Antivirus trojan blocking access to files

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Antivirus trojan blocking access to files20th July 2010, 11:01 pm

I've got a trojan virus on my laptop and it seems to be those fake Antivirus programs. Its infected my sister's user profile and she can't do anything due to the virus blocking access to her files. I'm running windows vista. Any help is appreciated!

Re: Antivirus trojan blocking access to files20th July 2010, 11:05 pm

Hi, welcome to GeekPolice.net! Smile...

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
Please post its log in your next reply.
After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

=========

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

............................................................................................
I'm livin' life in the fast lane.

Re: Antivirus trojan blocking access to files22nd July 2010, 12:05 am

RKill log file

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Leanne on 22/07/2010 at 0:53:37.

Processes terminated by Rkill or while it was running:

C:\Users\Leanne\Program Files\DNA\btdna.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Leanne\Desktop\rkill.com

Rkill completed on 22/07/2010 at 0:53:45.

------------------------------------------------------------------------------

I can't access the OTL file. The website host is down.

Re: Antivirus trojan blocking access to files22nd July 2010, 12:09 am

Hi,

Yes, they have had some issues.

Please download ComboFix Antivirus trojan blocking access to files Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

............................................................................................
I'm livin' life in the fast lane.

Re: Antivirus trojan blocking access to files22nd July 2010, 8:53 pm

Hey I done the OTL scan instead now the website host is working Smile...

OTL.Txt

OTL logfile created on: 22/07/2010 21:11:47 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Leanne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.45 Gb Total Space | 74.44 Gb Free Space | 54.56% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.71 Gb Free Space | 57.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEANNE-PC
Current User Name: Leanne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/22 21:11:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Leanne\Desktop\OTL.exe
PRC - [2010/07/09 18:25:39 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/06/12 11:22:05 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/10 22:32:26 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/13 10:54:50 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Leanne\Program Files\DNA\btdna.exe
PRC - [2009/08/29 16:52:28 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/29 16:52:28 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/29 16:52:23 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/29 16:52:20 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/29 16:52:12 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/16 15:43:04 | 000,241,664 | ---- | M] () -- C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe
PRC - [2009/07/16 15:42:20 | 000,132,608 | ---- | M] () -- C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2008/08/04 17:22:20 | 000,721,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/05/04 10:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 10:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 10:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 10:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/21 10:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 12:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe

========== Modules (SafeList) ==========

MOD - [2010/07/22 21:11:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Leanne\Desktop\OTL.exe
MOD - [2009/08/29 16:52:28 | 000,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 07:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 03:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/29 16:52:20 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/29 16:52:12 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/16 15:43:04 | 000,241,664 | ---- | M] () [Auto | Running] -- C:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008/08/23 17:44:10 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ynlnrufm.sys -- (ynlnrufm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2009/08/29 16:52:28 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/29 16:52:28 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/22 10:08:38 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/05/22 10:04:04 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/05/22 10:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/05/22 10:04:04 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/05/22 10:04:04 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/05/20 21:53:40 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/04/11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/09/11 15:05:55 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/08/04 17:22:20 | 001,964,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV - [2008/06/23 13:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/06/23 13:45:40 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/06/23 13:45:40 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/06/23 13:45:38 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/05/16 13:17:02 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/05/04 10:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 08:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/03/06 08:58:12 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/12 12:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/29 06:31:54 | 000,278,528 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/06 17:43:26 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/06 17:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 17:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 17:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2080824
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile Mobile Broadband Manager\addon [2010/02/22 18:41:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 01:47:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 01:47:16 | 000,000,000 | ---D | M]

[2010/02/15 02:30:58 | 000,000,000 | ---D | M] -- C:\Users\Leanne\AppData\Roaming\Mozilla\Extensions
[2010/06/26 12:39:39 | 000,000,000 | ---D | M] -- C:\Users\Leanne\AppData\Roaming\Mozilla\Firefox\Profiles\n8hw104q.default\extensions
[2010/02/15 03:00:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Leanne\AppData\Roaming\Mozilla\Firefox\Profiles\n8hw104q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/15 02:33:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/16 01:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 01:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 01:55:13 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 01:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ewrgetuj] C:\Users\Lauren\AppData\Local\Temp\geurge.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\T-Mobile Mobile Broadband Manager\UIExec.exe ()
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Leanne\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Users\Leanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864_01.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864_01.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4203116b-0d55-11de-ba98-00219bd85fdb}\Shell - "" = AutoRun
O33 - MountPoints2\{4203116b-0d55-11de-ba98-00219bd85fdb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a3274faa-1702-11df-8cfc-00219bd85fdb}\Shell - "" = AutoRun
O33 - MountPoints2\{a3274faa-1702-11df-8cfc-00219bd85fdb}\Shell\AutoRun\command - "" = F:\Install.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/07/22 21:10:17 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Leanne\Desktop\OTL.exe
[2010/07/22 03:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/22 03:09:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/21 16:26:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/07/21 00:30:10 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/07/15 13:52:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010/06/24 03:01:12 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/24 03:01:12 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/24 03:01:12 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/23 14:34:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/06/23 14:34:22 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

========== Files - Modified Within 30 Days ==========

[2010/07/22 21:22:22 | 000,768,000 | ---- | M] () -- C:\Windows\System32\drivers\fpcpcmqz.sys
[2010/07/22 21:22:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{57BA683B-D8D8-4449-89EA-F1DD230642DB}.job
[2010/07/22 21:21:44 | 003,145,728 | -HS- | M] () -- C:\Users\Leanne\ntuser.dat
[2010/07/22 21:11:09 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Leanne\Desktop\OTL.exe
[2010/07/22 20:02:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/22 20:02:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/22 20:02:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/22 17:28:38 | 062,322,183 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/07/22 12:23:15 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/07/22 10:41:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/22 03:32:51 | 000,524,288 | -HS- | M] () -- C:\Users\Leanne\ntuser.dat{15a11227-9450-11df-a532-00219bd85fdb}.TMContainer00000000000000000001.regtrans-ms
[2010/07/22 03:32:51 | 000,065,536 | -HS- | M] () -- C:\Users\Leanne\ntuser.dat{15a11227-9450-11df-a532-00219bd85fdb}.TM.blf
[2010/07/22 03:32:30 | 002,284,150 | -H-- | M] () -- C:\Users\Leanne\AppData\Local\IconCache.db
[2010/07/22 03:12:39 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/22 00:53:21 | 000,363,520 | ---- | M] () -- C:\Users\Leanne\Desktop\rkill.com
[2010/07/21 16:26:33 | 151,243,070 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/20 23:45:39 | 000,524,288 | -HS- | M] () -- C:\Users\Leanne\ntuser.dat{15a11227-9450-11df-a532-00219bd85fdb}.TMContainer00000000000000000002.regtrans-ms
[2010/07/20 23:11:49 | 000,524,288 | -HS- | M] () -- C:\Users\Leanne\NTUSER.DAT{710e5fa9-f8e7-11dd-b2aa-00219bd85fdb}.TMContainer00000000000000000001.regtrans-ms
[2010/07/20 23:11:49 | 000,065,536 | -HS- | M] () -- C:\Users\Leanne\NTUSER.DAT{710e5fa9-f8e7-11dd-b2aa-00219bd85fdb}.TM.blf
[2010/07/20 16:33:31 | 000,048,128 | ---- | M] () -- C:\Users\Leanne\Documents\CV_Leanne.doc
[2010/07/15 17:52:51 | 000,803,328 | ---- | M] () -- C:\Users\Leanne\Documents\Monsoon Behavioural Framework.ppt
[2010/07/15 13:52:06 | 000,000,185 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010/07/07 13:01:54 | 000,027,136 | ---- | M] () -- C:\Users\Leanne\Documents\Cover Letter[2].doc
[2010/07/07 13:00:41 | 000,028,160 | ---- | M] () -- C:\Users\Leanne\Documents\Cover Letter.doc
[2010/07/04 00:46:52 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/04 00:46:52 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/04 00:46:52 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/07/22 03:12:39 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/22 00:52:49 | 000,363,520 | ---- | C] () -- C:\Users\Leanne\Desktop\rkill.com
[2010/07/21 16:26:33 | 151,243,070 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/20 23:45:39 | 000,524,288 | -HS- | C] () -- C:\Users\Leanne\ntuser.dat{15a11227-9450-11df-a532-00219bd85fdb}.TMContainer00000000000000000002.regtrans-ms
[2010/07/20 23:45:39 | 000,524,288 | -HS- | C] () -- C:\Users\Leanne\ntuser.dat{15a11227-9450-11df-a532-00219bd85fdb}.TMContainer00000000000000000001.regtrans-ms
[2010/07/20 23:45:39 | 000,065,536 | -HS- | C] () -- C:\Users\Leanne\ntuser.dat{15a11227-9450-11df-a532-00219bd85fdb}.TM.blf
[2010/07/18 21:39:06 | 000,768,000 | ---- | C] () -- C:\Windows\System32\drivers\fpcpcmqz.sys
[2010/07/15 13:52:06 | 000,000,185 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/07/14 13:45:01 | 000,803,328 | ---- | C] () -- C:\Users\Leanne\Documents\Monsoon Behavioural Framework.ppt
[2009/09/23 23:57:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/08/24 02:09:24 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/08/24 02:09:23 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/08/24 02:09:23 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/08/24 02:09:23 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/08/24 02:09:23 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/08/24 02:09:21 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/23 17:35:02 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/08/04 17:22:20 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/12/08 15:34:10 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010/05/04 06:55:41 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.exe /lockedfiles >
[2007/12/08 15:34:40 | 003,444,736 | ---- | M] (Dell Inc.) Unable to obtain MD5 -- C:\Windows\System32\WLTRAY.EXE

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/07/22 21:29:06 | 000,768,000 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\fpcpcmqz.sys

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.sys >
[2006/11/02 08:09:42 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/04/11 07:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2006/11/02 08:09:45 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2006/11/02 08:09:41 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 08:09:44 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 08:09:44 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 08:09:29 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 08:09:35 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 08:09:38 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 08:09:40 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 08:09:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 08:09:20 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 08:09:23 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 08:09:24 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 08:09:26 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 08:09:22 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2010/05/01 15:13:48 | 002,037,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2008/06/23 13:45:42 | 000,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/08/24 02:09:33 | 000,004,697 | RH-- | M] () -- C:\dell.sdr
[2010/05/29 21:49:54 | 000,230,424 | ---- | M] () -- C:\img2-001.raw
[2010/02/16 23:33:26 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2010/02/16 23:33:26 | 000,022,729 | ---- | M] () -- C:\newkey
[2010/07/22 10:41:41 | 2450,845,696 | -HS- | M] () -- C:\pagefile.sys
[2010/07/22 00:53:45 | 000,000,465 | ---- | M] () -- C:\rkill.log

< %PROGRAMFILES%\*. >
[2010/06/20 15:02:47 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/08/04 11:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/01/26 00:48:27 | 000,000,000 | ---D | M] -- C:\Program Files\Avanquest update
[2008/09/05 21:01:23 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/06/22 01:47:50 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/05/05 00:08:16 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour(1)
[2009/08/15 00:49:50 | 000,000,000 | ---D | M] -- C:\Program Files\Burger Shop 2
[2008/08/23 17:35:21 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2008/08/23 17:44:10 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2010/04/01 19:34:09 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/08/23 18:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2009/05/27 18:59:34 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2008/08/23 17:41:35 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2008/08/23 17:49:03 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/08/23 17:40:02 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2008/08/24 02:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2009/02/06 01:46:27 | 000,000,000 | ---D | M] -- C:\Program Files\Devious Codeworks
[2008/08/23 17:30:21 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2009/08/22 16:52:35 | 000,000,000 | ---D | M] -- C:\Program Files\Disney
[2009/03/26 01:50:47 | 000,000,000 | ---D | M] -- C:\Program Files\DNA
[2010/06/19 17:22:57 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/02/28 03:19:04 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/02/06 01:42:25 | 000,000,000 | ---D | M] -- C:\Program Files\ImageConverter Plus
[2010/06/19 17:22:53 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/08/23 17:34:38 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/06/12 03:32:19 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/07/22 03:11:33 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/05/05 00:12:07 | 000,000,000 | ---D | M] -- C:\Program Files\iPod(46)
[2010/07/22 03:12:35 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/05/05 00:12:55 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes(47)
[2010/02/15 02:33:17 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/02/16 15:52:34 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/19 15:44:11 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2009/11/06 22:55:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/01/20 23:20:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/06/11 09:30:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/04/07 13:46:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2010/06/26 11:30:40 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/08/23 17:29:29 | 000,000,000 | ---D | M] -- C:\Program Files\Modem Diagnostic Tool
[2010/03/10 04:50:38 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/02/15 02:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009/08/31 12:07:13 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Games
[2008/10/26 02:33:49 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/09/12 12:42:02 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2008/08/23 17:29:57 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2009/08/31 11:59:46 | 000,000,000 | ---D | M] -- C:\Program Files\Oberon Media
[2008/12/05 17:46:04 | 000,000,000 | ---D | M] -- C:\Program Files\Olympus
[2008/08/23 17:35:39 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/04/02 01:46:42 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/08/15 00:45:47 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2010/04/01 19:08:46 | 000,000,000 | ---D | M] -- C:\Program Files\Research In Motion
[2010/04/01 19:33:55 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2008/08/23 18:15:08 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2009/01/25 22:21:30 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Ericsson
[2008/09/24 13:08:10 | 000,000,000 | ---D | M] -- C:\Program Files\StreamingStar
[2008/09/18 16:00:35 | 000,000,000 | ---D | M] -- C:\Program Files\Streamripper
[2009/12/30 02:16:01 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2010/07/22 01:25:24 | 000,000,000 | ---D | M] -- C:\Program Files\T-Mobile Mobile Broadband Manager
[2008/11/16 14:55:04 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2010/06/09 00:07:13 | 000,000,000 | ---D | M] -- C:\Program Files\TweetDeck
[2006/11/02 14:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/09/18 15:50:45 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010/02/15 01:39:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/02/15 01:39:29 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2010/02/15 01:39:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2010/02/15 01:39:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/11/06 22:54:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/11/06 22:54:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/07/15 13:52:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/02/15 01:39:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/02/15 01:39:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2010/02/16 04:34:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2010/02/15 01:39:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/04/05 17:00:55 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR

< %appdata%\*.* >
[2009/04/08 23:29:28 | 000,000,006 | -HS- | M] () -- C:\Users\Leanne\AppData\Roaming\desktop.ini
[2010/05/02 13:18:26 | 000,014,638 | ---- | M] () -- C:\Users\Leanne\AppData\Roaming\wklnhst.dat

< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/08/24 02:04:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/08/24 02:04:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/08/24 02:04:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 03:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 10:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: IASTOR.SYS >
[2007/09/06 17:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R166200\iastor.sys
[2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/09/06 17:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/09/06 17:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/09/06 17:43:26 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys
[2007/03/21 12:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dl

Re: Antivirus trojan blocking access to files22nd July 2010, 8:53 pm

< MD5 for: USBSTOR.SYS >
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_b9f18584\USBSTOR.SYS
[2008/01/21 03:23:24 | 000,055,296 | ---- | M] (Microsoft Corporation) MD5=87BA6B83C5D19B69160968D07D6E2982 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6001.18000_none_48864eb697d31b43\USBSTOR.SYS
[2009/04/11 05:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009/04/11 05:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_72a6a3e5\USBSTOR.SYS
[2009/04/11 05:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) MD5=BE3DA31C191BC222D9AD503C5224F2AD -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.0.6002.18005_none_4a71c7c294f4e68f\USBSTOR.SYS
[2006/11/02 09:55:05 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=FDBAABF07244C60B0F4E0A6E71A107C6 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_bb2778a0\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-20 22:52:44

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:80E965A3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:37CE0F2E
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

Re: Antivirus trojan blocking access to files22nd July 2010, 8:54 pm

Extras.Txt

OTL Extras logfile created on: 22/07/2010 21:11:47 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Leanne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.45 Gb Total Space | 74.44 Gb Free Space | 54.56% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.71 Gb Free Space | 57.08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEANNE-PC
Current User Name: Leanne
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\BitTorrent\bittorrent.exe" = H:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09DEC3DC-211B-4CBD-AC2E-D95C9160AF1E}" = lport=139 | protocol=6 | dir=in | app=system |
"{13EDE0AC-C790-402C-B1FC-1221CCE0FB8D}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{297ED474-5A3F-49CB-B945-2FAAB47185C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2AFB03A7-0AE0-4388-A5D2-48D893DC1E05}" = rport=139 | protocol=6 | dir=out | app=system |
"{3EC6DECC-670B-45AA-86AD-7DA2AD083B57}" = lport=5358 | protocol=6 | dir=in | app=system |
"{43CD4A81-7B47-43F5-9D30-BE2D281C50FB}" = rport=138 | protocol=17 | dir=out | app=system |
"{4DA52EC4-DBDE-4FFF-AADC-CCCB91CB1C1A}" = rport=5358 | protocol=6 | dir=out | app=system |
"{59A4C24C-2309-4424-BF70-092D305A8944}" = lport=138 | protocol=17 | dir=in | app=system |
"{6DB3D8F4-04F8-4E0C-BC24-4ABB23018C49}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{882D72D7-3141-4081-A542-C36854EDF327}" = rport=5357 | protocol=6 | dir=out | app=system |
"{A1B48F4F-08F4-4AAA-80CD-1D424C9B1898}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AA58148A-B223-453C-BAF9-2992A07D10EA}" = lport=137 | protocol=17 | dir=in | app=system |
"{B0830075-459C-4FC7-ABA8-D27E0CBD13BD}" = rport=445 | protocol=6 | dir=out | app=system |
"{BFCF1C12-6EBA-4E7A-A297-20E9BA70C4C7}" = lport=5357 | protocol=6 | dir=in | app=system |
"{CA5F176D-305D-4943-9E2F-04920DEA0A12}" = lport=445 | protocol=6 | dir=in | app=system |
"{E5A8BA2B-75C1-4923-9FC7-BDBD0837F219}" = rport=137 | protocol=17 | dir=out | app=system |
"{F3270069-8F7B-4D69-BB21-92A1AF42CB40}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F5E1856A-0CAE-4BB9-84ED-FD2F764C95D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C49AF7-8635-45F3-A72F-9FA8FF4EE4AA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0A277F1D-5552-4F4A-B804-C420A632C2DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E7D3091-09EB-4F79-B695-FD0B1085438B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{2DDE9AC4-1C80-42FA-BCED-3BA2FCFE3ABA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3C2F6ECA-A9DB-472C-AC05-F2E79ACF0434}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3E8DC6F4-8B50-4669-AB85-8EAFAD255C46}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{406EF0CF-613E-439A-8412-31F05976AD21}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{4B8FB58F-A224-4FD9-8BF0-B6E26CB7E2E6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4F9A6E3D-9C91-4A87-8E52-1DDF434475C9}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{557F17DC-30F3-4079-A18F-6DC09299D87C}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{5D81246E-F732-411B-B25B-2BB4CD936618}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5DD92D4A-B68A-4975-85A6-1BC41C41FA4C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{63DC9256-BC0E-4948-854C-03FE94343ACB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{6431EE2D-94CE-4767-87E9-7FF0E7B30E7D}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{69FF272E-35AD-4625-B195-055D628D7C0D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6D9BF6AF-754D-4740-922D-C70A931DDD5E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7320FF35-24F8-4E3B-8A09-E9D93766B3F8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{74A713CC-E081-4388-BBB3-9A16329EFEB2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7CDA1E1D-3880-47C2-864E-D348E45AFD32}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{866DEDF9-FFFF-4589-ABD8-4BE56774EB6C}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{A1450895-ABAB-4430-9E5F-291656CD687A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{AA2034BC-237F-4863-8B63-6E316D924778}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{AEECD191-1D49-4D79-9B83-C7E2D9453362}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B78D6225-4E4E-4BCF-A430-3B45A7587AF9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CE9DCEE6-7652-44F3-93D8-C21083353952}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{D2C00126-496D-4F21-AE48-3EE51790F6F6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{D5B4F0D8-540F-46D4-B70C-106E19C8E8B4}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DB0CF39F-E732-4C37-AD67-421362AB31B3}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{E2E55066-E253-4ED0-9C7C-2A0127F71974}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E677E1A0-476F-418C-BD83-134D9EEFA0B4}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{EB33755C-BBB2-4E2E-A5EF-5C6D417333D6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{EE973279-5D4E-44E9-9DA5-F87189DDA617}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{F5E480DB-5C0D-493D-9054-C829266895B9}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{FAC3B5BE-EA67-4FD0-801F-C0A67B993A19}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{FEF7FEC3-84B7-45F0-AF85-3C45100175FA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{285CB8DF-E8D2-4ED3-9415-7B398711E151}C:\users\leanne\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\leanne\program files\dna\btdna.exe |
"TCP Query User{440969E9-33CB-43F4-86C9-2777F850C1E1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{87655EE4-AE58-438A-B628-24F20BF78ACF}H:\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=h:\bittorrent\bittorrent.exe |
"TCP Query User{9C6E4667-AFAB-4099-A652-A41C5BB32AFB}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{E3B19D15-06E8-4A1E-B400-AA1DA9EF5662}C:\users\leanne\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\leanne\program files\dna\btdna.exe |
"UDP Query User{4835E547-6513-4436-852F-C6BD18E032D6}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{674DD89B-28B0-4805-ABCF-E74258E372FC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{70EED181-6099-42F4-B520-B532D4B22072}C:\users\leanne\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\leanne\program files\dna\btdna.exe |
"UDP Query User{73A18E29-BE29-489C-A486-23A4658D44A2}H:\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=h:\bittorrent\bittorrent.exe |
"UDP Query User{DF877A8C-4656-4AC6-BE2E-67A80B793F95}C:\users\leanne\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\leanne\program files\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{070B059B-F742-4532-B9D1-11E1E3887C6C}" = BlackBerry Device Software Updater
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
"{5CE8DE46-1D95-786A-A666-AAC564BC9200}" = TweetDeck
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = T-Mobile Mobile Broadband Manager
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG8Uninstall" = AVG Free 8.5
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Burger Shop 2_is1" = Burger Shop 2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Disney Toontown Online_UK" = Disney Toontown Online UK_LIVE
"EA Download Manager" = EA Download Manager
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Imagicon" = Imagicon
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Switch" = Switch Sound File Converter
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/10/2009 09:35:21 | Computer Name = Leanne-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/10/2009 18:05:31 | Computer Name = Leanne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/10/2009 20:34:11 | Computer Name = Leanne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/10/2009 07:26:52 | Computer Name = Leanne-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2009 10:43:59 | Computer Name = Leanne-PC | Source = VSS | ID = 8194
Description =

Error - 11/10/2009 11:23:47 | Computer Name = Leanne-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/10/2009 13:17:35 | Computer Name = Leanne-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/10/2009 20:10:40 | Computer Name = Leanne-PC | Source = EventSystem | ID = 4621
Description =

Error - 12/10/2009 04:07:17 | Computer Name = Leanne-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/10/2009 05:35:22 | Computer Name = Leanne-PC | Source = EventSystem | ID = 4621
Description =

[ Broadcom Wireless LAN Events ]
Error - 05/05/2010 06:20:10 | Computer Name = Leanne-PC | Source = WLAN-Tray | ID = 0
Description = 11:20:10, Wed, May 05, 10 Error - Unable to gain access to user store

Error - 05/05/2010 06:26:31 | Computer Name = Leanne-PC | Source = WLAN-Tray | ID = 0
Description = 11:26:31, Wed, May 05, 10 Error - Unable to gain access to user store

Error - 21/06/2010 06:59:44 | Computer Name = Leanne-PC | Source = WLAN-Tray | ID = 0
Description = 11:59:44, Mon, Jun 21, 10 Error - Unable to gain access to user store

Error - 21/06/2010 07:05:51 | Computer Name = Leanne-PC | Source = WLAN-Tray | ID = 0
Description = 12:05:51, Mon, Jun 21, 10 Error - Unable to gain access to user store

Error - 15/07/2010 13:16:35 | Computer Name = Leanne-PC | Source = WLAN-Tray | ID = 0
Description = 18:16:35, Thu, Jul 15, 10 Error - Unable to gain access to user store

Error - 20/07/2010 18:45:14 | Computer Name = Leanne-PC | Source = WLAN-Tray | ID = 0
Description = 23:45:13, Tue, Jul 20, 10 Error - Unable to gain access to user store

[ System Events ]
Error - 22/07/2010 12:28:52 | Computer Name = Leanne-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 001644E7A9B0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 22/07/2010 15:02:09 | Computer Name = Leanne-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22/07/2010 15:02:10 | Computer Name = Leanne-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22/07/2010 15:02:11 | Computer Name = Leanne-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22/07/2010 15:02:12 | Computer Name = Leanne-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22/07/2010 15:02:13 | Computer Name = Leanne-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22/07/2010 15:02:14 | Computer Name = Leanne-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22/07/2010 15:02:15 | Computer Name = Leanne-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22/07/2010 16:40:43 | Computer Name = Leanne-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 22/07/2010 16:42:31 | Computer Name = Leanne-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

< End of report >

Re: Antivirus trojan blocking access to files22nd July 2010, 9:13 pm

Hi,

Please download ComboFix Antivirus trojan blocking access to files Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

............................................................................................
I'm livin' life in the fast lane.

Re: Antivirus trojan blocking access to files26th July 2010, 2:33 am

ComboFix 10-07-24.04 - Leanne 26/07/2010 3:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.981 [GMT 1:00]
Running from: c:\users\Leanne\Desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Lauren\AppData\Local\{06A8E4CA-7645-48EB-80C9-D74EBD07DC23}
c:\users\Lauren\AppData\Local\{06A8E4CA-7645-48EB-80C9-D74EBD07DC23}\chrome.manifest
c:\users\Lauren\AppData\Local\{06A8E4CA-7645-48EB-80C9-D74EBD07DC23}\chrome\content\_cfg.js
c:\users\Lauren\AppData\Local\{06A8E4CA-7645-48EB-80C9-D74EBD07DC23}\chrome\content\overlay.xul
c:\users\Lauren\AppData\Local\{06A8E4CA-7645-48EB-80C9-D74EBD07DC23}\install.rdf
c:\users\Lauren\AppData\Local\uinsec.dll
c:\users\Leanne\BlackBerryMediaSync.exe
c:\users\Leanne\BurgerShop2Setup.exe
c:\users\Leanne\wrar380.exe

.
((((((((((((((((((((((((( Files Created from 2010-06-26 to 2010-07-26 )))))))))))))))))))))))))))))))
.

2010-07-26 02:26 . 2010-07-26 02:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-26 02:26 . 2010-07-26 02:26 -------- d-----w- c:\users\xLaurenx\AppData\Local\temp
2010-07-26 02:26 . 2010-07-26 02:26 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Local\temp
2010-07-26 02:26 . 2010-07-26 02:26 -------- d-----w- c:\users\Lauren\AppData\Local\temp
2010-07-26 02:26 . 2010-07-26 02:26 -------- d-----w- c:\users\Blossom\AppData\Local\temp
2010-07-26 02:07 . 2010-07-26 02:12 -------- d-----w- C:\commy
2010-07-23 10:41 . 2010-07-23 10:41 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Local\Apple
2010-07-22 09:43 . 2010-07-22 09:43 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Local\SupportSoft
2010-07-22 02:11 . 2010-07-22 02:11 -------- d-----w- c:\program files\iPod
2010-07-22 02:06 . 2010-07-22 02:06 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-21 16:01 . 2010-07-21 16:01 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Roaming\Research In Motion
2010-07-21 15:11 . 2010-07-23 19:38 -------- d-----w- c:\users\xlaurenx.Leanne-PC\Tracing
2010-07-21 14:38 . 2010-07-21 14:38 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Local\Adobe
2010-07-21 14:33 . 2010-07-21 14:33 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Local\Mozilla
2010-07-21 14:31 . 2010-07-21 14:31 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Local\Stardock_Corporation
2010-07-21 14:31 . 2010-07-21 14:31 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Roaming\Apple Computer
2010-07-21 14:09 . 2010-07-21 14:09 -------- d-----w- c:\users\Lauren\AppData\Roaming\Apple Computer
2010-07-21 14:09 . 2010-07-21 14:09 2811 ----a-w- c:\users\Lauren\AppData\Local\opariwedokezez.dll
2010-07-21 14:09 . 2010-07-21 14:09 -------- d-----w- c:\users\Lauren\AppData\Local\Apple Computer
2010-07-21 14:08 . 2010-07-21 14:08 -------- d-----w- c:\users\Lauren\AppData\Local\MediaDirect
2010-07-21 14:08 . 2010-07-21 14:08 -------- d-----w- c:\users\Lauren\AppData\Roaming\Dell
2010-07-21 14:08 . 2010-07-21 14:08 86192 ----a-w- c:\users\Lauren\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-21 14:07 . 2010-07-21 14:07 -------- d-----w- c:\users\Lauren\AppData\Local\VirtualStore
2010-07-20 23:30 . 2010-07-20 23:30 -------- d-----w- C:\found.000
2010-07-20 19:56 . 2010-07-20 20:20 -------- d-----w- c:\users\xLaurenx\Tracing
2010-07-20 19:55 . 2010-07-20 19:55 -------- d-----w- c:\users\xLaurenx\AppData\Local\Mozilla
2010-07-20 19:49 . 2010-07-20 19:49 -------- d-----w- c:\users\xLaurenx\AppData\Roaming\Apple Computer
2010-07-20 19:49 . 2010-07-20 19:49 -------- d-----w- c:\users\xLaurenx\AppData\Local\Apple Computer
2010-07-20 19:49 . 2010-07-20 19:49 680 ----a-w- c:\users\xLaurenx\AppData\Local\d3d9caps.dat
2010-07-20 19:49 . 2010-07-20 19:49 -------- d-----w- c:\users\xLaurenx\AppData\Local\MediaDirect
2010-07-18 20:47 . 2010-07-18 20:47 2811 ----a-w- c:\users\Lauren\AppData\Local\acoqutoqihoj.dll
2010-07-18 20:37 . 2010-07-21 07:41 -------- d-----w- c:\users\Lauren\AppData\Local\{FF5AE24C-709A-4740-8D6D-E6AFCB350EFE}
2010-07-18 20:36 . 2010-07-24 01:26 -------- d-----w- c:\users\Lauren\AppData\Local\tbydftowq
2010-07-15 12:52 . 2010-07-16 17:02 -------- d-----w- c:\windows\system32\MpEngineStore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 02:25 . 2009-03-26 00:50 -------- d-----w- c:\users\Leanne\AppData\Roaming\DNA
2010-07-22 02:12 . 2010-06-22 00:54 -------- d-----w- c:\program files\iTunes
2010-07-22 02:11 . 2008-08-29 17:17 -------- d-----w- c:\program files\Common Files\Apple
2010-07-22 00:25 . 2010-02-22 17:41 -------- d-----w- c:\program files\T-Mobile Mobile Broadband Manager
2010-07-22 00:25 . 2010-02-17 18:03 -------- d-----w- c:\programdata\McAfee Security Scan
2010-07-21 14:30 . 2010-07-21 14:30 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Roaming\Dell
2010-07-21 14:30 . 2010-07-21 14:30 86192 ----a-w- c:\users\xlaurenx.Leanne-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-21 07:40 . 2009-07-06 19:06 -------- d-----w- c:\users\Lauren\AppData\Roaming\Zylom
2010-07-20 19:48 . 2010-07-20 19:48 -------- d-----w- c:\users\xLaurenx\AppData\Roaming\Dell
2010-07-20 19:48 . 2010-07-20 19:48 86192 ----a-w- c:\users\xLaurenx\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-15 12:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-26 10:30 . 2009-01-20 22:20 -------- d-----w- c:\program files\Microsoft.NET
2010-06-22 00:47 . 2010-06-22 00:47 -------- d-----w- c:\program files\Bonjour
2010-06-20 14:02 . 2009-03-30 02:03 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-20 14:02 . 2010-07-21 14:30 53632 ----a-w- c:\users\xlaurenx.Leanne-PC\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 14:02 . 2010-06-21 15:57 53632 ----a-w- c:\users\Leanne\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 14:02 . 2010-06-20 14:06 53632 ----a-w- c:\users\Lauren\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 14:02 . 2009-09-14 00:52 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-19 16:22 . 2010-04-07 12:22 -------- d-----w- c:\program files\Electronic Arts
2010-06-19 16:22 . 2008-08-23 16:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-11 12:12 . 2009-01-20 22:17 -------- d-----w- c:\programdata\Microsoft Help
2010-06-08 23:07 . 2010-06-08 23:07 -------- d-----w- c:\program files\TweetDeck
2010-06-06 23:23 . 2010-06-06 23:23 -------- d-----w- c:\users\Blossom\AppData\Roaming\Template
2010-06-06 23:23 . 2010-06-06 23:23 0 ----a-w- c:\users\Blossom\AppData\Roaming\wklnhst.dat
2010-05-26 17:06 . 2010-06-10 10:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 10:57 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 13:14 . 2009-10-02 20:47 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-04 05:59 . 2010-06-10 10:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 10:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 10:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 10:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-02 12:18 . 2008-08-30 15:10 14638 ----a-w- c:\users\Leanne\AppData\Roaming\wklnhst.dat
2010-05-01 14:13 . 2010-06-10 10:59 2037248 ----a-w- c:\windows\system32\win32k.sys
2008-08-24 01:05 . 2008-08-24 01:04 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\Leanne\Program Files\DNA\btdna.exe" [2009-11-13 323392]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"UIExec"="c:\program files\T-Mobile Mobile Broadband Manager\UIExec.exe" [2009-07-16 132608]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]

c:\users\Blossom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

c:\users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

c:\users\xlaurenx.Leanne-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

c:\users\Leanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-23 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-23 16:44 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3e,8b,ce,88,d8,ad,ca,01

R1 ynlnrufm;ynlnrufm;c:\windows\system32\drivers\ynlnrufm.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 UI Assistant Service;UI Assistant Service;c:\program files\T-Mobile Mobile Broadband Manager\AssistantServices.exe [2009-07-16 241664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-05-22 9728]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-29 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-20 108552]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-29 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-29 297752]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]

--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad
*Deregistered* - fpcpcmqz

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 10:09]

2010-07-26 c:\windows\Tasks\User_Feed_Synchronization-{57BA683B-D8D8-4449-89EA-F1DD230642DB}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Leanne\AppData\Roaming\Mozilla\Firefox\Profiles\n8hw104q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\users\Leanne\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-ewrgetuj - c:\users\Lauren\AppData\Local\Temp\geurge.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-26 03:27
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
Completion time: 2010-07-26 03:31:16
ComboFix-quarantined-files.txt 2010-07-26 02:30

Pre-Run: 99,075,276,800 bytes free
Post-Run: 99,343,380,480 bytes free

- - End Of File - - A222776732B318F3D735D0918DD5AB35

Re: Antivirus trojan blocking access to files26th July 2010, 5:08 am

Hi,

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

Killall::

File::
c:\users\Lauren\AppData\Local\opariwedokezez.dll
c:\users\Lauren\AppData\Local\acoqutoqihoj.dll
c:\windows\system32\drivers\ynlnrufm.sys

Folder::
c:\users\Lauren\AppData\Local\{FF5AE24C-709A-4740-8D6D-E6AFCB350EFE}
c:\users\Lauren\AppData\Local\tbydftowq

Driver::
ynlnrufm

Reboot::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

............................................................................................
I'm livin' life in the fast lane.

Re: Antivirus trojan blocking access to files13th August 2010, 10:20 pm

ComboFix 10-08-12.03 - Leanne 13/08/2010 22:49:40.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.967 [GMT 1:00]
Running from: c:\users\Leanne\Desktop\ComboFix.exe
Command switches used :: c:\users\Leanne\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Lauren\AppData\Local\acoqutoqihoj.dll"
"c:\users\Lauren\AppData\Local\opariwedokezez.dll"
"c:\windows\system32\drivers\ynlnrufm.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Lauren\AppData\Local\{FF5AE24C-709A-4740-8D6D-E6AFCB350EFE}
c:\users\Lauren\AppData\Local\{FF5AE24C-709A-4740-8D6D-E6AFCB350EFE}\chrome.manifest
c:\users\Lauren\AppData\Local\{FF5AE24C-709A-4740-8D6D-E6AFCB350EFE}\chrome\content\_cfg.js
c:\users\Lauren\AppData\Local\acoqutoqihoj.dll
c:\users\Lauren\AppData\Local\opariwedokezez.dll
c:\users\Lauren\AppData\Local\tbydftowq

.
((((((((((((((((((((((((( Files Created from 2010-07-13 to 2010-08-13 )))))))))))))))))))))))))))))))
.

2010-08-13 22:01 . 2010-08-13 22:01 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-08-13 22:01 . 2010-08-13 22:01 -------- d-----w- c:\users\TEMP.Leanne-PC\AppData\Local\temp
2010-08-13 22:01 . 2010-08-13 22:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-13 22:01 . 2010-08-13 22:06 -------- d-----w- c:\users\Leanne\AppData\Local\temp
2010-08-13 22:01 . 2010-08-13 22:01 -------- d-----w- c:\users\xLaurenx\AppData\Local\temp
2010-08-13 22:01 . 2010-08-13 22:01 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Local\temp
2010-08-13 22:01 . 2010-08-13 22:01 -------- d-----w- c:\users\Lauren\AppData\Local\temp
2010-08-13 22:01 . 2010-08-13 22:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-13 22:01 . 2010-08-13 22:01 -------- d-----w- c:\users\Blossom\AppData\Local\temp
2010-08-13 21:41 . 2010-08-13 21:44 -------- d-----w- C:\32788R22FWJFW
2010-08-13 21:26 . 2010-08-13 21:27 -------- d-----w- C:\commy14023c
2010-08-11 23:26 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-11 23:26 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-11 23:26 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-04 00:07 . 2010-08-04 00:09 -------- d-----w- c:\users\TEMP.Leanne-PC.000
2010-07-26 20:01 . 2010-07-26 20:01 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Local\Powercinema
2010-07-26 20:00 . 2010-07-26 20:01 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Roaming\CyberLink
2010-07-26 02:07 . 2010-07-26 02:12 -------- d-----w- C:\commy
2010-07-23 10:41 . 2010-07-23 10:41 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Local\Apple
2010-07-22 09:43 . 2010-07-22 09:43 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Local\SupportSoft
2010-07-22 02:11 . 2010-07-22 02:11 -------- d-----w- c:\program files\iPod
2010-07-21 16:01 . 2010-07-21 16:01 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Roaming\Research In Motion
2010-07-21 15:11 . 2010-08-13 21:03 -------- d-----w- c:\users\xlaurenx.Leanne-PC\Tracing
2010-07-21 14:38 . 2010-07-29 15:15 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Local\Adobe
2010-07-21 14:33 . 2010-07-21 14:33 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Local\Mozilla
2010-07-21 14:31 . 2010-07-21 14:31 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Local\Stardock_Corporation
2010-07-21 14:31 . 2010-07-21 14:31 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Roaming\Apple Computer
2010-07-21 14:09 . 2010-07-21 14:09 -------- d-----w- c:\users\Lauren\AppData\Roaming\Apple Computer
2010-07-21 14:09 . 2010-07-21 14:09 -------- d-----w- c:\users\Lauren\AppData\Local\Apple Computer
2010-07-21 14:08 . 2010-07-21 14:08 -------- d-----w- c:\users\Lauren\AppData\Local\MediaDirect
2010-07-21 14:08 . 2010-07-21 14:08 -------- d-----w- c:\users\Lauren\AppData\Roaming\Dell
2010-07-21 14:08 . 2010-07-21 14:08 86192 ----a-w- c:\users\Lauren\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-21 14:07 . 2010-07-21 14:07 -------- d-----w- c:\users\Lauren\AppData\Local\VirtualStore
2010-07-20 23:30 . 2010-07-20 23:30 -------- d-----w- C:\found.000
2010-07-20 19:56 . 2010-07-20 20:20 -------- d-----w- c:\users\xLaurenx\Tracing
2010-07-20 19:55 . 2010-07-20 19:55 -------- d-----w- c:\users\xLaurenx\AppData\Local\Mozilla
2010-07-20 19:49 . 2010-07-20 19:49 -------- d-----w- c:\users\xLaurenx\AppData\Roaming\Apple Computer
2010-07-20 19:49 . 2010-07-20 19:49 -------- d-----w- c:\users\xLaurenx\AppData\Local\Apple Computer
2010-07-20 19:49 . 2010-07-20 19:49 680 ----a-w- c:\users\xLaurenx\AppData\Local\d3d9caps.dat
2010-07-20 19:49 . 2010-07-20 19:49 -------- d-----w- c:\users\xLaurenx\AppData\Local\MediaDirect
2010-07-15 12:52 . 2010-08-13 14:22 -------- d-----w- c:\windows\system32\MpEngineStore

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-13 22:08 . 2009-03-26 00:50 -------- d-----w- c:\users\Leanne\AppData\Roaming\DNA
2010-08-12 11:23 . 2008-08-23 16:43 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 11:06 . 2009-01-20 22:17 -------- d-----w- c:\programdata\Microsoft Help
2010-08-12 11:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-22 02:12 . 2010-06-22 00:54 -------- d-----w- c:\program files\iTunes
2010-07-22 02:11 . 2008-08-29 17:17 -------- d-----w- c:\program files\Common Files\Apple
2010-07-22 00:25 . 2010-02-22 17:41 -------- d-----w- c:\program files\T-Mobile Mobile Broadband Manager
2010-07-22 00:25 . 2010-02-17 18:03 -------- d-----w- c:\programdata\McAfee Security Scan
2010-07-21 14:30 . 2010-07-21 14:30 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Roaming\Dell
2010-07-21 14:30 . 2010-07-21 14:30 86192 ----a-w- c:\users\xlaurenx.Leanne-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-21 07:40 . 2009-07-06 19:06 -------- d-----w- c:\users\Lauren\AppData\Roaming\Zylom
2010-07-20 19:48 . 2010-07-20 19:48 -------- d-----w- c:\users\xLaurenx\AppData\Roaming\Dell
2010-07-20 19:48 . 2010-07-20 19:48 86192 ----a-w- c:\users\xLaurenx\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-26 10:30 . 2009-01-20 22:20 -------- d-----w- c:\program files\Microsoft.NET
2010-06-26 06:05 . 2010-08-11 23:27 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 23:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 23:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 23:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-22 00:47 . 2010-06-22 00:47 -------- d-----w- c:\program files\Bonjour
2010-06-21 13:37 . 2010-08-11 23:27 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-20 14:02 . 2009-03-30 02:03 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-19 16:22 . 2010-04-07 12:22 -------- d-----w- c:\program files\Electronic Arts
2010-06-19 16:22 . 2008-08-23 16:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-18 17:31 . 2010-08-11 23:27 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-11 16:16 . 2010-08-11 23:27 274944 ----a-w- c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-11 23:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-06-08 17:35 . 2010-08-11 23:27 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-11 23:27 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-06 23:23 . 2010-06-06 23:23 0 ----a-w- c:\users\Blossom\AppData\Roaming\wklnhst.dat
2010-05-27 20:08 . 2010-08-11 23:27 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-10 10:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 10:57 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 13:14 . 2009-10-02 20:47 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-08-24 01:05 . 2008-08-24 01:04 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\users\Leanne\Program Files\DNA\btdna.exe" [2009-11-13 323392]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-09 2048352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"VX3000"="c:\windows\vVX3000.exe" [2008-08-04 721936]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"UIExec"="c:\program files\T-Mobile Mobile Broadband Manager\UIExec.exe" [2009-07-16 132608]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]

c:\users\Blossom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

c:\users\xlaurenx.Leanne-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

c:\users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

c:\users\Leanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-23 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-23 16:44 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3e,8b,ce,88,d8,ad,ca,01

R1 pvmbhuae;pvmbhuae;c:\windows\system32\drivers\pvmbhuae.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-05-22 9728]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-29 335240]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-20 108552]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-29 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-29 297752]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
S2 UI Assistant Service;UI Assistant Service;c:\program files\T-Mobile Mobile Broadband Manager\AssistantServices.exe [2009-07-16 241664]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]

--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad
*Deregistered* - fpcpcmqz

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-08-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 10:09]

2010-08-13 c:\windows\Tasks\User_Feed_Synchronization-{57BA683B-D8D8-4449-89EA-F1DD230642DB}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Leanne\AppData\Roaming\Mozilla\Firefox\Profiles\n8hw104q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\users\Leanne\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-08-13 23:17:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-13 22:17
ComboFix2.txt 2010-07-26 02:31

Pre-Run: 81,179,758,592 bytes free
Post-Run: 81,238,765,568 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7,30
- - End Of File - - 4B17394E757749DF31F212DEFA1F5B9D

Re: Antivirus trojan blocking access to files13th August 2010, 10:27 pm

Btw after I done the removal, whenever I try to open IE or Firefox, I get a message saying 'Illegal operation attempted on a registry key that has been marked for deletion'

What does this mean? I can't open the programs unless I click 'run as administrator'

Re: Antivirus trojan blocking access to files13th August 2010, 11:15 pm

Hi.

Rebooting should fix that problem.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
pvmbhuae

Reboot::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

............................................................................................
I'm livin' life in the fast lane.

Re: Antivirus trojan blocking access to files14th September 2010, 11:04 pm

ComboFix 10-09-14.01 - Leanne 14/09/2010 22:57:48.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.904 [GMT 1:00]
Running from: c:\users\Leanne\Downloads\ComboFix.exe
Command switches used :: c:\users\Leanne\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Leanne\Setup.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_pvmbhuae

((((((((((((((((((((((((( Files Created from 2010-08-14 to 2010-09-14 )))))))))))))))))))))))))))))))
.

2010-09-14 22:08 . 2010-09-14 22:12 -------- d-----w- c:\users\Leanne\AppData\Local\temp
2010-09-14 22:08 . 2010-09-14 22:08 -------- d-----w- c:\users\xLaurenx\AppData\Local\temp
2010-09-14 22:08 . 2010-09-14 22:08 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Local\temp
2010-09-14 22:08 . 2010-09-14 22:08 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2010-09-14 22:08 . 2010-09-14 22:08 -------- d-----w- c:\users\TEMP.Leanne-PC\AppData\Local\temp
2010-09-14 22:08 . 2010-09-14 22:08 -------- d-----w- c:\users\TEMP.Leanne-PC.000\AppData\Local\temp
2010-09-14 22:08 . 2010-09-14 22:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-14 22:08 . 2010-09-14 22:08 -------- d-----w- c:\users\Lauren\AppData\Local\temp
2010-09-14 22:08 . 2010-09-14 22:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-14 22:08 . 2010-09-14 22:08 -------- d-----w- c:\users\Blossom\AppData\Local\temp
2010-09-14 00:19 . 2010-09-14 00:19 -------- d-----w- C:\found.004
2010-09-13 16:53 . 2010-09-13 16:53 -------- dc-h--w- c:\programdata\{7322D736-AA5F-4DD0-8E33-EA48318CC276}
2010-09-13 16:52 . 2010-09-13 16:52 -------- d-----w- c:\users\Leanne\AppData\Local\PackageAware
2010-09-13 10:10 . 2010-09-13 10:10 -------- d-----w- C:\found.003
2010-09-13 00:43 . 2010-09-13 00:43 -------- d-----w- C:\found.002
2010-09-12 23:34 . 2010-09-12 23:34 -------- d-----w- c:\users\Blossom\AppData\Local\PackageAware
2010-09-12 16:30 . 2010-09-12 16:30 -------- d-----w- C:\found.001
2010-09-07 11:19 . 2010-09-07 11:19 -------- d-----w- C:\found.000
2010-09-06 01:47 . 2010-09-06 01:47 -------- d-----w- c:\program files\iPod
2010-09-06 01:46 . 2010-09-06 01:47 -------- d-----w- c:\program files\iTunes
2010-09-06 01:42 . 2010-09-06 01:43 -------- d-----w- c:\program files\QuickTime
2010-09-03 17:42 . 2010-09-03 17:42 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-09-03 13:44 . 2010-09-03 13:44 -------- d-----w- c:\program files\TabletPlugins
2010-09-01 19:30 . 2010-09-12 14:22 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Local\Panda3D
2010-08-27 17:44 . 2010-08-27 17:44 -------- d-----w- c:\users\Blossom\AppData\Local\Apple
2010-08-22 13:21 . 2010-08-22 13:21 680 ----a-w- c:\users\xlaurenx.Leanne-PC\AppData\Local\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 00:12 . 2010-02-22 17:41 -------- d-----w- c:\program files\T-Mobile Mobile Broadband Manager
2010-09-15 00:12 . 2010-02-17 18:03 -------- d-----w- c:\programdata\McAfee Security Scan
2010-09-14 22:13 . 2009-03-26 00:50 -------- d-----w- c:\users\Leanne\AppData\Roaming\DNA
2010-09-13 16:53 . 2008-08-23 16:31 -------- d-----w- c:\program files\Dell
2010-09-06 01:46 . 2008-08-29 17:17 -------- d-----w- c:\program files\Common Files\Apple
2010-09-06 01:33 . 2010-09-06 01:33 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-01 13:00 . 2010-07-21 14:31 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Roaming\Apple Computer
2010-08-22 01:19 . 2009-03-30 02:03 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-22 01:18 . 2009-09-14 00:52 53632 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-12 11:23 . 2008-08-23 16:43 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 11:06 . 2009-01-20 22:17 -------- d-----w- c:\programdata\Microsoft Help
2010-07-26 20:01 . 2010-07-26 20:00 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Roaming\CyberLink
2010-07-21 16:01 . 2010-07-21 16:01 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Roaming\Research In Motion
2010-07-21 14:30 . 2010-07-21 14:30 -------- d-----w- c:\users\xlaurenx.Leanne-PC\AppData\Roaming\Dell
2010-07-21 14:30 . 2010-07-21 14:30 86192 ----a-w- c:\users\xlaurenx.Leanne-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-21 14:09 . 2010-07-21 14:09 -------- d-----w- c:\users\Lauren\AppData\Roaming\Apple Computer
2010-07-21 14:08 . 2010-07-21 14:08 -------- d-----w- c:\users\Lauren\AppData\Roaming\Dell
2010-07-21 14:08 . 2010-07-21 14:08 86192 ----a-w- c:\users\Lauren\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-21 07:40 . 2009-07-06 19:06 -------- d-----w- c:\users\Lauren\AppData\Roaming\Zylom
2010-07-20 19:49 . 2010-07-20 19:49 -------- d-----w- c:\users\xLaurenx\AppData\Roaming\Apple Computer
2010-07-20 19:49 . 2010-07-20 19:49 680 ----a-w- c:\users\xLaurenx\AppData\Local\d3d9caps.dat
2010-07-20 19:48 . 2010-07-20 19:48 -------- d-----w- c:\users\xLaurenx\AppData\Roaming\Dell
2010-07-20 19:48 . 2010-07-20 19:48 86192 ----a-w- c:\users\xLaurenx\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-26 06:05 . 2010-08-11 23:27 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 23:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 23:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 23:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-11 23:27 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-20 14:02 . 2010-07-21 14:30 53632 ----a-w- c:\users\xlaurenx.Leanne-PC\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 14:02 . 2010-06-21 15:57 53632 ----a-w- c:\users\Leanne\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-20 14:02 . 2010-06-20 14:06 53632 ----a-w- c:\users\Lauren\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-18 17:31 . 2010-08-11 23:27 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-11 23:26 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-11 23:26 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-18 13:42 . 2010-09-01 19:29 229376 ----a-w- c:\users\xlaurenx.Leanne-PC\AppData\Roaming\Mozilla\Firefox\Profiles\tvm12e1c.default\extensions\runtime@panda3d.org\platform\WINNT_x86-msvc\plugins\nppanda3d.dll
2008-08-24 01:05 . 2008-08-24 01:04 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\aestsrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Dell\DellDock\DellDock.exe
c:\windows\system32\STacSV.exe
c:\program files\T-Mobile Mobile Broadband Manager\AssistantServices.exe
c:\progra~1\AVG\AVG8\avgemc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Windows Defender\MSASCui.exe
c:\program files\DellTPad\Apoint.exe
c:\windows\System32\hkcmd.exe
c:\windows\System32\igfxpers.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
c:\windows\System32\WLTRAY.EXE
c:\program files\Dell\MediaDirect\PCMService.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\vVX3000.exe
c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\T-Mobile Mobile Broadband Manager\UIExec.exe
c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
c:\program files\iTunes\iTunesHelper.exe
c:\users\Leanne\Program Files\DNA\btdna.exe
c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-14 23:19:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-14 22:18
ComboFix2.txt 2010-08-13 22:17
ComboFix3.txt 2010-07-26 02:31

Pre-Run: 97,398,304,768 bytes free
Post-Run: 97,304,625,152 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7,30

Re: Antivirus trojan blocking access to files16th September 2010, 1:26 am

Hey just to let you know I had to reinstall windows vista. Due to this the system is cleaned of the virus. My laptop crashed and had corrupted files which wouldn't repair. Thanks for the help though!

Re: Antivirus trojan blocking access to files16th September 2010, 4:42 am

Sorry to hear that, you're welcome for the help.

............................................................................................
I'm livin' life in the fast lane.

Antivirus trojan blocking access to files

descriptionAntivirus trojan blocking access to files20th July 2010, 11:01 pm

descriptionRe: Antivirus trojan blocking access to files20th July 2010, 11:05 pm

descriptionRe: Antivirus trojan blocking access to files22nd July 2010, 12:05 am

descriptionRe: Antivirus trojan blocking access to files22nd July 2010, 12:09 am

descriptionRe: Antivirus trojan blocking access to files22nd July 2010, 8:53 pm

descriptionRe: Antivirus trojan blocking access to files22nd July 2010, 8:53 pm

descriptionRe: Antivirus trojan blocking access to files22nd July 2010, 8:54 pm

descriptionRe: Antivirus trojan blocking access to files22nd July 2010, 9:13 pm

descriptionRe: Antivirus trojan blocking access to files26th July 2010, 2:33 am

descriptionRe: Antivirus trojan blocking access to files26th July 2010, 5:08 am

descriptionRe: Antivirus trojan blocking access to files13th August 2010, 10:20 pm

descriptionRe: Antivirus trojan blocking access to files13th August 2010, 10:27 pm

descriptionRe: Antivirus trojan blocking access to files13th August 2010, 11:15 pm

descriptionRe: Antivirus trojan blocking access to files14th September 2010, 11:04 pm

descriptionRe: Antivirus trojan blocking access to files16th September 2010, 1:26 am

descriptionRe: Antivirus trojan blocking access to files16th September 2010, 4:42 am

descriptionRe: Antivirus trojan blocking access to files