Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Frequent system freezes and Chrome often doesnt work

Started by trilbyfish , Nov 12 2010 01:08 PM

  • This topic is locked This topic is locked

#1
trilbyfish
Posted 12 November 2010 - 01:08 PM

trilbyfish

    Member

  • Member
  • PipPip
  • 13 posts
For the past week or so i have been having problems. Namely i have to try and open chrome multiple times and reboot at least once for it to work, even after i have just turned my pc on. Generally i find myself having to reboot 3 or 4 times a day due to system freezes. Even now firefox has frozen and wont close, and malawarebytes anti-malware is not responding. I would be very grateful for any help to resolve these issues.

Thanks.

OTL log


OTL logfile created on: 12/11/2010 18:49:53 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\julie\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 154.00 Mb Available Physical Memory | 15.00% Memory free
2.00 Gb Paging File | 0.00 Gb Available in Paging File | 24.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 62.82 Gb Total Space | 12.98 Gb Free Space | 20.66% Space Free | Partition Type: NTFS
Drive D: | 11.70 Gb Total Space | 4.63 Gb Free Space | 39.55% Space Free | Partition Type: FAT32

Computer Name: LAPTOP | User Name: julie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/12 18:47:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\julie\Downloads\OTL.exe
PRC - [2010/11/01 21:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\julie\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/10/31 16:21:31 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 17:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 17:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 17:24:08 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/06 17:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/01 21:41:10 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/10 01:45:18 | 003,210,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgfws.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/09/07 03:50:08 | 000,745,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgam.exe
PRC - [2010/05/02 00:22:33 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\julie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/24 00:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 00:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/11/03 21:15:49 | 000,139,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Sun\SDK\jdk\bin\javaw.exe
PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/18 17:30:48 | 003,055,616 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2009/10/18 17:30:34 | 000,487,936 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/10/18 17:30:28 | 002,172,416 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2007/07/03 16:44:40 | 000,061,440 | ---- | M] (British Telecommunications Plc.) -- C:\Program Files\BT Common Client\btomosrv.exe
PRC - [2007/06/22 11:52:24 | 000,024,576 | ---- | M] (British Telecommunications Plc.) -- C:\Program Files\BT Common Client\btomodog.exe


========== Modules (SafeList) ==========

MOD - [2010/11/12 18:47:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\julie\Downloads\OTL.exe
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/10 01:45:18 | 003,210,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2010/05/21 11:56:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/24 00:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 00:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/18 17:30:34 | 000,487,936 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007/07/03 16:44:40 | 000,061,440 | ---- | M] (British Telecommunications Plc.) [Auto | Running] -- C:\Program Files\BT Common Client\btomosrv.exe -- (BT Common Client)
SRV - [2007/06/22 11:52:24 | 000,024,576 | ---- | M] (British Telecommunications Plc.) [Auto | Running] -- C:\Program Files\BT Common Client\btomodog.exe -- (Watch Dog for BT Common Client)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/11/11 20:30:21 | 000,138,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/09/13 16:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 21:42:36 | 000,021,072 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/07/12 04:34:02 | 000,054,112 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/04/24 00:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 00:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 00:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 00:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/11 07:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/01 11:00:52 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009/10/07 10:03:04 | 000,094,992 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009/10/07 10:03:04 | 000,041,424 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2009/10/07 10:02:58 | 000,115,856 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2009/10/07 10:02:40 | 000,103,568 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2009/10/07 10:02:40 | 000,032,016 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2009/09/23 18:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/09/15 04:36:26 | 000,807,936 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/08/20 01:04:54 | 000,189,440 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 22:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007/08/08 12:07:42 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/04/20 11:14:06 | 000,024,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\btwsp50.sys -- (BTWSp50)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.aber.ac.uk;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = wwwcache.aber.ac.uk:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.1.7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..extensions.enabledItems: {68836a21-fc7d-4ea1-a065-7efabd99d414}:3.02
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.4
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..extensions.enabledItems: {080955ad-b8bb-4500-806f-d2b9ad73d72e}:1.8.66


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/03 18:00:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/31 16:21:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/31 16:21:35 | 000,000,000 | ---D | M]

[2009/11/01 01:23:43 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Mozilla\Extensions
[2010/11/12 17:14:02 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions
[2010/11/09 19:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/11/09 19:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{080955ad-b8bb-4500-806f-d2b9ad73d72e}
[2010/11/09 19:02:10 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/09/23 18:44:10 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010/09/10 19:33:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/24 19:54:55 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010/04/09 18:57:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/04 18:42:02 | 000,000,000 | ---D | M] (View Source Chart) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
[2010/11/09 19:02:11 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010/11/09 19:02:12 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/04 18:41:54 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/11/16 12:52:04 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/09/23 18:44:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/11/09 19:02:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/09 19:02:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/15 19:46:30 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/09/21 18:47:04 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\[email protected]
[2010/05/12 22:09:19 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\[email protected]
[2010/09/23 18:43:59 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\[email protected]
[2010/05/12 22:09:23 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\[email protected]
[2010/11/08 21:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/16 03:23:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/15 11:14:17 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/15 11:14:17 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/15 11:14:17 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/15 11:14:17 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\julie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{109fa43c-4a5b-11df-acf9-0800270068ad}\Shell - "" = AutoRun
O33 - MountPoints2\{109fa43c-4a5b-11df-acf9-0800270068ad}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{109fa44f-4a5b-11df-acf9-0800270068ad}\Shell - "" = AutoRun
O33 - MountPoints2\{109fa44f-4a5b-11df-acf9-0800270068ad}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{1f2fc22f-0475-11df-954d-002243167faf}\Shell - "" = AutoRun
O33 - MountPoints2\{1f2fc22f-0475-11df-954d-002243167faf}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{1f2fc240-0475-11df-954d-002243167faf}\Shell - "" = AutoRun
O33 - MountPoints2\{1f2fc240-0475-11df-954d-002243167faf}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/12 17:30:49 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\Malwarebytes
[2010/11/12 17:30:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/12 17:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/12 17:30:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/12 17:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/12 17:29:04 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\julie\Desktop\mbam-setup-1.46.exe
[2010/11/07 12:40:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/11/06 12:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/11/05 18:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/11/05 18:55:32 | 006,238,016 | ---- | C] (SurfRight B.V.) -- C:\Users\julie\Desktop\HitmanPro35.exe
[2010/11/05 18:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/05 18:25:11 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/05 18:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/11/03 18:09:40 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\AVG10
[2010/11/03 18:03:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/03 18:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/11/03 18:00:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/11/03 15:06:54 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/11/03 15:06:15 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\Usxut
[2010/11/03 15:06:15 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\Adol
[2010/10/30 11:31:57 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\TortoiseSVN
[2010/10/30 00:06:15 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\Subversion
[2010/10/30 00:01:28 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Local\TSVNCache
[2010/10/29 21:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/10/29 21:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/10/24 18:50:20 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\.emacs.d
[2010/10/20 22:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeXnicCenter
[2010/10/20 22:30:05 | 004,652,806 | ---- | C] (TeXnicCenter.org ) -- C:\Users\julie\Desktop\TXCSetup_1StableRC1.exe
[2010/10/20 21:47:16 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\LyX16
[2010/10/20 20:50:53 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\MiKTeX
[2010/10/20 20:50:11 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Local\MiKTeX
[2010/10/20 20:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MiKTeX
[2010/10/20 20:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\MiKTeX 2.8
[2010/10/20 20:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Aspell
[2010/10/20 20:31:06 | 000,000,000 | ---D | C] -- C:\Program Files\LyX16
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/12 18:40:05 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2101610157-1370538033-3603198032-1001UA.job
[2010/11/12 18:15:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/12 17:54:19 | 000,000,004 | ---- | M] () -- C:\Users\julie\tray.pid
[2010/11/12 17:53:38 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/12 17:47:41 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/12 17:47:41 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/12 17:39:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/12 17:39:46 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/12 17:30:29 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/12 17:29:22 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\julie\Desktop\mbam-setup-1.46.exe
[2010/11/12 17:17:24 | 099,096,967 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/11 20:40:05 | 000,214,592 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/11/11 20:30:21 | 000,138,968 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/11/11 17:06:42 | 000,628,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/11 17:06:42 | 000,110,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/10 23:49:49 | 000,628,839 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2010/11/10 17:06:32 | 000,123,678 | ---- | M] () -- C:\Users\julie\Desktop\Testspec.zip
[2010/11/09 20:14:29 | 000,057,344 | ---- | M] () -- C:\Users\julie\Desktop\testspec[draft-word].doc
[2010/11/09 19:07:38 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/11/06 12:22:11 | 000,001,914 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/11/05 19:43:25 | 000,001,174 | ---- | M] () -- C:\Windows\System32\.crusader
[2010/11/05 18:55:44 | 006,238,016 | ---- | M] (SurfRight B.V.) -- C:\Users\julie\Desktop\HitmanPro35.exe
[2010/11/04 16:18:19 | 000,303,116 | ---- | M] () -- C:\Users\julie\Desktop\CreepyCrawlies_bin.zip
[2010/11/04 15:50:20 | 000,182,002 | ---- | M] () -- C:\Users\julie\Desktop\GAs2.pptx
[2010/11/03 18:03:16 | 000,000,887 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/01 20:46:22 | 000,768,845 | ---- | M] () -- C:\Users\julie\Desktop\Template2.rar
[2010/10/30 20:18:11 | 000,192,025 | ---- | M] () -- C:\Users\julie\Desktop\UI_Mockups.zip
[2010/10/30 00:10:43 | 000,000,851 | ---- | M] () -- C:\Users\julie\.recently-used.xbel
[2010/10/29 22:08:00 | 000,002,111 | ---- | M] () -- C:\Users\julie\Desktop\league.c
[2010/10/29 21:41:58 | 019,874,304 | ---- | M] () -- C:\Users\julie\Desktop\TortoiseSVN-1.6.11.20210-win32-svn-1.6.13.msi
[2010/10/27 17:03:20 | 003,639,448 | ---- | M] () -- C:\Users\julie\Desktop\Matt's Designs.rar
[2010/10/25 18:16:21 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2101610157-1370538033-3603198032-1001Core.job
[2010/10/24 00:48:05 | 000,039,890 | ---- | M] () -- C:\Users\julie\Desktop\solver.zip
[2010/10/20 22:34:17 | 000,000,970 | ---- | M] () -- C:\Users\julie\Desktop\TeXnicCenter.lnk
[2010/10/20 22:30:05 | 004,652,806 | ---- | M] (TeXnicCenter.org ) -- C:\Users\julie\Desktop\TXCSetup_1StableRC1.exe
[2010/10/14 11:06:02 | 000,322,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/12 17:30:29 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/12 17:17:24 | 099,096,967 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/10 23:49:49 | 000,628,839 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2010/11/10 17:07:43 | 000,123,678 | ---- | C] () -- C:\Users\julie\Desktop\Testspec.zip
[2010/11/09 20:14:40 | 000,057,344 | ---- | C] () -- C:\Users\julie\Desktop\testspec[draft-word].doc
[2010/11/06 17:40:30 | 000,214,592 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/11/06 12:22:11 | 000,001,914 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/11/05 19:43:25 | 000,001,174 | ---- | C] () -- C:\Windows\System32\.crusader
[2010/11/05 19:00:13 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/11/04 16:18:25 | 000,303,116 | ---- | C] () -- C:\Users\julie\Desktop\CreepyCrawlies_bin.zip
[2010/11/04 15:50:48 | 000,182,002 | ---- | C] () -- C:\Users\julie\Desktop\GAs2.pptx
[2010/11/03 18:03:16 | 000,000,887 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/01 20:46:48 | 000,768,845 | ---- | C] () -- C:\Users\julie\Desktop\Template2.rar
[2010/10/30 20:18:11 | 000,192,025 | ---- | C] () -- C:\Users\julie\Desktop\UI_Mockups.zip
[2010/10/30 00:10:43 | 000,000,851 | ---- | C] () -- C:\Users\julie\.recently-used.xbel
[2010/10/29 22:08:04 | 000,002,111 | ---- | C] () -- C:\Users\julie\Desktop\league.c
[2010/10/29 21:41:33 | 019,874,304 | ---- | C] () -- C:\Users\julie\Desktop\TortoiseSVN-1.6.11.20210-win32-svn-1.6.13.msi
[2010/10/27 17:03:25 | 003,639,448 | ---- | C] () -- C:\Users\julie\Desktop\Matt's Designs.rar
[2010/10/24 00:48:11 | 000,039,890 | ---- | C] () -- C:\Users\julie\Desktop\solver.zip
[2010/10/20 22:34:17 | 000,000,970 | ---- | C] () -- C:\Users\julie\Desktop\TeXnicCenter.lnk
[2010/09/21 02:39:39 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/09/21 02:39:36 | 000,139,152 | ---- | C] () -- C:\Users\julie\AppData\Roaming\PnkBstrK.sys
[2010/07/01 18:14:43 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010/07/01 18:13:56 | 000,000,685 | ---- | C] () -- C:\Windows\disney.ini
[2010/02/02 16:07:32 | 000,000,600 | ---- | C] () -- C:\Users\julie\AppData\Local\PUTTY.RND
[2009/11/01 14:38:49 | 000,007,597 | ---- | C] () -- C:\Users\julie\AppData\Local\Resmon.ResmonCfg
[2009/11/01 10:59:55 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/03/04 15:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2010/10/24 18:51:35 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\.emacs.d
[2010/11/03 18:16:53 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Adol
[2010/11/03 18:09:40 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\AVG10
[2010/01/21 17:53:45 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\AVG9
[2010/01/25 18:35:54 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/23 23:42:31 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\BT Connection Manager
[2010/03/24 19:33:39 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\com.adobe.kuler.Desktop.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/25 21:59:45 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\DeviceDoctorSoftware
[2009/11/19 19:37:25 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\GetRightToGo
[2010/05/22 16:20:24 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\gtk-2.0
[2010/10/20 22:15:07 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\LyX16
[2009/11/01 11:10:19 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Notepad++
[2010/01/21 16:46:46 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\OpenDNS Updater
[2010/02/03 18:26:12 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\OpenOffice.org
[2010/05/02 00:22:12 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\SanDisk
[2010/11/10 21:08:36 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\SoftGrid Client
[2010/11/05 23:02:54 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Spotify
[2010/11/11 12:00:40 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Spyware Terminator
[2010/10/30 00:06:15 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Subversion
[2010/09/12 01:59:09 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Synthesia
[2010/09/27 17:15:09 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\TP
[2010/11/03 18:24:01 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Usxut
[2010/09/24 04:05:54 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\uTorrent
[2010/10/14 10:13:43 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 18 November 2010 - 07:17 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello trilbyfish,

Welcome to Geekstogo.

Please disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

How to disable AVG's Resident Shield.

Right click the AVG icon and click Open.

In the Overview panel click on Resident Shield > Uncheck the Resident Shield Active box > Save Changes.

After that

Please download this file to your desktop.

Note about this tool:

* This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
* This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
* No matter what is in the log, please post all the information/contents of the log.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

  • Now click the Scan button.
  • Once the scan is complete Click OK
  • It will produce a log. Click on the [Save..] button, and in the File name area, type in Ark.txt
  • Save it where you can easily find it, such as your desktop.
Post the contents of Ark.txt in your next reply.
  • 0

#3
trilbyfish
Posted 19 November 2010 - 11:48 AM

trilbyfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-19 17:43:05
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 SAMSUNG_HM080JI rev.YC200-12
Running: 9tnmb04r.exe; Driver: C:\Users\julie\AppData\Local\Temp\uwldapow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x87BCB88E]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x87BCB0EC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x87BCADCE]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x87BCC938]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x87BCAED8]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x87BCAFC2]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x87BCBBBC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x87BCB3F4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8F01A780]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x87BCB526]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x87BCABFC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x87BCBB04]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8F01A8D0]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x87BCB70C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8F01A970]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C528E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C723D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 142F 82C796FC 4 Bytes CALL 3F802583
.text ntoskrnl.exe!KeRemoveQueueEx + 146F 82C7973C 4 Bytes [EC, B0, BC, 87]
.text ntoskrnl.exe!KeRemoveQueueEx + 147F 82C7974C 4 Bytes [CE, AD, BC, 87]
.text ntoskrnl.exe!KeRemoveQueueEx + 14B7 82C79784 4 Bytes [38, C9, BC, 87]
.text ntoskrnl.exe!KeRemoveQueueEx + 1503 82C797D0 4 Bytes [D8, AE, BC, 87]
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\ACPI_HAL \Device\0000005f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----
  • 0

#4
emeraldnzl
Posted 19 November 2010 - 12:29 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello trilbyfish,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
trilbyfish
Posted 19 November 2010 - 02:23 PM

trilbyfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I tried to download from both links and both times it said i have a corrupt download, and that i should try downloading it again. Should i try and use it anyway?
  • 0

#6
emeraldnzl
Posted 19 November 2010 - 02:34 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
I have just tried downloading to my computer. Works okay so I wonder whether malware is interfering with it when you try to run it.

Try another download and rename it as sVchost.exe before attempting to open or run it.

Tell me how you get on. I have to go out now for a couple of hours but will check in as soon as I return. :D
  • 0

#7
trilbyfish
Posted 19 November 2010 - 02:45 PM

trilbyfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for the help.

I downloaded again, started to run and then said AVG needs to be un-installed. Is this right, given that i took all anti virus/spyware off the startup programs and rebooted?
  • 0

#8
trilbyfish
Posted 19 November 2010 - 03:38 PM

trilbyfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the log:


ComboFix 10-11-17.02 - julie 19/11/2010 21:05:46.1.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.1014.310 [GMT 0:00]
Running from: c:\users\julie\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( Files Created from 2010-10-19 to 2010-11-19 )))))))))))))))))))))))))))))))
.

2010-11-19 21:17 . 2010-11-19 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-17 17:05 . 2010-11-17 17:05 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 7
2010-11-12 17:30 . 2010-11-12 17:30 -------- d-----w- c:\users\julie\AppData\Roaming\Malwarebytes
2010-11-12 17:30 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-12 17:30 . 2010-11-12 17:30 -------- d-----w- c:\programdata\Malwarebytes
2010-11-12 17:30 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-12 17:30 . 2010-11-12 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-06 12:22 . 2010-11-06 12:22 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-05 19:00 . 2010-11-09 19:07 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-05 18:59 . 2010-11-05 19:42 -------- d-----w- c:\programdata\Hitman Pro
2010-11-05 18:44 . 2010-11-05 18:44 -------- d-----w- c:\program files\ESET
2010-11-05 18:25 . 2010-11-05 18:25 -------- d-----w- c:\users\julie\AppData\Roaming\SUPERAntiSpyware.com
2010-11-05 18:25 . 2010-11-05 18:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-11-03 18:09 . 2010-11-03 18:09 -------- d-----w- c:\users\julie\AppData\Roaming\AVG10
2010-11-03 18:03 . 2010-11-03 18:03 -------- d--h--w- c:\programdata\Common Files
2010-11-03 18:00 . 2010-11-19 20:50 -------- d-----w- c:\programdata\AVG10
2010-11-03 15:06 . 2010-11-03 18:24 -------- d-----w- c:\users\julie\AppData\Roaming\Usxut
2010-11-03 15:06 . 2010-11-03 18:16 -------- d-----w- c:\users\julie\AppData\Roaming\Adol
2010-10-30 11:31 . 2010-11-11 16:48 -------- d-----w- c:\users\julie\AppData\Roaming\TortoiseSVN
2010-10-30 00:06 . 2010-10-30 00:06 -------- d-----w- c:\users\julie\AppData\Roaming\Subversion
2010-10-30 00:01 . 2010-11-19 20:57 -------- d-----w- c:\users\julie\AppData\Local\TSVNCache
2010-10-29 21:47 . 2010-10-29 21:47 -------- d-----w- c:\program files\TortoiseSVN
2010-10-29 21:47 . 2010-10-29 21:47 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2010-10-27 15:27 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 15:27 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 15:27 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 15:27 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 15:27 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-24 18:50 . 2010-10-24 18:51 -------- d-----w- c:\users\julie\AppData\Roaming\.emacs.d
2010-10-20 22:34 . 2008-08-02 10:58 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-10-20 22:34 . 2008-08-02 10:58 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-10-20 22:34 . 2010-10-20 22:34 -------- d-----w- c:\program files\TeXnicCenter
2010-10-20 21:47 . 2010-10-20 22:15 -------- d-----w- c:\users\julie\AppData\Roaming\LyX16

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-19 18:29 . 2010-09-21 18:21 214592 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-19 18:07 . 2010-09-21 02:39 138968 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-10-19 10:41 . 2009-11-01 01:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-21 02:39 . 2010-09-21 02:39 139152 ----a-w- c:\users\julie\AppData\Roaming\PnkBstrK.sys
2010-09-21 02:38 . 2010-09-21 02:38 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-09-21 02:38 . 2010-09-21 02:38 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-09-08 04:30 . 2010-10-13 17:36 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-13 17:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-13 17:36 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-13 17:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 04:23 . 2010-10-13 17:36 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34 . 2010-10-13 17:35 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32 . 2010-10-13 17:36 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 04:32 . 2010-10-13 17:36 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46 . 2010-10-13 17:35 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 03:31 . 2010-10-13 17:35 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-27 03:30 . 2010-10-13 17:35 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-27 03:30 . 2010-10-13 17:35 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-26 04:39 . 2010-10-13 17:36 109056 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SansaDispatch"="c:\users\julie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-05-02 79872]
"Google Update"="c:\users\julie\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-10 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

c:\users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
SDK Tray Menu.lnk - c:\sun\SDK\jdk\bin\javaw.exe [2009-11-3 139264]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^julie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
path=c:\users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^julie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 15:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2009-10-18 17:30 2172416 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2009-10-18 17:30 3055616 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-10-25 18:46 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbbMeter]
2009-11-22 11:07 688648 ----a-w- c:\program files\thinkbroadband.com\tbbMeter\tbbmeter.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2009-10-07 32016]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-11-01 142592]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2009-10-07 115856]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2009-10-07 41424]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 BT Common Client;BT Common Client;c:\program files\BT Common Client\btomosrv.exe [2007-07-03 61440]
S2 BTWSp50;BTWSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\BTWSp50.sys [2007-04-20 24560]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 Watch Dog for BT Common Client;Watch Dog for BT Common Client;c:\program files\BT Common Client\btomodog.exe [2007-06-22 24576]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2009-09-15 807936]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-10-07 94992]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2009-10-07 103568]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 19:02]

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-10 19:02]

2010-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2101610157-1370538033-3603198032-1001Core.job
- c:\users\julie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-10 20:50]

2010-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2101610157-1370538033-3603198032-1001UA.job
- c:\users\julie\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-10 20:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tesco.net/
uInternet Settings,ProxyServer = wwwcache.aber.ac.uk:8080
uInternet Settings,ProxyOverride = *.aber.ac.uk;<local>
TCP: {F20D8DFD-B3ED-4BE6-B71C-44AB20B94D9E} = 208.67.222.222,208.67.220.220
TCP: 242797E6361627E6564646341627166716E6 = 208.67.222.222,208.67.220.220
TCP: 24450264573796F6E6D233432323 = 208.67.222.222,208.67.220.220
TCP: 262797E6361627E656464686F6573756 = 208.67.222.222,208.67.220.220
TCP: 4505D2C494E4B4F5445364442323 = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}\components\nstidy.dll
FF - component: c:\users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\julie\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\julie\AppData\LocalLow\POWERC~1\nppowerloader.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3100)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
Completion time: 2010-11-19 21:21:45
ComboFix-quarantined-files.txt 2010-11-19 21:21

Pre-Run: 14,959,747,072 bytes free
Post-Run: 14,828,748,800 bytes free

- - End Of File - - F52671BC7969AF8AA79CF060F78BFD38
  • 0

#9
emeraldnzl
Posted 19 November 2010 - 04:44 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello trilbyfish,

I downloaded again, started to run and then said AVG needs to be un-installed. Is this right, given that i took all anti virus/spyware off the startup programs and rebooted?


My thought is that AVG Resident Shield would have switch back on when you rebooted prompting the query from ComboFix. It looks like you have uninstalled it... has there been a change in your computers behaviour since then?

Tell me when you return.

For now

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.

  • 0

#10
trilbyfish
Posted 19 November 2010 - 05:37 PM

trilbyfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Seems to be working OK now, but could just be a temporary blip. I don't see why it should be working better when all that has been removed is
AVG. I shall have a better idea of whether it is working properly tomorrow. Fingers Crossed!

Here is the OTL log:


OTL logfile created on: 19/11/2010 23:27:30 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\julie\Downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 247.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 62.82 Gb Total Space | 13.73 Gb Free Space | 21.86% Space Free | Partition Type: NTFS
Drive D: | 11.70 Gb Total Space | 4.63 Gb Free Space | 39.55% Space Free | Partition Type: FAT32

Computer Name: LAPTOP | User Name: julie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/12 18:47:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\julie\Downloads\OTL.exe
PRC - [2010/11/01 21:36:03 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Users\julie\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/10/01 21:41:10 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2010/05/02 00:22:33 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\julie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2010/04/24 00:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 00:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/18 17:30:34 | 000,487,936 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007/07/03 16:44:40 | 000,061,440 | ---- | M] (British Telecommunications Plc.) -- C:\Program Files\BT Common Client\btomosrv.exe
PRC - [2007/06/22 11:52:24 | 000,024,576 | ---- | M] (British Telecommunications Plc.) -- C:\Program Files\BT Common Client\btomodog.exe


========== Modules (SafeList) ==========

MOD - [2010/11/12 18:47:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\julie\Downloads\OTL.exe
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/21 11:56:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/04/24 00:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 00:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/18 17:30:34 | 000,487,936 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007/07/03 16:44:40 | 000,061,440 | ---- | M] (British Telecommunications Plc.) [Auto | Running] -- C:\Program Files\BT Common Client\btomosrv.exe -- (BT Common Client)
SRV - [2007/06/22 11:52:24 | 000,024,576 | ---- | M] (British Telecommunications Plc.) [Auto | Running] -- C:\Program Files\BT Common Client\btomodog.exe -- (Watch Dog for BT Common Client)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/24 00:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 00:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 00:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 00:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/11 07:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/01 11:00:52 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009/10/07 10:03:04 | 000,094,992 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009/10/07 10:03:04 | 000,041,424 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2009/10/07 10:02:58 | 000,115,856 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2009/10/07 10:02:40 | 000,103,568 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2009/10/07 10:02:40 | 000,032,016 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2009/09/23 18:18:14 | 004,808,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/09/15 04:36:26 | 000,807,936 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/08/20 01:04:54 | 000,189,440 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 22:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007/08/08 12:07:42 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/04/20 11:14:06 | 000,024,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\btwsp50.sys -- (BTWSp50)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/12/22 17:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/11/16 20:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.aber.ac.uk;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = wwwcache.aber.ac.uk:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.1.7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.4
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..extensions.enabledItems: {68836a21-fc7d-4ea1-a065-7efabd99d414}:3.02
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..extensions.enabledItems: {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}:0.8.6.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.4
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..extensions.enabledItems: {080955ad-b8bb-4500-806f-d2b9ad73d72e}:1.8.66


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/31 16:21:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/31 16:21:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2010/11/17 17:06:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins

[2009/11/01 01:23:43 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Mozilla\Extensions
[2010/11/17 20:27:38 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions
[2010/11/09 19:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/11/09 19:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{080955ad-b8bb-4500-806f-d2b9ad73d72e}
[2010/11/09 19:02:10 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/09/23 18:44:10 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010/04/24 19:54:55 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010/04/09 18:57:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/04 18:42:02 | 000,000,000 | ---D | M] (View Source Chart) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
[2010/11/09 19:02:11 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010/11/09 19:02:12 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/04 18:41:54 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2009/11/16 12:52:04 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/09/23 18:44:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/11/09 19:02:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/09 19:02:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/15 19:46:30 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/09/21 18:47:04 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\[email protected]
[2010/05/12 22:09:19 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\[email protected]
[2010/09/23 18:43:59 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\[email protected]
[2010/05/12 22:09:23 | 000,000,000 | ---D | M] -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\[email protected]
[2010/11/08 21:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/16 03:23:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/15 11:14:17 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/15 11:14:17 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/15 11:14:17 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/15 11:14:17 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O4 - HKCU..\Run: [SansaDispatch] C:\Users\julie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - Startup: C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Sun\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/19 21:20:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/19 20:59:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/19 20:59:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/19 20:59:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/19 20:59:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/19 20:58:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/19 20:48:02 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/11/19 20:19:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/17 17:05:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7
[2010/11/12 17:30:49 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\Malwarebytes
[2010/11/12 17:30:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/12 17:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/12 17:30:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/12 17:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/12 17:29:04 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\julie\Desktop\mbam-setup-1.46.exe
[2010/11/07 12:40:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/11/06 12:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/11/05 18:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/11/05 18:55:32 | 006,238,016 | ---- | C] (SurfRight B.V.) -- C:\Users\julie\Desktop\HitmanPro35.exe
[2010/11/05 18:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/05 18:25:11 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\SUPERAntiSpyware.com
[2010/11/05 18:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/11/03 18:09:40 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\AVG10
[2010/11/03 18:03:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/03 18:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/11/03 15:06:54 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/11/03 15:06:15 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\Usxut
[2010/11/03 15:06:15 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\Adol
[2010/10/30 11:31:57 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\TortoiseSVN
[2010/10/30 00:06:15 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\Subversion
[2010/10/30 00:01:28 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Local\TSVNCache
[2010/10/29 21:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2010/10/29 21:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2010/10/27 15:27:18 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010/10/27 15:27:17 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010/10/27 15:27:16 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/10/27 15:27:16 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/10/27 15:27:05 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010/10/24 18:50:20 | 000,000,000 | ---D | C] -- C:\Users\julie\AppData\Roaming\.emacs.d
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/19 23:15:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/19 22:40:03 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2101610157-1370538033-3603198032-1001UA.job
[2010/11/19 21:13:08 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/19 21:13:08 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/19 20:58:26 | 000,000,004 | ---- | M] () -- C:\Users\julie\tray.pid
[2010/11/19 20:56:39 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/19 20:56:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/19 20:55:59 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/19 20:23:41 | 003,911,040 | R--- | M] () -- C:\Users\julie\Desktop\ComboFix.exe
[2010/11/19 18:29:48 | 000,214,592 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010/11/19 18:07:01 | 000,138,968 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/11/19 16:27:31 | 000,296,448 | ---- | M] () -- C:\Users\julie\Desktop\9tnmb04r.exe
[2010/11/18 00:19:13 | 000,628,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/18 00:19:13 | 000,110,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/17 17:06:16 | 000,002,069 | ---- | M] () -- C:\Users\julie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 7.lnk
[2010/11/17 17:06:15 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 7.lnk
[2010/11/12 17:30:29 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/12 17:29:22 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\julie\Desktop\mbam-setup-1.46.exe
[2010/11/10 17:06:32 | 000,123,678 | ---- | M] () -- C:\Users\julie\Desktop\Testspec.zip
[2010/11/09 20:14:29 | 000,057,344 | ---- | M] () -- C:\Users\julie\Desktop\testspec[draft-word].doc
[2010/11/09 19:07:38 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/06 12:22:11 | 000,001,914 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/11/05 19:43:25 | 000,001,174 | ---- | M] () -- C:\Windows\System32\.crusader
[2010/11/05 18:55:44 | 006,238,016 | ---- | M] (SurfRight B.V.) -- C:\Users\julie\Desktop\HitmanPro35.exe
[2010/11/04 16:18:19 | 000,303,116 | ---- | M] () -- C:\Users\julie\Desktop\CreepyCrawlies_bin.zip
[2010/11/04 15:50:20 | 000,182,002 | ---- | M] () -- C:\Users\julie\Desktop\GAs2.pptx
[2010/11/01 20:46:22 | 000,768,845 | ---- | M] () -- C:\Users\julie\Desktop\Template2.rar
[2010/10/30 20:18:11 | 000,192,025 | ---- | M] () -- C:\Users\julie\Desktop\UI_Mockups.zip
[2010/10/30 00:10:43 | 000,000,851 | ---- | M] () -- C:\Users\julie\.recently-used.xbel
[2010/10/29 22:08:00 | 000,002,111 | ---- | M] () -- C:\Users\julie\Desktop\league.c
[2010/10/27 17:03:20 | 003,639,448 | ---- | M] () -- C:\Users\julie\Desktop\Matt's Designs.rar
[2010/10/25 18:16:21 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2101610157-1370538033-3603198032-1001Core.job
[2010/10/24 00:48:05 | 000,039,890 | ---- | M] () -- C:\Users\julie\Desktop\solver.zip
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/19 20:59:25 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/19 20:59:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/19 20:59:25 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/19 20:59:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/19 20:59:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/19 20:23:44 | 003,911,040 | R--- | C] () -- C:\Users\julie\Desktop\ComboFix.exe
[2010/11/19 16:27:21 | 000,296,448 | ---- | C] () -- C:\Users\julie\Desktop\9tnmb04r.exe
[2010/11/17 17:06:15 | 000,002,069 | ---- | C] () -- C:\Users\julie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 7.lnk
[2010/11/17 17:06:15 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 7.lnk
[2010/11/12 17:30:29 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/10 17:07:43 | 000,123,678 | ---- | C] () -- C:\Users\julie\Desktop\Testspec.zip
[2010/11/09 20:14:40 | 000,057,344 | ---- | C] () -- C:\Users\julie\Desktop\testspec[draft-word].doc
[2010/11/06 12:22:11 | 000,001,914 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2010/11/05 19:43:25 | 000,001,174 | ---- | C] () -- C:\Windows\System32\.crusader
[2010/11/05 19:00:13 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/11/04 16:18:25 | 000,303,116 | ---- | C] () -- C:\Users\julie\Desktop\CreepyCrawlies_bin.zip
[2010/11/04 15:50:48 | 000,182,002 | ---- | C] () -- C:\Users\julie\Desktop\GAs2.pptx
[2010/11/01 20:46:48 | 000,768,845 | ---- | C] () -- C:\Users\julie\Desktop\Template2.rar
[2010/10/30 20:18:11 | 000,192,025 | ---- | C] () -- C:\Users\julie\Desktop\UI_Mockups.zip
[2010/10/30 00:10:43 | 000,000,851 | ---- | C] () -- C:\Users\julie\.recently-used.xbel
[2010/10/29 22:08:04 | 000,002,111 | ---- | C] () -- C:\Users\julie\Desktop\league.c
[2010/10/27 17:03:25 | 003,639,448 | ---- | C] () -- C:\Users\julie\Desktop\Matt's Designs.rar
[2010/10/24 00:48:11 | 000,039,890 | ---- | C] () -- C:\Users\julie\Desktop\solver.zip
[2010/09/21 02:39:39 | 000,138,968 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/09/21 02:39:36 | 000,139,152 | ---- | C] () -- C:\Users\julie\AppData\Roaming\PnkBstrK.sys
[2010/07/01 18:14:43 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2010/07/01 18:13:56 | 000,000,685 | ---- | C] () -- C:\Windows\disney.ini
[2010/02/02 16:07:32 | 000,000,600 | ---- | C] () -- C:\Users\julie\AppData\Local\PUTTY.RND
[2009/11/01 14:38:49 | 000,007,597 | ---- | C] () -- C:\Users\julie\AppData\Local\Resmon.ResmonCfg
[2009/11/01 10:59:55 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/03/04 15:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

< End of report >
  • 0

Advertisements

#11
emeraldnzl
Posted 19 November 2010 - 06:06 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I don't see why it should be working better when all that has been removed is AVG.


Sometimes there can be conflict going on.

See how you go over the next few hours and if it is part of the problem then you might consider one of these:

Here are a couple to choose from (these are also free for personal use):
  • Avast
  • AVIRA Note: AVIRA free comes with adware that promotes their paid for version each time it updates.
Personally I like Avira but they are both good.

Now

There is one browser helper that you have on you machine that does modify search functions although it's not necessarily malicious. I wouldn't have it on my machine though.

You can remove it by running the fix below. If you want the Zynga Toolbar though, don't carry out the fix.

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
[2010/09/04 18:41:54 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

:Commands
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

  • 0

#12
trilbyfish
Posted 19 November 2010 - 06:28 PM

trilbyfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
All processes killed
========== OTL ==========
Prefs.js: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 removed from extensions.enabledItems
C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin folder moved successfully.
C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF folder moved successfully.
C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\lib folder moved successfully.
C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults folder moved successfully.
C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components folder moved successfully.
C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome folder moved successfully.
C:\Users\julie\AppData\Roaming\Mozilla\Firefox\Profiles\zq6s8ed5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: julie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1092436 bytes
->Java cache emptied: 65003290 bytes
->FireFox cache emptied: 68190362 bytes
->Google Chrome cache emptied: 61010992 bytes
->Flash cache emptied: 71806 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 844 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 186.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: julie
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11202010_002052

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#13
emeraldnzl
Posted 19 November 2010 - 06:50 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello trilbyfish,

When you have had a chance to ascertain if your machine is running fine and if you decide to install a new anti-virus please do this:

Download all updates for your antivirus and then run a full scan of your computer. Save the results of the scan and then - if it hasn't already done so - let the program fix all problems it finds. Post results of the scan back here.

I look forward to hearing back from you. :D
  • 0

#14
trilbyfish
Posted 20 November 2010 - 02:02 PM

trilbyfish

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
24 hours on and it seems to be back to normal! Great to not have to tear my hair out with frustration. Any idea what the problem was?

I'll get on with getting the antivirus software and doing the scan.

Thanks again!
  • 0

#15
emeraldnzl
Posted 20 November 2010 - 02:11 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Any idea what the problem was?


Most likely a combination of conflict (AVG with something) and possibly browser interference from a Conduit Community toolbar (Zyngar).

I'll get on with getting the antivirus software and doing the scan.


Look forward to seeing the results. :D
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP