quick qestion vbs/generic infected laptop

3 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

quick qestion vbs/generic infected laptop5th April 2011, 12:50 am

Hi
Im new and not great with pc but ok to follow directions. My sons laptop has vbs/generic virus. I have read the post on "read this before you post"
and will run all the checks you ask for before posting for advice on what to do with the laptop. My question is this :
A) We have wireless router with another laptop and a home pc in the house. If I make sure that none of the other pc are switched on will it be ok to connect my sons laptop to the internet eg will the virus effect the other pc.
B) used a usb stick to download an Avg viruis removal tool from this pc plugged in to sons laptop and let it run its scan. Is this usb stick safe to reuse eg connect back to this pc to down load anything else his laptop might need
Hope this make sense
thank you
fruitree

Re: quick qestion vbs/generic infected laptop5th April 2011, 2:18 am

Hi, welcome to GeekPolice.net!

It should be safe for your son's laptop to be connected to the router, but the USB stick is probably not safe.

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr

thank you olt.notepad copy5th April 2011, 7:48 am

OTL logfile created on: 05/04/2011 08:27:43 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\cherry\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 155.26 Gb Free Space | 69.60% Space Free | Partition Type: NTFS
Drive D: | 10.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 9.77 Gb Total Space | 3.60 Gb Free Space | 36.87% Space Free | Partition Type: NTFS

Computer Name: HAYDNPC | User Name: haydn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/05 08:22:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\cherry\Downloads\OTL.exe
PRC - [2011/01/07 02:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 02:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 02:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 16:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 17:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 17:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 05:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/11 16:43:06 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/07/23 14:19:26 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe
PRC - [2010/06/09 13:49:50 | 002,960,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2010/04/05 17:46:08 | 000,288,040 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2010/03/23 14:22:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2010/02/26 03:03:00 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2010/02/17 16:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/09/23 13:34:04 | 000,073,728 | ---- | M] (Tablet Driver) -- C:\Windows\System32\drivers\WTSrv.exe
PRC - [2009/08/19 17:24:22 | 000,032,768 | ---- | M] (Tablet Driver) -- C:\Windows\System32\WTClient.exe
PRC - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\AEstSrv.exe
PRC - [2009/01/31 23:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/09/24 05:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/05/23 21:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/08 00:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/08 00:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

========== Modules (SafeList) ==========

MOD - [2011/04/05 08:22:55 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\cherry\Downloads\OTL.exe
MOD - [2010/11/20 12:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/01/06 16:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/25 10:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/22 05:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/11 16:43:06 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/07/23 14:19:26 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010/05/22 20:59:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/23 13:34:04 | 000,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/23 01:14:08 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/09/24 05:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/05/08 00:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

========== Driver Services (SafeList) ==========

DRV - [2011/01/19 18:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/12/08 05:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/18 01:36:02 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2010/11/12 14:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 16:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 04:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 04:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/04/15 14:36:40 | 000,252,536 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/02/26 03:03:00 | 000,423,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009/06/22 10:58:46 | 000,019,624 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2009/06/22 10:58:36 | 000,023,208 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2009/06/22 10:58:22 | 000,014,504 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2009/06/22 10:58:06 | 000,023,208 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2009/05/20 10:10:00 | 000,314,368 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/05/08 17:14:14 | 000,165,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2008/11/20 11:19:34 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2007/08/08 11:07:42 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/06/25 10:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 10:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/02/08 14:45:14 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsiarhwprog.sys -- (dsiarhwprog)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{B28031FC-6CD8-4E8D-A8B4-A35EABDA717C}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2081223
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{B28031FC-6CD8-4E8D-A8B4-A35EABDA717C}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\HyperCam Toolbar\tbhelper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.watchtower.org"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: avg@igeared:6.011.025.001
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4ae60ae2&v=6.011.025.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/27 17:30:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/02/23 20:36:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/03/30 11:34:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/18 21:35:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/23 20:26:21 | 000,000,000 | ---D | M]

[2010/04/21 20:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\haydn\AppData\Roaming\mozilla\Extensions
[2011/02/23 20:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\haydn\AppData\Roaming\mozilla\Firefox\Profiles\pgq52bo3.default\extensions
[2010/04/21 20:25:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\haydn\AppData\Roaming\mozilla\Firefox\Profiles\pgq52bo3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/04 13:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/27 17:30:23 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/02/23 20:36:37 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="6.011.025.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2010/03/06 16:13:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/06 16:13:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/06 16:13:00 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/06 16:13:00 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\HyperCam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] File not found
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WTClient] C:\Windows\System32\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [EA Core] File not found
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Users\haydn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\haydn\Downloads\Legend-of-Spyro-Dragon-wallpaper-1617.jpg
O24 - Desktop BackupWallPaper: C:\Users\haydn\Downloads\Legend-of-Spyro-Dragon-wallpaper-1617.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/07/20 17:36:23 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3fb96062-61c6-11df-8242-0023ae0736a0}\Shell - "" = AutoRun
O33 - MountPoints2\{3fb96062-61c6-11df-8242-0023ae0736a0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk - C:\Program Files\3\3Connect\AutoUpdateSrv.exe - (Birdstep Technology)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - File not found
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.pspgru - C:\Windows\System32\PSPGRU.acm (Philips Austria GmbH - Speech Processing)
Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/26 13:44:09 | 000,029,184 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\System32\drivers\dsiarhwprog.sys
[2011/03/26 13:30:44 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/03/26 13:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay DSi Code Manager
[2011/03/26 13:29:50 | 000,000,000 | ---D | C] -- C:\Users\haydn\Documents\Datel
[2011/03/26 13:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Datel
[2011/03/12 22:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/12 21:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/09 20:04:26 | 001,076,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/03/09 20:04:26 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/03/09 20:04:26 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2011/03/09 20:04:25 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/09 20:04:25 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/09 20:04:25 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/08 13:00:48 | 000,000,000 | ---D | C] -- C:\Users\haydn\Documents\HyperCam3
[2011/03/08 13:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HyperCam 3
[2011/03/08 13:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Solveig Multimedia
[2011/03/08 13:00:18 | 000,000,000 | ---D | C] -- C:\Program Files\HyperCam 3
[2011/03/06 15:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell
[2011/03/06 15:10:40 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01009.dll
[2011/03/06 15:10:40 | 000,109,122 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\Vxdif.dll
[2011/03/06 15:10:39 | 000,252,536 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys
[2011/03/06 15:09:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\sda
[2011/03/06 15:08:52 | 000,165,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RtsUStor.sys
[2011/03/06 15:08:44 | 007,360,512 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSUSTORicon.dll
[2011/03/06 15:08:44 | 000,266,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtsUStor.dll
[2011/03/06 15:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/03/06 14:46:55 | 000,527,360 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2011/03/06 14:46:08 | 000,380,928 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestecap.dll
[2011/03/06 14:46:07 | 003,350,528 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stlang.dll
[2011/03/06 14:46:07 | 000,536,576 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtmini1.exe
[2011/03/06 14:46:07 | 000,139,776 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestacap.dll
[2011/03/06 14:46:07 | 000,061,440 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\aestaren.dll
[2011/03/06 14:46:07 | 000,047,104 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\System32\ctppld.dll
[2011/03/06 14:46:06 | 012,460,124 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtcpl.cpl
[2011/03/06 14:46:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\SRSLabs
[2011/03/06 14:45:06 | 000,175,616 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\st326272.dll
[2011/03/06 13:56:36 | 000,000,000 | ---D | C] -- C:\Users\haydn\AppData\Roaming\FLEXnet
[2011/03/06 13:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 11.0
[2011/03/06 13:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\IVA
[2011/03/06 13:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nuance
[2011/03/06 13:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/03/06 13:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2011/03/06 13:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/05 08:29:00 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/04/05 08:26:10 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 08:26:10 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/05 08:21:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/04/05 08:17:14 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/05 08:16:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/05 08:16:10 | 2386,317,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/05 00:52:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1100422681-3828125871-3690094947-1000UA.job
[2011/04/05 00:48:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/05 00:41:15 | 000,632,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/05 00:41:15 | 000,112,556 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/05 00:38:07 | 111,675,174 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/04/02 15:20:21 | 000,204,961 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjg.avm
[2011/03/31 13:52:00 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1100422681-3828125871-3690094947-1000Core.job
[2011/03/30 11:34:39 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/03/26 13:29:52 | 000,001,198 | ---- | M] () -- C:\Users\haydn\Desktop\Action Replay DSi Code Manager.lnk
[2011/03/15 19:00:36 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2011/03/13 09:46:36 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/08 13:00:23 | 000,001,007 | ---- | M] () -- C:\Users\haydn\Desktop\HyperCam 3.lnk
[2011/03/07 14:52:23 | 000,003,342 | ---- | M] () -- C:\Windows\Tablet5500x4000M.ini
[2011/03/06 15:10:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2011/03/06 13:53:04 | 000,002,787 | ---- | M] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/26 13:29:52 | 000,001,198 | ---- | C] () -- C:\Users\haydn\Desktop\Action Replay DSi Code Manager.lnk
[2011/03/12 22:00:11 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/08 13:00:23 | 000,001,007 | ---- | C] () -- C:\Users\haydn\Desktop\HyperCam 3.lnk
[2011/03/07 14:52:21 | 000,003,342 | ---- | C] () -- C:\Windows\Tablet5500x4000M.ini
[2011/03/06 15:10:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2011/03/06 13:53:04 | 000,002,787 | ---- | C] () -- C:\Users\Public\Desktop\Dragon NaturallySpeaking 11.0.lnk
[2011/01/19 21:10:32 | 000,335,872 | ---- | C] () -- C:\Windows\SetupX32.EXE
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/04/21 20:38:34 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009/09/27 14:28:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 16:16:14 | 000,200,704 | ---- | C] () -- C:\Windows\System32\WinTab32.dll
[2009/09/24 12:35:00 | 000,056,320 | ---- | C] () -- C:\Windows\System32\UCMfg.exe
[2009/08/11 21:19:28 | 000,000,399 | ---- | C] () -- C:\Windows\System32\Remover.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/07/23 13:36:05 | 000,159,584 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,317,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,632,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,112,556 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/05/03 22:31:08 | 000,069,361 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2008/12/23 01:02:27 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/12/23 01:02:27 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/19 07:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/09/13 21:57:44 | 000,212,992 | ---- | C] () -- C:\Windows\System32\HCCall.exe
[2007/04/24 18:31:12 | 000,010,240 | ---- | C] () -- C:\Windows\System32\ucinst32.dll
[2004/05/10 14:33:46 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lhtool.exe

========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/11/20 11:19:52 | 000,055,808 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/07/14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2008/11/20 11:20:50 | 003,563,520 | ---- | M] (Dell Inc.) Unable to obtain MD5 -- C:\Windows\System32\WLTRAY.EXE
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.sys >
[2009/07/13 22:40:41 | 000,009,029 | ---- | M] () -- C:\Windows\System32\ANSI.SYS
[2009/07/14 02:26:21 | 000,249,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys
[2009/07/13 22:40:44 | 000,027,097 | ---- | M] () -- C:\Windows\System32\country.sys
[2009/07/13 22:40:40 | 000,004,768 | ---- | M] () -- C:\Windows\System32\HIMEM.SYS
[2009/07/13 22:40:43 | 000,042,809 | ---- | M] () -- C:\Windows\System32\KEY01.SYS
[2009/07/13 22:40:43 | 000,042,537 | ---- | M] () -- C:\Windows\System32\KEYBOARD.SYS
[2009/07/13 22:40:23 | 000,027,866 | ---- | M] () -- C:\Windows\System32\NTDOS.SYS
[2009/07/13 22:40:31 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS404.SYS
[2009/07/13 22:40:35 | 000,029,370 | ---- | M] () -- C:\Windows\System32\NTDOS411.SYS
[2009/07/13 22:40:39 | 000,029,274 | ---- | M] () -- C:\Windows\System32\NTDOS412.SYS
[2009/07/13 22:40:27 | 000,029,146 | ---- | M] () -- C:\Windows\System32\NTDOS804.SYS
[2009/07/13 22:40:11 | 000,033,952 | ---- | M] () -- C:\Windows\System32\NTIO.SYS
[2009/07/13 22:40:15 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO404.SYS
[2009/07/13 22:40:17 | 000,035,776 | ---- | M] () -- C:\Windows\System32\NTIO411.SYS
[2009/07/13 22:40:19 | 000,035,536 | ---- | M] () -- C:\Windows\System32\NTIO412.SYS
[2009/07/13 22:40:13 | 000,034,672 | ---- | M] () -- C:\Windows\System32\NTIO804.SYS
[2011/01/05 04:51:01 | 002,330,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2009/09/23 13:34:04 | 000,073,728 | ---- | M] (Tablet Driver) -- C:\Windows\System32\drivers\WTSrv.exe
[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]

< %SYSTEMDRIVE%\*.* >
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2010/11/20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010/04/22 05:08:45 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/12/23 02:41:57 | 000,003,282 | RH-- | M] () -- C:\dell.sdr
[2011/04/05 08:16:10 | 2386,317,312 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/11 21:24:40 | 000,304,160 | ---- | M] () -- C:\PA207.DAT
[2011/04/05 08:16:13 | 3181,760,512 | -HS- | M] () -- C:\pagefile.sys
[2011/04/05 00:33:17 | 000,054,761 | ---- | M] () -- C:\rmzbot.log
[2009/07/25 22:30:57 | 000,000,909 | ---- | M] () -- C:\updatedatfix.log

< %PROGRAMFILES%\*. >
[2010/04/21 20:15:37 | 000,000,000 | ---D | M] -- C:\Program Files\3
[2010/05/06 12:30:02 | 000,000,000 | ---D | M] -- C:\Program Files\3ivx
[2010/04/21 20:15:39 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/04/21 20:15:44 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2010/04/21 20:15:44 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/01/19 21:19:45 | 000,000,000 | ---D | M] -- C:\Program Files\Artweaver 0.5
[2010/08/26 16:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/11/30 21:37:02 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/04/21 20:15:56 | 000,000,000 | ---D | M] -- C:\Program Files\BAMZOOKi SR
[2011/03/04 11:53:24 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/04/21 20:15:58 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco
[2010/04/21 20:15:58 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/03/08 13:00:19 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/02/28 23:06:55 | 000,000,000 | ---D | M] -- C:\Program Files\CPUID
[2010/04/21 20:16:29 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2011/03/26 13:29:50 | 000,000,000 | ---D | M] -- C:\Program Files\Datel
[2011/03/06 15:05:40 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2011/02/23 20:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2011/03/06 15:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2011/03/01 00:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Maker
[2011/01/24 21:45:23 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2010/08/26 16:16:03 | 000,000,000 | ---D | M] -- C:\Program Files\FFmpeg for Audacity
[2010/04/21 20:17:10 | 000,000,000 | ---D | M] -- C:\Program Files\FireTrust
[2010/11/25 12:40:45 | 000,000,000 | ---D | M] -- C:\Program Files\Flip Video
[2010/10/01 18:44:48 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/04/21 20:17:16 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/04/21 20:17:17 | 000,000,000 | ---D | M] -- C:\Program Files\Huawei Modems
[2010/04/21 20:17:17 | 000,000,000 | ---D | M] -- C:\Program Files\Huawei technologies
[2011/03/08 13:00:25 | 000,000,000 | ---D | M] -- C:\Program Files\HyperCam 3
[2010/05/04 13:00:41 | 000,000,000 | ---D | M] -- C:\Program Files\HyperCam Toolbar
[2011/03/06 14:48:30 | 000,000,000 | ---D | M] -- C:\Program Files\IDT
[2010/06/27 12:23:04 | 000,000,000 | ---D | M] -- C:\Program Files\Inkscape
[2011/03/06 15:08:52 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/02/04 19:54:52 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/03/01 00:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/03/12 21:59:21 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2011/03/12 22:00:09 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/04/21 20:17:44 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/04/21 20:17:49 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/06 15:18:54 | 000,000,000 | ---D | M] -- C:\Program Files\Marvell
[2010/04/22 09:16:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2010/04/21 20:17:49 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/04/21 20:17:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2010/04/21 20:17:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/03/01 00:05:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/04/22 09:17:25 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/04/22 09:19:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2010/04/21 20:17:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2010/12/15 19:19:39 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2011/01/24 21:44:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2010/09/08 12:05:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2011/03/06 14:55:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2011/03/26 13:30:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2011/03/06 13:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\Nuance
[2011/03/15 19:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\Paint.NET
[2010/12/26 13:15:19 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/03/06 15:08:44 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/07/22 17:29:16 | 000,000,000 | ---D | M] -- C:\Program Files\Roni Music
[2010/04/21 20:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2011/03/04 11:49:18 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2010/04/21 20:18:11 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/07/24 12:09:39 | 000,000,000 | ---D | M] -- C:\Program Files\Smith Micro
[2010/04/21 20:18:11 | 000,000,000 | ---D | M] -- C:\Program Files\Spykee
[2011/01/19 21:11:05 | 000,000,000 | ---D | M] -- C:\Program Files\TABLET
[2010/04/21 20:18:15 | 000,000,000 | ---D | M] -- C:\Program Files\Trust
[2009/07/14 05:53:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/04/21 20:18:15 | 000,000,000 | ---D | M] -- C:\Program Files\Watchtower
[2010/04/21 20:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2010/04/21 20:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2011/03/01 00:03:33 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2011/03/01 00:03:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2010/04/22 09:19:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/04/22 09:16:10 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2011/03/01 00:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2011/03/01 00:03:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/07/14 05:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/12/08 19:08:02 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2011/03/01 00:03:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Viewer
[2011/03/01 00:03:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2011/03/01 00:03:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/04/21 20:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\YouTube Downloader
[2010/02/26 21:09:08 | 000,000,000 | ---D | M] -- C:\Program Files\youtube1
[2010/04/22 11:36:14 | 000,000,000 | ---D | M] -- C:\Program Files\YSFLIGHT.COM

< %appdata%\*.* >

< MD5 for: AGP440.SYS >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_dda2ecda9bf2e50d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: DISK.SYS >
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009/07/14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: IASTOR.SYS >
[2008/05/08 00:40:38 | 000,395,288 | ---- | M] (Intel Corporation) MD5=07FB761600EFF44AF02C35B8B57E5863 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/09/01 11:15:54 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Drivers\storage\R197861\IaStor.sys
[2008/05/08 00:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/05/08 00:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\drivers\iaStor.sys
[2008/05/08 00:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_55ef5f4d4432a543\iaStor.sys
[2008/09/01 11:15:54 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_7d1fabcba616244f\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: USBSTOR.SYS >
[2010/11/20 11:00:04 | 000,076,288 | ---- | M] (Microsoft Corporation) MD5=BF63EBFC6979FEFB2BC03DF7989A0C1A -- C:\Windows\System32\drivers\USBSTOR.SYS
[2010/11/20 11:00:04 | 000,076,288 | ---- | M] (Microsoft Corporation) MD5=BF63EBFC6979FEFB2BC03DF7989A0C1A -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_c77d41a490bdc63d\USBSTOR.SYS
[2010/11/20 11:00:04 | 000,076,288 | ---- | M] (Microsoft Corporation) MD5=BF63EBFC6979FEFB2BC03DF7989A0C1A -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7601.17514_none_4a8db8a1f615344e\USBSTOR.SYS
[2009/07/14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_485ca4d9f926b0b4\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-24 15:59:08

========== Alternate Data Streams ==========

@Alternate Data Stream - 232 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >

olt extras.Txt log5th April 2011, 7:50 am

OTL Extras logfile created on: 05/04/2011 08:27:43 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\cherry\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.08 Gb Total Space | 155.26 Gb Free Space | 69.60% Space Free | Partition Type: NTFS
Drive D: | 10.83 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 9.77 Gb Total Space | 3.60 Gb Free Space | 36.87% Space Free | Partition Type: NTFS

Computer Name: HAYDNPC | User Name: haydn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A1E9CF-BFC1-4309-80CD-C182D80922DB}_is1" = Artweaver 0.5
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4ABB4D92-0682-4887-A0BC-CE5F920DDD23}" = Watchtower Library 2009 - English
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77FD4A62-8A2A-15D9-1372-EA9FF6C2D8A3}" = FlipShare
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = Trust 100K Series Webcam
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASD700_is1" = Anime Studio Debut 7.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AVG" = AVG 2011
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.57
"Dell Support Center" = Dell Support Center
"EADM" = EA Download Manager
"FFmpeg for Audacity on Windows_is1" = FFmpeg for Audacity on Windows
"GamewareBAMZOOKiSWCBBCUser1_is1" = BAMZOOKi SR v1.0 (build 357.1)
"GamewareBAMZOOKiSWCBBCUserStream1_is1" = BAMZOOKi SR v1.0 (build 357.1)
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"Huawei Modems" = Huawei Modems
"HyperCam 2" = HyperCam 2
"HyperCam 3" = HyperCam 3
"HyperCam Toolbar" = HyperCam Toolbar
"Inkscape" = Inkscape 0.47
"MailWasher Free_is1" = MailWasher Free 6.5.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Spykee" = Spykee
"TabletDriver" = Trust Tablet Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"YS FLIGHT SIMULATOR" = YS FLIGHT SIMULATOR

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Re: quick qestion vbs/generic infected laptop6th April 2011, 3:54 am

Hi,

Please download ComboFix quick qestion vbs/generic infected laptop Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: quick qestion vbs/generic infected laptop6th April 2011, 8:16 am

managed to download combofix but every time I try to run it says AVG is running please remove avg before running combofix.
I have temporary stopped AVG by using the instructions given by you.
AVG says its off temporary , but combo fix still will not run.
not sure what to do next.
Ps While on laptop AVG run its scan which picked up the virus again i just left it to run. The only thing I did was when it said "did I want to force removal" I said no ,as I thought it was best not to change anything unless you said so.
hope this was right. thank you

Re: quick qestion vbs/generic infected laptop7th April 2011, 2:15 am

Hi,

It would be best to remove AVG. Would you like to do so?

commy log7th April 2011, 7:27 am

ComboFix 11-04-06.02 - haydn 07/04/2011 8:15.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3034.2025 [GMT 1:00]
Running from: c:\users\cherry\Desktop\commy.exe.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\HyperCam Toolbar\tbHElper.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 07:21 . 2011-04-07 07:22 -------- d-----w- c:\users\haydn\AppData\Local\temp
2011-04-07 07:21 . 2011-04-07 07:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-07 07:21 . 2011-04-07 07:21 -------- d-----w- c:\users\roy\AppData\Local\temp
2011-04-07 07:21 . 2011-04-07 07:21 -------- d-----w- c:\users\harvey\AppData\Local\temp
2011-04-07 07:21 . 2011-04-07 07:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-04-07 07:21 . 2011-04-07 07:21 -------- d-----w- c:\users\darcy x\AppData\Local\temp
2011-04-04 19:03 . 2011-04-04 19:03 167414 --s---w- c:\users\cherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wqwfcguo.exe
2011-04-02 15:20 . 2011-04-02 15:20 -------- d-----w- c:\users\cherry\AppData\Local\Unity
2011-03-31 12:50 . 2011-03-31 12:50 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-7\Microsoft.MediaCenter.Sports.UI.dll
2011-03-26 12:44 . 2007-02-08 13:45 29184 ----a-w- c:\windows\system32\drivers\dsiarhwprog.sys
2011-03-26 12:30 . 2011-03-26 12:30 -------- d-----w- c:\program files\MSXML 4.0
2011-03-26 12:29 . 2011-03-26 12:29 -------- d-----w- c:\program files\Datel
2011-03-12 20:59 . 2011-03-12 20:59 -------- d-----w- c:\program files\iPod
2011-03-09 19:04 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 19:04 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 19:04 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 19:04 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 19:04 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 19:04 . 2010-12-23 05:54 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 19:04 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-08 12:09 . 2011-03-08 12:09 -------- d-----w- c:\users\cherry\AppData\Roaming\Solveig Multimedia
2011-03-08 12:00 . 2011-03-08 12:00 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2011-03-08 12:00 . 2011-03-08 12:00 -------- d-----w- c:\program files\HyperCam 3
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 16:55 . 2010-05-22 18:08 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-03-04 16:55 . 2010-05-22 18:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-02-28 22:59 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-25 18:06 . 2011-02-25 18:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-5\Microsoft.MediaCenter.Sports.UI.dll
2011-02-25 16:05 . 2010-04-23 15:10 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-02-25 16:04 . 2010-05-24 16:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-02-25 15:03 . 2010-05-22 18:07 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-02-18 16:36 . 2011-02-18 16:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 05:54 . 2011-02-09 15:34 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-19 17:47 . 2011-02-28 22:06 22504 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-01-07 07:46 . 2011-02-23 16:25 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:46 . 2011-02-23 16:25 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:45 . 2011-02-09 15:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-02-07 19:10 . 2009-01-30 12:21 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-07-14 65024]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-20 3563520]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"WTClient"="WTClient.exe" [2009-08-19 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-02-26 495708]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\users\darcy x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\users\harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\users\roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\users\cherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wqwfcguo.exe [2011-4-4 167414]
.
c:\users\haydn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-23 00:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]
backup=c:\windows\pss\Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 08:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 17:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-02-07 19:10 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 15:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 15:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 23:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-12-26 12:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 136176]
R3 dsiarhwprog;dsiarhwprog;c:\windows\system32\Drivers\dsiarhwprog.sys [2007-02-08 29184]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-07 30192]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\System32\Drivers\PTSimHid.sys [2009-06-22 14504]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\aestsrv.exe [2009-03-03 81920]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-19 22504]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-22 23208]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 165888]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-05-20 314368]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Avgtdix
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 09:33]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 09:33]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1100422681-3828125871-3690094947-1000Core.job
- c:\users\cherry\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-22 09:17]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1100422681-3828125871-3690094947-1000UA.job
- c:\users\cherry\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-22 09:17]
.
2011-04-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-04-07 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.bigseekpro.com/hypercam/{B28031FC-6CD8-4E8D-A8B4-A35EABDA717C}
mStart Page = hxxp://www.bigseekpro.com/hypercam/{B28031FC-6CD8-4E8D-A8B4-A35EABDA717C}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
FF - ProfilePath - c:\users\haydn\AppData\Roaming\Mozilla\Firefox\Profiles\pgq52bo3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.watchtower.org
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae60ae2&v=6.011.025.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
AddRemove-HyperCam 2 - c:\program files\hycam2\UnHyCam2.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-07 08:24:26
ComboFix-quarantined-files.txt 2011-04-07 07:24
.
Pre-Run: 175,878,574,080 bytes free
Post-Run: 177,457,848,320 bytes free
.
- - End Of File - - 4C7E71536EEE005F1D727827F6C87B5C

Re: quick qestion vbs/generic infected laptop7th April 2011, 7:29 am

sorry could not get comfix to except comand paste so let it run the above will try again and post result here.

2 run could not copy and paste in to start box sorry7th April 2011, 7:43 am

ComboFix 11-04-06.03 - haydn 07/04/2011 8:34.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3034.1962 [GMT 1:00]
Running from: c:\users\haydn\Desktop\commy.exe.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 07:38 . 2011-04-07 07:38 -------- d-----w- c:\users\roy\AppData\Local\temp
2011-04-07 07:38 . 2011-04-07 07:38 -------- d-----w- c:\users\harvey\AppData\Local\temp
2011-04-07 07:38 . 2011-04-07 07:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-04-07 07:38 . 2011-04-07 07:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-07 07:38 . 2011-04-07 07:38 -------- d-----w- c:\users\darcy x\AppData\Local\temp
2011-04-07 07:33 . 2011-04-07 07:33 -------- d-----w- c:\users\haydn\AppData\Local\ElevatedDiagnostics
2011-04-07 07:24 . 2011-04-07 07:38 -------- d-----w- c:\users\haydn\AppData\Local\temp
2011-04-07 07:24 . 2011-04-07 07:38 -------- d-----w- c:\users\cherry\AppData\Local\temp
2011-04-04 19:03 . 2011-04-04 19:03 167414 --s---w- c:\users\cherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wqwfcguo.exe
2011-04-02 15:20 . 2011-04-02 15:20 -------- d-----w- c:\users\cherry\AppData\Local\Unity
2011-03-31 12:50 . 2011-03-31 12:50 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-7\Microsoft.MediaCenter.Sports.UI.dll
2011-03-26 12:44 . 2007-02-08 13:45 29184 ----a-w- c:\windows\system32\drivers\dsiarhwprog.sys
2011-03-26 12:30 . 2011-03-26 12:30 -------- d-----w- c:\program files\MSXML 4.0
2011-03-26 12:29 . 2011-03-26 12:29 -------- d-----w- c:\program files\Datel
2011-03-12 20:59 . 2011-03-12 20:59 -------- d-----w- c:\program files\iPod
2011-03-09 19:04 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 19:04 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 19:04 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 19:04 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 19:04 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 19:04 . 2010-12-23 05:54 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 19:04 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-08 12:09 . 2011-03-08 12:09 -------- d-----w- c:\users\cherry\AppData\Roaming\Solveig Multimedia
2011-03-08 12:00 . 2011-03-08 12:00 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2011-03-08 12:00 . 2011-03-08 12:00 -------- d-----w- c:\program files\HyperCam 3
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 16:55 . 2010-05-22 18:08 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-03-04 16:55 . 2010-05-22 18:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-02-28 22:59 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-25 18:06 . 2011-02-25 18:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-5\Microsoft.MediaCenter.Sports.UI.dll
2011-02-25 16:05 . 2010-04-23 15:10 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-02-25 16:04 . 2010-05-24 16:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-02-25 15:03 . 2010-05-22 18:07 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-02-18 16:36 . 2011-02-18 16:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 05:54 . 2011-02-09 15:34 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-19 17:47 . 2011-02-28 22:06 22504 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2011-01-07 07:46 . 2011-02-23 16:25 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:46 . 2011-02-23 16:25 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:45 . 2011-02-09 15:34 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-02-07 19:10 . 2009-01-30 12:21 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2009-07-14 65024]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-20 3563520]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"WTClient"="WTClient.exe" [2009-08-19 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-02-26 495708]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\users\darcy x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\users\harvey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\users\roy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\users\cherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
wqwfcguo.exe [2011-4-4 167414]
.
c:\users\haydn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-23 00:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]
backup=c:\windows\pss\Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 08:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 17:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-02-07 19:10 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 15:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 15:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 23:46 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-12-26 12:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 136176]
R3 dsiarhwprog;dsiarhwprog;c:\windows\system32\Drivers\dsiarhwprog.sys [2007-02-08 29184]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-07 30192]
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\System32\Drivers\PTSimHid.sys [2009-06-22 14504]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\aestsrv.exe [2009-03-03 81920]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-01-19 22504]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-24 155648]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-22 23208]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 165888]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-05-20 314368]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Avgtdix
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 09:33]
.
2011-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 09:33]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1100422681-3828125871-3690094947-1000Core.job
- c:\users\cherry\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-22 09:17]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1100422681-3828125871-3690094947-1000UA.job
- c:\users\cherry\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-22 09:17]
.
2011-04-07 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2011-04-07 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.bigseekpro.com/hypercam/{B28031FC-6CD8-4E8D-A8B4-A35EABDA717C}
mStart Page = hxxp://www.bigseekpro.com/hypercam/{B28031FC-6CD8-4E8D-A8B4-A35EABDA717C}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
FF - ProfilePath - c:\users\haydn\AppData\Roaming\Mozilla\Firefox\Profiles\pgq52bo3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.watchtower.org
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4ae60ae2&v=6.011.025.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-07 08:40:57
ComboFix-quarantined-files.txt 2011-04-07 07:40
ComboFix2.txt 2011-04-07 07:24
.
Pre-Run: 177,531,715,584 bytes free
Post-Run: 177,345,896,448 bytes free
.
- - End Of File - - 78FA2977143BBA5ECB20C15CE44F6A25

Re: quick qestion vbs/generic infected laptop7th April 2011, 7:46 am

I have removed AVG and run above scan and now do not have antviruis on this laptop. I will shut down and await your reply as to next move. the laptop seams much faster but i havent done anything but visit this page as no antviruis. Thank you for your help fruitree

Re: quick qestion vbs/generic infected laptop8th April 2011, 4:13 am

Hi,

quick qestion vbs/generic infected laptop Bf_new

Please download Malwarebytes Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Re: quick qestion vbs/generic infected laptop8th April 2011, 6:18 am

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6308

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

08/04/2011 07:16:01
mbam-log-2011-04-08 (07-16-01).txt

Scan type: Quick scan
Objects scanned: 217361
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: quick qestion vbs/generic infected laptop8th April 2011, 6:22 am

I hope this all looks postive : ) this laptop is still not being used and still has no antiviruis untill you advice me to do so.
Thank you so much fruitree

Re: quick qestion vbs/generic infected laptop9th April 2011, 4:18 am

Hi,

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Re: quick qestion vbs/generic infected laptop9th April 2011, 6:21 am

2011/04/09 07:18:11.0340 3424 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/09 07:18:11.0620 3424 ================================================================================
2011/04/09 07:18:11.0620 3424 SystemInfo:
2011/04/09 07:18:11.0620 3424
2011/04/09 07:18:11.0620 3424 OS Version: 6.1.7601 ServicePack: 1.0
2011/04/09 07:18:11.0620 3424 Product type: Workstation
2011/04/09 07:18:11.0620 3424 ComputerName: HAYDNPC
2011/04/09 07:18:11.0620 3424 UserName: haydn
2011/04/09 07:18:11.0620 3424 Windows directory: C:\Windows
2011/04/09 07:18:11.0620 3424 System windows directory: C:\Windows
2011/04/09 07:18:11.0620 3424 Processor architecture: Intel x86
2011/04/09 07:18:11.0620 3424 Number of processors: 2
2011/04/09 07:18:11.0620 3424 Page size: 0x1000
2011/04/09 07:18:11.0620 3424 Boot type: Normal boot
2011/04/09 07:18:11.0620 3424 ================================================================================
2011/04/09 07:18:11.0932 3424 Initialize success
2011/04/09 07:18:28.0437 4308 ================================================================================
2011/04/09 07:18:28.0437 4308 Scan started
2011/04/09 07:18:28.0437 4308 Mode: Manual;
2011/04/09 07:18:28.0437 4308 ================================================================================
2011/04/09 07:18:29.0670 4308 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/04/09 07:18:29.0732 4308 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/04/09 07:18:29.0872 4308 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/04/09 07:18:29.0982 4308 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/09 07:18:30.0106 4308 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/09 07:18:30.0153 4308 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/09 07:18:30.0418 4308 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/04/09 07:18:30.0512 4308 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/04/09 07:18:30.0652 4308 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/09 07:18:30.0808 4308 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/04/09 07:18:30.0855 4308 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/04/09 07:18:31.0011 4308 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/04/09 07:18:31.0089 4308 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/09 07:18:31.0214 4308 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/09 07:18:31.0417 4308 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
2011/04/09 07:18:31.0464 4308 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/09 07:18:31.0510 4308 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
2011/04/09 07:18:31.0682 4308 ApfiltrService (448da519f3b6ffa158c513156053181e) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/04/09 07:18:31.0760 4308 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/04/09 07:18:32.0056 4308 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/09 07:18:32.0134 4308 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/09 07:18:32.0290 4308 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/09 07:18:32.0415 4308 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/04/09 07:18:32.0587 4308 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/09 07:18:32.0774 4308 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/09 07:18:32.0868 4308 BCM42RLY (55070d71bbb424a56d5125c61fcc2897) C:\Windows\system32\drivers\BCM42RLY.sys
2011/04/09 07:18:33.0055 4308 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/04/09 07:18:33.0398 4308 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/09 07:18:33.0648 4308 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/09 07:18:34.0022 4308 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/09 07:18:34.0131 4308 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/09 07:18:34.0365 4308 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/09 07:18:34.0599 4308 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/09 07:18:34.0662 4308 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/09 07:18:34.0818 4308 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/09 07:18:34.0911 4308 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/09 07:18:35.0098 4308 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/09 07:18:35.0644 4308 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/09 07:18:35.0785 4308 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/04/09 07:18:36.0034 4308 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/09 07:18:36.0300 4308 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/09 07:18:36.0596 4308 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/09 07:18:36.0705 4308 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/04/09 07:18:36.0846 4308 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/09 07:18:36.0955 4308 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/09 07:18:37.0095 4308 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/04/09 07:18:37.0407 4308 cpuz135 (6bada94085b6709694f8327c211d12e1) C:\Windows\system32\drivers\cpuz135_x32.sys
2011/04/09 07:18:37.0532 4308 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/09 07:18:37.0860 4308 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/04/09 07:18:38.0031 4308 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/09 07:18:38.0265 4308 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/09 07:18:38.0531 4308 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/09 07:18:38.0749 4308 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\Windows\system32\Drivers\dsiarhwprog.sys
2011/04/09 07:18:38.0858 4308 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/09 07:18:39.0279 4308 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/09 07:18:39.0638 4308 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/09 07:18:39.0841 4308 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/04/09 07:18:40.0059 4308 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/09 07:18:40.0153 4308 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/09 07:18:40.0340 4308 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/09 07:18:40.0418 4308 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/09 07:18:40.0543 4308 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/09 07:18:40.0715 4308 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/09 07:18:40.0933 4308 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/09 07:18:41.0011 4308 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/09 07:18:41.0229 4308 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/04/09 07:18:41.0354 4308 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/09 07:18:41.0588 4308 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/09 07:18:41.0807 4308 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/09 07:18:41.0963 4308 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/09 07:18:42.0243 4308 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/09 07:18:42.0415 4308 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/04/09 07:18:42.0618 4308 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/09 07:18:42.0789 4308 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/09 07:18:42.0836 4308 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/09 07:18:42.0930 4308 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/09 07:18:43.0070 4308 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/04/09 07:18:43.0226 4308 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/04/09 07:18:43.0382 4308 hwdatacard (63b3eff36272787619c1e773ed581693) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/09 07:18:43.0507 4308 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/09 07:18:43.0647 4308 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/09 07:18:43.0835 4308 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/09 07:18:44.0006 4308 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
2011/04/09 07:18:44.0427 4308 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/04/09 07:18:44.0833 4308 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/09 07:18:44.0927 4308 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/04/09 07:18:45.0083 4308 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/09 07:18:45.0145 4308 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/09 07:18:45.0301 4308 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/04/09 07:18:45.0395 4308 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/09 07:18:45.0582 4308 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/09 07:18:45.0660 4308 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/04/09 07:18:45.0816 4308 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/04/09 07:18:45.0987 4308 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/09 07:18:46.0050 4308 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/09 07:18:46.0112 4308 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/09 07:18:46.0253 4308 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/09 07:18:46.0346 4308 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/09 07:18:46.0518 4308 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/09 07:18:46.0611 4308 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/09 07:18:46.0752 4308 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/09 07:18:46.0783 4308 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/09 07:18:46.0939 4308 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/09 07:18:47.0033 4308 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/09 07:18:47.0189 4308 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/09 07:18:47.0251 4308 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/09 07:18:47.0376 4308 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/09 07:18:47.0485 4308 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/09 07:18:47.0625 4308 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/09 07:18:47.0703 4308 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/04/09 07:18:47.0781 4308 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/04/09 07:18:47.0953 4308 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/09 07:18:48.0093 4308 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/04/09 07:18:48.0203 4308 mrxsmb (b272b4c3e085ea860c12f2e4faf2ffa2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/09 07:18:48.0343 4308 mrxsmb10 (9ac33ef26c8a3ad0f117d00eb7301d03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/09 07:18:48.0421 4308 mrxsmb20 (e0abdb5ed7e199e242a7d028e76c1d3a) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/09 07:18:48.0546 4308 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/04/09 07:18:48.0624 4308 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/04/09 07:18:48.0795 4308 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/09 07:18:48.0858 4308 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/09 07:18:48.0967 4308 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/04/09 07:18:49.0217 4308 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/09 07:18:49.0373 4308 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/09 07:18:49.0466 4308 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/09 07:18:49.0607 4308 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/09 07:18:49.0685 4308 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/04/09 07:18:49.0794 4308 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/09 07:18:49.0887 4308 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/09 07:18:50.0012 4308 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/09 07:18:50.0090 4308 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/09 07:18:50.0231 4308 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/04/09 07:18:50.0433 4308 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/09 07:18:50.0496 4308 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/09 07:18:50.0652 4308 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/09 07:18:50.0730 4308 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/09 07:18:50.0792 4308 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/04/09 07:18:50.0933 4308 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/09 07:18:51.0011 4308 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/09 07:18:51.0213 4308 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/09 07:18:51.0385 4308 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/09 07:18:51.0447 4308 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/09 07:18:51.0603 4308 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
2011/04/09 07:18:51.0791 4308 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/09 07:18:51.0900 4308 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
2011/04/09 07:18:52.0040 4308 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
2011/04/09 07:18:52.0118 4308 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/04/09 07:18:52.0212 4308 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/04/09 07:18:52.0337 4308 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/09 07:18:52.0461 4308 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/04/09 07:18:52.0602 4308 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/09 07:18:52.0961 4308 PCDSRVC{E9D79540-57D5953E-06020101}_0 (92fddbed716bf5c3cb766101563cfce5) c:\program files\dell support center\pcdsrvc.pkms
2011/04/09 07:18:53.0491 4308 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/04/09 07:18:53.0585 4308 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/04/09 07:18:53.0725 4308 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/09 07:18:53.0787 4308 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/09 07:18:53.0897 4308 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/09 07:18:54.0131 4308 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/09 07:18:54.0193 4308 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/09 07:18:54.0380 4308 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/09 07:18:54.0552 4308 PTSimBus (c456c2db7f7d6a3112a360ddf315298b) C:\Windows\system32\DRIVERS\PTSimBus.sys
2011/04/09 07:18:54.0645 4308 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/09 07:18:54.0817 4308 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/09 07:18:55.0020 4308 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/09 07:18:55.0098 4308 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/09 07:18:55.0207 4308 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/09 07:18:55.0379 4308 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/09 07:18:55.0472 4308 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/09 07:18:55.0550 4308 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/09 07:18:55.0597 4308 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/09 07:18:55.0644 4308 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/09 07:18:55.0784 4308 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/09 07:18:55.0878 4308 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/09 07:18:56.0049 4308 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/09 07:18:56.0112 4308 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/09 07:18:56.0221 4308 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/04/09 07:18:56.0346 4308 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/04/09 07:18:56.0517 4308 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/09 07:18:56.0689 4308 RSUSBSTOR (add91189bf904e66efbbf348bc703edd) C:\Windows\system32\Drivers\RtsUStor.sys
2011/04/09 07:18:56.0798 4308 RTSTOR (8f6b5cfcd472fd3e54a68d211ec4617b) C:\Windows\system32\drivers\RTSTOR.SYS
2011/04/09 07:18:56.0970 4308 s117mdfl (ba93eec3cdf6a63b77ae66221aa4f902) C:\Windows\system32\DRIVERS\s117mdfl.sys
2011/04/09 07:18:57.0110 4308 s117mdm (cba12fd8a8ee5b5cdfbbae2381cd6703) C:\Windows\system32\DRIVERS\s117mdm.sys
2011/04/09 07:18:57.0204 4308 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/04/09 07:18:57.0344 4308 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/09 07:18:57.0453 4308 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/09 07:18:57.0656 4308 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/09 07:18:57.0843 4308 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/09 07:18:57.0953 4308 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/09 07:18:58.0124 4308 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/04/09 07:18:58.0187 4308 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/09 07:18:58.0296 4308 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/09 07:18:58.0374 4308 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/09 07:18:58.0530 4308 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/04/09 07:18:58.0655 4308 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/09 07:18:58.0795 4308 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/09 07:18:58.0857 4308 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/09 07:18:58.0935 4308 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/09 07:18:59.0076 4308 srv (112127c3b2e64d7680cc39cd0a39dd7e) C:\Windows\system32\DRIVERS\srv.sys
2011/04/09 07:18:59.0154 4308 srv2 (e5dd784a4ee5ebc72a86c677c988fcdb) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/09 07:18:59.0294 4308 srvnet (cdbe627e16cc9e98f343d73f8e81d258) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/09 07:18:59.0481 4308 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/09 07:18:59.0575 4308 STHDA (02b3ef45094f090e397eea46cbed7b9e) C:\Windows\system32\DRIVERS\stwrt.sys
2011/04/09 07:18:59.0762 4308 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/04/09 07:18:59.0981 4308 TClass2k (9b10f2be724d8e978e21a5da498ff5c1) C:\Windows\system32\DRIVERS\TClass2k.sys
2011/04/09 07:19:00.0137 4308 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/04/09 07:19:00.0402 4308 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/09 07:19:00.0605 4308 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/09 07:19:00.0714 4308 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/04/09 07:19:00.0854 4308 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/04/09 07:19:00.0948 4308 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/09 07:19:01.0088 4308 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/04/09 07:19:01.0291 4308 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/09 07:19:01.0463 4308 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/04/09 07:19:01.0634 4308 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/09 07:19:01.0743 4308 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/09 07:19:01.0884 4308 UCTblHid (915a53a87cf9b3bc27359846ecd6a547) C:\Windows\system32\DRIVERS\UCTblHid.sys
2011/04/09 07:19:01.0962 4308 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/09 07:19:02.0118 4308 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/09 07:19:02.0274 4308 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/04/09 07:19:02.0367 4308 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/09 07:19:02.0523 4308 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/09 07:19:02.0648 4308 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
2011/04/09 07:19:02.0711 4308 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/09 07:19:02.0960 4308 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/04/09 07:19:03.0085 4308 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
2011/04/09 07:19:03.0210 4308 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/09 07:19:03.0366 4308 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
2011/04/09 07:19:03.0491 4308 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/09 07:19:03.0600 4308 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/04/09 07:19:03.0756 4308 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
2011/04/09 07:19:03.0849 4308 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/04/09 07:19:03.0990 4308 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/09 07:19:04.0083 4308 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/09 07:19:04.0193 4308 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/04/09 07:19:04.0286 4308 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/04/09 07:19:04.0411 4308 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/09 07:19:04.0520 4308 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/04/09 07:19:04.0629 4308 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/04/09 07:19:04.0739 4308 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/09 07:19:04.0848 4308 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/04/09 07:19:05.0035 4308 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/09 07:19:05.0097 4308 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/09 07:19:05.0238 4308 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/09 07:19:05.0394 4308 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/09 07:19:05.0550 4308 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/09 07:19:05.0659 4308 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/09 07:19:05.0690 4308 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/09 07:19:05.0877 4308 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/09 07:19:05.0987 4308 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/09 07:19:06.0189 4308 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/09 07:19:06.0267 4308 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/09 07:19:06.0455 4308 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/09 07:19:06.0642 4308 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/09 07:19:06.0751 4308 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/04/09 07:19:06.0954 4308 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/09 07:19:07.0219 4308 yukonw7 (95c1a8e708efa7fcae03cae688465b0a) C:\Windows\system32\DRIVERS\yk62x86.sys
2011/04/09 07:19:07.0359 4308 ================================================================================
2011/04/09 07:19:07.0359 4308 Scan finished
2011/04/09 07:19:07.0359 4308 ================================================================================

Re: quick qestion vbs/generic infected laptop10th April 2011, 5:23 am

Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Re: quick qestion vbs/generic infected laptop10th April 2011, 7:15 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

this was all that i could find in notebook did remove win32/ramnit.Avirus

Re: quick qestion vbs/generic infected laptop10th April 2011, 12:03 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

Re: quick qestion vbs/generic infected laptop10th April 2011, 12:15 pm

I ran Est again as i though ihad made an error as nothing in log. sorry if a problem i also saved the final report to desktop and will try and post in next box thank you

Re: quick qestion vbs/generic infected laptop10th April 2011, 12:21 pm

C:\Users\cherry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IR32X6BI\bigseekpro_com[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\cherry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IR32X6BI\eset_com[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\cherry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VS8EDPG6\login_status[1].htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\cherry\AppData\Local\VirtualStore\Program Files\3\3Connect\browsing1.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\cherry\AppData\Local\VirtualStore\Program Files\3\3Connect\checkdata_online.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\cherry\AppData\Local\VirtualStore\Program Files\3\3Connect\connecting1.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\cherry\AppData\Local\VirtualStore\Program Files\3\3Connect\datausageguide1.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\cherry\AppData\Local\VirtualStore\Program Files\3\3Connect\homepage1.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\cherry\AppData\Local\VirtualStore\Program Files\3\3Connect\incompatiblesoft.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\cherry\AppData\Local\VirtualStore\Program Files\3\3Connect\ping1.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\cherry\AppData\Local\VirtualStore\Program Files\3\3Connect\topup.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\cherry\AppData\Local\VirtualStore\Program Files\Adobe\Reader 9.0\ReadMe.htm Win32/Ramnit.A virus cleaned - quarantined
C:\Users\cherry\AppData\Local\VirtualStore\Program Files\Adobe\Reader 9.0\Reader\Legal\ENU\license.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\cherry\AppData\Local\VirtualStore\Program Files\Audacity 1.3 Beta (Unicode)\help\manual\aac_export_options.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\cherry\AppData\Local\VirtualStore\Program Files\Audacity 1.3 Beta (Unicode)\help\manual\ac3_export_options.html Win32/Ramnit.A virus cleaned - quarantined
C:\Users\cherry\AppData\Local\VirtualStore\Program Files\Audacity 1.3 Beta (Unicode)\help\manual\accessibility.html Win32/Ramnit.A virus cleaned - quarantined

Re: quick qestion vbs/generic infected laptop10th April 2011, 12:23 pm

the report is very long so i have just posted a short bit as it may not be relevent to you. and I dont know how to split it up in to two posts. thank you again for your help

sorry if not important10th April 2011, 9:19 pm

Hi
just a few more details that I have written down as I cant get notebook to show more than the above posts.

Virus found
Win32/Ramnit.H virus
Win32/Ramnit.A virus

infected files 2372
Files scanned 150231

The first scan showed 2373 infected files
said it had healed all infection but
Second scan found 2372 infected files
again said all healed
thank you again fruitree

Re: quick qestion vbs/generic infected laptop13th April 2011, 5:53 am

bump

Re: quick qestion vbs/generic infected laptop18th April 2011, 6:43 am

Bump

Re: quick qestion vbs/generic infected laptop18th April 2011, 10:34 pm

Attention: Your computer is severely infected with Win32\ what is now called, a cocktail infection. This is an infection that is comprised of many different types of viruses and other malware, to damage your computer, and use it as a zombie for its backdoor network. In other words, your computer is under control of a hacker, and regaining control is now next to impossible.

The first component is a backdoor trojan, which is a type of trojan that communicates with a hacker: to transfer personal information about you, use your computer to help perform a denial-of-service attack, redirect your internet searches in order to make money off of your browsing habits, and can be a keylogger to steal personal identifiable information to help rob your identity.

The second component is a rootkit, which is a type of malware to take control over your computer at administrator access, having full permission to modify all of your device drivers, and allowing itself to hide all the malware on the system. In other words, it is a hackers way of taking control of your computer, and hiding in the dark at the same time. This is a prime initiative of hackers to help keep access to your computer, robbing all of your personal information, and using your computer to send spam across the internet.

The third component is a file infector, which is a type of virus to purposely damage as many files as possible, in order to keep control of your system, so you have as little access as possible.

Not only has your system been compromised severely, it is also highly damaged, and if you do not commit to my suggested removal method below, then your computer may not function anymore.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:

Removal method:

It is recommended to do a reformat and reinstall of your operating system. The experts in the Advanced Malware Analysts security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety.

I recommend the following articles to read:

Guides for format and reinstall:

How to reformat and reinstall your Operating System

How to reformat and reinstall your Operating System - the easy way

However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.

Re: quick qestion vbs/generic infected laptop19th April 2011, 9:10 pm

Thank you for your advice. I think we have decided to replace my sons laptop. His laptop was vista which we legally upgraded to windows 7. As I understand it to do reinstall it would mean back to vista then upgrade to windows 7 (as it was an upgrade not stand alone windows 7). Which seams a lot of work but still thinking about what to do. His laptop is not being used at all.
Could I ask you one question ? We have a home pc and another laptop are they safe ? Both run fine no pop ups, no miss direction. Fairly fast, all windows updates regularly installed. Both have the following installed
1) AVG
2)COMODO
3)Malwareby Anti-Malware
4)Spybot search and destroy
the above are all updated regularly and all the scans come back clear.
We do not have file sharing between all the pcs nor do we share printer. Can I hope that only my sons laptop has this virus. Thank you again Fruitree

Re: quick qestion vbs/generic infected laptop20th April 2011, 9:38 pm

Hello.
If you have the CD for Windows 7, or an Windows 7 image, then either can be used. Just format the drive, wipe it completely and re-install the 7 OS, that shouldn't need to go through downgrading.

The other machines should be fine.

home pc 21st April 2011, 9:09 pm

so sorry to have to ask again, while going through your GeekPolice how to improve your security guide (as im totaly paranoid now)
I changed my AVG to Avira ran a scan and got the following TR/ATRAPS.Gen

The file 'C:\Windows.old (No Longer Needed)\Windows\Temp\tmp0_302603461953.bk.old'
contained a virus or unwanted program 'TR/ATRAPS.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4b0d2b5c.qua'.

I have updated Malware run scan = clean Spybot search destroy = 2 cookies removed

Is our pc ok? our sons laptop has nothing on it But ours = online banking credit cards etc!
Please advise im banging my head against a wall right now
Thank you Fruitree

Re: quick qestion vbs/generic infected laptop21st April 2011, 11:58 pm

Yeah it's fine, it was only a temp file in an old archive.

one last question I hope24th April 2011, 8:35 pm

Thank you Belahzur for your help and advice. I think I am going to reformat my sons Laptop. So my question is
Can we back up his Itunes music files and photo files and pos docs. or are these files infected to ?
We ran his laptop, and its running really well, fast not slow, no crashes, no miss directions, so far everything is updating fine. we put AVG back on which is
still showing clean scans. (Although I know this cant be relied on.) My sons laptop is not used for anything financial at all. So still at a bit of a cross road as to replacing laptop. If you say his files are ok to back up then a reformat may be the way to go.
thanks again fruitree

Re: quick qestion vbs/generic infected laptop25th April 2011, 6:48 pm

Nope, just about everything is infected when a machine is infected with Rammnit.

Sorry, but it's totally game over when Rammnit hits.

Thank you2nd May 2011, 11:51 pm

So have reformatted my sons laptop and did a new install from upgrade disc. Yes you were right, the windows 7 upgrade disc worked fine and my key was still valid. So if you are happy with the following please show my thread as closed.
My sons laptop now has the following :
Microsoft security essentials
Malwarebytes
Comodo
+ firefox +WOT

Did a full system scan with Microsoft result clean
Did a Eset online scan result clean
Are we all clear now and is the above enough protection ?
I will be donating to GeekPolice thank you again fruitree

Re: quick qestion vbs/generic infected laptop3rd May 2011, 1:09 am

Sounds like a good line of protection.

1 thing I would look into installing is Google Chrome. They have a better security line using built in sandboxing software, like it's own little firewall.

quick qestion vbs/generic infected laptop

descriptionquick qestion vbs/generic infected laptop5th April 2011, 12:50 am

descriptionRe: quick qestion vbs/generic infected laptop5th April 2011, 2:18 am

descriptionthank you olt.notepad copy5th April 2011, 7:48 am

descriptionolt extras.Txt log5th April 2011, 7:50 am

descriptionRe: quick qestion vbs/generic infected laptop6th April 2011, 3:54 am

descriptionRe: quick qestion vbs/generic infected laptop6th April 2011, 8:16 am

descriptionRe: quick qestion vbs/generic infected laptop7th April 2011, 2:15 am

descriptioncommy log7th April 2011, 7:27 am

descriptionRe: quick qestion vbs/generic infected laptop7th April 2011, 7:29 am

description2 run could not copy and paste in to start box sorry7th April 2011, 7:43 am

descriptionRe: quick qestion vbs/generic infected laptop7th April 2011, 7:46 am

descriptionRe: quick qestion vbs/generic infected laptop8th April 2011, 4:13 am

descriptionRe: quick qestion vbs/generic infected laptop8th April 2011, 6:18 am

descriptionRe: quick qestion vbs/generic infected laptop8th April 2011, 6:22 am

descriptionRe: quick qestion vbs/generic infected laptop9th April 2011, 4:18 am

descriptionRe: quick qestion vbs/generic infected laptop9th April 2011, 6:21 am

descriptionRe: quick qestion vbs/generic infected laptop10th April 2011, 5:23 am

descriptionRe: quick qestion vbs/generic infected laptop10th April 2011, 7:15 am

descriptionRe: quick qestion vbs/generic infected laptop10th April 2011, 12:03 pm

descriptionRe: quick qestion vbs/generic infected laptop10th April 2011, 12:15 pm

descriptionRe: quick qestion vbs/generic infected laptop10th April 2011, 12:21 pm

descriptionRe: quick qestion vbs/generic infected laptop10th April 2011, 12:23 pm

descriptionsorry if not important10th April 2011, 9:19 pm

descriptionRe: quick qestion vbs/generic infected laptop13th April 2011, 5:53 am

descriptionRe: quick qestion vbs/generic infected laptop18th April 2011, 6:43 am

descriptionRe: quick qestion vbs/generic infected laptop18th April 2011, 10:34 pm

descriptionRe: quick qestion vbs/generic infected laptop19th April 2011, 9:10 pm

descriptionRe: quick qestion vbs/generic infected laptop20th April 2011, 9:38 pm

descriptionhome pc 21st April 2011, 9:09 pm

descriptionRe: quick qestion vbs/generic infected laptop21st April 2011, 11:58 pm

descriptionone last question I hope24th April 2011, 8:35 pm

descriptionRe: quick qestion vbs/generic infected laptop25th April 2011, 6:48 pm

descriptionThank you2nd May 2011, 11:51 pm

descriptionRe: quick qestion vbs/generic infected laptop3rd May 2011, 1:09 am

descriptionRe: quick qestion vbs/generic infected laptop