Inactive Google search results redirected to 'attack site'

[ninjafox]

Hi all,

Hoping for some help. I'm not the most proficient at the technical aspects of computer stuff so bear with me!

I'm having an issue which seems to have cropped up here a good few times before.

I've gone through the 8 step removal process and have attached the logs.

I've also attached the screengrab of the page I get redirected to from the Google search results.

Hoping someone can advise?

 

[crunchie]

Hi and welcome to TechSpot forums .

====

All logs must be pasted please.

https://www.techspot.com/vb/topic154928.html

 

[ninjafox]

Apologies.

I picked things up wrong there.

Logs below and thanks!

Mbam Log

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5304

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

13/12/2010 10:22:15
mbam-log-2010-12-13 (10-22-15).txt

Scan type: Quick scan
Objects scanned: 189721
Time elapsed: 8 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\mark_breen\application data\cleanmgr.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Gmer Log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-13 11:31:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD3200AAJS-60M0A0 rev.02.03E02
Running: 0ngezfn2.exe; Driver: C:\DOCUME~1\MARK_B~1\LOCALS~1\Temp\kgtdapog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwClose [0xA8836F86]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwCreateKey [0xA8836886]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwDeleteKey [0xA8837048]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwDeleteValueKey [0xA8837298]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwDuplicateObject [0xA8837E98]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwEnumerateKey [0xA88376B6]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwEnumerateValueKey [0xA8837A72]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwFlushKey [0xA8837020]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwLoadKey [0xA8837D2A]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwOpenKey [0xA88364E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA839D6C0]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwQueryKey [0xA88377C4]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwQueryValueKey [0xA8837BB4]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwRenameKey [0xA8837F30]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwSetValueKey [0xA88374EE]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA839D770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA839D810]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Symantec Corp.) ZwUnloadKey [0xA8837DAA]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA839D8B0]

---- Kernel code sections - GMER 1.0.15 ----

? reuosnp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\program files\real\realplayer\update\realsched.exe[2152] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\BTHUSB \Device\00000075 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000075 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000077 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000077 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011957d355a
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011957d355a (not active ControlSet)

---- EOF - GMER 1.0.15 ----

DDS Log


DDS (Ver_10-12-12.02) - NTFSx86
Run by mark_breen at 11:37:47.50 on 13/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.738 [GMT 0:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Documents and Settings\mark_breen\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\mark_breen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=all&pf=cmdt
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {0347C33E-8762-4905-BF09-768834316C61} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\mark_b~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\mark_breen\application data\dropbox\bin\Dropbox.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 212.117.178.25 www.google.com
Hosts: 212.117.163.43 search.yahoo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mark_b~1\applic~1\mozilla\firefox\profiles\sl18u4ij.default\
FF - prefs.js: browser.startup.homepage - hxxp://partnerpage.google.com/ditsu.ie
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\mark_breen\application data\mozilla\firefox\profiles\sl18u4ij.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\mark_breen\application data\mozilla\firefox\profiles\sl18u4ij.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\mark_breen\application data\mozilla\plugins\npcoolirisplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Morning Coffee: morningCoffee@shaneliesegang - %profile%\extensions\morningCoffee@shaneliesegang
FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Locator: {05f6a7ea-896b-11da-8bde-f66bad1e3fff} - %profile%\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3fff}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: QuickDrag: quickdrag@mozilla.ktechcomputing.com - %profile%\extensions\quickdrag@mozilla.ktechcomputing.com
FF - Ext: InFormEnter: {5546F97E-11A5-46b0-9082-32AD74AAA920} - %profile%\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-14 64288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2009-2-20 195456]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-6-30 576024]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]

=============== Created Last 30 ================

2010-12-13 10:12:16 -------- d-----w- c:\docume~1\mark_b~1\applic~1\Malwarebytes
2010-12-13 10:12:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-13 10:12:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-13 10:12:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-13 10:12:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-13 09:21:51 -------- d-----w- c:\docume~1\mark_b~1\locals~1\applic~1\Sunbelt Software
2010-12-13 09:20:36 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-11-23 10:49:37 -------- d-----w- c:\program files\iPod
2010-11-23 10:49:31 -------- d-----w- c:\program files\iTunes
2010-11-22 12:43:46 -------- d-----w- c:\docume~1\mark_b~1\locals~1\applic~1\Real
2010-11-22 12:42:38 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2010-11-22 12:42:15 -------- d-----w- c:\program files\common files\xing shared
2010-11-22 12:41:52 151776 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2010-11-22 12:41:38 100352 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll

==================== Find3M ====================

2010-11-22 12:41:29 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-22 12:41:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-28 15:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2009-06-30 12:26:33 7371960 ----a-w- c:\program files\Firefox Setup 3.0.11.exe

============= FINISH: 11:38:20.59 ===============

DDS Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 30/06/2009 13:12:09
System Uptime: 13/12/2010 10:23:39 (1 hours ago)

Motherboard: MSI | | 2A78h
Processor: Intel Pentium III Xeon processor | Socket 775 | 2494/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 270.938 GiB free.
D: is CDROM ()
Z: is NetworkDisk (NTFS) - 98 GiB total, 47.906 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1E5E1293&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1E5E1293&0
Service: i8042prt

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia E71
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia E71
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia E51
Device ID: ROOT\WPD\0002
Manufacturer: Nokia
Name: Nokia E51
PNP Device ID: ROOT\WPD\0002
Service: WUDFRd

==== System Restore Points ===================

RP298: 14/09/2010 22:56:04 - System Checkpoint
RP299: 15/09/2010 23:56:04 - System Checkpoint
RP300: 16/09/2010 03:00:23 - Software Distribution Service 3.0
RP301: 17/09/2010 03:03:04 - System Checkpoint
RP302: 18/09/2010 04:03:02 - System Checkpoint
RP303: 19/09/2010 05:03:05 - System Checkpoint
RP304: 20/09/2010 06:03:01 - System Checkpoint
RP305: 21/09/2010 07:03:03 - System Checkpoint
RP306: 22/09/2010 08:03:02 - System Checkpoint
RP307: 23/09/2010 09:42:54 - System Checkpoint
RP308: 24/09/2010 08:02:00 - Avg Update
RP309: 24/09/2010 08:03:08 - Avg Update
RP310: 27/09/2010 07:39:27 - Avg Update
RP311: 28/09/2010 08:30:30 - System Checkpoint
RP312: 06/10/2010 16:42:49 - Avg Update
RP313: 06/10/2010 18:07:22 - Software Distribution Service 3.0
RP314: 12/10/2010 08:50:41 - System Checkpoint
RP315: 13/10/2010 08:53:08 - System Checkpoint
RP316: 14/10/2010 09:14:18 - System Checkpoint
RP317: 15/10/2010 03:00:25 - Software Distribution Service 3.0
RP318: 16/10/2010 03:33:49 - System Checkpoint
RP319: 17/10/2010 03:38:19 - System Checkpoint
RP320: 18/10/2010 04:38:19 - System Checkpoint
RP321: 19/10/2010 05:38:19 - System Checkpoint
RP322: 20/10/2010 06:38:21 - System Checkpoint
RP323: 20/10/2010 09:53:14 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP324: 20/10/2010 09:53:29 - Installed AVG 2011
RP325: 20/10/2010 09:55:16 - Removed AVG Free 9.0
RP326: 21/10/2010 10:05:35 - System Checkpoint
RP327: 26/10/2010 07:37:20 - Installed AVG 2011
RP328: 27/10/2010 09:21:45 - System Checkpoint
RP329: 28/10/2010 15:08:38 - System Checkpoint
RP330: 29/10/2010 16:10:54 - System Checkpoint
RP331: 01/11/2010 12:21:55 - System Checkpoint
RP332: 02/11/2010 17:30:48 - System Checkpoint
RP333: 03/11/2010 23:45:51 - System Checkpoint
RP334: 08/11/2010 10:45:51 - System Checkpoint
RP335: 11/11/2010 18:17:38 - System Checkpoint
RP336: 12/11/2010 03:00:34 - Software Distribution Service 3.0
RP337: 16/11/2010 09:55:13 - System Checkpoint
RP338: 18/11/2010 12:31:20 - System Checkpoint
RP339: 22/11/2010 14:47:08 - System Checkpoint
RP340: 24/11/2010 14:34:41 - System Checkpoint
RP341: 25/11/2010 17:28:01 - System Checkpoint
RP342: 06/12/2010 14:47:21 - System Checkpoint
RP343: 08/12/2010 17:21:02 - System Checkpoint
RP344: 10/12/2010 04:57:18 - System Checkpoint
RP345: 13/12/2010 11:23:49 - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
Bonjour
Dropbox
File Shredder 2.0
Google Talk (remove only)
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Maintenance Samsung ML-2580 Series
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 6-9 Converter
Mozilla Firefox (3.6.13)
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
OGA Notifier 2.0.0048.0
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PDF Complete
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Software Virtualization Agent
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinRAR 4.00 beta 1 (32-bit)

==== Event Viewer Messages From Past Week ========

13/12/2010 10:31:24, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
13/12/2010 09:54:58, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
13/12/2010 09:54:58, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
13/12/2010 09:54:56, error: Service Control Manager [7034] - The PDF Document Manager service terminated unexpectedly. It has done this 1 time(s).
13/12/2010 09:54:56, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
13/12/2010 09:54:56, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
13/12/2010 09:54:56, error: Service Control Manager [7031] - The Canon Driver Information Assist Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 500 milliseconds: Restart the service.
13/12/2010 09:54:56, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/12/2010 08:42:15, error: BTHUSB [17] - The local Bluetooth radio has failed in an undetermined manner and will be unloaded.
06/12/2010 07:44:33, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
06/12/2010 07:44:33, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:43:31, on 13/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Documents and Settings\mark_breen\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\mark_breen\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=all&pf=cmdt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 212.117.178.25 www.google.com
O1 - Hosts: 212.117.163.43 search.yahoo.com
O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\mark_breen\Application Data\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=all&pf=cmdt
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ditsu.local
O17 - HKLM\Software\..\Telephony: DomainName = ditsu.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ditsu.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ditsu.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: asp.net - Unknown owner - C:\Program.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Driver Information Assist Service - CANON INC. - C:\Program Files\Canon\DIAS\CnxDIAS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9189 bytes

 

[crunchie]

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

====


Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

==========

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[ninjafox]

Ok. Logs below.

TDS Killer Log

2010/12/14 09:46:01.0656 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/14 09:46:01.0656 ================================================================================
2010/12/14 09:46:01.0656 SystemInfo:
2010/12/14 09:46:01.0656
2010/12/14 09:46:01.0656 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/14 09:46:01.0656 Product type: Workstation
2010/12/14 09:46:01.0656 ComputerName: EM-BST
2010/12/14 09:46:01.0656 UserName: mark_breen
2010/12/14 09:46:01.0656 Windows directory: C:\WINDOWS
2010/12/14 09:46:01.0656 System windows directory: C:\WINDOWS
2010/12/14 09:46:01.0656 Processor architecture: Intel x86
2010/12/14 09:46:01.0656 Number of processors: 2
2010/12/14 09:46:01.0656 Page size: 0x1000
2010/12/14 09:46:01.0656 Boot type: Normal boot
2010/12/14 09:46:01.0656 ================================================================================
2010/12/14 09:46:01.0859 Initialize success
2010/12/14 09:46:04.0781 ================================================================================
2010/12/14 09:46:04.0781 Scan started
2010/12/14 09:46:04.0781 Mode: Manual;
2010/12/14 09:46:04.0781 ================================================================================
2010/12/14 09:46:05.0812 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/12/14 09:46:05.0875 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/14 09:46:05.0890 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/14 09:46:05.0937 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/14 09:46:05.0953 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
2010/12/14 09:46:05.0984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/14 09:46:06.0031 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/14 09:46:06.0078 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/14 09:46:06.0093 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/14 09:46:06.0250 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/14 09:46:06.0296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/14 09:46:06.0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/14 09:46:06.0375 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/14 09:46:06.0421 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2010/12/14 09:46:06.0453 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/12/14 09:46:06.0484 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2010/12/14 09:46:06.0531 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2010/12/14 09:46:06.0578 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/12/14 09:46:06.0593 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2010/12/14 09:46:06.0609 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/12/14 09:46:06.0656 Avgtdix (354e0fec3bfdfa9c369e0f67ac362f9f) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2010/12/14 09:46:06.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/14 09:46:07.0062 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/12/14 09:46:07.0093 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/12/14 09:46:07.0156 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/12/14 09:46:07.0187 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/12/14 09:46:07.0218 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/14 09:46:07.0281 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/14 09:46:07.0343 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/14 09:46:07.0390 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/14 09:46:07.0531 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/14 09:46:07.0578 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/14 09:46:07.0609 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/14 09:46:07.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/14 09:46:07.0656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/14 09:46:07.0703 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/14 09:46:07.0734 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/14 09:46:07.0750 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/14 09:46:07.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/14 09:46:07.0812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/14 09:46:07.0859 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/14 09:46:07.0875 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/14 09:46:07.0921 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/14 09:46:07.0953 FSLX (42c202b2f1641f009b40b90eee3830f3) C:\WINDOWS\system32\drivers\fslx.sys
2010/12/14 09:46:07.0984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/14 09:46:08.0031 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/14 09:46:08.0171 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/14 09:46:08.0187 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/14 09:46:08.0218 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/14 09:46:08.0265 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/14 09:46:08.0328 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/14 09:46:08.0328 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/14 09:46:08.0359 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/14 09:46:08.0406 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/14 09:46:08.0437 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/14 09:46:08.0484 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2010/12/14 09:46:08.0515 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2010/12/14 09:46:08.0531 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2010/12/14 09:46:08.0546 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2010/12/14 09:46:08.0562 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2010/12/14 09:46:08.0578 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2010/12/14 09:46:08.0593 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
2010/12/14 09:46:08.0609 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
2010/12/14 09:46:08.0625 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
2010/12/14 09:46:08.0640 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2010/12/14 09:46:08.0656 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2010/12/14 09:46:08.0671 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2010/12/14 09:46:08.0687 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2010/12/14 09:46:08.0687 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
2010/12/14 09:46:08.0703 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
2010/12/14 09:46:08.0843 ialm (c4018896856a1a1f1f3a0a6ee7206551) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/12/14 09:46:08.0906 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/14 09:46:09.0046 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/14 09:46:09.0109 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/14 09:46:09.0156 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/14 09:46:09.0187 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/14 09:46:09.0218 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/14 09:46:09.0250 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/14 09:46:09.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/14 09:46:09.0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/14 09:46:09.0390 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/12/14 09:46:09.0421 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/14 09:46:09.0453 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/14 09:46:09.0500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/14 09:46:09.0531 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/14 09:46:09.0578 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/14 09:46:09.0625 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/14 09:46:09.0765 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/12/14 09:46:09.0781 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/12/14 09:46:09.0859 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/14 09:46:09.0890 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/14 09:46:09.0937 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/14 09:46:09.0984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/14 09:46:10.0000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/14 09:46:10.0031 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/14 09:46:10.0078 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/14 09:46:10.0109 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/14 09:46:10.0140 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/14 09:46:10.0156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/14 09:46:10.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/14 09:46:10.0187 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/14 09:46:10.0203 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/14 09:46:10.0250 NDIS (8716356e49a665bdc7b114725b60a456) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/14 09:46:10.0296 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/14 09:46:10.0343 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/14 09:46:10.0359 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/14 09:46:10.0359 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/14 09:46:10.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/14 09:46:10.0437 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/14 09:46:10.0484 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/12/14 09:46:10.0515 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/12/14 09:46:10.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/14 09:46:10.0593 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/14 09:46:10.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/14 09:46:10.0687 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/14 09:46:10.0718 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/14 09:46:10.0765 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/12/14 09:46:10.0796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/14 09:46:10.0812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/14 09:46:10.0843 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/14 09:46:10.0875 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/12/14 09:46:10.0921 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/14 09:46:10.0953 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/14 09:46:10.0984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/14 09:46:11.0140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/14 09:46:11.0156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/14 09:46:11.0171 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/14 09:46:11.0265 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/14 09:46:11.0328 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/12/14 09:46:11.0343 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/14 09:46:11.0359 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/14 09:46:11.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/14 09:46:11.0406 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/14 09:46:11.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/14 09:46:11.0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/14 09:46:11.0515 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/14 09:46:11.0562 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/14 09:46:11.0609 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/12/14 09:46:11.0687 RTLE8023xp (badabe0940c01619e8510b90fb314929) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/12/14 09:46:11.0718 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/14 09:46:11.0750 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/14 09:46:11.0781 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/14 09:46:11.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/14 09:46:11.0890 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/14 09:46:11.0937 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/14 09:46:11.0968 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/14 09:46:12.0000 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\WINDOWS\system32\DRIVERS\irstusb.sys
2010/12/14 09:46:12.0031 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/14 09:46:12.0046 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/14 09:46:12.0078 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/14 09:46:12.0093 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/14 09:46:12.0125 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
2010/12/14 09:46:12.0140 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/14 09:46:12.0156 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/14 09:46:12.0187 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/14 09:46:12.0250 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/14 09:46:12.0281 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/14 09:46:12.0296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/14 09:46:12.0328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/14 09:46:12.0375 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/14 09:46:12.0421 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/12/14 09:46:12.0484 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/14 09:46:12.0515 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/14 09:46:12.0562 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/14 09:46:12.0609 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/14 09:46:12.0656 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/14 09:46:12.0687 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/14 09:46:12.0734 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/12/14 09:46:12.0796 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/12/14 09:46:12.0859 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/14 09:46:12.0906 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/14 09:46:12.0953 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/14 09:46:12.0968 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/14 09:46:13.0000 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/14 09:46:13.0046 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/14 09:46:13.0093 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/14 09:46:13.0140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/14 09:46:13.0218 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/14 09:46:13.0265 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/14 09:46:13.0312 ================================================================================
2010/12/14 09:46:13.0312 Scan finished
2010/12/14 09:46:13.0312 ================================================================================

Extras.txt Log

2010/12/14 09:46:01.0656 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/14 09:46:01.0656 ================================================================================
2010/12/14 09:46:01.0656 SystemInfo:
2010/12/14 09:46:01.0656
2010/12/14 09:46:01.0656 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/14 09:46:01.0656 Product type: Workstation
2010/12/14 09:46:01.0656 ComputerName: EM-BST
2010/12/14 09:46:01.0656 UserName: mark_breen
2010/12/14 09:46:01.0656 Windows directory: C:\WINDOWS
2010/12/14 09:46:01.0656 System windows directory: C:\WINDOWS
2010/12/14 09:46:01.0656 Processor architecture: Intel x86
2010/12/14 09:46:01.0656 Number of processors: 2
2010/12/14 09:46:01.0656 Page size: 0x1000
2010/12/14 09:46:01.0656 Boot type: Normal boot
2010/12/14 09:46:01.0656 ================================================================================
2010/12/14 09:46:01.0859 Initialize success
2010/12/14 09:46:04.0781 ================================================================================
2010/12/14 09:46:04.0781 Scan started
2010/12/14 09:46:04.0781 Mode: Manual;
2010/12/14 09:46:04.0781 ================================================================================
2010/12/14 09:46:05.0812 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/12/14 09:46:05.0875 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/14 09:46:05.0890 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/14 09:46:05.0937 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/14 09:46:05.0953 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
2010/12/14 09:46:05.0984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/14 09:46:06.0031 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/14 09:46:06.0078 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/14 09:46:06.0093 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/14 09:46:06.0250 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/14 09:46:06.0296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/14 09:46:06.0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/14 09:46:06.0375 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/14 09:46:06.0421 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2010/12/14 09:46:06.0453 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/12/14 09:46:06.0484 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2010/12/14 09:46:06.0531 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2010/12/14 09:46:06.0578 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/12/14 09:46:06.0593 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2010/12/14 09:46:06.0609 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/12/14 09:46:06.0656 Avgtdix (354e0fec3bfdfa9c369e0f67ac362f9f) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2010/12/14 09:46:06.0703 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/14 09:46:07.0062 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/12/14 09:46:07.0093 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/12/14 09:46:07.0156 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/12/14 09:46:07.0187 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/12/14 09:46:07.0218 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/14 09:46:07.0281 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/14 09:46:07.0343 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/14 09:46:07.0390 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/14 09:46:07.0531 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/14 09:46:07.0578 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/14 09:46:07.0609 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/14 09:46:07.0625 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/14 09:46:07.0656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/14 09:46:07.0703 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/14 09:46:07.0734 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/14 09:46:07.0750 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/14 09:46:07.0796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/14 09:46:07.0812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/14 09:46:07.0859 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/14 09:46:07.0875 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/14 09:46:07.0921 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/14 09:46:07.0953 FSLX (42c202b2f1641f009b40b90eee3830f3) C:\WINDOWS\system32\drivers\fslx.sys
2010/12/14 09:46:07.0984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/14 09:46:08.0031 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/14 09:46:08.0171 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/14 09:46:08.0187 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/14 09:46:08.0218 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/14 09:46:08.0265 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/14 09:46:08.0328 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/14 09:46:08.0328 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/14 09:46:08.0359 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/14 09:46:08.0406 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/14 09:46:08.0437 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/14 09:46:08.0484 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2010/12/14 09:46:08.0515 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2010/12/14 09:46:08.0531 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2010/12/14 09:46:08.0546 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2010/12/14 09:46:08.0562 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2010/12/14 09:46:08.0578 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2010/12/14 09:46:08.0593 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
2010/12/14 09:46:08.0609 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
2010/12/14 09:46:08.0625 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
2010/12/14 09:46:08.0640 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2010/12/14 09:46:08.0656 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2010/12/14 09:46:08.0671 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2010/12/14 09:46:08.0687 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2010/12/14 09:46:08.0687 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
2010/12/14 09:46:08.0703 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
2010/12/14 09:46:08.0843 ialm (c4018896856a1a1f1f3a0a6ee7206551) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/12/14 09:46:08.0906 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/14 09:46:09.0046 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/14 09:46:09.0109 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/14 09:46:09.0156 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/14 09:46:09.0187 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/14 09:46:09.0218 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/14 09:46:09.0250 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/14 09:46:09.0281 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/14 09:46:09.0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/14 09:46:09.0390 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/12/14 09:46:09.0421 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/14 09:46:09.0453 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/14 09:46:09.0500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/14 09:46:09.0531 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/14 09:46:09.0578 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/14 09:46:09.0625 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/14 09:46:09.0765 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/12/14 09:46:09.0781 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/12/14 09:46:09.0859 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/14 09:46:09.0890 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/14 09:46:09.0937 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/14 09:46:09.0984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/14 09:46:10.0000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/14 09:46:10.0031 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/14 09:46:10.0078 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/14 09:46:10.0109 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/14 09:46:10.0140 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/14 09:46:10.0156 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/14 09:46:10.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/14 09:46:10.0187 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/14 09:46:10.0203 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/14 09:46:10.0250 NDIS (8716356e49a665bdc7b114725b60a456) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/14 09:46:10.0296 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/14 09:46:10.0343 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/14 09:46:10.0359 NdisWan (5526cfebb619f7f763bd6a2e1b618078) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/14 09:46:10.0359 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/14 09:46:10.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/14 09:46:10.0437 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/14 09:46:10.0484 nmwcd (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
2010/12/14 09:46:10.0515 nmwcdc (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2010/12/14 09:46:10.0546 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/14 09:46:10.0593 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/14 09:46:10.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/14 09:46:10.0687 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/14 09:46:10.0718 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/14 09:46:10.0765 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/12/14 09:46:10.0796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/14 09:46:10.0812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/14 09:46:10.0843 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/14 09:46:10.0875 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/12/14 09:46:10.0921 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/14 09:46:10.0953 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/14 09:46:10.0984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/14 09:46:11.0140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/14 09:46:11.0156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/14 09:46:11.0171 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/14 09:46:11.0265 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/14 09:46:11.0328 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/12/14 09:46:11.0343 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/14 09:46:11.0359 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/14 09:46:11.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/14 09:46:11.0406 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/14 09:46:11.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/14 09:46:11.0484 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/14 09:46:11.0515 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/14 09:46:11.0562 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/14 09:46:11.0609 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/12/14 09:46:11.0687 RTLE8023xp (badabe0940c01619e8510b90fb314929) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/12/14 09:46:11.0718 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/14 09:46:11.0750 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/14 09:46:11.0781 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/14 09:46:11.0828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/14 09:46:11.0890 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/14 09:46:11.0937 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/14 09:46:11.0968 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/14 09:46:12.0000 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\WINDOWS\system32\DRIVERS\irstusb.sys
2010/12/14 09:46:12.0031 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/14 09:46:12.0046 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/14 09:46:12.0078 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/14 09:46:12.0093 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/14 09:46:12.0125 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys
2010/12/14 09:46:12.0140 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/14 09:46:12.0156 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/14 09:46:12.0187 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/14 09:46:12.0250 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/14 09:46:12.0281 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/14 09:46:12.0296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/14 09:46:12.0328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/14 09:46:12.0375 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/14 09:46:12.0421 upperdev (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
2010/12/14 09:46:12.0484 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/14 09:46:12.0515 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/14 09:46:12.0562 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/14 09:46:12.0609 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/14 09:46:12.0656 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/14 09:46:12.0687 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/14 09:46:12.0734 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2010/12/14 09:46:12.0796 UsbserFilt (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
2010/12/14 09:46:12.0859 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/14 09:46:12.0906 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/14 09:46:12.0953 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/14 09:46:12.0968 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/14 09:46:13.0000 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/14 09:46:13.0046 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/14 09:46:13.0093 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/12/14 09:46:13.0140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/14 09:46:13.0218 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/14 09:46:13.0265 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/14 09:46:13.0312 ================================================================================
2010/12/14 09:46:13.0312 Scan finished
2010/12/14 09:46:13.0312 ================================================================================

 

[ninjafox]

Hi, I did as instructed and posted two posts a few hours back with the logs and both were marked needing to be approved by a Mod. That normal?

 

[crunchie]

Yes, that is normal .

You did not post the JavaRa log or the two OTL logs.

 

[ninjafox]

Apologies.

Follwing your instructions re JavaRa, it did not create any log. It simply installed the software. Please advise.

I posted the Extras.txt OTL log in the post above. The OTLtxt OTL log would not fit and I posted it yesterday as a separate post, with the site telling me it would need to be approved by a Mod. I've attached below again.

Thanks

OTL.txt.

OTL logfile created on: 14/12/2010 09:48:29 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\mark_breen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 270.75 Gb Free Space | 90.83% Space Free | Partition Type: NTFS
Drive Z: | 98.08 Gb Total Space | 47.91 Gb Free Space | 48.84% Space Free | Partition Type: NTFS

Computer Name: EM-BST | User Name: mark_breen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/14 09:46:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
PRC - [2010/12/03 19:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/03 19:35:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/03 09:05:32 | 001,389,400 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/12/03 09:05:32 | 000,930,032 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/22 12:41:30 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/10/22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/09 00:47:48 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/02/26 05:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\mark_breen\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/08/14 08:01:14 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/11/08 15:57:24 | 002,139,496 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\DIAS\CnxDIAS.exe
PRC - [2007/01/01 21:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2005/06/20 21:22:00 | 000,630,784 | ---- | M] (ScriptLogic Corporation) -- C:\WINDOWS\system32\slAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/12/14 09:46:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
MOD - [2010/11/22 12:42:06 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\MSINFO\asp.net -- (asp.net)
SRV - [2010/12/03 09:05:32 | 001,389,400 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/11/08 15:57:24 | 002,139,496 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Program Files\Canon\DIAS\CnxDIAS.exe -- (Canon Driver Information Assist Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2010/12/03 09:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/12/03 09:05:33 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/02/20 23:04:38 | 000,195,456 | R--- | M] (Symantec Corp.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2009/02/11 11:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/30 08:00:36 | 005,851,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/08/07 16:40:38 | 000,098,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2004/08/04 00:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/04 00:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/04 00:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/04 00:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/04 00:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/04 00:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 00:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/05/09 00:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2002/04/04 05:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 13:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=all&pf=cmdt
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://partnerpage.google.com/ditsu.ie"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {05f6a7ea-896b-11da-8bde-f66bad1e3fff}:3.5.20090705
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.0.2.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/20 09:23:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/24 08:36:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/22 12:42:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 09:03:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/14 09:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/08/20 09:23:31 | 000,000,000 | ---D | M]

[2009/06/30 12:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Extensions
[2010/12/14 09:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions
[2010/07/27 08:02:06 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/12/14 08:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/07/29 08:26:02 | 000,000,000 | ---D | M] (Locator) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3fff}
[2010/04/30 08:05:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/26 08:15:09 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2010/12/13 07:45:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/12 15:12:21 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/11/18 09:20:00 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/11/16 09:13:52 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/12/13 07:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/01/11 09:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\lazarus@interclue.com
[2009/06/30 13:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\morningCoffee@shaneliesegang
[2010/06/22 06:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\piclens@cooliris.com
[2009/06/30 14:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2010/12/14 09:47:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/14 09:43:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/14 09:43:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/15 23:55:56 | 000,000,064 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 212.117.178.25 www.google.com
O1 - Hosts: 212.117.163.43 search.yahoo.com
O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\mark_breen\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\mark_breen\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ditsu.local
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{58726723-b3e5-11de-bb52-0024212f431f}\Shell - "" = AutoRun
O33 - MountPoints2\{58726723-b3e5-11de-bb52-0024212f431f}\Shell\Auto\command - "" = E:\asp.net -- File not found
O33 - MountPoints2\{58726723-b3e5-11de-bb52-0024212f431f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6692fd3d-b32f-11de-bb51-0011957d355a}\Shell - "" = AutoRun
O33 - MountPoints2\{6692fd3d-b32f-11de-bb51-0011957d355a}\Shell\Auto\command - "" = E:\asp.net -- File not found
O33 - MountPoints2\{6692fd3d-b32f-11de-bb51-0011957d355a}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/14 09:46:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
[2010/12/14 09:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Desktop\tdsskiller
[2010/12/14 09:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/14 09:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Desktop\JavaRa
[2010/12/13 11:42:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\mark_breen\Desktop\HijackThis.exe
[2010/12/13 10:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Application Data\Malwarebytes
[2010/12/13 10:12:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/13 10:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/13 10:12:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/13 10:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/13 09:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\Sunbelt Software
[2010/12/13 09:20:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/11/25 16:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Desktop\Event Elephant FAQs
[2010/11/25 16:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Application Data\WinRAR
[2010/11/25 16:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/11/23 10:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/23 10:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/23 10:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/11/22 12:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\Real
[2010/11/22 12:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/11/22 12:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2009/06/30 12:26:27 | 007,371,960 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.11.exe
[2 C:\Documents and Settings\mark_breen\Desktop\*.tmp files -> C:\Documents and Settings\mark_breen\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/14 09:47:28 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1417001333-839522115-1138.job
[2010/12/14 09:47:28 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1417001333-839522115-1138.job
[2010/12/14 09:46:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
[2010/12/14 09:44:53 | 001,230,779 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\tdsskiller.zip
[2010/12/14 09:38:04 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\JavaRa.zip
[2010/12/14 09:04:45 | 000,231,581 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\AdoptionPack.jpg
[2010/12/14 08:18:35 | 101,753,145 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/12/14 08:06:19 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/14 08:05:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/14 08:04:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/14 08:04:25 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/14 08:03:24 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/12/13 11:43:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\mark_breen\Desktop\HijackThis.exe
[2010/12/13 09:49:16 | 000,037,358 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\LPIT Funding Review - Draft 1.docx
[2010/12/13 09:33:49 | 000,000,199 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/12/13 09:29:42 | 000,894,464 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\All Staff Meeting Minutes 26Nov10.doc
[2010/12/13 09:23:22 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/13 09:03:43 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\mark_breen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/10 16:12:57 | 000,638,677 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\IMG.pdf
[2010/12/10 12:04:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/10 10:19:04 | 000,112,091 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Groupon-EF7E012238.pdf
[2010/12/08 17:00:38 | 000,018,371 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Nov 10.docx
[2010/12/08 12:22:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/08 11:35:58 | 000,823,808 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\ICPSMMaterials.ppt
[2010/12/08 10:12:05 | 000,109,397 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\attack page.JPG
[2010/12/08 09:00:49 | 000,489,437 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma in Management Feb 201.pdf
[2010/12/08 09:00:25 | 000,053,488 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma Booking Form.pdf
[2010/12/06 11:14:15 | 000,019,346 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship(2)
[2010/12/06 11:14:02 | 000,019,346 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship
[2010/12/03 09:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/24 08:28:38 | 000,026,554 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - RAG Ball & BNO - Venue Options - Nov 10.xlsx
[2010/11/23 19:24:24 | 000,016,363 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - EBTTRT - Nov 10.xlsx
[2010/11/23 16:51:00 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\EBTTRT - Invoice - Australian Pearl Jam - Nov 10.doc
[2010/11/22 16:04:34 | 000,057,732 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 21st November.pdf
[2010/11/22 12:41:33 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/18 17:10:36 | 000,049,736 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0890.pdf
[2010/11/18 17:10:02 | 000,049,720 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0891.pdf
[2010/11/18 17:10:01 | 000,049,751 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0889.pdf
[2010/11/18 09:39:19 | 000,010,517 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Welfare - Daytime act availabilites - Nov 10.xlsx
[2010/11/17 12:36:06 | 000,014,331 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Ltr to Solr Nov10 - Mark version.docx
[2010/11/17 12:15:09 | 000,057,337 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 14th November.pdf
[2010/11/17 12:06:49 | 000,019,330 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Oct Nov 10.docx
[2010/11/16 14:43:58 | 000,420,340 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\OFA-CFR Instructors (Heartbeat Safety).pdf
[2 C:\Documents and Settings\mark_breen\Desktop\*.tmp files -> C:\Documents and Settings\mark_breen\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/14 09:44:50 | 001,230,779 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\tdsskiller.zip
[2010/12/14 09:38:04 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\JavaRa.zip
[2010/12/14 09:04:44 | 000,231,581 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\AdoptionPack.jpg
[2010/12/13 09:29:40 | 000,894,464 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\All Staff Meeting Minutes 26Nov10.doc
[2010/12/13 08:38:21 | 000,037,358 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\LPIT Funding Review - Draft 1.docx
[2010/12/10 16:12:45 | 000,638,677 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\IMG.pdf
[2010/12/10 10:19:03 | 000,112,091 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Groupon-EF7E012238.pdf
[2010/12/08 16:58:53 | 000,018,371 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Nov 10.docx
[2010/12/08 11:35:57 | 000,823,808 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\ICPSMMaterials.ppt
[2010/12/08 10:12:05 | 000,109,397 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\attack page.JPG
[2010/12/08 09:00:48 | 000,489,437 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma in Management Feb 201.pdf
[2010/12/08 09:00:25 | 000,053,488 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma Booking Form.pdf
[2010/12/06 11:14:14 | 000,019,346 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship(2)
[2010/12/06 11:14:02 | 000,019,346 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship
[2010/11/24 08:04:18 | 000,026,554 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - RAG Ball & BNO - Venue Options - Nov 10.xlsx
[2010/11/23 19:24:24 | 000,016,363 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - EBTTRT - Nov 10.xlsx
[2010/11/23 16:49:06 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\EBTTRT - Invoice - Australian Pearl Jam - Nov 10.doc
[2010/11/22 16:04:32 | 000,057,732 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 21st November.pdf
[2010/11/22 12:43:43 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1417001333-839522115-1138.job
[2010/11/22 12:43:42 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1417001333-839522115-1138.job
[2010/11/18 17:10:35 | 000,049,736 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0890.pdf
[2010/11/18 17:10:01 | 000,049,720 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0891.pdf
[2010/11/18 17:09:59 | 000,049,751 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0889.pdf
[2010/11/18 09:39:19 | 000,010,517 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Welfare - Daytime act availabilites - Nov 10.xlsx
[2010/11/17 12:36:06 | 000,014,331 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Ltr to Solr Nov10 - Mark version.docx
[2010/11/17 12:15:08 | 000,057,337 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 14th November.pdf
[2010/11/17 08:43:22 | 000,019,330 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Oct Nov 10.docx
[2010/11/16 14:43:57 | 000,420,340 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\OFA-CFR Instructors (Heartbeat Safety).pdf
[2010/11/01 14:04:34 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp5ml3.dll
[2010/01/22 10:01:42 | 000,000,199 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/11/30 10:34:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\prvlcl.dat
[2009/10/29 11:13:22 | 000,017,424 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/09/24 07:56:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BO2700CN.INI
[2009/08/27 08:29:41 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/27 08:29:41 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/08/11 13:50:52 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/09 08:20:33 | 000,000,317 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2009/06/30 20:08:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/30 19:51:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2009/06/30 19:39:31 | 000,000,829 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/04/26 00:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/10/26 06:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/20 08:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/26 06:39:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/08/20 09:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/10/20 08:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/08/20 09:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/07/26 08:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/08/20 08:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/12/13 09:20:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/08/20 09:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/26 06:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\AVG10
[2010/12/14 08:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Dropbox
[2009/08/04 08:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\EasyChat
[2009/08/12 14:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\ErrorExpert
[2010/08/20 09:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Nokia
[2010/08/20 09:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Nokia Ovi Suite
[2009/06/30 14:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\OpenOffice.org
[2010/08/20 09:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\PC Suite
[2010/12/14 08:06:19 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/08/11 07:19:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/08/11 07:19:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/02/28 12:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/08/11 07:19:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/08/11 07:19:55 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 00:11:54 | 000,344,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\hnetcfg.dll

< %systemroot%\System32\config\*.sav >
[2006/04/25 17:17:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/25 17:17:52 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/25 17:17:50 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< End of report >

 

[crunchie]

Apologies.

Follwing your instructions re JavaRa, it did not create any log. It simply installed the software. Please advise.

I posted the Extras.txt OTL log in the post above. The OTLtxt OTL log would not fit and I posted it yesterday as a separate post, with the site telling me it would need to be approved by a Mod. I've attached below again.

Actually you posted the TDSSKiller log 3 times .

====

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\MSINFO\asp.net -- (asp.net)
  O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
  O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O4 - HKCU..\Run: [] File not found
  :Commands
  [purity]
  [emptyflash]
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

==========

How is the PC now?

 

[ninjafox]

Apologies! Not sure how I did that.

Let me knwow if you need me to repost any of those logs.
Seems the issue may be solved. I will continue to Google and test it during the day and update.

Thanks!

Log from 1st OTL Run.

All processes killed
========== OTL ==========
Service asp.net stopped successfully!
Service asp.net deleted successfully!
File C:\Program Files\Common Files\Microsoft Shared\MSINFO\asp.net not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0347C33E-8762-4905-BF09-768834316C61}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: Administrator.DITSU
->Flash cache emptied: 0 bytes

User: All Users

User: claire.healey
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: mark_breen
->Flash cache emptied: 1631 bytes

User: NetworkService

User: sabbatical
->Flash cache emptied: 0 bytes

User: sean.campbell
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.DITSU
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: claire.healey
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: mark_breen
->Temp folder emptied: 6375775 bytes
->Temporary Internet Files folder emptied: 275670 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 96596336 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: sabbatical
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: sean.campbell
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21997035 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 155848280 bytes

Total Files Cleaned = 268.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 12162010_075320

Files\Folders moved on Reboot...
C:\Documents and Settings\mark_breen\Local Settings\Temp\All Staff Meeting Minutes 26Nov10.doc moved successfully.
File\Folder C:\Documents and Settings\mark_breen\Local Settings\Temp\Perflib_Perfdata_d70.dat not found!
C:\Documents and Settings\mark_breen\Local Settings\Temp\Services and Trading SC Agenda - 14Dec10.doc moved successfully.
C:\Documents and Settings\mark_breen\Local Settings\Temp\Z@RFB.tmp moved successfully.
File\Folder C:\Documents and Settings\mark_breen\Local Settings\Temp\~DF9754.tmp not found!
File\Folder C:\Documents and Settings\mark_breen\Local Settings\Temp\~DFA76F.tmp not found!
C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.Word\~WRF{D16A9DA8-906F-4D5F-B616-3874444A9C17}.tmp moved successfully.
C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.Word\~WRS{3C7989F2-F630-449B-BBB0-3ACE7EDB447F}.tmp moved successfully.
C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.Word\~WRS{96D6F5CC-DEF5-42CD-9426-13F254544E10}.tmp moved successfully.
C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.Word\~WRS{C532299A-0D38-440A-B4E6-6D16E39A6BC4}.tmp moved successfully.
C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.Word\~WRS{CC96AF1C-8749-4EF9-A718-A820FF4FD812}.tmp moved successfully.
C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.Word\~WRS{CCFBAB1D-64B9-4DFC-831F-7EA1371E64C6}.tmp moved successfully.
C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.Word\~WRS{EF597C64-6B28-4CF4-A39A-C5452129D620}.tmp moved successfully.
C:\Documents and Settings\mark_breen\Local Settings\Temporary Internet Files\Content.IE5\FPUL4SPA\master[1].xml moved successfully.
C:\Documents and Settings\mark_breen\Local Settings\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\mark_breen\Local Settings\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\mark_breen\Local Settings\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\mark_breen\Local Settings\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\mark_breen\Local Settings\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\mark_breen\Local Settings\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\XUL.mfl moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_aa8.dat not found!

Registry entries deleted on Reboot...

Quick Scan Log

OTL logfile created on: 16/12/2010 07:59:32 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\mark_breen\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 270.55 Gb Free Space | 90.76% Space Free | Partition Type: NTFS
Drive Z: | 98.08 Gb Total Space | 47.90 Gb Free Space | 48.84% Space Free | Partition Type: NTFS

Computer Name: EM-BST | User Name: mark_breen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/16 07:59:05 | 007,462,912 | ---- | M] () -- C:\Documents and Settings\mark_breen\Local Settings\Temp\FWUpgrader.exe
PRC - [2010/12/16 07:59:01 | 011,750,797 | ---- | M] () -- C:\Documents and Settings\mark_breen\Local Settings\Temp\ML2580_V1.01.00.83.exe
PRC - [2010/12/14 09:46:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
PRC - [2010/12/03 19:35:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/03 19:35:08 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/03 09:05:32 | 001,389,400 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/12/03 09:05:32 | 000,930,032 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/22 12:41:30 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/10/22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/09 00:47:48 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/02/26 05:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\mark_breen\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/08/14 08:01:14 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/06/23 15:15:40 | 000,573,440 | ---- | M] (Samsung Printer) -- C:\Program Files\SamsungPrinterLiveUpdate\SP_Connector.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/11/08 15:57:24 | 002,139,496 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\DIAS\CnxDIAS.exe
PRC - [2007/01/01 21:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2005/06/20 21:22:00 | 000,630,784 | ---- | M] (ScriptLogic Corporation) -- C:\WINDOWS\system32\slAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/12/14 09:46:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
MOD - [2010/11/22 12:42:06 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/12/03 09:05:32 | 001,389,400 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/04/07 14:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/11/08 15:57:24 | 002,139,496 | ---- | M] (CANON INC.) [Auto | Running] -- C:\Program Files\Canon\DIAS\CnxDIAS.exe -- (Canon Driver Information Assist Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2010/12/03 09:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/12/03 09:05:33 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/02/20 23:04:38 | 000,195,456 | R--- | M] (Symantec Corp.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\fslx.sys -- (FSLX)
DRV - [2009/02/11 11:40:40 | 005,028,352 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/10/30 08:00:36 | 005,851,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/08/07 16:40:38 | 000,098,944 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2004/08/04 00:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/04 00:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/04 00:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/04 00:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/04 00:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/04 00:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 00:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2002/05/09 00:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2002/04/04 05:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 21:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 21:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 21:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 21:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 13:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=93&bd=all&pf=cmdt
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://partnerpage.google.com/ditsu.ie"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.9
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {05f6a7ea-896b-11da-8bde-f66bad1e3fff}:3.5.20090705
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.0.2.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.9.4
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/08/20 09:23:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/24 08:36:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/22 12:42:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 09:03:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/14 09:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/08/20 09:23:31 | 000,000,000 | ---D | M]

[2009/06/30 12:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Extensions
[2010/12/15 14:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions
[2010/07/27 08:02:06 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/12/14 08:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/07/29 08:26:02 | 000,000,000 | ---D | M] (Locator) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3fff}
[2010/04/30 08:05:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/26 08:15:09 | 000,000,000 | ---D | M] (InFormEnter) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2010/12/13 07:45:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/12 15:12:21 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/11/18 09:20:00 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/11/16 09:13:52 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/12/13 07:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/01/11 09:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\lazarus@interclue.com
[2009/06/30 13:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\morningCoffee@shaneliesegang
[2010/06/22 06:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\piclens@cooliris.com
[2009/06/30 14:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Mozilla\Firefox\Profiles\sl18u4ij.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2010/12/15 14:56:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/15 08:04:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/15 08:04:35 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/16 07:53:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\mark_breen\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\mark_breen\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ditsu.local
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{58726723-b3e5-11de-bb52-0024212f431f}\Shell - "" = AutoRun
O33 - MountPoints2\{58726723-b3e5-11de-bb52-0024212f431f}\Shell\Auto\command - "" = E:\asp.net -- File not found
O33 - MountPoints2\{58726723-b3e5-11de-bb52-0024212f431f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6692fd3d-b32f-11de-bb51-0011957d355a}\Shell - "" = AutoRun
O33 - MountPoints2\{6692fd3d-b32f-11de-bb51-0011957d355a}\Shell\Auto\command - "" = E:\asp.net -- File not found
O33 - MountPoints2\{6692fd3d-b32f-11de-bb51-0011957d355a}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/16 07:53:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/14 09:46:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
[2010/12/14 09:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Desktop\tdsskiller
[2010/12/14 09:44:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/12/14 09:38:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Desktop\JavaRa
[2010/12/13 11:42:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\mark_breen\Desktop\HijackThis.exe
[2010/12/13 10:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Application Data\Malwarebytes
[2010/12/13 10:12:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/13 10:12:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/13 10:12:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/13 10:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/13 09:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\Sunbelt Software
[2010/12/13 09:20:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/11/25 16:15:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Desktop\Event Elephant FAQs
[2010/11/25 16:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Application Data\WinRAR
[2010/11/25 16:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/11/23 10:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/23 10:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/11/23 10:46:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/11/22 12:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\Real
[2010/11/22 12:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/11/22 12:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\real
[2009/06/30 12:26:27 | 007,371,960 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.11.exe
[2 C:\Documents and Settings\mark_breen\Desktop\*.tmp files -> C:\Documents and Settings\mark_breen\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/16 08:01:57 | 101,889,147 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/12/16 07:58:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/12/16 07:55:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/16 07:55:51 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1417001333-839522115-1138.job
[2010/12/16 07:55:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/16 07:55:25 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/16 07:54:32 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/12/16 07:53:32 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1417001333-839522115-1138.job
[2010/12/16 07:53:30 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/12/16 07:47:14 | 000,111,578 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DITStudentCharter 2004(2).pdf
[2010/12/15 15:59:51 | 000,011,634 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Invoice - Steven Cassells - Dec 2010.docx
[2010/12/15 15:14:30 | 000,088,259 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Services and Trading SC Minutes - 16Nov10.pdf
[2010/12/15 11:07:57 | 000,111,578 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DITStudentCharter 2004.pdf
[2010/12/15 03:25:08 | 000,285,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 03:08:30 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/14 20:01:48 | 000,824,832 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DITSU Events & Marketing Dep’t.ppt
[2010/12/14 10:07:43 | 000,638,677 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DIT - Contractors Form - Bacstroke - Dec 10.pdf
[2010/12/14 09:46:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mark_breen\Desktop\OTL.exe
[2010/12/14 09:44:53 | 001,230,779 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\tdsskiller.zip
[2010/12/14 09:38:04 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\JavaRa.zip
[2010/12/14 09:04:45 | 000,231,581 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\AdoptionPack.jpg
[2010/12/13 11:43:03 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\mark_breen\Desktop\HijackThis.exe
[2010/12/13 09:49:16 | 000,037,358 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\LPIT Funding Review - Draft 1.docx
[2010/12/13 09:33:49 | 000,000,199 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/12/13 09:29:42 | 000,894,464 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\All Staff Meeting Minutes 26Nov10.doc
[2010/12/13 09:23:22 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/12/13 09:03:43 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\mark_breen\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/10 16:12:57 | 000,638,677 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\IMG.pdf
[2010/12/10 12:04:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/10 10:19:04 | 000,112,091 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Groupon-EF7E012238.pdf
[2010/12/08 17:00:38 | 000,018,371 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Nov 10.docx
[2010/12/08 12:22:40 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/08 11:35:58 | 000,823,808 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\ICPSMMaterials.ppt
[2010/12/08 10:12:05 | 000,109,397 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\attack page.JPG
[2010/12/08 09:00:49 | 000,489,437 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma in Management Feb 201.pdf
[2010/12/08 09:00:25 | 000,053,488 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma Booking Form.pdf
[2010/12/06 11:14:15 | 000,019,346 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship(2)
[2010/12/06 11:14:02 | 000,019,346 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship
[2010/12/03 09:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/24 08:28:38 | 000,026,554 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - RAG Ball & BNO - Venue Options - Nov 10.xlsx
[2010/11/23 19:24:24 | 000,016,363 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - EBTTRT - Nov 10.xlsx
[2010/11/23 16:51:00 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\EBTTRT - Invoice - Australian Pearl Jam - Nov 10.doc
[2010/11/22 16:04:34 | 000,057,732 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 21st November.pdf
[2010/11/22 12:41:33 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2010/11/18 17:10:36 | 000,049,736 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0890.pdf
[2010/11/18 17:10:02 | 000,049,720 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0891.pdf
[2010/11/18 17:10:01 | 000,049,751 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0889.pdf
[2010/11/18 09:39:19 | 000,010,517 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Welfare - Daytime act availabilites - Nov 10.xlsx
[2010/11/17 12:36:06 | 000,014,331 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\Ltr to Solr Nov10 - Mark version.docx
[2010/11/17 12:15:09 | 000,057,337 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 14th November.pdf
[2010/11/17 12:06:49 | 000,019,330 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Oct Nov 10.docx
[2010/11/16 14:43:58 | 000,420,340 | ---- | M] () -- C:\Documents and Settings\mark_breen\Desktop\OFA-CFR Instructors (Heartbeat Safety).pdf
[2 C:\Documents and Settings\mark_breen\Desktop\*.tmp files -> C:\Documents and Settings\mark_breen\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/16 07:47:13 | 000,111,578 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DITStudentCharter 2004(2).pdf
[2010/12/15 15:14:29 | 000,088,259 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Services and Trading SC Minutes - 16Nov10.pdf
[2010/12/15 11:07:56 | 000,111,578 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DITStudentCharter 2004.pdf
[2010/12/14 13:00:59 | 000,824,832 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DITSU Events & Marketing Dep’t.ppt
[2010/12/14 10:07:42 | 000,638,677 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DIT - Contractors Form - Bacstroke - Dec 10.pdf
[2010/12/14 09:44:50 | 001,230,779 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\tdsskiller.zip
[2010/12/14 09:38:04 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\JavaRa.zip
[2010/12/14 09:04:44 | 000,231,581 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\AdoptionPack.jpg
[2010/12/13 09:29:40 | 000,894,464 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\All Staff Meeting Minutes 26Nov10.doc
[2010/12/13 08:38:21 | 000,037,358 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\LPIT Funding Review - Draft 1.docx
[2010/12/10 16:12:45 | 000,638,677 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\IMG.pdf
[2010/12/10 10:19:03 | 000,112,091 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Groupon-EF7E012238.pdf
[2010/12/08 16:58:53 | 000,018,371 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Nov 10.docx
[2010/12/08 11:35:57 | 000,823,808 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\ICPSMMaterials.ppt
[2010/12/08 10:12:05 | 000,109,397 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\attack page.JPG
[2010/12/08 09:00:48 | 000,489,437 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma in Management Feb 201.pdf
[2010/12/08 09:00:25 | 000,053,488 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Diploma Booking Form.pdf
[2010/12/06 11:14:14 | 000,019,346 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship(2)
[2010/12/06 11:14:02 | 000,019,346 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Scholarship
[2010/11/24 08:04:18 | 000,026,554 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - RAG Ball & BNO - Venue Options - Nov 10.xlsx
[2010/11/23 19:24:24 | 000,016,363 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\I&E - EBTTRT - Nov 10.xlsx
[2010/11/23 16:49:06 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\EBTTRT - Invoice - Australian Pearl Jam - Nov 10.doc
[2010/11/22 16:04:32 | 000,057,732 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 21st November.pdf
[2010/11/22 12:43:43 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-299502267-1417001333-839522115-1138.job
[2010/11/22 12:43:42 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-1417001333-839522115-1138.job
[2010/11/18 17:10:35 | 000,049,736 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0890.pdf
[2010/11/18 17:10:01 | 000,049,720 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0891.pdf
[2010/11/18 17:09:59 | 000,049,751 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\InvoiceDIT0889.pdf
[2010/11/18 09:39:19 | 000,010,517 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Welfare - Daytime act availabilites - Nov 10.xlsx
[2010/11/17 12:36:06 | 000,014,331 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\Ltr to Solr Nov10 - Mark version.docx
[2010/11/17 12:15:08 | 000,057,337 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\DIT Invoice 14th November.pdf
[2010/11/17 08:43:22 | 000,019,330 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\E&M - Dep't Update - Oct Nov 10.docx
[2010/11/16 14:43:57 | 000,420,340 | ---- | C] () -- C:\Documents and Settings\mark_breen\Desktop\OFA-CFR Instructors (Heartbeat Safety).pdf
[2010/11/01 14:04:34 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssp5ml3.dll
[2010/01/22 10:01:42 | 000,000,199 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/11/30 10:34:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\prvlcl.dat
[2009/10/29 11:13:22 | 000,017,424 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/09/24 07:56:51 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BO2700CN.INI
[2009/08/27 08:29:41 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/08/27 08:29:41 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/08/11 13:50:52 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\mark_breen\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/09 08:20:33 | 000,000,317 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2009/06/30 20:08:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/30 19:51:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2009/06/30 19:39:31 | 000,000,829 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/04/26 00:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== LOP Check ==========

[2010/10/26 06:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/20 08:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/26 06:39:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/08/20 09:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/10/20 08:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/08/20 09:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/07/26 08:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/08/20 08:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/12/13 09:20:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/08/20 09:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/10/26 06:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\AVG10
[2010/12/16 07:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Dropbox
[2009/08/04 08:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\EasyChat
[2009/08/12 14:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\ErrorExpert
[2010/08/20 09:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Nokia
[2010/08/20 09:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\Nokia Ovi Suite
[2009/06/30 14:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\OpenOffice.org
[2010/08/20 09:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mark_breen\Application Data\PC Suite
[2010/12/16 07:58:45 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



< End of report >

 

[crunchie]

Looks OK. Just let me know after you have used it as per normal .

 

[ninjafox]

Just wanted to confirm that all seems to be operating as it should now!

MANY THANKS for helping me out. It was a right pain!

 

[crunchie]

Excellent .

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.