.0500 2872 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

18:28:41.0718 2872 symc8xx - ok

18:28:41.0750 2872 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

18:28:41.0968 2872 sym_hi - ok

18:28:42.0000 2872 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

18:28:42.0218 2872 sym_u3 - ok

18:28:42.0406 2872 SynTP (643b3e821a00b2b6a35cc099cb9653a1) C:\WINDOWS\system32\DRIVERS\SynTP.sys

18:28:42.0500 2872 SynTP - ok

18:28:42.0546 2872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:28:42.0781 2872 sysaudio - ok

18:28:42.0875 2872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:28:43.0031 2872 Tcpip - ok

18:28:43.0171 2872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:28:43.0500 2872 TDPIPE - ok

18:28:43.0546 2872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:28:43.0781 2872 TDTCP - ok

18:28:43.0859 2872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:28:44.0078 2872 TermDD - ok

18:28:44.0156 2872 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys

18:28:44.0187 2872 tfsnboio ( UnsignedFile.Multi.Generic ) - warning

18:28:44.0187 2872 tfsnboio - detected UnsignedFile.Multi.Generic (1)

18:28:44.0250 2872 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys

18:28:44.0296 2872 tfsncofs ( UnsignedFile.Multi.Generic ) - warning

18:28:44.0296 2872 tfsncofs - detected UnsignedFile.Multi.Generic (1)

18:28:44.0328 2872 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys

18:28:44.0359 2872 tfsndrct ( UnsignedFile.Multi.Generic ) - warning

18:28:44.0359 2872 tfsndrct - detected UnsignedFile.Multi.Generic (1)

18:28:44.0390 2872 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys

18:28:44.0437 2872 tfsndres ( UnsignedFile.Multi.Generic ) - warning

18:28:44.0437 2872 tfsndres - detected UnsignedFile.Multi.Generic (1)

18:28:44.0468 2872 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys

18:28:44.0515 2872 tfsnifs ( UnsignedFile.Multi.Generic ) - warning

18:28:44.0515 2872 tfsnifs - detected UnsignedFile.Multi.Generic (1)

18:28:44.0578 2872 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys

18:28:44.0609 2872 tfsnopio ( UnsignedFile.Multi.Generic ) - warning

18:28:44.0609 2872 tfsnopio - detected UnsignedFile.Multi.Generic (1)

18:28:44.0671 2872 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys

18:28:44.0734 2872 tfsnpool ( UnsignedFile.Multi.Generic ) - warning

18:28:44.0734 2872 tfsnpool - detected UnsignedFile.Multi.Generic (1)

18:28:44.0812 2872 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys

18:28:44.0859 2872 tfsnudf ( UnsignedFile.Multi.Generic ) - warning

18:28:44.0859 2872 tfsnudf - detected UnsignedFile.Multi.Generic (1)

18:28:44.0890 2872 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys

18:28:44.0968 2872 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning

18:28:44.0968 2872 tfsnudfa - detected UnsignedFile.Multi.Generic (1)

18:28:45.0031 2872 toshidpt (62c57e7411b5f20980e70530ca69d5a7) C:\WINDOWS\system32\drivers\Toshidpt.sys

18:28:45.0078 2872 toshidpt ( UnsignedFile.Multi.Generic ) - warning

18:28:45.0078 2872 toshidpt - detected UnsignedFile.Multi.Generic (1)

18:28:45.0140 2872 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

18:28:45.0375 2872 TosIde - ok

18:28:45.0421 2872 tosporte (09505abeae3de953442417a48256684a) C:\WINDOWS\system32\DRIVERS\tosporte.sys

18:28:45.0468 2872 tosporte ( UnsignedFile.Multi.Generic ) - warning

18:28:45.0468 2872 tosporte - detected UnsignedFile.Multi.Generic (1)

18:28:45.0531 2872 Tosrfbd (47bb36a3db94807bc26c280d1ce4a243) C:\WINDOWS\system32\Drivers\tosrfbd.sys

18:28:45.0562 2872 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning

18:28:45.0562 2872 Tosrfbd - detected UnsignedFile.Multi.Generic (1)

18:28:45.0671 2872 Tosrfbnp (fe200eece7521061cdad658c6ee4f341) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

18:28:45.0703 2872 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning

18:28:45.0703 2872 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)

18:28:45.0796 2872 Tosrfcom (d185be751021bcf1e5d58566d408314a) C:\WINDOWS\system32\Drivers\tosrfcom.sys

18:28:45.0843 2872 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning

18:28:45.0843 2872 Tosrfcom - detected UnsignedFile.Multi.Generic (1)

18:28:45.0875 2872 Tosrfhid (341612b9758054e5965bcd6ae111b8f9) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

18:28:45.0906 2872 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning

18:28:45.0906 2872 Tosrfhid - detected UnsignedFile.Multi.Generic (1)

18:28:45.0937 2872 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

18:28:46.0000 2872 tosrfnds ( UnsignedFile.Multi.Generic ) - warning

18:28:46.0000 2872 tosrfnds - detected UnsignedFile.Multi.Generic (1)

18:28:46.0093 2872 TosRfSnd (350814a87f8ba3b0e28278feddf36f82) C:\WINDOWS\system32\drivers\TosRfSnd.sys

18:28:46.0171 2872 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning

18:28:46.0171 2872 TosRfSnd - detected UnsignedFile.Multi.Generic (1)

18:28:46.0250 2872 Tosrfusb (ddb8a339e57d514768f45d33b11bdb50) C:\WINDOWS\system32\Drivers\tosrfusb.sys

18:28:46.0312 2872 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning

18:28:46.0312 2872 Tosrfusb - detected UnsignedFile.Multi.Generic (1)

18:28:46.0453 2872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:28:46.0828 2872 Udfs - ok

18:28:46.0859 2872 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

18:28:47.0000 2872 ultra - ok

18:28:47.0109 2872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:28:47.0343 2872 Update - ok

18:28:47.0406 2872 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

18:28:47.0515 2872 USBAAPL - ok

18:28:47.0750 2872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:28:47.0968 2872 usbehci - ok

18:28:48.0015 2872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:28:48.0328 2872 usbhub - ok

18:28:48.0406 2872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:28:48.0703 2872 USBSTOR - ok

18:28:48.0750 2872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:28:49.0062 2872 usbuhci - ok

18:28:49.0093 2872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:28:49.0328 2872 VgaSave - ok

18:28:49.0453 2872 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

18:28:49.0687 2872 viaagp - ok

18:28:49.0781 2872 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

18:28:50.0015 2872 ViaIde - ok

18:28:50.0046 2872 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:28:50.0281 2872 VolSnap - ok

18:28:50.0546 2872 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys

18:28:50.0984 2872 w29n51 - ok

18:28:51.0156 2872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:28:51.0515 2872 Wanarp - ok

18:28:51.0531 2872 WDICA - ok

18:28:51.0625 2872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:28:51.0843 2872 wdmaud - ok

18:28:51.0953 2872 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

18:28:52.0062 2872 winachsf - ok

18:28:52.0296 2872 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:28:52.0531 2872 WSTCODEC - ok

18:28:52.0640 2872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:28:52.0750 2872 WudfPf - ok

18:28:52.0812 2872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:28:52.0890 2872 WudfRd - ok

18:28:52.0984 2872 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

18:28:53.0296 2872 \Device\Harddisk0\DR0 - ok

18:28:53.0312 2872 Boot (0x1200) (02743347cc1bc827f658f860fbcddcc3) \Device\Harddisk0\DR0\Partition0

18:28:53.0312 2872 \Device\Harddisk0\DR0\Partition0 - ok

18:28:53.0328 2872 ============================================================

18:28:53.0328 2872 Scan finished

18:28:53.0328 2872 ============================================================

18:28:53.0484 2384 Detected object count: 29

18:28:53.0484 2384 Actual detected object count: 29

18:30:09.0437 2384 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0437 2384 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0437 2384 APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0437 2384 APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0437 2384 Avgtdix ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0437 2384 Avgtdix ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0437 2384 BASFND ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0437 2384 BASFND ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0437 2384 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0437 2384 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0453 2384 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0453 2384 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0453 2384 omci ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0453 2384 omci ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0453 2384 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0453 2384 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0453 2384 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0453 2384 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0468 2384 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0468 2384 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0468 2384 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0468 2384 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0468 2384 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0468 2384 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0484 2384 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0484 2384 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0484 2384 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0484 2384 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0484 2384 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0484 2384 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0484 2384 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0484 2384 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0500 2384 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0500 2384 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0500 2384 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0500 2384 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0500 2384 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0500 2384 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0515 2384 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0515 2384 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0515 2384 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0515 2384 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0515 2384 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0531 2384 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0531 2384 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0531 2384 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0531 2384 Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0531 2384 Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0531 2384 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0531 2384 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0546 2384 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0546 2384 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0546 2384 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0546 2384 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0546 2384 TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0546 2384 TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:30:09.0562 2384 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user

18:30:09.0562 2384 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip

[B-boy/StyLe/]

Hi Lucy,

We need to scan the system with this special tool:

• Please download Junction.zip and save it.
  
• Unzip it and put junction.exe in the Windows directory (C:\Windows).
  
• Go to Start => Run... => Copy and paste the following command in the run box and click OK:
  cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
  A command window opens starting to scan the system.
  Wait until a log file opens. Copy and paste or attach the content of it.

Regards,

Georgi

[crunchygirl]

Thank you so much for all your help Georgi, it beggars belief that you're willing to do this for free AKA out of the kindness of your heart!

Doesn't look like good news!

Junction v1.06 - Windows junction creator and reparse point viewer

Copyright © 2000-2010 Mark Russinovich

Sysinternals - www.sysinternals.com

Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.

Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.

...

...

...

Failed to open \\?\c:\\Documents and Settings\Sean Whitaker\Desktop\vv2uuttq.exe: Access is denied.

...

...

...

...

...

...

...

...

Failed to open \\?\c:\\Program Files\AVG\AVG10\avgcsrvx.exe: Access

is denied.

Failed to open \\?\c:\\Program Files\AVG\AVG10\avgtray.exe: Access is denied.

.

Failed to open \\?\c:\\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\ : Access is denied.

..

...

...

...

...

Failed to open \\?\c:\\Program Files\Malwarebytes' Anti-Malware\mbam.exe: Access is denied.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

.

..

...

...

...

...

\\?\c:\\WINDOWS\$NtUninstallKB8525$\3117857280: SYMBOLIC LINK

Print Name : c:\windows\system32\config

Substitute Name: \systemroot\system32\config

\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION

Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Desktop.ini: Access is denied.

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION

Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

...

...

...

...

...

...

...

...

...

...

...

...

[B-boy/StyLe/]

Hi Lucy,

Thank you very much for the kind words.

STEP 1

Please download GrantPerms.zip and save it to your desktop.

Unzip the file and depending on the system run GrantPerms.exe

Copy and paste the following in the edit box:

c:\Documents and Settings\Sean Whitaker\Desktop\vv2uuttq.exe
c:\Program Files\AVG\AVG10\avgcsrvx.exe
c:\Program Files\AVG\AVG10\avgtray.exe
c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Click Unlock. When it is done click "OK".

Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

STEP 2

Run Scan with Malwarebytes - you should be able to do this after the permission has been restored.

I see you have Malwarebytes' Anti-Malware installed on your computer.

Please start the application by double-click on it's icon.

Once the program has loaded go to the UPDATE tab and check for updates.

When the update is complete, select the Scanner tab

Select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad.

Please save it to a convenient location and post the results in your next reply.

STEP 3

We need to run an OTL Custom Scan

1. Please download OTL from the link below:
   • This is THE Mirror
     

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]OTL should now start. Change the following settings:

- Click on Scan All Users checkbox given at the top.

- Under File Scans, change File age to 90

- On the upper right be sure Use Company-Name WhiteList, Skip Microsoft Files and Use No-Company-Name-Whitelist are checked

- Check the boxes beside LOP Check and Purity Check

[*]Copy and Paste the following code into the textbox.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%USERPROFILE%\*.*
%USERPROFILE%\Application Data\*.*
%USERPROFILE%\Local Settings\Application Data\*.*
%AllUsersProfile%\*.*
%AllUsersProfile%\Application Data\*.*
%USERPROFILE%\My Documents\*.*
%CommonProgramFiles%\*.*
%PROGRAMFILES%\*.*
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s

[*]Push the button.

[*]Two reports will open, copy and paste them in a reply here:

• OTL.txt <-- Will be opened
  
• Extra.txt <-- Will be minimized
  

Regards,

Georgi

[crunchygirl]

Here we go again!

GrantPerms by Farbar

Ran by Sean Whitaker at 2011-09-25 19:44:33

===============================================

\\?\c:\Documents and Settings\Sean Whitaker\Desktop\vv2uuttq.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):

BUILTIN\Administrators FULL ALLOW (NI)

NT AUTHORITY\SYSTEM FULL ALLOW (NI)

BUILTIN\Users READ/EXECUTE ALLOW (NI)

\\?\c:\Program Files\AVG\AVG10\avgcsrvx.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):

BUILTIN\Administrators FULL ALLOW (NI)

NT AUTHORITY\SYSTEM FULL ALLOW (NI)

BUILTIN\Users READ/EXECUTE ALLOW (NI)

\\?\c:\Program Files\AVG\AVG10\avgtray.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):

BUILTIN\Administrators FULL ALLOW (NI)

NT AUTHORITY\SYSTEM FULL ALLOW (NI)

BUILTIN\Users READ/EXECUTE ALLOW (NI)

\\?\c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):

BUILTIN\Administrators FULL ALLOW (NI)

NT AUTHORITY\SYSTEM FULL ALLOW (NI)

BUILTIN\Users READ/EXECUTE ALLOW (NI)

Malwarebytes scan:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7796

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

25/09/2011 19:54:03

mbam-log-2011-09-25 (19-54-03).txt

Scan type: Quick scan

Objects scanned: 180584

Time elapsed: 7 minute(s), 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

OTL.txt:

OTL logfile created on: 25/09/2011 19:57:21 - Run 1

OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Sean Whitaker\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.24 Gb Total Physical Memory | 0.31 Gb Available Physical Memory | 25.12% Memory free

2.96 Gb Paging File | 2.21 Gb Available in Paging File | 74.77% Paging File free

Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.81 Gb Total Space | 3.50 Gb Free Space | 6.26% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Sean Whitaker | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2011/09/25 19:47:06 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean Whitaker\Desktop\OTL.exe

PRC - [2011/09/25 17:26:43 | 004,227,131 | R--- | M] (Swearware) -- C:\Documents and Settings\Sean Whitaker\Desktop\ComboFix.exe

PRC - [2011/09/25 17:04:28 | 000,456,828 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Desktop\GrantPerms\GrantPerms.exe

PRC - [2011/09/08 11:44:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2011/05/10 16:11:18 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2009/12/16 19:43:27 | 000,343,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mspaint.exe

PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/14 01:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe

PRC - [2005/09/01 18:24:08 | 000,684,032 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2005/01/14 20:54:48 | 000,479,232 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

PRC - [2004/12/29 12:18:24 | 001,794,048 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe

PRC - [2004/11/30 20:09:34 | 000,253,952 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

PRC - [2004/10/30 15:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

PRC - [2004/10/14 05:13:58 | 000,450,560 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe

PRC - [2004/10/02 14:53:54 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe

PRC - [2004/09/07 17:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

PRC - [2004/04/01 19:05:48 | 000,081,920 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\BAsfIpM.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/25 17:04:28 | 000,456,828 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Desktop\GrantPerms\GrantPerms.exe

MOD - [2011/09/08 11:44:42 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2010/06/03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2006/03/09 18:45:36 | 000,081,920 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll

MOD - [2005/09/01 18:24:08 | 000,684,032 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe

MOD - [2005/07/26 19:46:42 | 000,069,632 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll

MOD - [2005/06/29 13:44:42 | 000,090,223 | ---- | M] () -- C:\Program Files\Dell\QuickSet\preflibcl.dll

MOD - [2004/12/03 09:20:12 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\TosBtAcc.dll

MOD - [2004/10/15 04:18:24 | 000,040,960 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll

MOD - [2004/10/02 08:13:24 | 000,045,056 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtLoad.dll

MOD - [2004/09/23 04:09:06 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll

MOD - [2004/07/21 11:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll

MOD - [2003/07/30 09:33:26 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\TosHidAPI.dll

MOD - [2001/12/18 12:29:26 | 000,049,152 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtWrp.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [Auto | Stopped] -- -- (EvtEng)

SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2004/09/07 17:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)

SRV - [2004/04/01 19:05:48 | 000,081,920 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\system32\BAsfIpM.exe -- (BAsfIpM)

========== Driver Services (SafeList) ==========

DRV - [2011/05/27 19:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (Корпорация Майкрософт) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2006/09/18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)

DRV - [2006/09/18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)

DRV - [2006/09/18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)

DRV - [2006/09/18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)

DRV - [2006/09/18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)

DRV - [2006/09/18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)

DRV - [2005/08/03 11:44:16 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)

DRV - [2005/03/10 23:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)

DRV - [2005/01/17 14:13:28 | 000,098,304 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)

DRV - [2005/01/08 19:15:40 | 000,051,582 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)

DRV - [2005/01/07 07:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)

DRV - [2004/12/22 05:38:12 | 000,034,816 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)

DRV - [2004/12/16 11:30:14 | 000,050,048 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)

DRV - [2004/11/16 16:51:54 | 000,050,048 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)

DRV - [2004/10/21 21:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®

DRV - [2004/10/05 04:33:02 | 000,062,799 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2004/09/03 18:23:38 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2004/08/31 09:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2004/08/12 09:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)

DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2004/07/09 11:07:34 | 000,036,531 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)

DRV - [2004/06/17 21:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)

DRV - [2004/06/17 21:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2004/06/17 21:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)

DRV - [2003/04/24 17:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BASFND.sys -- (BASFND)

DRV - [2002/10/17 07:55:48 | 000,002,851 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2310172693-1349323021-2595002804-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/

IE - HKU\S-1-5-21-2310172693-1349323021-2595002804-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2310172693-1349323021-2595002804-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google.co.uk"

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/home.php?ref=hp"

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Sean Whitaker\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Sean Whitaker\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/15 10:04:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/08 11:44:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/06 22:17:56 | 000,000,000 | ---D | M]

[2008/08/27 20:42:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sean Whitaker\Application Data\Mozilla\Extensions

[2011/08/19 01:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sean Whitaker\Application Data\Mozilla\Firefox\Profiles\gi9s5k3e.default\extensions

[2009/09/23 00:41:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sean Whitaker\Application Data\Mozilla\Firefox\Profiles\gi9s5k3e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/08/12 15:26:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/04/25 05:09:08 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/07/06 15:53:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

() (No name found) -- C:\DOCUMENTS AND SETTINGS\SEAN WHITAKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GI9S5K3E.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\SEAN WHITAKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GI9S5K3E.DEFAULT\EXTENSIONS\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.XPI

[2011/09/15 10:04:53 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4

[2011/07/06 15:52:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2011/09/08 11:44:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/07/06 15:52:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Chrome\Application\14.0.835.186\pdf.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1390_0\plugins/avgnpss.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\npSkypeChromePlugin.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Sean Whitaker\Application Data\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Sean Whitaker\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Entanglement = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\

CHR - Extension: Brushed = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\

CHR - Extension: FB Photo Zoom = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1109.19.1_0\

CHR - Extension: AdBlock = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.28_0\

CHR - Extension: AVG Safe Search = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

CHR - Extension: Alchemy = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.10_0\

CHR - Extension: Skype Extension = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\

CHR - Extension: Poppit = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/06/21 16:31:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found.

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)

O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()

O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKU\S-1-5-21-2310172693-1349323021-2595002804-1005..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2310172693-1349323021-2595002804-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2310172693-1349323021-2595002804-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-2310172693-1349323021-2595002804-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-2310172693-1349323021-2595002804-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.5 89.101.160.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E18534E2-736E-4468-9983-18FA77665B37}: DhcpNameServer = 89.101.160.5 89.101.160.4

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB1E280B-5F2B-429C-AB31-BC0FB43ED309}: NameServer = 89.101.160.4,89.101.160.5

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\IntelWireless: DllName - (C:\Program Files\Intel\Wireless\Bin\LgNotify.dll) - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 2

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

========== Files/Folders - Created Within 90 Days ==========

File not found -- C:\WINDOWS\System32\

[2011/09/25 19:47:04 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Sean Whitaker\Desktop\OTL.exe

[2011/09/25 19:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Whitaker\Desktop\GrantPerms

[2011/09/25 19:02:58 | 000,150,392 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\junction.exe

[2011/09/25 18:26:51 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sean Whitaker\Desktop\tdsskiller.exe

[2011/09/25 17:32:14 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/09/25 17:29:37 | 000,000,000 | --SD | C] -- C:\ComboFix

[2011/09/25 17:29:31 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/09/25 17:26:14 | 004,227,131 | R--- | C] (Swearware) -- C:\Documents and Settings\Sean Whitaker\Desktop\ComboFix.exe

[2011/09/25 17:19:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\2027473414

[2011/09/25 17:18:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Whitaker\Desktop\DummyCreator

[2011/09/25 16:39:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Deployment

[2011/09/25 15:28:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Sean Whitaker\Desktop\dds.scr

[2011/09/25 15:01:59 | 000,000,000 | -H-D | C] -- C:\$AVG

[2011/09/25 02:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\uTorrent

[2011/09/20 15:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Whitaker\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2011/09/20 15:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck

[2011/09/20 15:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2011/09/06 22:28:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/09/06 22:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/09/06 22:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

[2011/09/06 22:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2011/09/01 03:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Last.fm

[2011/09/01 03:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Last.fm

[2011/09/01 03:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Last.fm

[2011/09/01 03:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Last.fm

[2011/08/23 01:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Whitaker\Application Data\WinRAR

[2011/08/23 01:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR

[2011/08/23 01:39:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Whitaker\Start Menu\Programs\WinRAR

[2011/08/23 01:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2011/08/11 01:03:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2011/08/09 22:14:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/08/09 21:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011/08/04 02:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Whitaker\Desktop\THE X FILES

[2011/07/10 21:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean Whitaker\Desktop\Films

[2011/07/06 19:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2011/07/06 15:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

File not found -- C:\WINDOWS\System32\

[2011/09/25 19:47:06 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Sean Whitaker\Desktop\OTL.exe

[2011/09/25 19:43:38 | 000,450,862 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Desktop\GrantPerms.zip

[2011/09/25 19:10:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2310172693-1349323021-2595002804-1005UA.job

[2011/09/25 19:02:30 | 000,079,623 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Desktop\Junction.zip

[2011/09/25 18:26:53 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Sean Whitaker\Desktop\tdsskiller.exe

[2011/09/25 18:21:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/09/25 18:20:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/09/25 18:20:46 | 1333,190,656 | -HS- | M] () -- C:\hiberfil.sys

[2011/09/25 17:32:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/09/25 17:26:43 | 004,227,131 | R--- | M] (Swearware) -- C:\Documents and Settings\Sean Whitaker\Desktop\ComboFix.exe

[2011/09/25 17:17:45 | 000,455,503 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Desktop\DummyCreator.zip

[2011/09/25 15:53:54 | 000,003,050 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Desktop\attach.zip

[2011/09/25 15:30:22 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Desktop\vv2uuttq.exe

[2011/09/25 15:28:51 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Sean Whitaker\Desktop\dds.scr

[2011/09/25 15:10:58 | 133,388,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm

[2011/09/25 15:02:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\defogger_reenable

[2011/09/25 15:02:25 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Desktop\Defogger.exe

[2011/09/25 06:18:18 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/09/25 02:32:26 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/09/24 21:10:11 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2310172693-1349323021-2595002804-1005Core.job

[2011/09/23 23:46:42 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}

[2011/09/21 21:18:12 | 000,002,367 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/09/21 21:18:10 | 000,002,389 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Desktop\Google Chrome.lnk

[2011/09/20 21:37:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/09/20 15:43:29 | 000,000,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TweetDeck.lnk

[2011/09/15 10:04:56 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk

[2011/09/10 17:53:58 | 000,192,797 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm

[2011/09/09 16:04:39 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/09/07 23:27:40 | 735,463,424 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Desktop\The.Borgias.S01E01-E02.DVDSCR.XviD-SPRiNTER.avi

[2011/09/06 22:28:20 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/09/06 22:17:31 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2011/09/01 03:22:15 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Last.fm.lnk

[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/08/25 20:29:33 | 000,028,664 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\My Documents\EPtimes.pdf

[2011/08/17 16:51:00 | 000,443,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/08/17 16:51:00 | 000,072,556 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/08/12 15:29:08 | 000,046,459 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Desktop\bookmarks_12_08_2011.html

[2011/08/11 01:56:25 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Desktop\Mozilla Firefox.lnk

[2011/07/28 00:15:06 | 000,124,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/25 19:43:36 | 000,450,862 | ---- | C] () -- C:\Documents and Settings\Sean Whitaker\Desktop\GrantPerms.zip

[2011/09/25 19:02:29 | 000,079,623 | ---- | C] () -- C:\Documents and Settings\Sean Whitaker\Desktop\Junction.zip

[2011/09/25 17:32:28 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/09/25 17:32:20 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/09/25 17:17:44 | 000,455,503 | ---- | C] () -- C:\Documents and Settings\Sean Whitaker\Desktop\DummyCreator.zip

[2011/09/25 15:53:54 | 000,003,050 | ---- | C] () -- C:\Documents and Settings\Sean Whitaker\Desktop\attach.zip

[2011/09/25 15:30:20 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Sean Whitaker\Desktop\vv2uuttq.exe

[2011/09/25 15:02:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sean Whitaker\defogger_reenable

[2011/09/25 15:02:19 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Sean Whitaker\Desktop\Defogger.exe

[2011/09/25 05:02:46 | 1333,190,656 | -HS- | C] () -- C:\hiberfil.sys

[2011/09/23 23:46:42 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}

[2011/09/20 15:43:29 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TweetDeck.lnk

[2011/09/20 15:43:29 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TweetDeck.lnk

[2011/09/08 00:06:59 | 735,463,424 | ---- | C] () -- C:\Documents and Settings\Sean Whitaker\Desktop\The.Borgias.S01E01-E02.DVDSCR.XviD-SPRiNTER.avi

[2011/09/06 22:28:20 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/09/06 22:17:31 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2011/09/01 03:22:15 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Last.fm.lnk

[2011/08/25 20:29:33 | 000,028,664 | ---- | C] () -- C:\Documents and Settings\Sean Whitaker\My Documents\EPtimes.pdf

[2011/08/12 15:29:08 | 000,046,459 | ---- | C] () -- C:\Documents and Settings\Sean Whitaker\Desktop\bookmarks_12_08_2011.html

[2011/08/12 15:26:31 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk

[2011/08/11 01:56:25 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\Sean Whitaker\Desktop\Mozilla Firefox.lnk

[2011/07/06 19:47:20 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/06/21 16:10:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/06/21 16:10:21 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/06/21 16:10:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/06/21 16:10:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/06/21 16:10:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/04/25 05:11:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/02/10 18:20:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI

[2009/09/02 04:41:42 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008/11/21 22:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2006/07/25 10:03:45 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2006/07/25 10:03:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI

[2006/06/02 10:25:23 | 000,119,808 | ---- | C] () -- C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/02/07 22:11:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2006/02/07 22:11:53 | 000,107,134 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe

[2006/02/07 22:11:44 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2006/01/20 16:30:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/01/19 11:55:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2006/01/19 11:52:34 | 000,000,304 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2006/01/19 11:48:19 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

[2006/01/19 11:24:04 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll

[2006/01/19 11:23:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe

[2006/01/19 11:22:48 | 000,000,398 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004/12/03 09:20:12 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll

[2004/09/23 04:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

[2004/09/16 00:57:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/12 09:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll

[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/11 18:06:43 | 000,124,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/11 18:00:28 | 000,443,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/11 18:00:28 | 000,072,556 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/07/21 11:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll

[2004/01/16 08:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

[2003/07/30 09:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll

[2002/06/28 16:20:54 | 000,005,025 | ---- | C] () -- C:\WINDOWS\System32\patterns.dat

[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011/09/25 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10

[2006/07/31 11:03:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2011/06/21 16:53:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/09/01 03:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm

[2011/06/21 16:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2008/12/25 03:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca

[2010/08/16 13:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/07/09 15:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2011/06/21 16:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Whitaker\Application Data\AVG10

[2006/01/20 16:52:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Whitaker\Application Data\Leadertech

[2008/12/25 02:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Whitaker\Application Data\Sony Setup

[2010/05/11 21:01:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Whitaker\Application Data\Spotify

[2008/12/25 03:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Whitaker\Application Data\Teleca

[2010/02/10 18:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Whitaker\Application Data\Toshiba

[2011/09/20 15:43:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Whitaker\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2011/09/25 20:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Sean Whitaker\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2009/10/13 18:00:31 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2011/09/25 17:32:28 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2004/08/11 18:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2006/01/19 11:24:56 | 000,003,917 | RH-- | M] () -- C:\dell.sdr

[2011/09/25 18:20:46 | 1333,190,656 | -HS- | M] () -- C:\hiberfil.sys

[2006/01/20 16:46:53 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1

[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS

[2010/05/12 03:52:29 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt

[2004/08/11 18:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS

[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2009/12/22 18:29:06 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2011/09/25 18:20:44 | 2000,683,008 | -HS- | M] () -- C:\pagefile.sys

[2008/06/03 11:20:02 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm

[2008/06/03 11:20:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata01.sqm

[2008/06/03 11:21:09 | 000,000,232 | -H-- | M] () -- C:\sqmdata02.sqm

[2008/08/25 19:32:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2008/08/26 13:23:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm

[2008/09/02 02:38:07 | 000,000,232 | -H-- | M] () -- C:\sqmdata05.sqm

[2008/09/02 14:50:47 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm

[2008/06/03 11:20:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2008/06/03 11:20:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2008/06/03 11:21:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2008/08/25 19:32:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2008/08/26 13:23:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2008/09/02 02:38:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2008/09/02 14:50:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2011/09/25 19:05:22 | 000,171,060 | ---- | M] () -- C:\TDSSKiller.2.6.0.0_25.09.2011_18.27.15_log.txt

< %USERPROFILE%\*.* >

[2011/09/25 15:02:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\defogger_reenable

[2011/09/25 19:07:13 | 000,002,154 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\junction log.txt

[2011/09/25 18:19:31 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Sean Whitaker\NTUSER.DAT

[2011/09/25 20:00:52 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\Sean Whitaker\ntuser.dat.LOG

[2011/09/25 18:19:31 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Sean Whitaker\ntuser.ini

< %USERPROFILE%\Application Data\*.* >

[2004/08/11 18:07:12 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Sean Whitaker\Application Data\desktop.ini

< %USERPROFILE%\Local Settings\Application Data\*.* >

[2011/09/25 06:18:18 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/23 16:09:43 | 000,021,744 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2011/09/25 18:18:36 | 005,362,398 | -H-- | M] () -- C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\IconCache.db

< %AllUsersProfile%\*.* >

[2006/01/20 16:03:42 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT

[2007/04/04 16:58:50 | 000,001,024 | -H-- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG

< %AllUsersProfile%\Application Data\*.* >

[2004/08/11 18:07:12 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2006/01/19 11:48:19 | 000,000,004 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare

< %USERPROFILE%\My Documents\*.* >

[2009/06/15 20:11:31 | 000,000,084 | -HS- | M] () -- C:\Documents and Settings\Sean Whitaker\My Documents\desktop.ini

[2009/12/23 16:41:36 | 000,437,760 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\My Documents\Draft 1.doc

[2011/08/25 20:29:33 | 000,028,664 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\My Documents\EPtimes.pdf

[2010/07/19 17:15:06 | 000,943,104 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\My Documents\Musgrave Creativity.ppt

[2009/09/25 21:42:07 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\My Documents\My Sharing Folders.lnk

[2011/09/06 22:11:57 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\My Documents\Post-EP texts M.txt

[2011/08/08 00:53:31 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Sean Whitaker\My Documents\Search History.doc

< %CommonProgramFiles%\*.* >

< %PROGRAMFILES%\*.* >

< %systemroot%\system32\*.dll /lockedfiles >

[10 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys

[2011/07/15 14:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys

[2011/07/08 15:02:00 | 000,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\*. /mp /s >

< End of report >

Extras.txt:

OTL Extras logfile created on: 25/09/2011 19:57:21 - Run 1

OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Sean Whitaker\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1.24 Gb Total Physical Memory | 0.31 Gb Available Physical Memory | 25.12% Memory free

2.96 Gb Paging File | 2.21 Gb Available in Paging File | 74.77% Paging File free

Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.81 Gb Total Space | 3.50 Gb Free Space | 6.26% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Sean Whitaker | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2310172693-1349323021-2595002804-1005\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)

"C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)

"C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Sean Whitaker\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" = C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe:*:Enabled:Sonic Update Manager -- (Sonic Solutions)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional

"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications

"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java 6 Update 26

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1

"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011

"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes

"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore

"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{727DAFCB-E3AF-46E3-8A38-EB9C3EAA0A88}" = AVG 2011

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A7765932-77D6-E0B2-1B27-E2973B5E1BD5}" = TweetDeck

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E7559288-223B-453C-9F06-340E3BE21E39}" = My Way Search Assistant

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"AVG" = AVG 2011

"CCleaner" = CCleaner

"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem

"DivX Setup.divx.com" = DivX Setup

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications

"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2

"LastFM_is1" = Last.fm 1.5.4.27091

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox 6.0.2 (x86 en-GB)" = Mozilla Firefox 6.0.2 (x86 en-GB)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"ProInst" = Intel® PROSet/Wireless Software

"RealPlayer 12.0" = RealPlayer

"Spotify" = Spotify

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck

"uTorrent" = µTorrent

"VLC media player" = VLC media player 0.9.6

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2310172693-1349323021-2595002804-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 17/09/2011 19:38:59 | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application vlc.exe, version 0.9.6.99, faulting module libvout_directx_plugin.dll,

version 0.0.0.0, fault address 0x000068aa.

Error - 17/09/2011 19:43:08 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002

Description = Hanging application vlc.exe, version 0.9.6.99, hang module hungapp,

version 0.0.0.0, hang address 0x00000000.

Error - 17/09/2011 21:14:49 | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting

module unknown, version 0.0.0.0, fault address 0x03889290.

Error - 18/09/2011 12:41:44 | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting

module unknown, version 0.0.0.0, fault address 0x03f79290.

Error - 18/09/2011 23:31:52 | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application vlc.exe, version 0.9.6.99, faulting module libvout_directx_plugin.dll,

version 0.0.0.0, fault address 0x0000690c.

Error - 19/09/2011 18:58:56 | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application vlc.exe, version 0.9.6.99, faulting module libvout_directx_plugin.dll,

version 0.0.0.0, fault address 0x00006886.

Error - 19/09/2011 21:23:27 | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting

module unknown, version 0.0.0.0, fault address 0x03bb9290.

Error - 21/09/2011 22:51:54 | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting

module unknown, version 0.0.0.0, fault address 0x03a09290.

Error - 24/09/2011 23:33:21 | Computer Name = LAPTOP | Source = Application Error | ID = 1000

Description = Faulting application vlc.exe, version 0.9.6.99, faulting module libvout_directx_plugin.dll,

version 0.0.0.0, fault address 0x0000690c.

Error - 25/09/2011 11:58:59 | Computer Name = LAPTOP | Source = Application Hang | ID = 1002

Description = Hanging application uTorrent.exe, version 2.2.1.25249, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 25/09/2011 12:29:15 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7034

Description = The iPod Service service terminated unexpectedly. It has done this

1 time(s).

Error - 25/09/2011 12:40:50 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000

Description = The EvtEng service failed to start due to the following error: %%2

Error - 25/09/2011 12:40:50 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001

Description = The Spectrum24 Event Monitor service depends on the EvtEng service

which failed to start because of the following error: %%2

Error - 25/09/2011 12:40:50 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001

Description = The WLANKEEPER service depends on the EvtEng service which failed

to start because of the following error: %%2

Error - 25/09/2011 12:59:05 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000

Description = The EvtEng service failed to start due to the following error: %%2

Error - 25/09/2011 12:59:05 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001

Description = The Spectrum24 Event Monitor service depends on the EvtEng service

which failed to start because of the following error: %%2

Error - 25/09/2011 12:59:05 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001

Description = The WLANKEEPER service depends on the EvtEng service which failed

to start because of the following error: %%2

Error - 25/09/2011 13:21:20 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000

Description = The EvtEng service failed to start due to the following error: %%2

Error - 25/09/2011 13:21:20 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001

Description = The Spectrum24 Event Monitor service depends on the EvtEng service

which failed to start because of the following error: %%2

Error - 25/09/2011 13:21:20 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7001

Description = The WLANKEEPER service depends on the EvtEng service which failed

to start because of the following error: %%2

< End of report >

[B-boy/StyLe/]

Hi again Lucy,

I'd like us to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
   
2. Click the Run ESET Online Scanner button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the icon on your desktop.
      
      
   4. Check
      
   5. Click the button.
      
   6. Accept any security warnings from your browser.
      
   7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
      
   8. Now click on Advanced Settings and select the following:
      
      
      • • Scan for potentially unwanted applications
          
        • Scan for potentially unsafe applications
          
        • Enable Anti-Stealth Technology

[*]Push the Start button.

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, push

[*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Push the button.

[*]Push

Before we continue I would like to check to see if a ComboFix log was created from the first run. Please navigate to C:\Qoobox or C:\ComboFix and check to see if a log was saved.

If you find a log in these folders please post it in your next reply. If there is no log let me know.

Regards,

Georgi

[crunchygirl]

When I navigate to C:\ComboFix, it's just a link for 'My Computer', so when I click on C:\ComboFix I just end up in a loop. Attached a picture to explain what I mean. Is this normal? Either way, couldn't find any logs at either of those destinations, but ESET found 14 threats!

C:\Documents and Settings\Sean Whitaker\Local Settings\temp\2027473414:4181010311.exe Win32/Sirefef.CT trojan

C:\Documents and Settings\Sean Whitaker\Local Settings\temp\ICReinstall\cnet_mdm-installer_exe.exe a variant of Win32/InstallCore.C application

C:\Documents and Settings\Sean Whitaker\My Documents\Downloads\cnet_mdm-installer_exe.exe a variant of Win32/InstallCore.C application

C:\Program Files\AVG\AVG10\avgnsx.exe Win32/Patched.HN trojan

C:\Program Files\AVG\AVG10\avgscanx.exe Win32/Patched.HN trojan

C:\Program Files\AVG\AVG10\avgwdsvc.exe Win32/Patched.HN trojan

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe Win32/Patched.HN trojan

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Win32/Patched.HN trojan

C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe Win32/Patched.HN trojan

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe Win32/Patched.HN trojan

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe Win32/Patched.HN trojan

C:\Program Files\iPod\bin\iPodService.exe Win32/Patched.HN trojan

C:\Program Files\Java\jre6\bin\jqs.exe Win32/Patched.HN trojan

C:\WINDOWS\system32\BAsfIpM.exe Win32/Patched.HN trojan

Operating memory Win32/Patched.HN trojan

[B-boy/StyLe/]

Hi Lucy,

Ok, we'll sort out the Combofix related issues at a later stage.

STEP 1

Backup Your Registry with ERUNT

• Please use the following link and scroll down to ERUNT and download it.
  http://aumha.org/freeware/freeware.php
  
• For version with the Installer:
  Use the setup program to install ERUNT on your computer
  
• For the zipped version:
  Unzip all the files into a folder of your choice.
  

Open Erunt.exe. Follow the prompts leaving the values at default.

STEP 2

We need to run an OTL Fix

1. Please reopen on your desktop.
   
2. Copy and Paste the following code into the textbox. Do not include the word "Code"
   

   
   :OTL
   O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - No CLSID value found.
   O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
   O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
   :files
   C:\Documents and Settings\Sean Whitaker\Local Settings\temp\2027473414:4181010311.exe
   dir /s /a "c:\WINDOWS\$NtUninstallKB8525$" /c
   netsh winsock reset catalog /c
   ipconfig /flushdns /c
   :reg
   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
   "FirewallOverride"=dword:00000000
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall"=dword:00000001
   :commands
   [emptyflash]
   [emptytemp]
   

   
   

3. Push
   
4. OTL may ask to reboot the machine. Please do so if asked.
   
5. Click .
   
6. A report will open. Copy and Paste that report in your next reply.
   

STEP 3

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  
  :regfind
  2027473414
  

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

STEP 4

Download RogueKiller and save it to your desktop.

• Close all the running processes
  
• Double click RogueKiller icon to run the program
  Vista/Win7 users should right click the icon and select Run as Administrator.
  
• When prompted, type 1 (SCAN) and then press Enter
  
• A report will open, please copy and paste this report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

Regards,

Georgi

[crunchygirl]

Hello again Georgi!

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000026\ deleted successfully.

========== FILES ==========

File\Folder C:\Documents and Settings\Sean Whitaker\Local Settings\temp\2027473414:4181010311.exe not found.

< dir /s /a "c:\WINDOWS\$NtUninstallKB8525$" /c >

Volume in drive C has no label.

Volume Serial Number is A4B4-EE8B

Directory of c:\WINDOWS\$NtUninstallKB8525$

22/12/2009 18:34 <DIR> .

22/12/2009 18:34 <DIR> ..

25/09/2011 17:35 <DIR> 113956984

23/09/2011 23:44 <JUNCTION> 3117857280

1 File(s) 0 bytes

Directory of c:\WINDOWS\$NtUninstallKB8525$\113956984

25/09/2011 17:35 <DIR> .

25/09/2011 17:35 <DIR> ..

25/09/2011 17:27 2,144 click.tlb

25/09/2011 17:35 <DIR> L

25/09/2011 17:25 2,540 loader.tlb

25/09/2011 17:35 <DIR> U

2 File(s) 4,684 bytes

Directory of c:\WINDOWS\$NtUninstallKB8525$\113956984\L

25/09/2011 17:35 <DIR> .

25/09/2011 17:35 <DIR> ..

0 File(s) 0 bytes

Directory of c:\WINDOWS\$NtUninstallKB8525$\113956984\U

25/09/2011 17:35 <DIR> .

25/09/2011 17:35 <DIR> ..

0 File(s) 0 bytes

Total Files Listed:

3 File(s) 4,684 bytes

11 Dir(s) 3,930,984,448 bytes free

C:\Documents and Settings\Sean Whitaker\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Sean Whitaker\Desktop\cmd.txt deleted successfully.

< netsh winsock reset catalog /c >

Initialization Function InitHelperDll in IPMONTR.DLL failed to start with error code 10107

Sucessfully reset the Winsock Catalog.

You must restart the machine in order to complete the reset.

C:\Documents and Settings\Sean Whitaker\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Sean Whitaker\Desktop\cmd.txt deleted successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Sean Whitaker\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Sean Whitaker\Desktop\cmd.txt deleted successfully.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|dword:00000000 /E : value set successfully!

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\"EnableFirewall"|dword:00000001 /E : value set successfully!

========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

->Flash cache emptied: 56468 bytes

User: LocalService

User: NetworkService

User: Sean Whitaker

->Flash cache emptied: 2764921 bytes

Total Flash Files Cleaned = 3.00 mb

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 4216 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 4216 bytes

->Temporary Internet Files folder emptied: 180510366 bytes

User: Sean Whitaker

->Temp folder emptied: 333550520 bytes

->Temporary Internet Files folder emptied: 26640386 bytes

->Java cache emptied: 8637092 bytes

->FireFox cache emptied: 56393783 bytes

->Google Chrome cache emptied: 35272556 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 22231569 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 159727 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12938306 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 44230 bytes

Total Files Cleaned = 645.00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 09262011_005043

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

SystemLook 30.07.11 by jpshortstuff

Log created at 00:57 on 26/09/2011 by Sean Whitaker

Administrator - Elevation successful

========== regfind ==========

Searching for "2027473414"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\6cad878]

"ImagePath"="\systemroot\2027473414:4181010311.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\6cad878]

"ImagePath"="\systemroot\2027473414:4181010311.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6cad878]

"ImagePath"="\systemroot\2027473414:4181010311.exe"

-= EOF =-

RogueKiller V6.1.0 [09/22/2011] by Tigzy

contact at http://www.sur-la-toile.com

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Sean Whitaker [Admin rights]

Mode: Scan -- Date : 09/26/2011 00:59:59

Bad processes: 0

Registry Entries: 3

[] HKLM\[...]\Windows : () -> ACCESS DENIED

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[] HKLM\[...]\Windows : () -> ACCESS DENIED

Particular Files / Folders:

Driver: [LOADED]

SSDT[277] : NtWriteVirtualMemory @ 0x805A9964 -> HOOKED (\SystemRoot\system32\DRIVERS\AVGIDSShim.Sys @ 0xBA391914)

SSDT[258] : NtTerminateThread @ 0x805C8FA0 -> HOOKED (\SystemRoot\system32\DRIVERS\AVGIDSShim.Sys @ 0xBA391878)

SSDT[257] : NtTerminateProcess @ 0x805C8DA6 -> HOOKED (\SystemRoot\system32\DRIVERS\AVGIDSShim.Sys @ 0xBA3917DC)

SSDT[122] : NtOpenProcess @ 0x805C13F8 -> HOOKED (\SystemRoot\system32\DRIVERS\AVGIDSShim.Sys @ 0xBA391738)

S_SSDT[549] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\AVGIDSShim.Sys @ 0xBA390CBA)

S_SSDT[416] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\AVGIDSShim.Sys @ 0xBA390D90)

S_SSDT[414] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\AVGIDSShim.Sys @ 0xBA390D3C)

S_SSDT[383] : Unknown -> HOOKED (\SystemRoot\system32\DRIVERS\AVGIDSShim.Sys @ 0xBA390DFC)

HOSTS File:

127.0.0.1 localhost

Finished : << RKreport[1].txt >>

RKreport[1].txt

[B-boy/StyLe/]

Hi Lucy,

Could you please tell me the exact model of your laptop ?

We need to download the network drivers from the DELL website before we can continue with the fix.

Some of the files are infected, but they are needed for the internet to work properly (I believe so)...so it is better to have the installers before we delete them (than sorry later).

C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe Win32/Patched.HN trojan

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe Win32/Patched.HN trojan

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe Win32/Patched.HN trojan

C:\WINDOWS\system32\BAsfIpM.exe Win32/Patched.HN trojan

Regards,

Georgi

[crunchygirl]

Hiya Georgi,

It's a Dell Latitude X1. Is that enough or do you need more specifics?

As ever, eternally grateful!

[B-boy/StyLe/]

Good day Lucy,

That information is enough. Thanks !

Please visit the DELL website and download the following drivers and save them to an appropriate location (for a later use)

Dell - QuickSet

Intel ® PRO/Wireless 2200BG Network Connection

Broadcom 57XX Gigabit Integrated Controller

Now please download the following applications:

Apple iTune

Java 6 Update 27

Now we need to get rid of AVG. ComboFix will not run properly until AVG is uninstalled.

Click "start" on the taskbar and then click on the "Control Panel" icon.

Please doubleclick the "Add or Remove Programs" icon

A list of programs installed will be "populated" this may take a bit of time.

If they exist, uninstall the following by clicking on the following entries and selecting "remove":

AVG

Additional instructions can be found here if needed.

Next please download AVG Remover and save it to your desktop.

Run it to remove all leftovers from AVG. After this, please restart your computer.

We need to run an OTL Fix

1. Please reopen on your desktop.
   
2. Copy and Paste the following code into the textbox. Do not include the word "Code"
   

   
   :services
   6cad878
   :files
   C:\Documents and Settings\Sean Whitaker\Local Settings\temp\2027473414
   C:\WINDOWS\2027473414
   C:\Documents and Settings\Sean Whitaker\Local Settings\temp\ICReinstall\cnet_mdm-installer_exe.exe
   C:\Documents and Settings\Sean Whitaker\My Documents\Downloads\cnet_mdm-installer_exe.exe
   C:\Program Files\AVG
   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
   C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
   C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
   C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
   C:\Program Files\iPod\bin\iPodService.exe
   C:\Program Files\Java\jre6\bin\jqs.exe
   C:\WINDOWS\system32\BAsfIpM.exe
   :commands
   [emptytemp]
   

   
   

3. Push
   
4. OTL may ask to reboot the machine. Please do so if asked.
   
5. Click .
   
6. A report will open. Copy and Paste that report in your next reply.
   
7. If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
   
8. Copy/paste the content of the log back here in your next post.
   

Delete your copy of Combofix and download a fresh one from here.

Save it your desktop and run it. Follow the prompts.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Regards,

Georgi

[Bocasmike]

Hello,

I found this thread... I am having the same identical problem and would surely like your assistance in getting the Rootkit out of my system.

The basics: Dell Optiplex 240 with P4 processor and running Windows XP Pro. Low RAM @ 128mb.

I just use this system to control and program some radio scanners.

I see all the different downloads posted here; how may I best help you to help me? Which should I run first and will you start a new thread for me Georgi?

Thanks much,

Michael

[B-boy/StyLe/]

Hello Michael,

The steps are individual for each user. They aren't universal for all.

Following them without supervisor's assistance could render your PC unbootable.

Please refrain from doing so.

Please open a new topic instead, naming it properly, describing your issues and someone will be happy to assist you.

Check this out => http://forums.malwarebytes.org/index.php?showtopic=9573

Thank you for your understanding.

Regards,

Georgi

[crunchygirl]

Hi Georgi,

I wasn't too sure... when you said to download Apple iTunes and the Java update, are they for later use or am I to install them before getting rid of AVG?

Thanks,

Lucy

[B-boy/StyLe/]

Hi Lucy,

I'm sorry I wasn't very clear.

We need to get rid of all infected (patched) files and when the system is already clean I'll give you the green light to re-install the applications I had you download in my previous post.

Please proceed with the rest of the steps.

Thank you !

Regards,

Georgi

[crunchygirl]

OTL log:

All processes killed

========== SERVICES/DRIVERS ==========

Error: No service named 6cad878 was found to stop!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6cad878 deleted successfully.

========== FILES ==========

File\Folder C:\Documents and Settings\Sean Whitaker\Local Settings\temp\2027473414 not found.

C:\WINDOWS\2027473414 folder moved successfully.

File\Folder C:\Documents and Settings\Sean Whitaker\Local Settings\temp\ICReinstall\cnet_mdm-installer_exe.exe not found.

C:\Documents and Settings\Sean Whitaker\My Documents\Downloads\cnet_mdm-installer_exe.exe moved successfully.

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin folder moved successfully.

C:\Program Files\AVG\AVG10\Identity Protection\Agent folder moved successfully.

C:\Program Files\AVG\AVG10\Identity Protection folder moved successfully.

Folder move failed. C:\Program Files\AVG\AVG10 scheduled to be moved on reboot.

Folder move failed. C:\Program Files\AVG scheduled to be moved on reboot.

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe moved successfully.

C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe moved successfully.

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe moved successfully.

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe moved successfully.

C:\Program Files\iPod\bin\iPodService.exe moved successfully.

C:\Program Files\Java\jre6\bin\jqs.exe moved successfully.

C:\WINDOWS\system32\BAsfIpM.exe moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Sean Whitaker

->Temp folder emptied: 10340 bytes

->Temporary Internet Files folder emptied: 35883 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 39232650 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 765 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 689 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 38.00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 09262011_195806

Files\Folders moved on Reboot...

Folder move failed. C:\Program Files\AVG\AVG10 scheduled to be moved on reboot.

Folder move failed. C:\Program Files\AVG\AVG10 scheduled to be moved on reboot.

Folder move failed. C:\Program Files\AVG scheduled to be moved on reboot.

Registry entries deleted on Reboot...

ComboFix log:

ComboFix 11-09-26.02 - Sean Whitaker 26/09/2011 20:11:33.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.949 [GMT 1:00]

Running from: c:\documents and settings\Sean Whitaker\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL30.tmp.47ef97a6.ini

c:\documents and settings\Sean Whitaker\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Sean Whitaker\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Sean Whitaker\Local Settings\Application Data\ApplicationHistory\SL30.tmp.47ef97a6.ini

c:\windows\$NtUninstallKB8525$

c:\windows\$NtUninstallKB8525$\113956984\@

c:\windows\$NtUninstallKB8525$\113956984\L\iahonoel

c:\windows\$NtUninstallKB8525$\3924209034

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\system32\

c:\windows\system32\c_01854.nls

c:\windows\system32\d3d9caps.dat

c:\windows\system32\drivers\fad.sys

c:\windows\system32\drivers\npf.sys

.

Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected

Restored copy from - The cat found it

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_6cad878

.

.

((((((((((((((((((((((((( Files Created from 2011-08-26 to 2011-09-26 )))))))))))))))))))))))))))))))

.

.

2011-09-26 19:07 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-09-26 19:07 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\dllcache\i8042prt.sys

2011-09-26 18:19 . 2011-09-26 18:19 48016 --sha-w- c:\windows\system32\c_01854.nl_

2011-09-25 23:59 . 2011-09-25 23:59 60800 ----a-w- c:\program files\Mozilla Firefox\TrueSight.sys

2011-09-25 23:50 . 2011-09-25 23:50 -------- d-----w- C:\_OTL

2011-09-25 23:48 . 2011-09-25 23:49 -------- d-----w- c:\program files\ERUNT

2011-09-25 19:42 . 2011-09-25 19:42 -------- d-----w- c:\program files\ESET

2011-09-25 18:02 . 2010-09-07 14:39 150392 ----a-w- c:\windows\junction.exe

2011-09-25 15:39 . 2011-09-25 15:39 -------- d-----w- c:\documents and settings\Sean Whitaker\Local Settings\Application Data\Deployment

2011-09-25 01:34 . 2011-09-25 01:34 -------- d-----w- c:\documents and settings\Sean Whitaker\Local Settings\Application Data\uTorrent

2011-09-20 14:43 . 2011-09-20 14:43 -------- d-----w- c:\documents and settings\Sean Whitaker\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

2011-09-20 14:43 . 2011-09-20 14:43 -------- d-----w- c:\program files\TweetDeck

2011-09-20 14:43 . 2011-09-20 14:43 -------- d-----w- c:\program files\Common Files\Adobe AIR

2011-09-06 21:26 . 2011-09-06 21:26 -------- d-----w- c:\program files\iPod

2011-09-03 10:17 . 2011-09-03 10:17 599040 ------w- c:\windows\system32\dllcache\crypt32.dll

2011-09-01 02:23 . 2011-09-01 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm

2011-09-01 02:22 . 2011-09-01 02:22 -------- d-----w- c:\documents and settings\Sean Whitaker\Local Settings\Application Data\Last.fm

2011-09-01 02:21 . 2011-09-01 02:22 -------- d-----w- c:\program files\Last.fm

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-08 16:05 . 2011-08-11 18:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-03 10:17 . 2004-08-11 17:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-08-31 16:00 . 2009-10-11 17:54 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-15 13:29 . 2006-01-19 10:22 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-08 14:02 . 2004-08-11 17:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 14:52 . 2011-07-06 14:53 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-06 14:52 . 2011-07-06 14:53 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-05 17:37 . 2011-07-05 17:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 17:37 . 2011-07-05 17:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-09-08 10:44 . 2011-08-12 14:26 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-10 399736]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-24 729178]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Sean Whitaker\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]

2004-09-07 16:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-19 00:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Documents and Settings\\Sean Whitaker\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\Sean Whitaker\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe"=

"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=

.

S3 TrueSight;TrueSight;c:\program files\Mozilla Firefox\TrueSight.sys [26/09/2011 00:59 60800]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]

.

2011-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2310172693-1349323021-2595002804-1005Core.job

- c:\documents and settings\Sean Whitaker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-20 00:29]

.

2011-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2310172693-1349323021-2595002804-1005UA.job

- c:\documents and settings\Sean Whitaker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-20 00:29]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ie/

uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

TCP: DhcpNameServer = 89.101.160.5 89.101.160.4

TCP: Interfaces\{FB1E280B-5F2B-429C-AB31-BC0FB43ED309}: NameServer = 89.101.160.4,89.101.160.5

FF - ProfilePath - c:\documents and settings\Sean Whitaker\Application Data\Mozilla\Firefox\Profiles\gi9s5k3e.default\

FF - prefs.js: browser.search.selectedEngine - Google.co.uk

FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-26 20:23

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1264)

c:\program files\Intel\Wireless\Bin\LgNotify.dll

.

- - - - - - - > 'explorer.exe'(2080)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\wscntfy.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

.

**************************************************************************

.

Completion time: 2011-09-26 20:28:44 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-26 19:28

.

Pre-Run: 4,264,439,808 bytes free

Post-Run: 4,241,965,056 bytes free

.

- - End Of File - - A54D6F07CB2FD6C1FA789A9D09056315

[B-boy/StyLe/]

Hi Lucy,

Great work ! Finally Some Progress!

I suggest you to uninstall uTorrent as well !

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software

STEP 1

Please run GrantPerms.exe

Copy and paste the following in the edit box:

C:\Program Files\AVG

Click Unlock. When it is done click "OK".

Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

STEP 2

We need to run an OTL Fix

1. Please reopen on your desktop.
   
2. Copy and Paste the following code into the textbox. Do not include the word "Code"
   

   
   :files
   c:\windows\system32\c_01854.nl_
   C:\Program Files\AVG
   netsh winsock reset catalog /c
   ipconfig /flushdns /c
   :commands
   [emptyflash]
   [emptytemp]
   

   
   

3. Push
   
4. OTL may ask to reboot the machine. Please do so if asked.
   
5. Click .
   
6. A report will open. Copy and Paste that report in your next reply.
   
7. If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
   
8. Copy/paste the content of the log back here in your next post.
   

STEP 3

Can you try the ESET Online scan again please?

Use the same settings as before.

Post back the log file in your next reply.

How are things now ? Any problems left ?

Regards,

Georgi

[crunchygirl]

Hi Georgi,

Things seem to be much better... my laptop seems to be running much quicker on the whole!

Here's the Perms log:

GrantPerms by Farbar

Ran by Sean Whitaker at 2011-09-26 21:16:18

===============================================

\\?\C:\Program Files\AVG

Owner: BUILTIN\Administrators

DACL(NP)(AI):

BUILTIN\Administrators FULL ALLOW (CI)(OI)

NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)

BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)

BUILTIN\Users READ/EXECUTE ALLOW (I)

BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(IO)(I)

BUILTIN\Power Users change ALLOW (I)

BUILTIN\Power Users change ALLOW (CI)(OI)(IO)(I)

BUILTIN\Administrators FULL ALLOW (I)

BUILTIN\Administrators FULL ALLOW (CI)(OI)(IO)(I)

NT AUTHORITY\SYSTEM FULL ALLOW (I)

NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(IO)(I)

CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)

And the OTL:

All processes killed

========== FILES ==========

c:\windows\system32\c_01854.nl_ moved successfully.

C:\Program Files\AVG\AVG10 folder moved successfully.

C:\Program Files\AVG folder moved successfully.

< netsh winsock reset catalog /c >

Sucessfully reset the Winsock Catalog.

You must restart the machine in order to complete the reset.

C:\Documents and Settings\Sean Whitaker\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Sean Whitaker\Desktop\cmd.txt deleted successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Sean Whitaker\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\Sean Whitaker\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Sean Whitaker

->Flash cache emptied: 456 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Sean Whitaker

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 18547940 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16889 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 18.00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 09262011_211732

Files\Folders moved on Reboot...

C:\WINDOWS\temp\Perflib_Perfdata_a94.dat moved successfully.

Registry entries deleted on Reboot...

And the ESET:

C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\i8042prt.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan

C:\_OTL\MovedFiles\09262011_195806\C_Documents and Settings\Sean Whitaker\My Documents\Downloads\cnet_mdm-installer_exe.exe a variant of Win32/InstallCore.C application

C:\_OTL\MovedFiles\09262011_195806\C_Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Win32/Patched.HN trojan

C:\_OTL\MovedFiles\09262011_195806\C_Program Files\Dell\NicConfigSvc\NicConfigSvc.exe Win32/Patched.HN trojan

C:\_OTL\MovedFiles\09262011_195806\C_Program Files\Intel\Wireless\Bin\RegSrvc.exe Win32/Patched.HN trojan

C:\_OTL\MovedFiles\09262011_195806\C_Program Files\Intel\Wireless\Bin\S24EvMon.exe Win32/Patched.HN trojan

C:\_OTL\MovedFiles\09262011_195806\C_Program Files\iPod\bin\iPodService.exe Win32/Patched.HN trojan

C:\_OTL\MovedFiles\09262011_195806\C_Program Files\Java\jre6\bin\jqs.exe Win32/Patched.HN trojan

C:\_OTL\MovedFiles\09262011_195806\C_WINDOWS\system32\BAsfIpM.exe Win32/Patched.HN trojan

C:\_OTL\MovedFiles\09262011_211732\c_windows\system32\c_01854.nl_ a variant of Win32/Sirefef.CR trojan