TechSpot

Google search results redirected to 'attack site'

By ninjafox
Dec 13, 2010
  1. Hi all,

    Hoping for some help. I'm not the most proficient at the technical aspects of computer stuff so bear with me!

    I'm having an issue which seems to have cropped up here a good few times before.

    I've gone through the 8 step removal process and have attached the logs.

    I've also attached the screengrab of the page I get redirected to from the Google search results.

    Hoping someone can advise?
     

    Attached Files:

  2. crunchie

    crunchie Malware Helper Posts: 728

  3. ninjafox

    ninjafox TS Rookie Topic Starter

    Apologies.

    I picked things up wrong there.

    Logs below and thanks! :)

    Mbam Log

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5304

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    13/12/2010 10:22:15
    mbam-log-2010-12-13 (10-22-15).txt

    Scan type: Quick scan
    Objects scanned: 189721
    Time elapsed: 8 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\documents and settings\mark_breen\application data\cleanmgr.dll (Trojan.Agent) -> Quarantined and deleted successfully.

    Gmer Log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-13 11:31:54
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200AAJS-60M0A0 rev.02.03E02
    Running: 0ngezfn2.exe; Driver: C:\DOCUME~1\MARK_B~1\LOCALS~1\Temp\kgtdapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwClose [0xA8836F86]
    SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwCreateKey [0xA8836886]
    SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwDeleteKey [0xA8837048]
    SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwDeleteValueKey [0xA8837298]
    SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwDuplicateObject [0xA8837E98]
    SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwEnumerateKey [0xA88376B6]
    SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwEnumerateValueKey [0xA8837A72]
    SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwFlushKey [0xA8837020]
    SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwLoadKey [0xA8837D2A]
    SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwOpenKey [0xA88364E4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA839D6C0]
    SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwQueryKey [0xA88377C4]
    SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwQueryValueKey [0xA8837BB4]
    SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwRenameKey [0xA8837F30]
    SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwSetValueKey [0xA88374EE]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA839D770]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA839D810]
    SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwUnloadKey [0xA8837DAA]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA839D8B0]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? reuosnp.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\program files\real\realplayer\update\realsched.exe[2152] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

    Device \Driver\BTHUSB \Device\00000075 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \Driver\BTHUSB \Device\00000075 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \Driver\BTHUSB \Device\00000077 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \Driver\BTHUSB \Device\00000077 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011957d355a
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011957d355a (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----

    DDS Log


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by mark_breen at 11:37:47.50 on 13/12/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.738 [GMT 0:00]

    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    svchost.exe
    C:\Program Files\Canon\DIAS\CnxDIAS.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\slagent.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Documents and Settings\mark_breen\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgchsvx.exe
    C:\Program Files\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\mark_breen\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=all&pf=cmdt
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: {0347C33E-8762-4905-BF09-768834316C61} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [<NO NAME>]
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
    mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\mark_b~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\mark_breen\application data\dropbox\bin\Dropbox.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 212.117.178.25 www.google.com
    Hosts: 212.117.163.43 search.yahoo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\mark_b~1\applic~1\mozilla\firefox\profiles\sl18u4ij.default\
    FF - prefs.js: browser.startup.homepage - hxxp://partnerpage.google.com/ditsu.ie
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: c:\documents and settings\mark_breen\application data\mozilla\firefox\profiles\sl18u4ij.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\mark_breen\application data\mozilla\firefox\profiles\sl18u4ij.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\mark_breen\application data\mozilla\plugins\npcoolirisplugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: Morning Coffee: morningCoffee@shaneliesegang - %profile%\extensions\morningCoffee@shaneliesegang
    FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
    FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Locator: {05f6a7ea-896b-11da-8bde-f66bad1e3fff} - %profile%\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3fff}
    FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
    FF - Ext: InFormEnter: {5546F97E-11A5-46b0-9082-32AD74AAA920} - %profile%\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
    FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-14 64288]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
    R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2009-2-20 195456]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-6-30 576024]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]

    =============== Created Last 30 ================

    2010-12-13 10:12:16 -------- d-----w- c:\docume~1\mark_b~1\applic~1\Malwarebytes
    2010-12-13 10:12:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-13 10:12:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-12-13 10:12:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-13 10:12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-13 09:21:51 -------- d-----w- c:\docume~1\mark_b~1\locals~1\applic~1\Sunbelt Software
    2010-12-13 09:20:36 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2010-11-23 10:49:37 -------- d-----w- c:\program files\iPod
    2010-11-23 10:49:31 -------- d-----w- c:\program files\iTunes
    2010-11-22 12:43:46 -------- d-----w- c:\docume~1\mark_b~1\locals~1\applic~1\Real
    2010-11-22 12:42:38 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
    2010-11-22 12:42:15 -------- d-----w- c:\program files\common files\xing shared
    2010-11-22 12:41:52 151776 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
    2010-11-22 12:41:38 100352 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll

    ==================== Find3M ====================

    2010-11-22 12:41:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-11-22 12:41:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2010-09-28 15:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2009-06-30 12:26:33 7371960 ----a-w- c:\program files\Firefox Setup 3.0.11.exe

    ============= FINISH: 11:38:20.59 ===============

    DDS Attach


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 30/06/2009 13:12:09
    System Uptime: 13/12/2010 10:23:39 (1 hours ago)

    Motherboard: MSI | | 2A78h
    Processor: Intel Pentium III Xeon processor | Socket 775 | 2494/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 298 GiB total, 270.938 GiB free.
    D: is CDROM ()
    Z: is NetworkDisk (NTFS) - 98 GiB total, 47.906 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&1E5E1293&0
    Manufacturer: (Standard keyboards)
    Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&1E5E1293&0
    Service: i8042prt

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia Windows Portable Device Driver
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia E71
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia Windows Portable Device Driver
    Device ID: ROOT\WPD\0001
    Manufacturer: Nokia
    Name: Nokia E71
    PNP Device ID: ROOT\WPD\0001
    Service: WUDFRd

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia E51
    Device ID: ROOT\WPD\0002
    Manufacturer: Nokia
    Name: Nokia E51
    PNP Device ID: ROOT\WPD\0002
    Service: WUDFRd

    ==== System Restore Points ===================

    RP298: 14/09/2010 22:56:04 - System Checkpoint
    RP299: 15/09/2010 23:56:04 - System Checkpoint
    RP300: 16/09/2010 03:00:23 - Software Distribution Service 3.0
    RP301: 17/09/2010 03:03:04 - System Checkpoint
    RP302: 18/09/2010 04:03:02 - System Checkpoint
    RP303: 19/09/2010 05:03:05 - System Checkpoint
    RP304: 20/09/2010 06:03:01 - System Checkpoint
    RP305: 21/09/2010 07:03:03 - System Checkpoint
    RP306: 22/09/2010 08:03:02 - System Checkpoint
    RP307: 23/09/2010 09:42:54 - System Checkpoint
    RP308: 24/09/2010 08:02:00 - Avg Update
    RP309: 24/09/2010 08:03:08 - Avg Update
    RP310: 27/09/2010 07:39:27 - Avg Update
    RP311: 28/09/2010 08:30:30 - System Checkpoint
    RP312: 06/10/2010 16:42:49 - Avg Update
    RP313: 06/10/2010 18:07:22 - Software Distribution Service 3.0
    RP314: 12/10/2010 08:50:41 - System Checkpoint
    RP315: 13/10/2010 08:53:08 - System Checkpoint
    RP316: 14/10/2010 09:14:18 - System Checkpoint
    RP317: 15/10/2010 03:00:25 - Software Distribution Service 3.0
    RP318: 16/10/2010 03:33:49 - System Checkpoint
    RP319: 17/10/2010 03:38:19 - System Checkpoint
    RP320: 18/10/2010 04:38:19 - System Checkpoint
    RP321: 19/10/2010 05:38:19 - System Checkpoint
    RP322: 20/10/2010 06:38:21 - System Checkpoint
    RP323: 20/10/2010 09:53:14 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    RP324: 20/10/2010 09:53:29 - Installed AVG 2011
    RP325: 20/10/2010 09:55:16 - Removed AVG Free 9.0
    RP326: 21/10/2010 10:05:35 - System Checkpoint
    RP327: 26/10/2010 07:37:20 - Installed AVG 2011
    RP328: 27/10/2010 09:21:45 - System Checkpoint
    RP329: 28/10/2010 15:08:38 - System Checkpoint
    RP330: 29/10/2010 16:10:54 - System Checkpoint
    RP331: 01/11/2010 12:21:55 - System Checkpoint
    RP332: 02/11/2010 17:30:48 - System Checkpoint
    RP333: 03/11/2010 23:45:51 - System Checkpoint
    RP334: 08/11/2010 10:45:51 - System Checkpoint
    RP335: 11/11/2010 18:17:38 - System Checkpoint
    RP336: 12/11/2010 03:00:34 - Software Distribution Service 3.0
    RP337: 16/11/2010 09:55:13 - System Checkpoint
    RP338: 18/11/2010 12:31:20 - System Checkpoint
    RP339: 22/11/2010 14:47:08 - System Checkpoint
    RP340: 24/11/2010 14:34:41 - System Checkpoint
    RP341: 25/11/2010 17:28:01 - System Checkpoint
    RP342: 06/12/2010 14:47:21 - System Checkpoint
    RP343: 08/12/2010 17:21:02 - System Checkpoint
    RP344: 10/12/2010 04:57:18 - System Checkpoint
    RP345: 13/12/2010 11:23:49 - System Checkpoint

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Acrobat.com
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2011
    Bonjour
    Dropbox
    File Shredder 2.0
    Google Talk (remove only)
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952117-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java(TM) 6 Update 13
    Java(TM) 6 Update 7
    Maintenance Samsung ML-2580 Series
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works 6-9 Converter
    Mozilla Firefox (3.6.13)
    MSVC80_x86
    MSVC80_x86_v2
    MSVC90_x86
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    Nokia Connectivity Cable Driver
    Nokia Ovi Suite
    Nokia Ovi Suite Software Updater
    OGA Notifier 2.0.0048.0
    Ovi Desktop Sync Engine
    OviMPlatform
    PC Connectivity Solution
    PDF Complete
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Software Virtualization Agent
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Outlook 2007 Junk Email Filter (KB2443839)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows XP Service Pack 3
    WinRAR 4.00 beta 1 (32-bit)

    ==== Event Viewer Messages From Past Week ========

    13/12/2010 10:31:24, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    13/12/2010 09:54:58, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    13/12/2010 09:54:58, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    13/12/2010 09:54:56, error: Service Control Manager [7034] - The PDF Document Manager service terminated unexpectedly. It has done this 1 time(s).
    13/12/2010 09:54:56, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    13/12/2010 09:54:56, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    13/12/2010 09:54:56, error: Service Control Manager [7031] - The Canon Driver Information Assist Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.
    13/12/2010 09:54:56, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    08/12/2010 08:42:15, error: BTHUSB [17] - The local Bluetooth radio has failed in an undetermined manner and will be unloaded.
    06/12/2010 07:44:33, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
    06/12/2010 07:44:33, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.

    ==== End Of File ===========================

    HijackThis Log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:43:31, on 13/12/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Canon\DIAS\CnxDIAS.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\slagent.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Documents and Settings\mark_breen\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgchsvx.exe
    C:\Program Files\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\mark_breen\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=all&pf=cmdt
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O1 - Hosts: 212.117.178.25 www.google.com
    O1 - Hosts: 212.117.163.43 search.yahoo.com
    O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\mark_breen\Application Data\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=all&pf=cmdt
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ditsu.local
    O17 - HKLM\Software\..\Telephony: DomainName = ditsu.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ditsu.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ditsu.local
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: asp.net - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 9189 bytes
     
  4. crunchie

    crunchie Malware Helper Posts: 728

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ====


    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    • If an infected file is detected, the default action will be Cure, click on Continue.

    • If a suspicious file is detected, the default action will be Skip, click on Continue.

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    ==========

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  5. ninjafox

    ninjafox TS Rookie Topic Starter

    Ok. Logs below.

    TDS Killer Log

    2010/12/14 09:46:01.0656 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
    2010/12/14 09:46:01.0656 ================================================================================
    2010/12/14 09:46:01.0656 SystemInfo:
    2010/12/14 09:46:01.0656
    2010/12/14 09:46:01.0656 OS Version: 5.1.2600 ServicePack: 3.0
    2010/12/14 09:46:01.0656 Product type: Workstation
    2010/12/14 09:46:01.0656 ComputerName: EM-BST
    2010/12/14 09:46:01.0656 UserName: mark_breen
    2010/12/14 09:46:01.0656 Windows directory: C:\WINDOWS
    2010/12/14 09:46:01.0656 System windows directory: C:\WINDOWS
    2010/12/14 09:46:01.0656 Processor architecture: Intel x86
    2010/12/14 09:46:01.0656 Number of processors: 2
    2010/12/14 09:46:01.0656 Page size: 0x1000
    2010/12/14 09:46:01.0656 Boot type: Normal boot
    2010/12/14 09:46:01.0656 ================================================================================
    2010/12/14 09:46:01.0859 Initialize success
    2010/12/14 09:46:04.0781 ================================================================================
    2010/12/14 09:46:04.0781 Scan started
    2010/12/14 09:46:04.0781 Mode: Manual;
    2010/12/14 09:46:04.0781 ================================================================================
    2010/12/14 09:46:05.0812 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
    2010/12/14 09:46:05.0875 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/12/14 09:46:05.0890 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/12/14 09:46:05.0937 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2010/12/14 09:46:05.0953 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
    2010/12/14 09:46:05.0984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/12/14 09:46:06.0031 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/12/14 09:46:06.0078 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2010/12/14 09:46:06.0093 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2010/12/14 09:46:06.0250 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/12/14 09:46:06.0296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/12/14 09:46:06.0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/12/14 09:46:06.0375 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/12/14 09:46:06.0421 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    2010/12/14 09:46:06.0453 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    2010/12/14 09:46:06.0484 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    2010/12/14 09:46:06.0531 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    2010/12/14 09:46:06.0578 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    2010/12/14 09:46:06.0593 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    2010/12/14 09:46:06.0609 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    2010/12/14 09:46:06.0656 Avgtdix (354e0fec3bfdfa9c369e0f67ac362f9f) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    2010/12/14 09:46:06.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/12/14 09:46:07.0062 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    2010/12/14 09:46:07.0093 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    2010/12/14 09:46:07.0156 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
    2010/12/14 09:46:07.0187 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    2010/12/14 09:46:07.0218 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/12/14 09:46:07.0281 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/12/14 09:46:07.0343 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/12/14 09:46:07.0390 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/12/14 09:46:07.0531 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/12/14 09:46:07.0578 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/12/14 09:46:07.0609 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/12/14 09:46:07.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/12/14 09:46:07.0656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/12/14 09:46:07.0703 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2010/12/14 09:46:07.0734 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/12/14 09:46:07.0750 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2010/12/14 09:46:07.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/12/14 09:46:07.0812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/12/14 09:46:07.0859 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/12/14 09:46:07.0875 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/12/14 09:46:07.0921 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/12/14 09:46:07.0953 FSLX (42c202b2f1641f009b40b90eee3830f3) C:\WINDOWS\system32\drivers\fslx.sys
    2010/12/14 09:46:07.0984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/12/14 09:46:08.0031 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/12/14 09:46:08.0171 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2010/12/14 09:46:08.0187 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/12/14 09:46:08.0218 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/12/14 09:46:08.0265 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/12/14 09:46:08.0328 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2010/12/14 09:46:08.0328 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2010/12/14 09:46:08.0359 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2010/12/14 09:46:08.0406 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/12/14 09:46:08.0437 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/12/14 09:46:08.0484 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
    2010/12/14 09:46:08.0515 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
    2010/12/14 09:46:08.0531 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
    2010/12/14 09:46:08.0546 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
    2010/12/14 09:46:08.0562 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
    2010/12/14 09:46:08.0578 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
    2010/12/14 09:46:08.0593 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
    2010/12/14 09:46:08.0609 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
    2010/12/14 09:46:08.0625 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
    2010/12/14 09:46:08.0640 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
    2010/12/14 09:46:08.0656 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
    2010/12/14 09:46:08.0671 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
    2010/12/14 09:46:08.0687 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
    2010/12/14 09:46:08.0687 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
    2010/12/14 09:46:08.0703 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
    2010/12/14 09:46:08.0843 ialm (c4018896856a1a1f1f3a0a6ee7206551) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2010/12/14 09:46:08.0906 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/12/14 09:46:09.0046 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2010/12/14 09:46:09.0109 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/12/14 09:46:09.0156 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/12/14 09:46:09.0187 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/12/14 09:46:09.0218 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/12/14 09:46:09.0250 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/12/14 09:46:09.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/12/14 09:46:09.0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/12/14 09:46:09.0390 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
    2010/12/14 09:46:09.0421 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/12/14 09:46:09.0453 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/12/14 09:46:09.0500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/12/14 09:46:09.0531 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/12/14 09:46:09.0578 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/12/14 09:46:09.0625 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/12/14 09:46:09.0765 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    2010/12/14 09:46:09.0781 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
    2010/12/14 09:46:09.0859 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/12/14 09:46:09.0890 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/12/14 09:46:09.0937 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/12/14 09:46:09.0984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/12/14 09:46:10.0000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/12/14 09:46:10.0031 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/12/14 09:46:10.0078 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/12/14 09:46:10.0109 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/12/14 09:46:10.0140 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/12/14 09:46:10.0156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/12/14 09:46:10.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/12/14 09:46:10.0187 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/12/14 09:46:10.0203 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/12/14 09:46:10.0250 NDIS (8716356e49a665bdc7b114725b60a456) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/12/14 09:46:10.0296 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/12/14 09:46:10.0343 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/12/14 09:46:10.0359 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/12/14 09:46:10.0359 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/12/14 09:46:10.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/12/14 09:46:10.0437 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/12/14 09:46:10.0484 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
    2010/12/14 09:46:10.0515 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
    2010/12/14 09:46:10.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/12/14 09:46:10.0593 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/12/14 09:46:10.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/12/14 09:46:10.0687 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/12/14 09:46:10.0718 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/12/14 09:46:10.0765 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
    2010/12/14 09:46:10.0796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/12/14 09:46:10.0812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/12/14 09:46:10.0843 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/12/14 09:46:10.0875 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    2010/12/14 09:46:10.0921 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/12/14 09:46:10.0953 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/12/14 09:46:10.0984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/12/14 09:46:11.0140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/12/14 09:46:11.0156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/12/14 09:46:11.0171 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/12/14 09:46:11.0265 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/12/14 09:46:11.0328 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    2010/12/14 09:46:11.0343 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/12/14 09:46:11.0359 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/12/14 09:46:11.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/12/14 09:46:11.0406 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/12/14 09:46:11.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/12/14 09:46:11.0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/12/14 09:46:11.0515 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/12/14 09:46:11.0562 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/12/14 09:46:11.0609 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    2010/12/14 09:46:11.0687 RTLE8023xp (badabe0940c01619e8510b90fb314929) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2010/12/14 09:46:11.0718 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/12/14 09:46:11.0750 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/12/14 09:46:11.0781 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/12/14 09:46:11.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/12/14 09:46:11.0890 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/12/14 09:46:11.0937 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/12/14 09:46:11.0968 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/12/14 09:46:12.0000 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\WINDOWS\system32\DRIVERS\irstusb.sys
    2010/12/14 09:46:12.0031 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/12/14 09:46:12.0046 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/12/14 09:46:12.0078 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2010/12/14 09:46:12.0093 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2010/12/14 09:46:12.0125 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
    2010/12/14 09:46:12.0140 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2010/12/14 09:46:12.0156 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2010/12/14 09:46:12.0187 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/12/14 09:46:12.0250 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/12/14 09:46:12.0281 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/12/14 09:46:12.0296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/12/14 09:46:12.0328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/12/14 09:46:12.0375 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/12/14 09:46:12.0421 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
    2010/12/14 09:46:12.0484 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/12/14 09:46:12.0515 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/12/14 09:46:12.0562 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/12/14 09:46:12.0609 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/12/14 09:46:12.0656 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/12/14 09:46:12.0687 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/12/14 09:46:12.0734 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
    2010/12/14 09:46:12.0796 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
    2010/12/14 09:46:12.0859 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/12/14 09:46:12.0906 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/12/14 09:46:12.0953 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/12/14 09:46:12.0968 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2010/12/14 09:46:13.0000 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/12/14 09:46:13.0046 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/12/14 09:46:13.0093 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2010/12/14 09:46:13.0140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/12/14 09:46:13.0218 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/12/14 09:46:13.0265 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/12/14 09:46:13.0312 ================================================================================
    2010/12/14 09:46:13.0312 Scan finished
    2010/12/14 09:46:13.0312 ================================================================================

    Extras.txt Log

    2010/12/14 09:46:01.0656 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
    2010/12/14 09:46:01.0656 ================================================================================
    2010/12/14 09:46:01.0656 SystemInfo:
    2010/12/14 09:46:01.0656
    2010/12/14 09:46:01.0656 OS Version: 5.1.2600 ServicePack: 3.0
    2010/12/14 09:46:01.0656 Product type: Workstation
    2010/12/14 09:46:01.0656 ComputerName: EM-BST
    2010/12/14 09:46:01.0656 UserName: mark_breen
    2010/12/14 09:46:01.0656 Windows directory: C:\WINDOWS
    2010/12/14 09:46:01.0656 System windows directory: C:\WINDOWS
    2010/12/14 09:46:01.0656 Processor architecture: Intel x86
    2010/12/14 09:46:01.0656 Number of processors: 2
    2010/12/14 09:46:01.0656 Page size: 0x1000
    2010/12/14 09:46:01.0656 Boot type: Normal boot
    2010/12/14 09:46:01.0656 ================================================================================
    2010/12/14 09:46:01.0859 Initialize success
    2010/12/14 09:46:04.0781 ================================================================================
    2010/12/14 09:46:04.0781 Scan started
    2010/12/14 09:46:04.0781 Mode: Manual;
    2010/12/14 09:46:04.0781 ================================================================================
    2010/12/14 09:46:05.0812 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
    2010/12/14 09:46:05.0875 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/12/14 09:46:05.0890 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/12/14 09:46:05.0937 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2010/12/14 09:46:05.0953 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
    2010/12/14 09:46:05.0984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/12/14 09:46:06.0031 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/12/14 09:46:06.0078 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2010/12/14 09:46:06.0093 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2010/12/14 09:46:06.0250 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/12/14 09:46:06.0296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/12/14 09:46:06.0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/12/14 09:46:06.0375 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/12/14 09:46:06.0421 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    2010/12/14 09:46:06.0453 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    2010/12/14 09:46:06.0484 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    2010/12/14 09:46:06.0531 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    2010/12/14 09:46:06.0578 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    2010/12/14 09:46:06.0593 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    2010/12/14 09:46:06.0609 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    2010/12/14 09:46:06.0656 Avgtdix (354e0fec3bfdfa9c369e0f67ac362f9f) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    2010/12/14 09:46:06.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/12/14 09:46:07.0062 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    2010/12/14 09:46:07.0093 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    2010/12/14 09:46:07.0156 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
    2010/12/14 09:46:07.0187 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    2010/12/14 09:46:07.0218 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/12/14 09:46:07.0281 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/12/14 09:46:07.0343 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/12/14 09:46:07.0390 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/12/14 09:46:07.0531 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/12/14 09:46:07.0578 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/12/14 09:46:07.0609 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/12/14 09:46:07.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/12/14 09:46:07.0656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/12/14 09:46:07.0703 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2010/12/14 09:46:07.0734 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/12/14 09:46:07.0750 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2010/12/14 09:46:07.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/12/14 09:46:07.0812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/12/14 09:46:07.0859 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/12/14 09:46:07.0875 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/12/14 09:46:07.0921 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/12/14 09:46:07.0953 FSLX (42c202b2f1641f009b40b90eee3830f3) C:\WINDOWS\system32\drivers\fslx.sys
    2010/12/14 09:46:07.0984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/12/14 09:46:08.0031 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/12/14 09:46:08.0171 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2010/12/14 09:46:08.0187 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/12/14 09:46:08.0218 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/12/14 09:46:08.0265 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/12/14 09:46:08.0328 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2010/12/14 09:46:08.0328 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2010/12/14 09:46:08.0359 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2010/12/14 09:46:08.0406 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/12/14 09:46:08.0437 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/12/14 09:46:08.0484 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
    2010/12/14 09:46:08.0515 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
    2010/12/14 09:46:08.0531 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
    2010/12/14 09:46:08.0546 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
    2010/12/14 09:46:08.0562 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
    2010/12/14 09:46:08.0578 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
    2010/12/14 09:46:08.0593 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
    2010/12/14 09:46:08.0609 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
    2010/12/14 09:46:08.0625 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
    2010/12/14 09:46:08.0640 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
    2010/12/14 09:46:08.0656 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
    2010/12/14 09:46:08.0671 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
    2010/12/14 09:46:08.0687 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
    2010/12/14 09:46:08.0687 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
    2010/12/14 09:46:08.0703 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
    2010/12/14 09:46:08.0843 ialm (c4018896856a1a1f1f3a0a6ee7206551) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2010/12/14 09:46:08.0906 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/12/14 09:46:09.0046 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2010/12/14 09:46:09.0109 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/12/14 09:46:09.0156 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/12/14 09:46:09.0187 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/12/14 09:46:09.0218 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/12/14 09:46:09.0250 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/12/14 09:46:09.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/12/14 09:46:09.0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/12/14 09:46:09.0390 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
    2010/12/14 09:46:09.0421 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/12/14 09:46:09.0453 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/12/14 09:46:09.0500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/12/14 09:46:09.0531 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/12/14 09:46:09.0578 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/12/14 09:46:09.0625 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/12/14 09:46:09.0765 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
    2010/12/14 09:46:09.0781 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
    2010/12/14 09:46:09.0859 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/12/14 09:46:09.0890 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/12/14 09:46:09.0937 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/12/14 09:46:09.0984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/12/14 09:46:10.0000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/12/14 09:46:10.0031 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/12/14 09:46:10.0078 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/12/14 09:46:10.0109 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/12/14 09:46:10.0140 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/12/14 09:46:10.0156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/12/14 09:46:10.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/12/14 09:46:10.0187 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/12/14 09:46:10.0203 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/12/14 09:46:10.0250 NDIS (8716356e49a665bdc7b114725b60a456) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/12/14 09:46:10.0296 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/12/14 09:46:10.0343 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/12/14 09:46:10.0359 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/12/14 09:46:10.0359 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/12/14 09:46:10.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/12/14 09:46:10.0437 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/12/14 09:46:10.0484 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
    2010/12/14 09:46:10.0515 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
    2010/12/14 09:46:10.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/12/14 09:46:10.0593 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/12/14 09:46:10.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/12/14 09:46:10.0687 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/12/14 09:46:10.0718 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/12/14 09:46:10.0765 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
    2010/12/14 09:46:10.0796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/12/14 09:46:10.0812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/12/14 09:46:10.0843 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/12/14 09:46:10.0875 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    2010/12/14 09:46:10.0921 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/12/14 09:46:10.0953 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/12/14 09:46:10.0984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/12/14 09:46:11.0140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/12/14 09:46:11.0156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/12/14 09:46:11.0171 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/12/14 09:46:11.0265 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/12/14 09:46:11.0328 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    2010/12/14 09:46:11.0343 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/12/14 09:46:11.0359 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/12/14 09:46:11.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/12/14 09:46:11.0406 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/12/14 09:46:11.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/12/14 09:46:11.0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/12/14 09:46:11.0515 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/12/14 09:46:11.0562 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/12/14 09:46:11.0609 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    2010/12/14 09:46:11.0687 RTLE8023xp (badabe0940c01619e8510b90fb314929) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    2010/12/14 09:46:11.0718 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/12/14 09:46:11.0750 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/12/14 09:46:11.0781 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/12/14 09:46:11.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/12/14 09:46:11.0890 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/12/14 09:46:11.0937 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/12/14 09:46:11.0968 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/12/14 09:46:12.0000 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\WINDOWS\system32\DRIVERS\irstusb.sys
    2010/12/14 09:46:12.0031 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/12/14 09:46:12.0046 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/12/14 09:46:12.0078 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2010/12/14 09:46:12.0093 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2010/12/14 09:46:12.0125 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
    2010/12/14 09:46:12.0140 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2010/12/14 09:46:12.0156 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2010/12/14 09:46:12.0187 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/12/14 09:46:12.0250 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/12/14 09:46:12.0281 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/12/14 09:46:12.0296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/12/14 09:46:12.0328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/12/14 09:46:12.0375 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/12/14 09:46:12.0421 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
    2010/12/14 09:46:12.0484 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/12/14 09:46:12.0515 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/12/14 09:46:12.0562 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/12/14 09:46:12.0609 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/12/14 09:46:12.0656 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/12/14 09:46:12.0687 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/12/14 09:46:12.0734 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
    2010/12/14 09:46:12.0796 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
    2010/12/14 09:46:12.0859 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/12/14 09:46:12.0906 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/12/14 09:46:12.0953 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/12/14 09:46:12.0968 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2010/12/14 09:46:13.0000 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/12/14 09:46:13.0046 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/12/14 09:46:13.0093 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2010/12/14 09:46:13.0140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/12/14 09:46:13.0218 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/12/14 09:46:13.0265 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/12/14 09:46:13.0312 ================================================================================
    2010/12/14 09:46:13.0312 Scan finished
    2010/12/14 09:46:13.0312 ================================================================================
     
  6. ninjafox

    ninjafox TS Rookie Topic Starter

    Hi, I did as instructed and posted two posts a few hours back with the logs and both were marked needing to be approved by a Mod. That normal?
     
  7. crunchie

    crunchie Malware Helper Posts: 728

    Yes, that is normal :).

    You did not post the JavaRa log or the two OTL logs.
     
  8. ninjafox

    ninjafox TS Rookie Topic Starter

    Apologies.

    Follwing your instructions re JavaRa, it did not create any log. It simply installed the software. Please advise.

    I posted the Extras.txt OTL log in the post above. The OTLtxt OTL log would not fit and I posted it yesterday as a separate post, with the site telling me it would need to be approved by a Mod. I've attached below again.

    Thanks

    OTL.txt.

    OTL logfile created on: 14/12/2010 09:48:29 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\mark_breen\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 270.75 Gb Free Space | 90.83% Space Free | Partition Type: NTFS
    Drive Z: | 98.08 Gb Total Space | 47.91 Gb Free Space | 48.84% Space Free | Partition Type: NTFS

    Computer Name: EM-BST | User Name: mark_breen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/14 09:46:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
    PRC - [2010/12/03 19:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/12/03 19:35:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/12/03 09:05:32 | 001,389,400 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010/12/03 09:05:32 | 000,930,032 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2010/11/22 12:41:30 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
    PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2010/10/27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2010/10/27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
    PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2010/10/22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2010/10/22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/06/09 00:47:48 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    PRC - [2010/02/26 05:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\mark_breen\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2009/08/14 08:01:14 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
    PRC - [2007/11/08 15:57:24 | 002,139,496 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\DIAS\CnxDIAS.exe
    PRC - [2007/01/01 21:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
    PRC - [2005/06/20 21:22:00 | 000,630,784 | ---- | M] (ScriptLogic Corporation) -- C:\WINDOWS\system32\slAgent.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/14 09:46:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
    MOD - [2010/11/22 12:42:06 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\MSINFO\asp.net -- (asp.net)
    SRV - [2010/12/03 09:05:32 | 001,389,400 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2007/11/08 15:57:24 | 002,139,496 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Program Files\Canon\DIAS\CnxDIAS.exe -- (Canon Driver Information Assist Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
    DRV - [2010/12/03 09:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2010/12/03 09:05:33 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2009/02/20 23:04:38 | 000,195,456 | R--- | M] (Symantec Corp.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
    DRV - [2009/02/11 11:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/10/30 08:00:36 | 005,851,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2007/08/07 16:40:38 | 000,098,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2004/08/04 00:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
    DRV - [2004/08/04 00:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
    DRV - [2004/08/04 00:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
    DRV - [2004/08/04 00:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
    DRV - [2004/08/04 00:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
    DRV - [2004/08/04 00:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
    DRV - [2004/08/04 00:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
    DRV - [2004/08/04 00:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
    DRV - [2004/08/04 00:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
    DRV - [2004/08/04 00:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
    DRV - [2004/08/04 00:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
    DRV - [2004/08/04 00:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
    DRV - [2004/08/04 00:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
    DRV - [2004/08/04 00:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
    DRV - [2004/08/04 00:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
    DRV - [2002/05/09 00:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2002/04/04 05:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
    DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 14:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
    DRV - [2001/08/17 13:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=all&pf=cmdt
    IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://partnerpage.google.com/ditsu.ie"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
    FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
    FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
    FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.9
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {05f6a7ea-896b-11da-8bde-f66bad1e3fff}:3.5.20090705
    FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
    FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.0.2.1
    FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
    FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
    FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
    FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

    FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/20 09:23:29 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/24 08:36:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/22 12:42:07 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 09:03:42 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/14 09:43:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/08/20 09:23:31 | 000,000,000 | ---D | M]

    [2009/06/30 12:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Extensions
    [2010/12/14 09:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions
    [2010/07/27 08:02:06 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
    [2010/12/14 08:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2009/07/29 08:26:02 | 000,000,000 | ---D | M] (Locator) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3fff}
    [2010/04/30 08:05:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/07/26 08:15:09 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
    [2010/12/13 07:45:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/10/12 15:12:21 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2010/11/18 09:20:00 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    [2010/11/16 09:13:52 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
    [2010/12/13 07:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\en-GB@dictionaries.addons.mozilla.org
    [2010/01/11 09:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\lazarus@interclue.com
    [2009/06/30 13:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\morningCoffee@shaneliesegang
    [2010/06/22 06:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\piclens@cooliris.com
    [2009/06/30 14:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\quickdrag@mozilla.ktechcomputing.com
    [2010/12/14 09:47:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/14 09:43:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/12/14 09:43:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/11/15 23:55:56 | 000,000,064 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 212.117.178.25 www.google.com
    O1 - Hosts: 212.117.163.43 search.yahoo.com
    O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
    O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
    O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [] File not found
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\mark_breen\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\mark_breen\Application Data\Dropbox\bin\Dropbox.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ditsu.local
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{58726723-b3e5-11de-bb52-0024212f431f}\Shell - "" = AutoRun
    O33 - MountPoints2\{58726723-b3e5-11de-bb52-0024212f431f}\Shell\Auto\command - "" = E:\asp.net -- File not found
    O33 - MountPoints2\{58726723-b3e5-11de-bb52-0024212f431f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6692fd3d-b32f-11de-bb51-0011957d355a}\Shell - "" = AutoRun
    O33 - MountPoints2\{6692fd3d-b32f-11de-bb51-0011957d355a}\Shell\Auto\command - "" = E:\asp.net -- File not found
    O33 - MountPoints2\{6692fd3d-b32f-11de-bb51-0011957d355a}\Shell\AutoRun - "" = Auto&Play
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/14 09:46:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
    [2010/12/14 09:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Desktop\tdsskiller
    [2010/12/14 09:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/12/14 09:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Desktop\JavaRa
    [2010/12/13 11:42:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\mark_breen\Desktop\HijackThis.exe
    [2010/12/13 10:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Application Data\Malwarebytes
    [2010/12/13 10:12:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/13 10:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/12/13 10:12:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/13 10:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/13 09:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\Sunbelt Software
    [2010/12/13 09:20:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2010/11/25 16:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Desktop\Event Elephant FAQs
    [2010/11/25 16:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Application Data\WinRAR
    [2010/11/25 16:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2010/11/23 10:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/11/23 10:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/11/23 10:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
    [2010/11/22 12:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\Real
    [2010/11/22 12:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2010/11/22 12:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\real
    [2009/06/30 12:26:27 | 007,371,960 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.11.exe
    [2 C:\Documents and Settings\mark_breen\Desktop\*.tmp files -> C:\Documents and Settings\mark_breen\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/12/14 09:47:28 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1417001333-839522115-1138.job
    [2010/12/14 09:47:28 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1417001333-839522115-1138.job
    [2010/12/14 09:46:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
    [2010/12/14 09:44:53 | 001,230,779 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\tdsskiller.zip
    [2010/12/14 09:38:04 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\JavaRa.zip
    [2010/12/14 09:04:45 | 000,231,581 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\AdoptionPack.jpg
    [2010/12/14 08:18:35 | 101,753,145 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2010/12/14 08:06:19 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/12/14 08:05:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/14 08:04:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/14 08:04:25 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/14 08:03:24 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
    [2010/12/13 11:43:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\mark_breen\Desktop\HijackThis.exe
    [2010/12/13 09:49:16 | 000,037,358 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\LPIT Funding Review - Draft 1.docx
    [2010/12/13 09:33:49 | 000,000,199 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
    [2010/12/13 09:29:42 | 000,894,464 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\All Staff Meeting Minutes 26Nov10.doc
    [2010/12/13 09:23:22 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/12/13 09:03:43 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\mark_breen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/10 16:12:57 | 000,638,677 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\IMG.pdf
    [2010/12/10 12:04:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/12/10 10:19:04 | 000,112,091 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Groupon-EF7E012238.pdf
    [2010/12/08 17:00:38 | 000,018,371 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Nov 10.docx
    [2010/12/08 12:22:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/12/08 11:35:58 | 000,823,808 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\ICPSMMaterials.ppt
    [2010/12/08 10:12:05 | 000,109,397 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\attack page.JPG
    [2010/12/08 09:00:49 | 000,489,437 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma in Management Feb 201.pdf
    [2010/12/08 09:00:25 | 000,053,488 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma Booking Form.pdf
    [2010/12/06 11:14:15 | 000,019,346 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship(2)
    [2010/12/06 11:14:02 | 000,019,346 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship
    [2010/12/03 09:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/24 08:28:38 | 000,026,554 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - RAG Ball & BNO - Venue Options - Nov 10.xlsx
    [2010/11/23 19:24:24 | 000,016,363 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - EBTTRT - Nov 10.xlsx
    [2010/11/23 16:51:00 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\EBTTRT - Invoice - Australian Pearl Jam - Nov 10.doc
    [2010/11/22 16:04:34 | 000,057,732 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 21st November.pdf
    [2010/11/22 12:41:33 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2010/11/18 17:10:36 | 000,049,736 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0890.pdf
    [2010/11/18 17:10:02 | 000,049,720 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0891.pdf
    [2010/11/18 17:10:01 | 000,049,751 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0889.pdf
    [2010/11/18 09:39:19 | 000,010,517 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Welfare - Daytime act availabilites - Nov 10.xlsx
    [2010/11/17 12:36:06 | 000,014,331 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Ltr to Solr Nov10 - Mark version.docx
    [2010/11/17 12:15:09 | 000,057,337 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 14th November.pdf
    [2010/11/17 12:06:49 | 000,019,330 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Oct Nov 10.docx
    [2010/11/16 14:43:58 | 000,420,340 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\OFA-CFR Instructors (Heartbeat Safety).pdf
    [2 C:\Documents and Settings\mark_breen\Desktop\*.tmp files -> C:\Documents and Settings\mark_breen\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/12/14 09:44:50 | 001,230,779 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\tdsskiller.zip
    [2010/12/14 09:38:04 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\JavaRa.zip
    [2010/12/14 09:04:44 | 000,231,581 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\AdoptionPack.jpg
    [2010/12/13 09:29:40 | 000,894,464 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\All Staff Meeting Minutes 26Nov10.doc
    [2010/12/13 08:38:21 | 000,037,358 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\LPIT Funding Review - Draft 1.docx
    [2010/12/10 16:12:45 | 000,638,677 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\IMG.pdf
    [2010/12/10 10:19:03 | 000,112,091 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Groupon-EF7E012238.pdf
    [2010/12/08 16:58:53 | 000,018,371 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Nov 10.docx
    [2010/12/08 11:35:57 | 000,823,808 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\ICPSMMaterials.ppt
    [2010/12/08 10:12:05 | 000,109,397 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\attack page.JPG
    [2010/12/08 09:00:48 | 000,489,437 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma in Management Feb 201.pdf
    [2010/12/08 09:00:25 | 000,053,488 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma Booking Form.pdf
    [2010/12/06 11:14:14 | 000,019,346 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship(2)
    [2010/12/06 11:14:02 | 000,019,346 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship
    [2010/11/24 08:04:18 | 000,026,554 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - RAG Ball & BNO - Venue Options - Nov 10.xlsx
    [2010/11/23 19:24:24 | 000,016,363 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - EBTTRT - Nov 10.xlsx
    [2010/11/23 16:49:06 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\EBTTRT - Invoice - Australian Pearl Jam - Nov 10.doc
    [2010/11/22 16:04:32 | 000,057,732 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 21st November.pdf
    [2010/11/22 12:43:43 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1417001333-839522115-1138.job
    [2010/11/22 12:43:42 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1417001333-839522115-1138.job
    [2010/11/18 17:10:35 | 000,049,736 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0890.pdf
    [2010/11/18 17:10:01 | 000,049,720 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0891.pdf
    [2010/11/18 17:09:59 | 000,049,751 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0889.pdf
    [2010/11/18 09:39:19 | 000,010,517 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Welfare - Daytime act availabilites - Nov 10.xlsx
    [2010/11/17 12:36:06 | 000,014,331 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Ltr to Solr Nov10 - Mark version.docx
    [2010/11/17 12:15:08 | 000,057,337 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 14th November.pdf
    [2010/11/17 08:43:22 | 000,019,330 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Oct Nov 10.docx
    [2010/11/16 14:43:57 | 000,420,340 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\OFA-CFR Instructors (Heartbeat Safety).pdf
    [2010/11/01 14:04:34 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp5ml3.dll
    [2010/01/22 10:01:42 | 000,000,199 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
    [2009/11/30 10:34:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\prvlcl.dat
    [2009/10/29 11:13:22 | 000,017,424 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/09/24 07:56:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BO2700CN.INI
    [2009/08/27 08:29:41 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2009/08/27 08:29:41 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2009/08/11 13:50:52 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/07/09 08:20:33 | 000,000,317 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
    [2009/06/30 20:08:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/06/30 19:51:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
    [2009/06/30 19:39:31 | 000,000,829 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2006/04/26 00:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    ========== LOP Check ==========

    [2010/10/26 06:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/10/20 08:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/10/26 06:39:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/08/20 09:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2010/10/20 08:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/08/20 09:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2010/07/26 08:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
    [2010/08/20 08:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2010/12/13 09:20:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2010/08/20 09:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/10/26 06:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\AVG10
    [2010/12/14 08:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Dropbox
    [2009/08/04 08:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\EasyChat
    [2009/08/12 14:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\ErrorExpert
    [2010/08/20 09:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Nokia
    [2010/08/20 09:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Nokia Ovi Suite
    [2009/06/30 14:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\OpenOffice.org
    [2010/08/20 09:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\PC Suite
    [2010/12/14 08:06:19 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
    [2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2009/08/11 07:19:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2009/08/11 07:19:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
    [2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2009/08/11 07:19:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2009/08/11 07:19:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/04 07:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/04 07:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 07:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008/04/14 00:11:54 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll

    < %systemroot%\System32\config\*.sav >
    [2006/04/25 17:17:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/04/25 17:17:52 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/04/25 17:17:50 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < End of report >
     
  9. crunchie

    crunchie Malware Helper Posts: 728

    Actually you posted the TDSSKiller log 3 times :).

    ====

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      
      :OTL
      SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\MSINFO\asp.net -- (asp.net)
      O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
      O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O4 - HKCU..\Run: [] File not found
      :Commands
      [purity]
      [emptyflash]
      [emptytemp]
      [resethosts]
      [Reboot]
    • Then click the Run Fix button at the top.
    • Let the program run unhindered, reboot the PC when it is done.
    • Post log from this run.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    ==========

    How is the PC now?
     
  10. ninjafox

    ninjafox TS Rookie Topic Starter

    Apologies! Not sure how I did that.

    Let me knwow if you need me to repost any of those logs.
    Seems the issue may be solved. I will continue to Google and test it during the day and update.

    Thanks!

    Log from 1st OTL Run.

    All processes killed
    ========== OTL ==========
    Service asp.net stopped successfully!
    Service asp.net deleted successfully!
    File C:\Program Files\Common Files\Microsoft Shared\MSINFO\asp.net not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0347C33E-8762-4905-BF09-768834316C61}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    ========== COMMANDS ==========

    [EMPTYFLASH]

    User: Administrator

    User: Administrator.DITSU
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: claire.healey
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: mark_breen
    ->Flash cache emptied: 1631 bytes

    User: NetworkService

    User: sabbatical
    ->Flash cache emptied: 0 bytes

    User: sean.campbell
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrator.DITSU
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: claire.healey
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: mark_breen
    ->Temp folder emptied: 6375775 bytes
    ->Temporary Internet Files folder emptied: 275670 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 96596336 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: sabbatical
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: sean.campbell
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 21997035 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 155848280 bytes

    Total Files Cleaned = 268.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.17.3 log created on 12162010_075320

    Files\Folders moved on Reboot...
    C:\Documents and Settings\mark_breen\Local Settings\Temp\All Staff Meeting Minutes 26Nov10.doc moved successfully.
    File\Folder C:\Documents and Settings\mark_breen\Local Settings\Temp\Perflib_Perfdata_d70.dat not found!
    C:\Documents and Settings\mark_breen\Local Settings\Temp\Services and Trading SC Agenda - 14Dec10.doc moved successfully.
    C:\Documents and Settings\mark_breen\Local Settings\Temp\Z@RFB.tmp moved successfully.
    File\Folder C:\Documents and Settings\mark_breen\Local Settings\Temp\~DF9754.tmp not found!
    File\Folder C:\Documents and Settings\mark_breen\Local Settings\Temp\~DFA76F.tmp not found!
    C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.Word\~WRF{D16A9DA8-906F-4D5F-B616-3874444A9C17}.tmp moved successfully.
    C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.Word\~WRS{3C7989F2-F630-449B-BBB0-3ACE7EDB447F}.tmp moved successfully.
    C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.Word\~WRS{96D6F5CC-DEF5-42CD-9426-13F254544E10}.tmp moved successfully.
    C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.Word\~WRS{C532299A-0D38-440A-B4E6-6D16E39A6BC4}.tmp moved successfully.
    C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.Word\~WRS{CC96AF1C-8749-4EF9-A718-A820FF4FD812}.tmp moved successfully.
    C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.Word\~WRS{CCFBAB1D-64B9-4DFC-831F-7EA1371E64C6}.tmp moved successfully.
    C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.Word\~WRS{EF597C64-6B28-4CF4-A39A-C5452129D620}.tmp moved successfully.
    C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.IE5\FPUL4SPA\master[1].xml moved successfully.
    C:\Documents and Settings\mark_breen\Local Settings\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\mark_breen\Local Settings\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\mark_breen\Local Settings\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\mark_breen\Local Settings\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\mark_breen\Local Settings\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\urlclassifier3.sqlite moved successfully.
    C:\Documents and Settings\mark_breen\Local Settings\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\XUL.mfl moved successfully.
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_aa8.dat not found!

    Registry entries deleted on Reboot...

    Quick Scan Log

    OTL logfile created on: 16/12/2010 07:59:32 - Run 2
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\mark_breen\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 298.09 Gb Total Space | 270.55 Gb Free Space | 90.76% Space Free | Partition Type: NTFS
    Drive Z: | 98.08 Gb Total Space | 47.90 Gb Free Space | 48.84% Space Free | Partition Type: NTFS

    Computer Name: EM-BST | User Name: mark_breen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/16 07:59:05 | 007,462,912 | ---- | M] () -- C:\Documents and Settings\mark_breen\Local Settings\Temp\FWUpgrader.exe
    PRC - [2010/12/16 07:59:01 | 011,750,797 | ---- | M] () -- C:\Documents and Settings\mark_breen\Local Settings\Temp\ML2580_V1.01.00.83.exe
    PRC - [2010/12/14 09:46:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
    PRC - [2010/12/03 19:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/12/03 19:35:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/12/03 09:05:32 | 001,389,400 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2010/12/03 09:05:32 | 000,930,032 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2010/11/22 12:41:30 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
    PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2010/10/27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2010/10/27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
    PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2010/10/22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2010/10/22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/06/09 00:47:48 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    PRC - [2010/02/26 05:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\mark_breen\Application Data\Dropbox\bin\Dropbox.exe
    PRC - [2009/08/14 08:01:14 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    PRC - [2009/06/23 15:15:40 | 000,573,440 | ---- | M] (Samsung Printer) -- C:\Program Files\SamsungPrinterLiveUpdate\SP_Connector.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
    PRC - [2007/11/08 15:57:24 | 002,139,496 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\DIAS\CnxDIAS.exe
    PRC - [2007/01/01 21:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
    PRC - [2005/06/20 21:22:00 | 000,630,784 | ---- | M] (ScriptLogic Corporation) -- C:\WINDOWS\system32\slAgent.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/14 09:46:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
    MOD - [2010/11/22 12:42:06 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
    MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/12/03 09:05:32 | 001,389,400 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2007/11/08 15:57:24 | 002,139,496 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Program Files\Canon\DIAS\CnxDIAS.exe -- (Canon Driver Information Assist Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
    DRV - [2010/12/03 09:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2010/12/03 09:05:33 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
    DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2009/02/20 23:04:38 | 000,195,456 | R--- | M] (Symantec Corp.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
    DRV - [2009/02/11 11:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/10/30 08:00:36 | 005,851,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2007/08/07 16:40:38 | 000,098,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2004/08/04 00:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
    DRV - [2004/08/04 00:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
    DRV - [2004/08/04 00:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
    DRV - [2004/08/04 00:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
    DRV - [2004/08/04 00:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
    DRV - [2004/08/04 00:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
    DRV - [2004/08/04 00:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
    DRV - [2004/08/04 00:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
    DRV - [2004/08/04 00:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
    DRV - [2004/08/04 00:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
    DRV - [2004/08/04 00:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
    DRV - [2004/08/04 00:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
    DRV - [2004/08/04 00:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
    DRV - [2004/08/04 00:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
    DRV - [2004/08/04 00:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
    DRV - [2002/05/09 00:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2002/04/04 05:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
    DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 14:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
    DRV - [2001/08/17 13:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=all&pf=cmdt
    IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://partnerpage.google.com/ditsu.ie"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
    FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
    FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
    FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
    FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
    FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.9
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {05f6a7ea-896b-11da-8bde-f66bad1e3fff}:3.5.20090705
    FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
    FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.0.2.1
    FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
    FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
    FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
    FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

    FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/20 09:23:29 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/24 08:36:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/22 12:42:07 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 09:03:42 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/14 09:43:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/08/20 09:23:31 | 000,000,000 | ---D | M]

    [2009/06/30 12:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Extensions
    [2010/12/15 14:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions
    [2010/07/27 08:02:06 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
    [2010/12/14 08:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    [2009/07/29 08:26:02 | 000,000,000 | ---D | M] (Locator) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3fff}
    [2010/04/30 08:05:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/07/26 08:15:09 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
    [2010/12/13 07:45:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/10/12 15:12:21 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
    [2010/11/18 09:20:00 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
    [2010/11/16 09:13:52 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
    [2010/12/13 07:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\en-GB@dictionaries.addons.mozilla.org
    [2010/01/11 09:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\lazarus@interclue.com
    [2009/06/30 13:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\morningCoffee@shaneliesegang
    [2010/06/22 06:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\piclens@cooliris.com
    [2009/06/30 14:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\quickdrag@mozilla.ktechcomputing.com
    [2010/12/15 14:56:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/15 08:04:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/12/15 08:04:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/12/16 07:53:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
    O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
    O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
    O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\mark_breen\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\mark_breen\Application Data\Dropbox\bin\Dropbox.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ditsu.local
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{58726723-b3e5-11de-bb52-0024212f431f}\Shell - "" = AutoRun
    O33 - MountPoints2\{58726723-b3e5-11de-bb52-0024212f431f}\Shell\Auto\command - "" = E:\asp.net -- File not found
    O33 - MountPoints2\{58726723-b3e5-11de-bb52-0024212f431f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6692fd3d-b32f-11de-bb51-0011957d355a}\Shell - "" = AutoRun
    O33 - MountPoints2\{6692fd3d-b32f-11de-bb51-0011957d355a}\Shell\Auto\command - "" = E:\asp.net -- File not found
    O33 - MountPoints2\{6692fd3d-b32f-11de-bb51-0011957d355a}\Shell\AutoRun - "" = Auto&Play
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/16 07:53:20 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/12/14 09:46:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
    [2010/12/14 09:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Desktop\tdsskiller
    [2010/12/14 09:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/12/14 09:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Desktop\JavaRa
    [2010/12/13 11:42:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\mark_breen\Desktop\HijackThis.exe
    [2010/12/13 10:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Application Data\Malwarebytes
    [2010/12/13 10:12:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/13 10:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/12/13 10:12:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/13 10:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/13 09:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\Sunbelt Software
    [2010/12/13 09:20:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2010/11/25 16:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Desktop\Event Elephant FAQs
    [2010/11/25 16:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Application Data\WinRAR
    [2010/11/25 16:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2010/11/23 10:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/11/23 10:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/11/23 10:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
    [2010/11/22 12:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\Real
    [2010/11/22 12:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2010/11/22 12:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\real
    [2009/06/30 12:26:27 | 007,371,960 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.11.exe
    [2 C:\Documents and Settings\mark_breen\Desktop\*.tmp files -> C:\Documents and Settings\mark_breen\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/12/16 08:01:57 | 101,889,147 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2010/12/16 07:58:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/12/16 07:55:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/16 07:55:51 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1417001333-839522115-1138.job
    [2010/12/16 07:55:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/16 07:55:25 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/16 07:54:32 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
    [2010/12/16 07:53:32 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1417001333-839522115-1138.job
    [2010/12/16 07:53:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2010/12/16 07:47:14 | 000,111,578 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DITStudentCharter 2004(2).pdf
    [2010/12/15 15:59:51 | 000,011,634 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Invoice - Steven Cassells - Dec 2010.docx
    [2010/12/15 15:14:30 | 000,088,259 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Services and Trading SC Minutes - 16Nov10.pdf
    [2010/12/15 11:07:57 | 000,111,578 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DITStudentCharter 2004.pdf
    [2010/12/15 03:25:08 | 000,285,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/12/15 03:08:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/12/14 20:01:48 | 000,824,832 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DITSU Events & Marketing Dep’t.ppt
    [2010/12/14 10:07:43 | 000,638,677 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DIT - Contractors Form - Bacstroke - Dec 10.pdf
    [2010/12/14 09:46:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
    [2010/12/14 09:44:53 | 001,230,779 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\tdsskiller.zip
    [2010/12/14 09:38:04 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\JavaRa.zip
    [2010/12/14 09:04:45 | 000,231,581 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\AdoptionPack.jpg
    [2010/12/13 11:43:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\mark_breen\Desktop\HijackThis.exe
    [2010/12/13 09:49:16 | 000,037,358 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\LPIT Funding Review - Draft 1.docx
    [2010/12/13 09:33:49 | 000,000,199 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
    [2010/12/13 09:29:42 | 000,894,464 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\All Staff Meeting Minutes 26Nov10.doc
    [2010/12/13 09:23:22 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/12/13 09:03:43 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\mark_breen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/10 16:12:57 | 000,638,677 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\IMG.pdf
    [2010/12/10 12:04:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/12/10 10:19:04 | 000,112,091 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Groupon-EF7E012238.pdf
    [2010/12/08 17:00:38 | 000,018,371 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Nov 10.docx
    [2010/12/08 12:22:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/12/08 11:35:58 | 000,823,808 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\ICPSMMaterials.ppt
    [2010/12/08 10:12:05 | 000,109,397 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\attack page.JPG
    [2010/12/08 09:00:49 | 000,489,437 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma in Management Feb 201.pdf
    [2010/12/08 09:00:25 | 000,053,488 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma Booking Form.pdf
    [2010/12/06 11:14:15 | 000,019,346 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship(2)
    [2010/12/06 11:14:02 | 000,019,346 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship
    [2010/12/03 09:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/24 08:28:38 | 000,026,554 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - RAG Ball & BNO - Venue Options - Nov 10.xlsx
    [2010/11/23 19:24:24 | 000,016,363 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - EBTTRT - Nov 10.xlsx
    [2010/11/23 16:51:00 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\EBTTRT - Invoice - Australian Pearl Jam - Nov 10.doc
    [2010/11/22 16:04:34 | 000,057,732 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 21st November.pdf
    [2010/11/22 12:41:33 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
    [2010/11/18 17:10:36 | 000,049,736 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0890.pdf
    [2010/11/18 17:10:02 | 000,049,720 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0891.pdf
    [2010/11/18 17:10:01 | 000,049,751 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0889.pdf
    [2010/11/18 09:39:19 | 000,010,517 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Welfare - Daytime act availabilites - Nov 10.xlsx
    [2010/11/17 12:36:06 | 000,014,331 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Ltr to Solr Nov10 - Mark version.docx
    [2010/11/17 12:15:09 | 000,057,337 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 14th November.pdf
    [2010/11/17 12:06:49 | 000,019,330 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Oct Nov 10.docx
    [2010/11/16 14:43:58 | 000,420,340 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\OFA-CFR Instructors (Heartbeat Safety).pdf
    [2 C:\Documents and Settings\mark_breen\Desktop\*.tmp files -> C:\Documents and Settings\mark_breen\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/12/16 07:47:13 | 000,111,578 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DITStudentCharter 2004(2).pdf
    [2010/12/15 15:14:29 | 000,088,259 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Services and Trading SC Minutes - 16Nov10.pdf
    [2010/12/15 11:07:56 | 000,111,578 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DITStudentCharter 2004.pdf
    [2010/12/14 13:00:59 | 000,824,832 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DITSU Events & Marketing Dep’t.ppt
    [2010/12/14 10:07:42 | 000,638,677 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DIT - Contractors Form - Bacstroke - Dec 10.pdf
    [2010/12/14 09:44:50 | 001,230,779 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\tdsskiller.zip
    [2010/12/14 09:38:04 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\JavaRa.zip
    [2010/12/14 09:04:44 | 000,231,581 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\AdoptionPack.jpg
    [2010/12/13 09:29:40 | 000,894,464 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\All Staff Meeting Minutes 26Nov10.doc
    [2010/12/13 08:38:21 | 000,037,358 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\LPIT Funding Review - Draft 1.docx
    [2010/12/10 16:12:45 | 000,638,677 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\IMG.pdf
    [2010/12/10 10:19:03 | 000,112,091 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Groupon-EF7E012238.pdf
    [2010/12/08 16:58:53 | 000,018,371 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Nov 10.docx
    [2010/12/08 11:35:57 | 000,823,808 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\ICPSMMaterials.ppt
    [2010/12/08 10:12:05 | 000,109,397 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\attack page.JPG
    [2010/12/08 09:00:48 | 000,489,437 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma in Management Feb 201.pdf
    [2010/12/08 09:00:25 | 000,053,488 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma Booking Form.pdf
    [2010/12/06 11:14:14 | 000,019,346 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship(2)
    [2010/12/06 11:14:02 | 000,019,346 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship
    [2010/11/24 08:04:18 | 000,026,554 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - RAG Ball & BNO - Venue Options - Nov 10.xlsx
    [2010/11/23 19:24:24 | 000,016,363 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - EBTTRT - Nov 10.xlsx
    [2010/11/23 16:49:06 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\EBTTRT - Invoice - Australian Pearl Jam - Nov 10.doc
    [2010/11/22 16:04:32 | 000,057,732 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 21st November.pdf
    [2010/11/22 12:43:43 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1417001333-839522115-1138.job
    [2010/11/22 12:43:42 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1417001333-839522115-1138.job
    [2010/11/18 17:10:35 | 000,049,736 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0890.pdf
    [2010/11/18 17:10:01 | 000,049,720 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0891.pdf
    [2010/11/18 17:09:59 | 000,049,751 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0889.pdf
    [2010/11/18 09:39:19 | 000,010,517 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Welfare - Daytime act availabilites - Nov 10.xlsx
    [2010/11/17 12:36:06 | 000,014,331 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Ltr to Solr Nov10 - Mark version.docx
    [2010/11/17 12:15:08 | 000,057,337 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 14th November.pdf
    [2010/11/17 08:43:22 | 000,019,330 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Oct Nov 10.docx
    [2010/11/16 14:43:57 | 000,420,340 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\OFA-CFR Instructors (Heartbeat Safety).pdf
    [2010/11/01 14:04:34 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp5ml3.dll
    [2010/01/22 10:01:42 | 000,000,199 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
    [2009/11/30 10:34:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\prvlcl.dat
    [2009/10/29 11:13:22 | 000,017,424 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/09/24 07:56:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BO2700CN.INI
    [2009/08/27 08:29:41 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2009/08/27 08:29:41 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2009/08/11 13:50:52 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/07/09 08:20:33 | 000,000,317 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
    [2009/06/30 20:08:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2009/06/30 19:51:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
    [2009/06/30 19:39:31 | 000,000,829 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2006/04/26 00:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    ========== LOP Check ==========

    [2010/10/26 06:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/10/20 08:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/10/26 06:39:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/08/20 09:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2010/10/20 08:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/08/20 09:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2010/07/26 08:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
    [2010/08/20 08:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2010/12/13 09:20:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    [2010/08/20 09:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/10/26 06:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\AVG10
    [2010/12/16 07:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Dropbox
    [2009/08/04 08:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\EasyChat
    [2009/08/12 14:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\ErrorExpert
    [2010/08/20 09:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Nokia
    [2010/08/20 09:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Nokia Ovi Suite
    [2009/06/30 14:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\OpenOffice.org
    [2010/08/20 09:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\PC Suite
    [2010/12/16 07:58:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

    ========== Purity Check ==========



    < End of report >
     
  11. crunchie

    crunchie Malware Helper Posts: 728

    Looks OK. Just let me know after you have used it as per normal :).
     
  12. ninjafox

    ninjafox TS Rookie Topic Starter

    Just wanted to confirm that all seems to be operating as it should now!

    MANY THANKS for helping me out. It was a right pain!
     
  13. crunchie

    crunchie Malware Helper Posts: 728

    Excellent :).

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC by OldTimer:
    Save it to your Desktop.
    Double click OTC.exe.
    Click the CleanUp! button.
    If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...