Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! re: WIN32/KATUSHA.A, virus/trojan (Combofix log attch)


  • This topic is locked This topic is locked

#1
RSGsecurity

RSGsecurity

    Member

  • Member
  • PipPip
  • 34 posts
Hi guys, :)
I am hoping you may be able to help me with my headake, ive got a few systems/laptops, I travel alot so am out of the country leaving my brother looking after my house, now upon my return I have logged onto a very unhappy system that is essential as it has has extremely important docs on that stupidly, are not backed up.
I am fairly clued up in I.T, but no wizard, now my computer has very nicely become home to a few viruses, after the odd show from a blue screen or 2 and not being able to run many programmes due to admin restrictions the virus has put in place,
I eventually managed a scan by re-installing AVG and it notified me the virus is in fact a rather annoying WIN32/KATUSHA.A, (possibly more, not been able to scan since)
Now of course on trying to remove this virus it closes down AVG and takes away the admin rights to open it up again.
I have installed many, many anti virus/spy-bot programmes to get around it but all are shut down mid scan/repair with no error message and am not able to open them again as admin rights are taken straight after.
Now I have managed to keep malwarebytes running but still not able to perform a scan with it, I downloaded a programme to keep re-naming it allowing me to always open it again, but it still does not really help as it still wont complete a scan.
Now I did successfully run combofix and will post the log-report at the end of my post

Main problems/bugs being the usual attached to severe Trojans/worms, restricts movement within your own system, random crashes, main problem is I am unable to connect to the internet with the system, router works fine and internet works, but my system cant/wont connect which I am assuming is linked to the virus. (although usually viruses like an internet connection to stay strong but I don't know)
Now please guys, need your help asap, like I say I am fairly comfortable with computers, just the in-depth programme jargon I have no clue about ect..

System specs :-
Windows Vista (dont ask why)
Intel pentium CPU 3.40ghz x4
4 gig ram
dx 11
Nvidia GeForce 8800 GT


ComboFix Log :-

ComboFix 11-11-08.02 - rob 08/11/2011 17:37:18.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3326.2642 [GMT 0:00]
Running from: c:\users\rob\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Spyware Doctor with AntiVirus *Disabled/Outdated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Recycle.Bin
c:\recycle.bin\291E3990EB1B46B
c:\users\rob\AppData\Local\c98a56f6\U
c:\users\rob\AppData\Local\c98a56f6\U\[email protected]
c:\users\rob\AppData\Local\c98a56f6\U\[email protected]
c:\users\rob\AppData\Roaming\alot
c:\windows\$NtUninstallKB24707$
c:\windows\$NtUninstallKB24707$\3136146523
c:\windows\$NtUninstallKB24707$\3381286646\@
c:\windows\$NtUninstallKB24707$\3381286646\L\fomtmfeh
c:\windows\system32\
c:\windows\system32\c_65151.nl_
c:\windows\system32\c_65151.nls
.
Infected copy of c:\windows\system32\drivers\dfsc.sys was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.22625_none_89f9ad5afc6b7999\dfsc.sys
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
.
Infected copy of c:\windows\system32\drivers\tdx.sys was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
.
c:\windows\system32\nvvsvc.exe . . . is infected!!
c:\windows\system32\nvvsvc.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\windows\system32\IoctlSvc.exe . . . is infected!!
c:\windows\system32\IoctlSvc.exe . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_c98a56f6
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2011-10-08 to 2011-11-08 )))))))))))))))))))))))))))))))
.
.
2011-11-08 17:08 . 2011-11-08 17:08 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-08 17:01 . 2011-11-08 17:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-08 17:01 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-08 13:48 . 2011-11-08 13:48 -------- d-----w- c:\users\rob\AppData\Roaming\Malwarebytes
2011-11-08 13:48 . 2011-11-08 13:48 -------- d-----w- c:\programdata\Malwarebytes
2011-11-08 12:37 . 2011-11-08 12:37 -------- d-----w- c:\users\rob\DoctorWeb
2011-11-08 11:29 . 2010-02-05 09:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-11-08 11:29 . 2010-02-05 09:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-08 11:28 . 2009-10-06 16:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-08 11:28 . 2009-09-23 16:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-08 11:28 . 2010-02-05 09:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-08 11:28 . 2011-11-08 11:48 -------- d-----w- c:\program files\Spyware Doctor
2011-11-08 11:28 . 2011-11-08 11:48 -------- d-----w- c:\program files\Common Files\PC Tools
2011-11-08 11:28 . 2011-11-08 11:28 -------- d-----w- c:\users\rob\AppData\Roaming\PC Tools
2011-11-08 11:28 . 2011-11-08 11:28 -------- d-----w- c:\programdata\PC Tools
2011-11-08 11:24 . 2011-11-08 11:28 -------- d-----w- c:\users\rob\AppData\Roaming\GetRightToGo
2011-11-07 23:12 . 2011-11-07 23:12 -------- d-----w- C:\$AVG
2011-11-07 23:00 . 2011-11-07 23:00 -------- d-----w- c:\users\rob\AppData\Roaming\AVG
2011-11-07 22:43 . 2011-11-07 22:43 -------- d--h--w- c:\programdata\Common Files
2011-11-07 22:42 . 2011-11-08 17:18 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-07 22:42 . 2011-11-07 23:03 -------- d-----w- c:\programdata\AVG2012
2011-11-07 22:35 . 2011-11-08 17:18 -------- d-----w- c:\programdata\MFAData
2011-11-07 22:14 . 2011-11-07 22:14 -------- d-----w- c:\programdata\ZA_PreservedFiles
2011-11-06 01:10 . 2009-02-24 18:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2011-11-06 01:10 . 2011-11-06 01:11 -------- d-----w- c:\program files\MagicDisc
2011-11-06 00:58 . 2011-11-06 00:58 -------- d-----w- c:\program files\ISO Image Burner
2011-11-05 18:27 . 2009-12-15 10:46 24192 ----a-w- c:\windows\system32\drivers\tcpipBM.sys
2011-11-05 18:27 . 2009-12-15 10:46 13712 ----a-w- c:\windows\system32\sporder.dll
2011-11-05 18:27 . 2009-12-15 10:46 724608 ----a-w- c:\windows\system32\bmutil.dll
2011-11-05 18:27 . 2009-12-15 10:46 480384 ----a-w- c:\windows\system32\bmnet.dll
2011-11-05 18:27 . 2009-12-15 10:46 308352 ----a-w- c:\windows\system32\bminstall.dll
2011-11-05 18:27 . 2009-12-15 10:46 13184 ----a-w- c:\windows\system32\drivers\BMLoad.sys
2011-11-05 18:27 . 2009-12-15 10:46 132224 ----a-w- c:\windows\system32\bmdumpd.bin
2011-11-05 18:24 . 2011-11-05 18:28 -------- d-----w- c:\programdata\DatacardService
2011-11-04 07:39 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF62152B-4229-4B24-8D07-69455384D0BB}\mpengine.dll
2011-11-03 10:17 . 2011-11-07 22:05 -------- d-----w- c:\program files\ThreatFire
2011-11-03 09:37 . 2011-11-03 09:37 -------- d-----w- c:\program files\CheckPoint
2011-11-03 09:12 . 2011-11-07 22:23 -------- d-----w- c:\windows\system32\ZoneLabs
2011-11-03 09:12 . 2011-11-03 09:12 -------- d-----w- c:\programdata\CheckPoint
2011-10-27 08:39 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-22 08:19 . 2011-10-22 08:19 -------- d-----w- c:\programdata\WindowsSearch
2011-10-16 18:57 . 2011-10-16 18:57 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-12 18:33 . 2011-11-08 17:45 -------- d-sh--w- c:\users\rob\AppData\Local\c98a56f6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 22:35 . 2011-10-07 22:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 06:23 . 2011-10-07 06:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 06:21 . 2011-10-04 06:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-13 06:30 . 2011-09-13 06:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 12:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
2009-05-06 15:27 2093080 ----a-w- c:\program files\Mininova\tbMini.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMini.dll" [2009-05-06 2093080]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= "c:\program files\Mininova\tbMini.dll" [2009-05-06 2093080]
.
[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe" [2009-12-31 110592]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DataCardMonitor"="c:\program files\T-Mobile\InternetManager_H\DataCardMonitor.exe" [2011-11-05 253952]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-23 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-23 13535776]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-24 2415456]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-01-18 1286608]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Users^rob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^rob^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-13 06:39 323392 ----a-w- c:\users\rob\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series]
2007-04-12 06:00 182272 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-03 09:47 136176 ----atw- c:\users\rob\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R2 5016;5016;c:\users\rob\AppData\Local\Temp\5016.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2010-11-16 264704]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-01-30 90112]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-01-30 73216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4036179511-3194814763-3673611557-1000Core.job
- c:\users\rob\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-03 09:47]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8E40D4BF-A044-47BE-A131-56F7AB13DF55}: NameServer = 90.207.238.97,87.86.189.16
FF - ProfilePath - c:\users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc71a3b&v=7.005.030.004&i=26&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-CmPCIaudio - cmicnfg3.cpl
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\program files\T-Mobile\InternetManager_H\DataCardMonitor.exe????d?3??P???????indowsPowerShell???e?3???????????????????????????????3???8??????am Files\T-Mobile\InternetManager_H\?;.J?????3??c:\program files\T-Mobile\InternetManager_H\?tmpX??X?3???8??????
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\rob\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
.
**************************************************************************
.
Completion time: 2011-11-08 18:04:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-08 18:04
.
Pre-Run: 362,685,657,088 bytes free
Post-Run: 362,522,005,504 bytes free
.
- - End Of File - - 4CC2AE20105AACEA3CE64973669B0F71
  • 0

Advertisements


#2
RSGsecurity

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Just an update, after the combofix run I am now able to run malwarebytes and i have done a quick scan and it came back telling me all is well with no malicious stuff found?.?.
But yet I am still unable to connect to the internet or open many files as the only response Im getting is the "windows cannot access the specified device... ect"
When im the only user (also same response in safe mode) also AVG is not scanning just cuts out mid scan still (although i have not re-installed that since combofix)
Thanks!
  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I like a mystery so lets get at it... First when you try to connect to the internet what error do you get ?

First I will take a look at the system, then run some repairs and finaly check out the net problem

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    afd.*
    tcpip.*
    netbt.*
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download Windows Repair (all in one) from this site

Install the programme then run

Go to step 2 and allow it to run Disc check
Posted Image

Once that is done then go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab select advanced mode and click start
Posted Image

Select the items ticked (remove the ticks from the rest ) and tick restart system when finished


If still no internet then do the following checks

Open Services...
Start > Run > Type: services.msc > Click OK
Scroll down to and double click DNS Client
Set to Automatic under Startup type
Click the Apply button
Click the Start button
When it starts click OK

Repeat for DHCP Client.
And repeat for Remote Procedure Call (RPC).

When done, close Services.

Try the connection again
  • 0

#4
RSGsecurity

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Thanks for your reply, im just scanning OTL now and have installed all in one. With regards to the error message with the internet, its just the simple page cannot be displayed, on IE, Chrome and firefox.

In the mean time, just as an update, I have managed to (well I am sure I have) remove all traces of any malware/viruses, using the miracle bit of kit combofix
Now I have reinstalled AVG and Malwarebytes and both are now scanning/running fine and report no problems, but yet, I still have the odd file not allowing me the correct privileges and my computer still will not recognise my virgin router (or does randomly but then looses it).
Now I rang virgin, went trough several steps grinding my teeth, reset the router ect, now there answer after I was still unable to even bring up the router page trough IE was, "oh your router must be faulty we will send you a new one" now I am almost certain this is not the case but hey ho.

Now my computer can connect to the internet using a dongle I have via t-mobile plugged straight into a USB, so the computer can connect to the internet as I am sitting on it now, just am unable to connect to my bloody router via my virgin connection.
I was connected last night for a couple of hours, it was very odd, I was fully connected, downloading updates trough steam ect, but yet was unable to browse via anything, firefox, chrome, IE, but I was defiantly connected? I googled this and it seems a mystery problem some have but just will randomly cure itself?

Also, I don't know if its related to my iconnection but I can download windows updates fine, but when I restart to install them, they install, comp reboots, then it sais there was a problem configuring them and reboots and rolls back/de-installs them, was not sure if it was because I had to be connected to the internet while they was configuring but did not think this was the case.

but yes thats where i stand at the minute, will post the OTL log as soon as it finishes and then run allinone and keep my fingers crossed.

Thanks.

Edited by RSGsecurity, 09 November 2011 - 10:42 AM.

  • 0

#5
RSGsecurity

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hey, scan complete please find attch the logs, running all in one scan now.

extras :-


OTL Extras logfile created on: 09/11/2011 16:21:04 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\rob\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 71.99% Memory free
6.71 Gb Paging File | 5.50 Gb Available in Paging File | 82.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 318.41 Gb Free Space | 68.36% Space Free | Partition Type: NTFS
Drive D: | 29.29 Gb Total Space | 29.19 Gb Free Space | 99.66% Space Free | Partition Type: NTFS
Drive E: | 98.70 Gb Total Space | 98.60 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Drive F: | 4.38 Gb Total Space | 4.20 Gb Free Space | 95.79% Space Free | Partition Type: UDF
Drive H: | 31.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROB-PC | User Name: rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- %SystemRoot%\System32\winhlp32.exe %1

[HKEY_USERS\S-1-5-21-4036179511-3194814763-3673611557-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C908AEA-3844-46F0-A32F-271EA2FFAA99}" = rport=445 | protocol=6 | dir=out | app=system |
"{163D83F1-3BB1-4069-9A8A-AA74AA82D3F9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1B61B02C-3275-46A1-B9CE-DAE96B6373D3}" = rport=138 | protocol=17 | dir=out | app=system |
"{5400836B-08A7-48BA-9B3F-30D6CCF2CE29}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5B1CA8BA-3FEF-4F81-B4BB-399747081C86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6652F507-3AAA-4366-808F-79840491587E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C2A3A4D-B812-4969-9EDA-5DDB5BDC943A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6F8DFD6C-423D-4471-8BDC-1E34CC0636D7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9126C840-0472-4111-9427-CC6897BC4F0F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9E9913B5-C360-47B7-BB61-32EC1C70083F}" = lport=445 | protocol=6 | dir=in | app=system |
"{A01E6802-D5E9-4B87-9753-7F4230C3B94C}" = lport=138 | protocol=17 | dir=in | app=system |
"{A95F4F94-159C-4CD8-8F49-F7A3A7D4417E}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB7002EF-D533-4A5F-AA4E-F7007B280C41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ADD435EE-87EA-4C8A-9930-8978A9B56953}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BA48CDF9-7F5E-4D71-A51C-959F16BEDF68}" = lport=139 | protocol=6 | dir=in | app=system |
"{DE4EC22A-1B8E-4175-9F01-4FF73FE3E848}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{DE8D8985-DDA4-4714-8FFE-758F458DD014}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{DEC91224-E4E0-40A7-8ABF-2EF6684DA55E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E6136AAD-9A6A-4A01-9E08-538610349A88}" = rport=137 | protocol=17 | dir=out | app=system |
"{EBB3E774-F932-43AA-9DFE-C19891A68079}" = rport=139 | protocol=6 | dir=out | app=system |
"{F6DF3435-7B95-4B34-82AB-5249CC49B891}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FD60EF12-0692-4A10-91E6-86E3DEC89633}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D59077-5FB5-4B0A-BABC-F67D2EBA4FCA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3095D254-ED80-4653-94A7-AC813616829B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{31484236-3859-46B4-A042-7FB8943A85DD}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{38BA8A7B-6BCA-471A-9B22-265E5B4E64DC}" = protocol=58 | dir=in | [email protected],-28545 |
"{542CD951-0569-411D-81C1-590211A8F405}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{59589F5D-0599-4E36-996F-167607D7673B}" = protocol=58 | dir=out | [email protected],-28546 |
"{662F2DB8-C64A-450E-86EA-86DBDA3059C6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{76C7388B-1A8E-4750-AB74-6AB604F0D843}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7F596119-E3BD-454E-93D2-6A6F08EA439E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{84C8D1AE-C263-4023-8761-5C2E287B7DDB}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{96F7C651-FE88-4D12-BD02-0A24D4CA010F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B96CDB37-038F-4F6C-8674-46A8F9088B6C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{BC9C500C-55CD-4587-9F75-9D41E9A83646}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{BCBCDB20-8018-4C19-9A4F-D24735C1C931}" = protocol=1 | dir=in | [email protected],-28543 |
"{BCDC5519-96D6-43A9-9518-F179595A0E38}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{C6C43247-97D3-4A7C-9E7D-47978892368B}" = protocol=6 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe |
"{D005F0BB-7881-43EC-9F3A-0CCB32FBA10B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D0C68BC5-2A4F-419A-870F-8CD944256DC1}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{E6F4D74C-6232-47B1-9ADD-EBEA6C921314}" = protocol=1 | dir=out | [email protected],-28544 |
"{F02B3857-A607-44A2-8A79-580808BE9E79}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{F2E3AD81-6B92-477F-BA3E-6D3C460359A9}" = protocol=17 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe |
"{F6A4EF66-3C70-40D9-822A-E386D547F83C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{000AE7C0-4504-4E8D-93EE-C00C955AFEFA}C:\windows\system32\wermgr.exe" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe |
"TCP Query User{0E78D732-553D-4870-BB28-BB9D349B3A00}C:\users\rob\appdata\local\temp\glbe2d0.tmp" = protocol=6 | dir=in | app=c:\users\rob\appdata\local\temp\glbe2d0.tmp |
"TCP Query User{189EEBDB-1C73-4D7A-9A12-5165EB58014C}C:\program files\steam\steamapps\rsg_security\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\rsg_security\team fortress 2\hl2.exe |
"TCP Query User{266565C5-B50D-450B-B413-E337DB085BEE}C:\program files\common files\java\java update\jaucheck.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jaucheck.exe |
"TCP Query User{2E687FE7-D101-4082-BE12-4AD70709692E}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{2F13F8A9-5D02-4476-9509-C76F8EB1EACC}C:\windows\system32\wercon.exe" = protocol=6 | dir=in | app=c:\windows\system32\wercon.exe |
"TCP Query User{3B0532AB-03C2-41B6-A622-CD637FA161BC}C:\windows\system32\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\system32\rundll32.exe |
"TCP Query User{510CB38F-625F-420E-8CA9-80AA3C1967FE}C:\program files\common files\java\java update\jusched.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |
"TCP Query User{64419E25-4C1D-4CCF-A0DF-3A076A793304}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{6D05E0D4-AEA5-44AE-82DC-D9F83CB6CA64}C:\users\rob\appdata\local\google\update\googleupdate.exe" = protocol=6 | dir=in | app=c:\users\rob\appdata\local\google\update\googleupdate.exe |
"TCP Query User{891CC8CE-7B9A-4352-8919-8CB2BB9C1E23}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8D11BFCB-C43A-422C-B8BA-2E43AA88F7C2}C:\users\rob\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\rob\program files\dna\btdna.exe |
"TCP Query User{9843CB50-75CA-4EE4-B9FD-4AEE820D0A94}C:\program files\apple software update\softwareupdate.exe" = protocol=6 | dir=in | app=c:\program files\apple software update\softwareupdate.exe |
"TCP Query User{9C604E4F-B7A4-4BBC-8443-B52B49F37CED}C:\windows\system32\werfault.exe" = protocol=6 | dir=in | app=c:\windows\system32\werfault.exe |
"TCP Query User{A5E7C8C8-D881-4281-B9B6-35B54C043EEA}C:\program files\common files\java\java update\jucheck.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jucheck.exe |
"TCP Query User{B5E00A00-E745-4787-96B8-474392DC1954}C:\program files\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files\safari\safari.exe |
"TCP Query User{B77414EA-2BA5-4CB7-81DC-4073F1BC540F}C:\users\rob\downloads\softonicdownloader_for_threatfire.exe" = protocol=6 | dir=in | app=c:\users\rob\downloads\softonicdownloader_for_threatfire.exe |
"TCP Query User{B90C1934-A217-4A44-9485-4F074D65DFC1}C:\users\rob\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\rob\program files\dna\btdna.exe |
"TCP Query User{CCFADFFF-099A-4FDB-AB45-433CE32A4558}C:\program files\windows defender\msascui.exe" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |
"TCP Query User{CE20C1FD-81FC-45C9-81A9-1920EA0CD7E1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E1E82C77-C09A-4F4D-9177-6C84DBF7F449}C:\users\rob\appdata\local\temp\user32.exe" = protocol=6 | dir=in | app=c:\users\rob\appdata\local\temp\user32.exe |
"TCP Query User{E60E42E5-E7B0-46FA-8349-0C197A2D961A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E93D7E44-1BD4-4ACE-A79D-D1CAE34EC264}C:\program files\common files\adobe\updater6\adobe_updater.exe" = protocol=6 | dir=in | app=c:\program files\common files\adobe\updater6\adobe_updater.exe |
"TCP Query User{F24FA15A-6D33-4A09-8D6E-B4A92F33E9CE}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F25CD5A7-FA3E-4734-84C7-DC68318C4EB5}C:\users\rob\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\rob\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{F99EEAAE-574E-4E02-BEC3-3089635807FA}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{FCEA46E3-818F-4369-B618-F75D6F402EA1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{FD9A41D4-5685-4A97-848B-9EE79FEC9819}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0F650759-14F9-431B-8581-B3192983D9D9}C:\program files\common files\adobe\updater6\adobe_updater.exe" = protocol=17 | dir=in | app=c:\program files\common files\adobe\updater6\adobe_updater.exe |
"UDP Query User{22452F15-E060-4445-B5A3-BB434A30DBB1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{403ACB93-D6D5-40C6-84B2-A16CABC74BF7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{479044AA-8075-4815-A203-4086A800FDCA}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{4BF04A12-DECD-41E5-BEDD-C51AB7CE324D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4C611B87-A03D-45C6-8320-E2E5FD333F1F}C:\windows\system32\wermgr.exe" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe |
"UDP Query User{520782E2-4992-4C8A-8B86-D0FEEFEDECAA}C:\program files\common files\java\java update\jaucheck.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jaucheck.exe |
"UDP Query User{62ABF0AD-4E93-4414-91AF-F189638C123F}C:\windows\system32\werfault.exe" = protocol=17 | dir=in | app=c:\windows\system32\werfault.exe |
"UDP Query User{62D419B1-ACBE-49F1-A49D-D9D7C4CFFF13}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{672FD37C-FF41-499E-B7CB-ADD189C49736}C:\users\rob\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\rob\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{71DBFC99-0B48-4CE1-9FA0-DCF12F5E1F44}C:\users\rob\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\rob\program files\dna\btdna.exe |
"UDP Query User{72815C15-FB86-4AAE-9F73-3518F6D29E70}C:\users\rob\downloads\softonicdownloader_for_threatfire.exe" = protocol=17 | dir=in | app=c:\users\rob\downloads\softonicdownloader_for_threatfire.exe |
"UDP Query User{7BA2FD8C-66FC-4FA5-B1F7-CDC678608ED3}C:\users\rob\appdata\local\temp\glbe2d0.tmp" = protocol=17 | dir=in | app=c:\users\rob\appdata\local\temp\glbe2d0.tmp |
"UDP Query User{833E7ED8-5F82-4828-AE52-E002C012905D}C:\program files\common files\java\java update\jusched.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |
"UDP Query User{8835F851-6373-4403-B63A-2E1D562D2CCB}C:\users\rob\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\rob\program files\dna\btdna.exe |
"UDP Query User{8D0C1378-580C-4F47-AE3C-32E5D2FB3A9D}C:\program files\common files\java\java update\jucheck.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jucheck.exe |
"UDP Query User{A39902FD-5A34-4296-8132-25F1FB44E734}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{A4A69A63-3E6E-4CBC-990C-AB6F4C266845}C:\program files\steam\steamapps\rsg_security\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\rsg_security\team fortress 2\hl2.exe |
"UDP Query User{AA54B2BA-B309-4EFF-B256-74C1BBC03CD6}C:\users\rob\appdata\local\temp\user32.exe" = protocol=17 | dir=in | app=c:\users\rob\appdata\local\temp\user32.exe |
"UDP Query User{B3C63886-F1D9-4C8B-AE1D-AE4B1C72883D}C:\windows\system32\wercon.exe" = protocol=17 | dir=in | app=c:\windows\system32\wercon.exe |
"UDP Query User{CCB006E6-A9EF-4DEA-9284-39EA632A542D}C:\windows\system32\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\system32\rundll32.exe |
"UDP Query User{D1D681E7-149C-467F-9E14-9F09B1B19C81}C:\users\rob\appdata\local\google\update\googleupdate.exe" = protocol=17 | dir=in | app=c:\users\rob\appdata\local\google\update\googleupdate.exe |
"UDP Query User{E044D1EC-81D6-43C2-AF01-338A3A9FD0A0}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E8190CEB-0402-4223-9C0B-7D0B4E648BA9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{F5E544D0-93CA-4E16-B6D4-119A519153A9}C:\program files\windows defender\msascui.exe" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |
"UDP Query User{F74DA4FD-D12C-4FAA-8FBD-E38627E01B6D}C:\program files\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files\safari\safari.exe |
"UDP Query User{FC1E8648-06C3-48EF-A76E-683B06CF02B6}C:\program files\apple software update\softwareupdate.exe" = protocol=17 | dir=in | app=c:\program files\apple software update\softwareupdate.exe |
"UDP Query User{FDDD1C61-B9E5-4889-871D-8DC621078836}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{10B1D4F7-6568-48F7-92FD-74D616CD061E}" = Serif CraftArtist Wedding Days Collection
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCA8E5B-0192-47FB-A6D0-8FDB4E6AD67D}" = Weight Watchers pure points
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{62292998-4C9E-4D10-97D2-77AEE95FAFAA}" = DaisyTrail Serif Christmas Card 2009 Digikit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{803F0464-BCEF-4051-B351-D8C0B16DDEC5}" = Lavasoft Registry Tuner
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C01FC6F-24F4-4DC6-AA81-DA00E828E118}" = DaisyTrail Be My Valentine Digikit
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2B123D3-E780-4EB0-B540-18F5FCC6EFE9}_is1" = ISO Image Burner 1.1
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{BE282C23-5484-47FF-B2C1-EBEA5C891033}" = Nero 8 Ultra Edition HD
"{C1B148C9-FACF-45F1-8356-4E1C5E3DAA5B}" = Serif CraftArtist
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0073ECF-DBCD-48D5-B28C-9D482376277C}" = DaisyTrail Valentine's Day 2011 Digikit
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"C-Media PCI Audio Driver" = C-Media PCI Audio Driver
"conduitEngine" = Conduit Engine
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mininova Toolbar" = Mininova Toolbar
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"NVIDIA Drivers" = NVIDIA Drivers
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 440" = Team Fortress 2
"Tetris Worlds" = Tetris Worlds
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4036179511-3194814763-3673611557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/11/2011 15:09:59 | Computer Name = rob-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 08/11/2011 15:15:30 | Computer Name = rob-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/11/2011 15:39:36 | Computer Name = rob-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/11/2011 17:32:57 | Computer Name = rob-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/11/2011 18:06:17 | Computer Name = rob-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/11/2011 18:13:01 | Computer Name = rob-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/11/2011 18:52:20 | Computer Name = rob-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/11/2011 19:31:49 | Computer Name = rob-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/11/2011 19:49:03 | Computer Name = rob-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/11/2011 21:04:51 | Computer Name = rob-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 09/11/2011 12:40:46 | Computer Name = rob-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/11/2011 12:40:51 | Computer Name = rob-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/11/2011 12:40:56 | Computer Name = rob-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/11/2011 12:41:01 | Computer Name = rob-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/11/2011 12:41:07 | Computer Name = rob-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/11/2011 12:41:12 | Computer Name = rob-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/11/2011 12:41:17 | Computer Name = rob-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/11/2011 12:41:22 | Computer Name = rob-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/11/2011 12:41:27 | Computer Name = rob-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09/11/2011 12:41:32 | Computer Name = rob-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


OTL:-

OTL logfile created on: 09/11/2011 16:21:04 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\rob\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 71.99% Memory free
6.71 Gb Paging File | 5.50 Gb Available in Paging File | 82.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 318.41 Gb Free Space | 68.36% Space Free | Partition Type: NTFS
Drive D: | 29.29 Gb Total Space | 29.19 Gb Free Space | 99.66% Space Free | Partition Type: NTFS
Drive E: | 98.70 Gb Total Space | 98.60 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Drive F: | 4.38 Gb Total Space | 4.20 Gb Free Space | 95.79% Space Free | Partition Type: UDF
Drive H: | 31.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ROB-PC | User Name: rob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/09 16:19:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\rob\Downloads\OTL.exe
PRC - [2011/11/05 18:25:37 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe
PRC - [2011/10/24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/17 15:44:02 | 000,114,688 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\T-Mobile Internet Manager.exe
PRC - [2009/12/31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\rob\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/26 08:10:46 | 000,420,920 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\ppgooglenaclpluginchrome.dll
MOD - [2011/10/26 08:10:45 | 003,702,840 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
MOD - [2011/10/26 08:09:09 | 000,122,952 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\avutil-51.dll
MOD - [2011/10/26 08:09:07 | 000,222,280 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\avformat-53.dll
MOD - [2011/10/26 08:09:06 | 001,745,992 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\avcodec-53.dll
MOD - [2011/10/26 05:14:43 | 008,587,936 | ---- | M] () -- C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
MOD - [2011/03/17 15:44:02 | 000,114,688 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\T-Mobile Internet Manager.exe
MOD - [2010/08/18 18:02:20 | 000,159,744 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\SMSPlugin.dll
MOD - [2010/07/31 14:54:06 | 000,065,536 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\SpeedManagerPlugin.dll
MOD - [2010/07/21 11:57:06 | 000,090,112 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DialUpPlugin.dll
MOD - [2010/07/21 11:53:42 | 000,122,880 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DeviceMgrPlugin.dll
MOD - [2010/07/21 11:53:26 | 000,237,568 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DeviceMgrUIPlugin.dll
MOD - [2010/07/21 11:51:42 | 001,019,904 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NDISAPI.dll
MOD - [2010/06/28 15:41:34 | 000,155,648 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DetectDev.dll
MOD - [2009/09/08 12:54:44 | 000,065,536 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\ConfigFilePlugin.dll
MOD - [2009/09/08 12:49:12 | 000,139,264 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NetInfoPlugin.dll
MOD - [2009/05/23 11:02:32 | 000,061,440 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\XCodec.dll
MOD - [2009/05/23 11:02:30 | 000,061,440 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\DeviceOperate.dll
MOD - [2009/05/23 11:02:24 | 000,557,056 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\atcomm.dll
MOD - [2009/01/09 11:31:54 | 000,139,264 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\LocaleMgrPlugin.dll
MOD - [2009/01/09 11:30:38 | 000,032,768 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\NotifyServicePlugin.dll
MOD - [2008/11/08 10:52:10 | 000,090,112 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\FileManager.dll
MOD - [2008/11/08 10:52:08 | 000,014,848 | ---- | M] () -- C:\Program Files\T-Mobile\InternetManager_H\isaputrace.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ThreatFire)
SRV - File not found [Auto | Stopped] -- -- (sdCoreService)
SRV - File not found [Auto | Stopped] -- -- (PLFlash DeviceIoControl Service)
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (HWDeviceService.exe)
SRV - File not found [Auto | Stopped] -- -- (clr_optimization_v4.0.30319_32)
SRV - [2011/11/08 21:13:44 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/08/23 00:35:00 | 000,547,360 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Windows\System32\nvsvc.dll -- (nvsvc)
SRV - [2008/01/21 02:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/21 02:21:32 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/21 02:21:32 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/01/30 18:19:00 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/01/30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/12/24 11:48:26 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/23 00:35:00 | 007,475,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/21 02:22:34 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.svs -- (NDProxy)
DRV - [2007/05/18 03:58:30 | 001,399,936 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2005/06/24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 09:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4036179511-3194814763-3673611557-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4036179511-3194814763-3673611557-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-4036179511-3194814763-3673611557-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.3.3
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..keyword.URL: "http://search.avg.co...k&lng=en-GB&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\rob\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\rob\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/07 22:43:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/27 09:38:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/27 09:38:26 | 000,000,000 | ---D | M]

[2010/11/19 12:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rob\AppData\Roaming\Mozilla\Extensions
[2011/11/08 19:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\extensions
[2010/11/19 12:25:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/19 14:29:47 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010/11/19 14:29:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\extensions\[email protected]
[2011/10/29 15:21:00 | 000,001,210 | ---- | M] () -- C:\Users\rob\AppData\Roaming\Mozilla\Firefox\Profiles\oekctc8h.default\searchplugins\search.xml
[2010/11/19 12:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/07 22:43:30 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2010/10/27 05:24:34 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/10/27 05:24:34 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/10/27 05:24:34 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/10/27 05:24:34 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\rob\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\rob\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.8.1 (Enabled) = C:\Users\rob\AppData\Local\Yahoo!\BrowserPlus\2.8.1\Plugins\npybrowserplus_2.8.1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\

O1 HOSTS File: ([2011/11/08 19:08:48 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Mininova Toolbar) - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Mininova Toolbar) - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4036179511-3194814763-3673611557-1000\..\Toolbar\WebBrowser: (Mininova Toolbar) - {F592709F-FF4A-4862-B659-4AFABDA56312} - C:\Program Files\Mininova\tbMini.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4036179511-3194814763-3673611557-1000..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-4036179511-3194814763-3673611557-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4036179511-3194814763-3673611557-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10D569C2-DE81-4297-BE56-9DF26B8AD87F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B3D2CFB-BA9F-4FCF-AF46-F868DB59F166}: NameServer = 149.254.230.7 149.254.192.126
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\rob\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\rob\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/16 21:37:37 | 000,142,336 | R--- | M] () - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/06/30 16:43:22 | 000,000,048 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/09 16:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2011/11/09 16:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2011/11/08 21:53:34 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Lavasoft
[2011/11/08 21:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/11/08 21:53:19 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/11/08 21:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2011/11/08 21:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools
[2011/11/08 21:20:08 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/11/08 21:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/11/08 21:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/11/08 21:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/11/08 19:45:34 | 000,000,000 | ---D | C] -- C:\Users\rob\Desktop\Rick's Anti-Virus DO NOT DELETE!!
[2011/11/08 19:08:46 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/08 18:04:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/08 17:53:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/08 17:48:53 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Local\temp
[2011/11/08 17:28:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/08 17:28:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/08 17:28:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/08 17:28:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/08 17:28:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/08 17:26:24 | 000,000,000 | ---D | C] -- C:\Users\rob\Desktop\A guide and tutorial on using ComboFix_files
[2011/11/08 17:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/08 17:01:26 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/08 17:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/08 13:48:56 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Malwarebytes
[2011/11/08 13:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/08 12:37:18 | 000,000,000 | ---D | C] -- C:\Users\rob\DoctorWeb
[2011/11/08 11:29:05 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/11/08 11:29:05 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/11/08 11:28:58 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/11/08 11:28:58 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/11/08 11:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011/11/08 11:28:55 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/11/08 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2011/11/08 11:28:48 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\PC Tools
[2011/11/08 11:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/08 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/11/08 11:24:19 | 000,000,000 | ---D | C] -- C:\Users\rob\Desktop\Downloads
[2011/11/08 11:24:17 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\GetRightToGo
[2011/11/07 23:12:48 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/11/07 23:00:21 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\AVG
[2011/11/07 22:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/11/07 22:44:57 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\AVG2012
[2011/11/07 22:43:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/11/07 22:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/07 22:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/07 22:42:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/11/07 22:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/07 22:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2011/11/06 10:41:05 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2011/11/06 01:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2011/11/06 01:10:12 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\Windows\System32\drivers\mcdbus.sys
[2011/11/06 01:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2011/11/06 00:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO Image Burner
[2011/11/06 00:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\ISO Image Burner
[2011/11/05 18:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\T-Mobile Internet Manager
[2011/11/05 18:27:13 | 000,480,384 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmnet.dll
[2011/11/05 18:27:13 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bminstall.dll
[2011/11/05 18:27:13 | 000,132,224 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmdumpd.bin
[2011/11/05 18:27:13 | 000,024,192 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\tcpipBM.sys
[2011/11/05 18:27:13 | 000,013,184 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\BMLoad.sys
[2011/11/05 18:26:17 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2011/11/05 18:26:17 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011/11/05 18:26:17 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011/11/05 18:26:17 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2011/11/05 18:26:17 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2011/11/05 18:26:17 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2011/11/05 18:26:17 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2011/11/05 18:26:17 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2011/11/05 18:26:17 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2011/11/05 18:26:17 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2011/11/05 18:26:17 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2011/11/05 18:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2011/11/03 10:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/11/03 10:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2011/11/03 09:48:24 | 000,000,000 | ---D | C] -- C:\Users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/11/03 09:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/11/03 09:32:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/03 09:12:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs
[2011/11/03 09:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/10/27 09:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/27 09:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/10/22 08:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/10/16 18:57:19 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/10/12 18:33:29 | 000,000,000 | -HSD | C] -- C:\Users\rob\AppData\Local\c98a56f6

========== Files - Modified Within 30 Days ==========

[2011/11/09 16:22:56 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2011/11/09 15:31:49 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/09 15:31:49 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/09 03:37:48 | 000,666,780 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2011/11/09 03:37:48 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/09 03:37:48 | 000,133,492 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2011/11/09 03:37:48 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/09 03:29:32 | 000,305,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/09 03:29:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/09 03:26:49 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/08 23:44:45 | 109,146,312 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/08 21:53:20 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Lavasoft Registry Tuner.lnk
[2011/11/08 21:49:27 | 000,000,727 | ---- | M] () -- C:\Users\rob\Desktop\RegCleaner.lnk
[2011/11/08 21:20:08 | 000,000,213 | ---- | M] () -- C:\Users\rob\Desktop\Team Fortress 2.url
[2011/11/08 21:08:39 | 000,000,746 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/11/08 19:08:48 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/11/08 17:01:29 | 000,000,890 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/08 13:47:14 | 000,001,370 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\cmd - Shortcut.lnk
[2011/11/08 13:24:27 | 000,001,356 | ---- | M] () -- C:\Users\rob\AppData\Local\d3d9caps.dat
[2011/11/08 13:14:07 | 256,600,386 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/08 11:28:56 | 000,001,743 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/11/08 11:20:22 | 000,000,042 | ---- | M] () -- C:\Windows\System32\scud.udf
[2011/11/08 11:14:59 | 000,000,022 | ---- | M] () -- C:\Windows\tpcsd
[2011/11/07 22:58:52 | 000,000,954 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/11/07 22:43:30 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/05 18:28:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2011/11/05 18:27:35 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\T-Mobile Internet Manager.lnk
[2011/11/05 18:26:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011/11/03 09:48:26 | 000,002,032 | ---- | M] () -- C:\Users\rob\Desktop\www.google.com.lnk
[2011/11/03 09:48:26 | 000,001,994 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/03 09:47:52 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4036179511-3194814763-3673611557-1000Core.job
[2011/10/27 09:37:55 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/27 09:35:40 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/10/27 09:35:40 | 000,001,854 | ---- | M] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/10/16 18:20:49 | 048,324,552 | ---- | M] () -- C:\Windows\System32\mrt.exe
[2011/10/13 05:40:52 | 000,000,000 | -HS- | M] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/12 20:37:51 | 000,008,559 | ---- | M] () -- C:\Users\rob\Desktop\Untitled 1.odt

========== Files Created - No Company Name ==========

[2011/11/09 16:22:56 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2011/11/08 23:44:45 | 109,146,312 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/08 21:53:20 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Lavasoft Registry Tuner.lnk
[2011/11/08 21:45:59 | 000,000,727 | ---- | C] () -- C:\Users\rob\Desktop\RegCleaner.lnk
[2011/11/08 21:20:08 | 000,000,213 | ---- | C] () -- C:\Users\rob\Desktop\Team Fortress 2.url
[2011/11/08 21:08:39 | 000,000,746 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/11/08 17:28:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/08 17:28:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/08 17:28:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/08 17:28:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/08 17:28:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/08 17:01:29 | 000,000,890 | ---- | C] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/11/08 13:47:04 | 000,001,370 | ---- | C] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\cmd - Shortcut.lnk
[2011/11/08 11:29:06 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2011/11/08 11:28:58 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2011/11/08 11:28:58 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2011/11/08 11:28:56 | 000,001,743 | ---- | C] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Doctor.lnk
[2011/11/08 11:28:55 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2011/11/08 11:20:22 | 000,000,042 | ---- | C] () -- C:\Windows\System32\scud.udf
[2011/11/08 11:14:59 | 000,000,022 | ---- | C] () -- C:\Windows\tpcsd
[2011/11/07 22:58:52 | 000,000,954 | ---- | C] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/11/07 22:43:30 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/05 18:28:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2011/11/05 18:27:35 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\T-Mobile Internet Manager.lnk
[2011/11/05 18:26:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2011/11/03 10:46:34 | 256,600,386 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/03 09:48:26 | 000,002,032 | ---- | C] () -- C:\Users\rob\Desktop\www.google.com.lnk
[2011/11/03 09:48:26 | 000,001,994 | ---- | C] () -- C:\Users\rob\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/03 09:47:52 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4036179511-3194814763-3673611557-1000Core.job
[2011/10/27 09:37:55 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/13 05:40:52 | 000,000,000 | -HS- | C] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/12 20:37:50 | 000,008,559 | ---- | C] () -- C:\Users\rob\Desktop\Untitled 1.odt
[2011/02/20 10:51:54 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/02/20 10:51:54 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/02/20 10:51:54 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/02/20 10:51:54 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/02/20 10:51:54 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/02/20 10:51:54 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/02/20 10:51:54 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/02/20 10:51:54 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/02/20 10:51:54 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/02/20 10:51:54 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/02/20 10:51:54 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/02/20 10:51:54 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/02/20 10:51:54 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/02/20 10:51:54 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/02/20 10:51:54 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/02/20 10:51:54 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/02/20 10:51:54 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/02/20 10:51:54 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/02/20 10:51:54 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/02/20 10:45:02 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2009/12/05 09:12:23 | 000,000,035 | ---- | C] () -- C:\Windows\A6W.INI
[2009/09/10 21:26:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/10 21:26:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 21:25:19 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/09/06 16:25:40 | 000,001,356 | ---- | C] () -- C:\Users\rob\AppData\Local\d3d9caps.dat
[2009/05/24 10:06:28 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/05/12 10:30:13 | 000,442,368 | R--- | C] () -- C:\Windows\System32\Cmeaupci.exe
[2009/05/12 10:29:30 | 000,241,664 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.exe
[2009/05/12 10:29:29 | 000,028,672 | ---- | C] () -- C:\Windows\System32\cmrmdrv3.dll
[2009/05/12 10:29:17 | 000,065,536 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2009/05/10 23:01:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/05/10 22:08:57 | 000,038,912 | ---- | C] () -- C:\Users\rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/05 17:18:55 | 000,332,666 | ---- | C] () -- C:\Windows\System32\perfi019.dat
[2008/02/05 17:18:54 | 000,666,780 | ---- | C] () -- C:\Windows\System32\perfh019.dat
[2008/02/05 17:18:54 | 000,133,492 | ---- | C] () -- C:\Windows\System32\perfc019.dat
[2008/02/05 17:18:54 | 000,038,684 | ---- | C] () -- C:\Windows\System32\perfd019.dat
[2008/01/21 02:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/04/13 05:52:38 | 000,000,727 | R--- | C] () -- C:\Windows\cmudax3.ini
[2006/11/02 12:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:46:27 | 000,305,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:24:01 | 048,324,552 | ---- | C] () -- C:\Windows\System32\mrt.exe
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/07 23:00:32 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\AVG
[2011/11/07 22:44:57 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\AVG2012
[2011/02/22 14:56:47 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\EPSON
[2011/11/08 11:28:27 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\GetRightToGo
[2010/11/19 14:07:27 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\OpenOffice.org
[2011/03/11 10:50:55 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\Serif
[2011/11/05 18:27:14 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\T-Mobile
[2010/08/24 18:23:15 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\T-Mobile Internet Manager
[2011/03/12 19:54:44 | 000,000,000 | ---D | M] -- C:\Users\rob\AppData\Roaming\uTorrent
[2011/11/09 03:26:50 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AFD.SYS >
[2011/04/21 13:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011/04/21 13:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011/04/21 13:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011/04/21 13:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008/01/21 02:22:25 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009/04/11 04:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011/04/21 13:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

< MD5 for: AFD.SYS.MUI >
[2006/11/02 12:39:48 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=3B69705A572F1638ED5F081437A15A55 -- C:\Windows\System32\drivers\en-US\afd.sys.mui
[2006/11/02 12:39:48 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=3B69705A572F1638ED5F081437A15A55 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.0.6000.16386_en-us_49b1fe5f817b8a13\afd.sys.mui
[2008/02/05 17:09:28 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=FA76B9D3E92D0CD32EC26461E4D38B0F -- C:\Windows\System32\drivers\ru-RU\afd.sys.mui
[2008/02/05 17:09:28 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=FA76B9D3E92D0CD32EC26461E4D38B0F -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.0.6000.16386_ru-ru_92d31613d28085ba\afd.sys.mui

< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 02:22:34 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: NETBT.SYS >
[2008/01/21 02:23:10 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\System32\drivers\netbt.sys
[2008/01/21 02:23:10 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys

< MD5 for: NETBT.SYS.VIR >
[2009/04/11 04:45:37 | 000,185,856 | ---- | M] () MD5=B32B3666F5753764D51FCDFBA6ADA6AC -- C:\Qoobox\Quarantine\C\Windows\system32\Drivers\netbt.sys.vir

< MD5 for: SVCHOST.EXE >
[2008/01/21 02:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 02:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 02:21:53 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.ADML >
[2009/04/11 06:21:44 | 000,001,680 | ---- | M] () MD5=2C507FD86D4F36F247D599B8703B137E -- C:\Windows\PolicyDefinitions\en-US\tcpip.adml
[2009/04/11 06:21:44 | 000,001,680 | ---- | M] () MD5=2C507FD86D4F36F247D599B8703B137E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-adm.resources_31bf3856ad364e35_6.0.6002.18005_en-us_d8f367ab0aeded20\tcpip.adml
[2009/04/11 17:29:21 | 000,002,629 | ---- | M] () MD5=917D3FAAB5565AAB0C35A332B324F657 -- C:\Windows\PolicyDefinitions\ru-RU\tcpip.adml
[2009/04/11 17:29:21 | 000,002,629 | ---- | M] () MD5=917D3FAAB5565AAB0C35A332B324F657 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-adm.resources_31bf3856ad364e35_6.0.6002.18005_ru-ru_22147f5f5bf2e8c7\tcpip.adml

< MD5 for: TCPIP.ADMX >
[2009/02/18 18:38:45 | 000,001,412 | ---- | M] () MD5=8BD1ABF4D315E4DC2AA35BDD66195039 -- C:\Windows\PolicyDefinitions\tcpip.admx
[2009/02/18 18:38:45 | 000,001,412 | ---- | M] () MD5=8BD1ABF4D315E4DC2AA35BDD66195039 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-adm_31bf3856ad364e35_6.0.6002.18005_none_34f4f7e4851da0ed\tcpip.admx

< MD5 for: TCPIP.CHM >
[2006/11/02 12:40:17 | 000,031,036 | ---- | M] () MD5=0069112BBF212321E43B3B675CB9A0D2 -- C:\Windows\winsxs\x86_server-help-chm.tcpip.resources_31bf3856ad364e35_6.0.6000.16386_en-us_2360d422b69f0e36\tcpip.CHM
[2008/01/21 07:07:41 | 000,030,980 | ---- | M] () MD5=C1C11159F1F731E4A5A6229305661E89 -- C:\Windows\Help\mui\0409\tcpip.CHM
[2008/01/21 07:07:41 | 000,030,980 | ---- | M] () MD5=C1C11159F1F731E4A5A6229305661E89 -- C:\Windows\winsxs\x86_server-help-chm.tcpip.resources_31bf3856ad364e35_6.0.6001.18000_en-us_2597961eb38a1f0a\tcpip.CHM
[2008/02/05 17:11:49 | 000,032,481 | ---- | M] () MD5=F6918D756628F273423F2DB53A02556B -- C:\Windows\Help\mui\0419\tcpip.CHM
[2008/02/05 17:11:49 | 000,032,481 | ---- | M] () MD5=F6918D756628F273423F2DB53A02556B -- C:\Windows\winsxs\x86_server-help-chm.tcpip.resources_31bf3856ad364e35_6.0.6000.16386_ru-ru_6c81ebd707a409dd\tcpip.CHM

< MD5 for: TCPIP.MOF >
[2006/09/18 21:36:40 | 000,003,066 | ---- | M] () MD5=EEC4A068DE477651214F6C8014ECBEC0 -- C:\Windows\System32\wbem\tcpip.mof
[2006/09/18 21:36:40 | 000,003,066 | ---- | M] () MD5=EEC4A068DE477651214F6C8014ECBEC0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-mof_31bf3856ad364e35_6.0.6000.16386_none_35a721da88047d1b\tcpip.mof

< MD5 for: TCPIP.REG >
[2011/11/08 17:43:38 | 000,009,228 | ---- | M] () MD5=55CCFA6C9C275E5D6DC07AA67C8CFC50 -- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

< MD5 for: TCPIP.SYS >
[2008/04/26 08:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009/04/11 06:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2011/09/20 21:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\SoftwareDistribution\Download\5ccd80bc8df1fe46a8ecba39b10b1135\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
[2009/12/08 20:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009/08/15 21:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009/08/14 17:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2011/06/17 20:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\ERDNT\cache\tcpip.sys
[2011/06/17 20:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\System32\drivers\tcpip.sys
[2011/06/17 20:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
[2010/02/18 11:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 14:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009/08/14 14:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009/12/08 20:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010/02/18 14:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 12:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009/12/08 20:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010/06/16 15:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009/08/14 16:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2011/06/17 20:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
[2010/06/16 16:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 15:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2011/09/20 21:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\SoftwareDistribution\Download\5ccd80bc8df1fe46a8ecba39b10b1135\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
[2008/04/26 08:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009/12/08 17:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009/08/14 17:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010/02/18 17:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 16:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009/12/08 17:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2010/02/18 14:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009/12/08 20:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008/01/21 02:23:13 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009/08/14 16:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008/01/21 02:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 02:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 02:22:58 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 02:22:59 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2008/01/21 02:23:10 | 000,184,320 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{10D569C2-DE81-4297-BE56-9DF26B8AD87F}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{310B4885-9848-447A-9988-FDF3A75FFCBC}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{3B3D2CFB-BA9F-4FCF-AF46-F868DB59F166}]
"NameServerList" = [binary data]
"NetbiosOptions" = 2
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{473DD98A-2167-495F-81A1-D85A03E2EAD5}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{8E40D4BF-A044-47BE-A131-56F7AB13DF55}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{C9DE9851-4BD3-453F-906A-9D2E1D275721}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/21 02:22:30 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 0B 01 09 01 05 01 00 01 06 01 03 01 02 01 0A 01 08 01 04 01 01 01 07 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 11
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 09:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1CA73D29

< End of report >
  • 0

#6
RSGsecurity

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Right allinone scan complete, conclusion...

It appears to have fixed all my broken shortcuts/admin restrictions which is great, so I can now access all the old files I was unable to before giving me full access back, also, its appears to have solved my windows update problem, after the scan it rebooted, installed updates and appeared to flow properly. so yes, thanks a million.

However, I still have my internet connection problem, now i ran trough services, went to start the first step, double click DNS Client, selected automatic, clicked apply, pressed run, then... this error message appears... (attch)



error message..jpg


Now this seems to me like it may have been affected when I had a virus and upon removal/rapair of the infections, this file may have been affected? although I would of expected allinone to have fixed this?
Please let me know your thaughts.
edit= just thinking, I was still connected to the internet via my t-mobile dongle when I hit start, this would not be the cause would it? surely it should still locate the DNS regardless if I am connected via whatever means?

Kind regards.

Edited by RSGsecurity, 09 November 2011 - 12:14 PM.

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you go back to services > DNS client and open the dependencies tab... What file(s) is it having problems with
  • 0

#8
RSGsecurity

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Evening essex,
please find attch a screen shot showing my dependency's' or rather lack of, also a screen shot of a possible error in device manager
Rhe dependency's' under DNS are not showing anything, but please also review what I am looking at under Device manager, possible connection?
The DND dependency's being on the left and device manager right.
error 2.jpg


EDIT :-
I came across this post on another forum -
http://answers.micro...52-25fe7c47b3de
Now I followed the steps here but got as far as "Double-click the entry AFD, and click the Driver tab" as, as you can see, it does not exist in my DM...



thanks

Edited by RSGsecurity, 09 November 2011 - 01:42 PM.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you run an elevated command prompt and type the following please

ipconfig /all

and screenshot what you get.
  • 0

#10
RSGsecurity

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
as requested :) thanks again for the help.

ip.jpg

Top connection being the mobile dongle from t-mobile I was talking about, second one being the connection which should be virgin, also when I check my network connections, I used to be able to click on my network and this would show an icon for my router, which no longer exists.

Also just to add to things lol, a little pop up just appeared in my bottom right, windows update! which I thought was over, but it seems all the exact same updates I thought were installed were not, will reboot later and try again.
Will try and get this resolved first as its more than likely they wont configure until whatever this issue is going on is resolved o.O

Edited by RSGsecurity, 09 November 2011 - 02:04 PM.

  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm theoretically if the dongle can connect then the router should be able to as well. Are you able to access the router page ?

Could you also ping and let me know whether it gets through


ping google.com
  • 0

#12
RSGsecurity

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
nope, cannot even access my router page, but yet last night i could at points, but then others not, and also as stated prev i was actually connected fully last night, as my dongle was diss-connected and i was uploading tf2 from steam and able to load msn/outlook ect, but yet unable to browse on any browser, but since the connection cut off then, its not been back, whether or not it is connected to that missing file on device manager I don't know.
Attch are the ping results, (tried one whilst connected via my dongle, one while it was dis-connected leaving it down to my virgin connection). left is when the dongle is connected, right is when it is dis-connected, my network connection for virgin is just stuck on identifiying... very odd, and very frustrating!

ping.jpg
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
They may well be right in that the router is bad, as all the right files are in the right place and correctly identified within the registry

The dongle uses the same elements and connects well

Yet the router is inaccesible


Did you have a temporary connection after the router was reset initially ?
  • 0

#14
RSGsecurity

RSGsecurity

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Just an intermittent connection, would sometimes start up sometimes not, but essentially that's saying my router has just stopped working over the last 48 hours. Its only a couple of months old and before the virus's' really took hold, I was on a solid connection using the router as I only bought this dongle yesterday,
Also, when you say about all the files are where they should be, what about this AFD in device manager is this not essential?
just going from this tutorial which is the same or a similar problem to what I have, I get stuck at the step asking me to "Double-click the entry AFD, and click the Driver tab" as like I say, its simply not there

Thanks

Edited by RSGsecurity, 09 November 2011 - 02:33 PM.

  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you type the following in the run box please and let me know what the output is

CMD /K SC QC DHCP

It should look like this

[SC] GetServiceConfig SUCCESS

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES :
Tcpip
: Afd
: NetBT
SERVICE_START_NAME : LocalSystem
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP