Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan.Win32.Generic!BT removed but is PC really clean?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan.Win32.Generic!BT removed but is PC really clean?

Unread postby Jamie56 » March 13th, 2012, 2:18 pm

Hello, I got stuck with this Trojan.Win32.Generic!BT along with another malware called Backdoor:W32/Hupigon about two weeks previous to that. These were removed by lavasoft ad-aware. Another thing called Exploit.Drop.2 was removed by Malwarebytes Anti-malware at the same time as the trojan.
AVG2012 scans as clean as does the two mentioned malware software now, and the computer is running fine but I know this does not automaticly mean the pc is clean. Before trojan was removed, antivirus and malware websites where bloked in IE along with others like http://www.microsoft.com, this is now fixed.
So you see I have a bad feeling something is still hiding in the system waiting to strke again.

Here are the dds logs, Thank you for any help you can give me :)



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by Jamie at 17:39:33 on 2012-03-13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3060.1112 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hpqSRMon]
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [ProfilerU] c:\program files\saitek\sd6\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\sd6\software\SaiMfd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\jamie\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio\PhAutoRun.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4034D2D6-2766-4F43-8A48-138EDB042CAA} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-3-2 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-6-13 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-2 25600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-31 136176]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-31 136176]
S3 SaiK0836;SaiK0836;c:\windows\system32\drivers\SaiK0836.sys [2010-6-7 107008]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-12 20:15:12 388096 ----a-r- c:\users\jamie\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-12 20:15:10 -------- d-----w- c:\program files\Trend Micro
2012-03-03 19:27:12 -------- d-----w- c:\users\jamie\appdata\roaming\Malwarebytes
2012-03-03 19:26:58 -------- d-----w- c:\programdata\Malwarebytes
2012-03-03 19:26:57 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-03 19:26:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-02 16:55:53 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-03-02 14:42:15 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-02 14:39:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-03-02 14:39:06 -------- d-----w- c:\program files\Lavasoft
2012-03-02 01:08:02 -------- d-----w- c:\programdata\Windows
.
==================== Find3M ====================
.
2012-02-26 02:04:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 17:39:50.74 ===============







.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 13/06/2009 11:45:46
System Uptime: 13/03/2012 14:54:18 (3 hours ago)
.
Motherboard: Dell Inc. | | 0N826N
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | Socket 775 | 2997/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 199.69 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.616 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
AVG 2012
Bing Bar
Bonjour
BTOffer
BufferChm
CapMan
Compatibility Pack for the 2007 Office system
Copy
CustomerResearchQFolder
Dell-eBay
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center
Destination Component
Deus Ex
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F2200_ProductContext
DJ_AIO_03_F2200_Software
DJ_AIO_03_F2200_Software_Min
eSupportQFolder
F2200
F2200_Help
FaceTrackNoIR
floAt's Mobile Agent 2
GIMP 2.6.11
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
GPBaseService
GPBaseService2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
HyperLobby client
IL-2 Sturmovik 1946
Intel(R) IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32
iTunes
Java(TM) 6 Update 11
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft LifeCam
Microsoft MechCommander 2
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NHL Eastside Hockey Manager 2005
OGA Notifier 2.0.0048.0
PC Suite
PHOTOfunSTUDIO
PSSWCORE
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Shop for HP Supplies
SimCity 4
Smart Technology Programming Software 7.0.2.9
SmartWebPrinting
SolutionCenter
Sony Ericsson Image Editor
Sony Ericsson MMS Home Studio
Sony Ericsson Mobile Phone Monitor
Sony Ericsson OCS
Spelling Dictionaries Support For Adobe Reader 9
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB Cable DCU-11
VideoToolkit01
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
12/03/2012 21:44:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/03/2012 21:44:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/03/2012 21:43:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/03/2012 21:43:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/03/2012 21:43:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
12/03/2012 21:43:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/03/2012 21:43:41, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/03/2012 21:43:17, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/03/2012 21:43:17, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
09/03/2012 08:31:00, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0024E80CE511 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
06/03/2012 15:46:52, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
06/03/2012 15:46:52, Error: Service Control Manager [7000] - The BDVEDISK service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
Jamie56
Active Member
 
Posts: 10
Joined: March 13th, 2012, 1:32 pm
Advertisement
Register to Remove

Re: Trojan.Win32.Generic!BT removed but is PC really clean?

Unread postby maxi » March 14th, 2012, 7:17 am

Hello Jamie56,

Welcome to the forum!

My name is maxi and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Trojan.Win32.Generic!BT removed but is PC really clean?

Unread postby Jamie56 » March 14th, 2012, 9:43 am

Thank you Maxi, I understand the rules. Your help will be much appreciated. :)
Jamie56
Active Member
 
Posts: 10
Joined: March 13th, 2012, 1:32 pm

Re: Trojan.Win32.Generic!BT removed but is PC really clean?

Unread postby maxi » March 15th, 2012, 7:21 pm

Hi jamie56,

Do you use this computer for work purposes ? I need to know to provide the appropriate advice.

Vista Advice:
  • All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.
  • Your Operating System in use comes with a inbuilt utility called User Access Control(UAC).
  • When prompted by this with anything I ask you to do carry out please select the option Allow.


Step 1
multiple Anti Virus programs

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
    AVG
    Ad-aware
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

  • Please remove Ad-aware

Step 2
Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
HiJackThis
Java(TM) 6 Update 11



Step 3
Please download GMER Rootkit Scanner from Here.
  • Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


Step 4
Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

In your next reply please include:
The log from Gmer.
The TWO logs produced by OTL.
The answer to my question.
Any problems you had with my instructions.
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Trojan.Win32.Generic!BT removed but is PC really clean?

Unread postby Jamie56 » March 16th, 2012, 3:48 pm

Hello Maxi, This computer is not used for work, only normal home use.
I have uninstalled Lavasoft Adaware, Java 6 update 11, and HiJackThis (although this seems strange to me seeing as HiJackThis Analyse button is what showed me to this forum in the first place).

I then followed your Step 3 instructions carefully but while GMER was scaning, the computer froze and I had to hold in the on/off button to turn it off. I had no other programs running exept the things that load on startup like AVG. I thought I'd better let you know this before I did Step 4.

Edit: I tried scanning with GMER again and this time I got a window pop up telling me GMER has stopped working, click here to close program.
Jamie56
Active Member
 
Posts: 10
Joined: March 13th, 2012, 1:32 pm

Re: Trojan.Win32.Generic!BT removed but is PC really clean?

Unread postby Jamie56 » March 16th, 2012, 7:14 pm

I did a search on this forum and found others have had this problem and have been asked to try scanning with GMER while in safe mode. I have now tried this aswell but I got a blue screen error and automatic reboot a few seconds after starting the scan.

Edit: Just tried it in normal mode with everything in the taskbar closed and AVG2012 temporarily disabled (inter net cable removed). Recieved another "program has stopped working" window.
Jamie56
Active Member
 
Posts: 10
Joined: March 13th, 2012, 1:32 pm

Re: Trojan.Win32.Generic!BT removed but is PC really clean?

Unread postby maxi » March 17th, 2012, 7:27 am

Hi Jamie56, Ok lets try something different :)

Step 1
TDSSKiller

Please download TDSSKiller.exe and save it to your Desktop.
  • Right click on TDSSKiller.exe and select " Run as administrator " to run it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Step 2
Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

In your next reply please include:
Both logs from OTL.
The TDSSKiller log.
Any problems you had with the instructions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Trojan.Win32.Generic!BT removed but is PC really clean?

Unread postby Jamie56 » March 17th, 2012, 6:25 pm

Thanks Maxi, That program worked much better.

TDSS Killer log--
22:12:19.0658 2356 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
22:12:19.0752 2356 ============================================================
22:12:19.0752 2356 Current date / time: 2012/03/17 22:12:19.0752
22:12:19.0752 2356 SystemInfo:
22:12:19.0752 2356
22:12:19.0752 2356 OS Version: 6.0.6001 ServicePack: 1.0
22:12:19.0752 2356 Product type: Workstation
22:12:19.0752 2356 ComputerName: THE-DON-PC
22:12:19.0752 2356 UserName: Jamie
22:12:19.0752 2356 Windows directory: C:\Windows
22:12:19.0752 2356 System windows directory: C:\Windows
22:12:19.0752 2356 Processor architecture: Intel x86
22:12:19.0752 2356 Number of processors: 2
22:12:19.0752 2356 Page size: 0x1000
22:12:19.0752 2356 Boot type: Normal boot
22:12:19.0752 2356 ============================================================
22:12:20.0610 2356 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:12:20.0610 2356 \Device\Harddisk0\DR0:
22:12:20.0610 2356 MBR used
22:12:20.0610 2356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
22:12:20.0610 2356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x2360E800
22:12:20.0672 2356 Initialize success
22:12:20.0672 2356 ============================================================
22:12:42.0793 0256 ============================================================
22:12:42.0793 0256 Scan started
22:12:42.0793 0256 Mode: Manual;
22:12:42.0793 0256 ============================================================
22:12:43.0542 0256 ACPI (c7c7606b37c77632949bf55e7fde494e) C:\Windows\system32\drivers\acpi.sys
22:12:43.0542 0256 ACPI - ok
22:12:43.0573 0256 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:12:43.0573 0256 adp94xx - ok
22:12:43.0588 0256 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:12:43.0604 0256 adpahci - ok
22:12:43.0620 0256 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:12:43.0620 0256 adpu160m - ok
22:12:43.0635 0256 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:12:43.0635 0256 adpu320 - ok
22:12:43.0744 0256 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
22:12:43.0744 0256 Afc - ok
22:12:43.0822 0256 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
22:12:43.0822 0256 AFD - ok
22:12:43.0916 0256 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:12:43.0916 0256 agp440 - ok
22:12:43.0947 0256 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:12:43.0947 0256 aic78xx - ok
22:12:43.0963 0256 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:12:43.0963 0256 aliide - ok
22:12:43.0978 0256 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:12:43.0978 0256 amdagp - ok
22:12:43.0994 0256 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:12:43.0994 0256 amdide - ok
22:12:44.0072 0256 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:12:44.0072 0256 AmdK7 - ok
22:12:44.0088 0256 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:12:44.0088 0256 AmdK8 - ok
22:12:44.0150 0256 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:12:44.0150 0256 arc - ok
22:12:44.0181 0256 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:12:44.0181 0256 arcsas - ok
22:12:44.0244 0256 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:12:44.0244 0256 AsyncMac - ok
22:12:44.0259 0256 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
22:12:44.0259 0256 atapi - ok
22:12:44.0322 0256 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:12:44.0322 0256 AVGIDSDriver - ok
22:12:44.0353 0256 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:12:44.0353 0256 AVGIDSEH - ok
22:12:44.0384 0256 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:12:44.0384 0256 AVGIDSFilter - ok
22:12:44.0462 0256 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
22:12:44.0462 0256 AVGIDSShim - ok
22:12:44.0493 0256 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
22:12:44.0493 0256 Avgldx86 - ok
22:12:44.0509 0256 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
22:12:44.0509 0256 Avgmfx86 - ok
22:12:44.0540 0256 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
22:12:44.0556 0256 Avgrkx86 - ok
22:12:44.0571 0256 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
22:12:44.0571 0256 Avgtdix - ok
22:12:44.0680 0256 BDVEDISK - ok
22:12:44.0774 0256 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:12:44.0774 0256 Beep - ok
22:12:44.0790 0256 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:12:44.0790 0256 blbdrive - ok
22:12:44.0868 0256 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
22:12:44.0868 0256 bowser - ok
22:12:44.0899 0256 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:12:44.0899 0256 BrFiltLo - ok
22:12:44.0930 0256 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:12:44.0930 0256 BrFiltUp - ok
22:12:45.0008 0256 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:12:45.0008 0256 Brserid - ok
22:12:45.0070 0256 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:12:45.0070 0256 BrSerWdm - ok
22:12:45.0102 0256 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:12:45.0102 0256 BrUsbMdm - ok
22:12:45.0102 0256 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:12:45.0102 0256 BrUsbSer - ok
22:12:45.0117 0256 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:12:45.0133 0256 BTHMODEM - ok
22:12:45.0148 0256 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:12:45.0148 0256 cdfs - ok
22:12:45.0164 0256 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
22:12:45.0164 0256 cdrom - ok
22:12:45.0211 0256 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:12:45.0226 0256 circlass - ok
22:12:45.0242 0256 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
22:12:45.0258 0256 CLFS - ok
22:12:45.0304 0256 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:12:45.0304 0256 cmdide - ok
22:12:45.0320 0256 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys
22:12:45.0320 0256 Compbatt - ok
22:12:45.0336 0256 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:12:45.0336 0256 crcdisk - ok
22:12:45.0351 0256 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:12:45.0351 0256 Crusoe - ok
22:12:45.0445 0256 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
22:12:45.0445 0256 DfsC - ok
22:12:45.0507 0256 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
22:12:45.0507 0256 disk - ok
22:12:45.0585 0256 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
22:12:45.0585 0256 Dot4 - ok
22:12:45.0616 0256 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:12:45.0616 0256 Dot4Print - ok
22:12:45.0632 0256 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
22:12:45.0632 0256 dot4usb - ok
22:12:45.0694 0256 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
22:12:45.0694 0256 drmkaud - ok
22:12:45.0741 0256 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
22:12:45.0757 0256 DXGKrnl - ok
22:12:45.0788 0256 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
22:12:45.0804 0256 e1express - ok
22:12:45.0819 0256 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:12:45.0819 0256 E1G60 - ok
22:12:45.0882 0256 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
22:12:45.0882 0256 Ecache - ok
22:12:45.0913 0256 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:12:45.0913 0256 elxstor - ok
22:12:45.0975 0256 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
22:12:45.0975 0256 ErrDev - ok
22:12:46.0006 0256 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
22:12:46.0022 0256 exfat - ok
22:12:46.0038 0256 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
22:12:46.0053 0256 fastfat - ok
22:12:46.0069 0256 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:12:46.0069 0256 fdc - ok
22:12:46.0116 0256 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:12:46.0116 0256 FileInfo - ok
22:12:46.0116 0256 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:12:46.0116 0256 Filetrace - ok
22:12:46.0131 0256 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:12:46.0131 0256 flpydisk - ok
22:12:46.0194 0256 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
22:12:46.0194 0256 FltMgr - ok
22:12:46.0209 0256 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:12:46.0209 0256 Fs_Rec - ok
22:12:46.0225 0256 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:12:46.0225 0256 gagp30kx - ok
22:12:46.0256 0256 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:12:46.0256 0256 GEARAspiWDM - ok
22:12:46.0318 0256 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:12:46.0318 0256 HDAudBus - ok
22:12:46.0334 0256 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:12:46.0334 0256 HidBth - ok
22:12:46.0350 0256 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:12:46.0350 0256 HidIr - ok
22:12:46.0396 0256 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
22:12:46.0396 0256 HidUsb - ok
22:12:46.0428 0256 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:12:46.0428 0256 HpCISSs - ok
22:12:46.0490 0256 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
22:12:46.0490 0256 HTTP - ok
22:12:46.0506 0256 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:12:46.0506 0256 i2omp - ok
22:12:46.0568 0256 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:12:46.0568 0256 i8042prt - ok
22:12:46.0615 0256 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\Windows\system32\drivers\iastor.sys
22:12:46.0615 0256 iaStor - ok
22:12:46.0677 0256 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:12:46.0677 0256 iaStorV - ok
22:12:46.0755 0256 igfx (63c56dac467ef814b60ff2aa2286c917) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:12:46.0786 0256 igfx - ok
22:12:46.0818 0256 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:12:46.0818 0256 iirsp - ok
22:12:46.0911 0256 IntcAzAudAddService (daad0b351a544d3a76770f4bbd75260f) C:\Windows\system32\drivers\RTKVHDA.sys
22:12:46.0942 0256 IntcAzAudAddService - ok
22:12:46.0958 0256 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
22:12:46.0974 0256 intelide - ok
22:12:47.0005 0256 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:12:47.0005 0256 intelppm - ok
22:12:47.0020 0256 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:12:47.0020 0256 IpFilterDriver - ok
22:12:47.0052 0256 IpInIp - ok
22:12:47.0067 0256 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:12:47.0067 0256 IPMIDRV - ok
22:12:47.0098 0256 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:12:47.0098 0256 IPNAT - ok
22:12:47.0114 0256 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:12:47.0130 0256 IRENUM - ok
22:12:47.0145 0256 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:12:47.0145 0256 isapnp - ok
22:12:47.0192 0256 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
22:12:47.0192 0256 iScsiPrt - ok
22:12:47.0208 0256 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:12:47.0208 0256 iteatapi - ok
22:12:47.0239 0256 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:12:47.0239 0256 iteraid - ok
22:12:47.0239 0256 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:12:47.0254 0256 kbdclass - ok
22:12:47.0254 0256 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
22:12:47.0254 0256 kbdhid - ok
22:12:47.0301 0256 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
22:12:47.0301 0256 KSecDD - ok
22:12:47.0364 0256 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:12:47.0364 0256 lltdio - ok
22:12:47.0395 0256 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:12:47.0395 0256 LSI_FC - ok
22:12:47.0410 0256 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:12:47.0410 0256 LSI_SAS - ok
22:12:47.0442 0256 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:12:47.0442 0256 LSI_SCSI - ok
22:12:47.0457 0256 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:12:47.0457 0256 luafv - ok
22:12:47.0473 0256 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:12:47.0473 0256 megasas - ok
22:12:47.0504 0256 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:12:47.0520 0256 MegaSR - ok
22:12:47.0566 0256 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:12:47.0566 0256 Modem - ok
22:12:47.0598 0256 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:12:47.0598 0256 monitor - ok
22:12:47.0629 0256 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:12:47.0629 0256 mouclass - ok
22:12:47.0644 0256 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:12:47.0644 0256 mouhid - ok
22:12:47.0660 0256 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:12:47.0660 0256 MountMgr - ok
22:12:47.0691 0256 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:12:47.0691 0256 mpio - ok
22:12:47.0707 0256 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:12:47.0722 0256 mpsdrv - ok
22:12:47.0769 0256 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:12:47.0769 0256 Mraid35x - ok
22:12:47.0800 0256 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
22:12:47.0800 0256 MRxDAV - ok
22:12:47.0863 0256 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:12:47.0863 0256 mrxsmb - ok
22:12:47.0894 0256 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:12:47.0894 0256 mrxsmb10 - ok
22:12:47.0894 0256 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:12:47.0910 0256 mrxsmb20 - ok
22:12:47.0925 0256 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
22:12:47.0925 0256 msahci - ok
22:12:47.0972 0256 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:12:47.0972 0256 msdsm - ok
22:12:48.0019 0256 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:12:48.0019 0256 Msfs - ok
22:12:48.0050 0256 MSHUSBVideo (956741c67abaa78b19aadc5474936842) C:\Windows\system32\Drivers\nx6000.sys
22:12:48.0050 0256 MSHUSBVideo - ok
22:12:48.0081 0256 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:12:48.0081 0256 msisadrv - ok
22:12:48.0112 0256 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:12:48.0112 0256 MSKSSRV - ok
22:12:48.0128 0256 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:12:48.0128 0256 MSPCLOCK - ok
22:12:48.0144 0256 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:12:48.0144 0256 MSPQM - ok
22:12:48.0159 0256 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
22:12:48.0159 0256 MsRPC - ok
22:12:48.0190 0256 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:12:48.0190 0256 mssmbios - ok
22:12:48.0222 0256 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:12:48.0222 0256 MSTEE - ok
22:12:48.0237 0256 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
22:12:48.0237 0256 Mup - ok
22:12:48.0284 0256 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
22:12:48.0284 0256 NativeWifiP - ok
22:12:48.0346 0256 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys
22:12:48.0346 0256 NDIS - ok
22:12:48.0362 0256 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:12:48.0362 0256 NdisTapi - ok
22:12:48.0409 0256 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:12:48.0409 0256 Ndisuio - ok
22:12:48.0440 0256 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
22:12:48.0456 0256 NdisWan - ok
22:12:48.0456 0256 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:12:48.0471 0256 NDProxy - ok
22:12:48.0471 0256 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:12:48.0471 0256 NetBIOS - ok
22:12:48.0502 0256 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
22:12:48.0502 0256 netbt - ok
22:12:48.0534 0256 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:12:48.0534 0256 nfrd960 - ok
22:12:48.0549 0256 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
22:12:48.0549 0256 Npfs - ok
22:12:48.0565 0256 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:12:48.0565 0256 nsiproxy - ok
22:12:48.0596 0256 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
22:12:48.0612 0256 Ntfs - ok
22:12:48.0674 0256 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:12:48.0674 0256 ntrigdigi - ok
22:12:48.0690 0256 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:12:48.0690 0256 Null - ok
22:12:48.0705 0256 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:12:48.0721 0256 nvraid - ok
22:12:48.0736 0256 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:12:48.0736 0256 nvstor - ok
22:12:48.0752 0256 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:12:48.0768 0256 nv_agp - ok
22:12:48.0783 0256 NwlnkFlt - ok
22:12:48.0783 0256 NwlnkFwd - ok
22:12:48.0846 0256 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:12:48.0846 0256 ohci1394 - ok
22:12:48.0861 0256 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:12:48.0861 0256 Parport - ok
22:12:48.0908 0256 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
22:12:48.0908 0256 partmgr - ok
22:12:48.0939 0256 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:12:48.0939 0256 Parvdm - ok
22:12:48.0986 0256 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
22:12:49.0002 0256 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
22:12:49.0002 0256 pci - ok
22:12:49.0033 0256 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:12:49.0033 0256 pciide - ok
22:12:49.0048 0256 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:12:49.0048 0256 pcmcia - ok
22:12:49.0126 0256 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:12:49.0142 0256 PEAUTH - ok
22:12:49.0189 0256 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:12:49.0189 0256 PptpMiniport - ok
22:12:49.0204 0256 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:12:49.0204 0256 Processor - ok
22:12:49.0251 0256 Profos - ok
22:12:49.0298 0256 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
22:12:49.0298 0256 PSched - ok
22:12:49.0345 0256 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
22:12:49.0345 0256 PxHelp20 - ok
22:12:49.0392 0256 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:12:49.0407 0256 ql2300 - ok
22:12:49.0438 0256 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:12:49.0438 0256 ql40xx - ok
22:12:49.0470 0256 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:12:49.0470 0256 QWAVEdrv - ok
22:12:49.0548 0256 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
22:12:49.0563 0256 R300 - ok
22:12:49.0626 0256 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:12:49.0626 0256 RasAcd - ok
22:12:49.0641 0256 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:12:49.0641 0256 Rasl2tp - ok
22:12:49.0657 0256 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
22:12:49.0657 0256 RasPppoe - ok
22:12:49.0672 0256 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
22:12:49.0672 0256 RasSstp - ok
22:12:49.0688 0256 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
22:12:49.0704 0256 rdbss - ok
22:12:49.0719 0256 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:12:49.0719 0256 RDPCDD - ok
22:12:49.0750 0256 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:12:49.0750 0256 rdpdr - ok
22:12:49.0766 0256 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:12:49.0766 0256 RDPENCDD - ok
22:12:49.0782 0256 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
22:12:49.0782 0256 RDPWD - ok
22:12:49.0828 0256 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:12:49.0828 0256 rspndr - ok
22:12:49.0875 0256 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
22:12:49.0875 0256 RTL8169 - ok
22:12:49.0938 0256 SaiK0836 (a7f24863de0375db777a8a3cf4b29539) C:\Windows\system32\DRIVERS\SaiK0836.sys
22:12:49.0938 0256 SaiK0836 - ok
22:12:49.0953 0256 SaiMini (78b075ae34200f20b091f38d2e38ffa0) C:\Windows\system32\DRIVERS\SaiMini.sys
22:12:49.0953 0256 SaiMini - ok
22:12:49.0984 0256 SaiNtBus (418b5f6e70638d4f849c390ef4d8871d) C:\Windows\system32\drivers\SaiBus.sys
22:12:49.0984 0256 SaiNtBus - ok
22:12:50.0016 0256 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:12:50.0016 0256 sbp2port - ok
22:12:50.0047 0256 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:12:50.0047 0256 secdrv - ok
22:12:50.0094 0256 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:12:50.0094 0256 Serenum - ok
22:12:50.0109 0256 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:12:50.0109 0256 Serial - ok
22:12:50.0140 0256 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:12:50.0140 0256 sermouse - ok
22:12:50.0156 0256 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:12:50.0156 0256 sffdisk - ok
22:12:50.0187 0256 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:12:50.0187 0256 sffp_mmc - ok
22:12:50.0203 0256 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:12:50.0203 0256 sffp_sd - ok
22:12:50.0203 0256 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:12:50.0203 0256 sfloppy - ok
22:12:50.0234 0256 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:12:50.0234 0256 sisagp - ok
22:12:50.0250 0256 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:12:50.0265 0256 SiSRaid2 - ok
22:12:50.0296 0256 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:12:50.0312 0256 SiSRaid4 - ok
22:12:50.0359 0256 slabbus (1b07ad8cce612ac298dd29763d579cda) C:\Windows\system32\DRIVERS\slabbus.sys
22:12:50.0359 0256 slabbus - ok
22:12:50.0390 0256 slabser (4d3d895660b22fdaa48e80381870fa8d) C:\Windows\system32\DRIVERS\slabser.sys
22:12:50.0390 0256 slabser - ok
22:12:50.0421 0256 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
22:12:50.0421 0256 Smb - ok
22:12:50.0437 0256 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:12:50.0437 0256 spldr - ok
22:12:50.0499 0256 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
22:12:50.0499 0256 srv - ok
22:12:50.0577 0256 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
22:12:50.0577 0256 srv2 - ok
22:12:50.0577 0256 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
22:12:50.0577 0256 srvnet - ok
22:12:50.0640 0256 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:12:50.0655 0256 swenum - ok
22:12:50.0671 0256 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:12:50.0671 0256 Symc8xx - ok
22:12:50.0702 0256 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:12:50.0702 0256 Sym_hi - ok
22:12:50.0733 0256 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:12:50.0733 0256 Sym_u3 - ok
22:12:50.0811 0256 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
22:12:50.0811 0256 Tcpip - ok
22:12:50.0827 0256 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
22:12:50.0842 0256 Tcpip6 - ok
22:12:50.0858 0256 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
22:12:50.0874 0256 tcpipreg - ok
22:12:50.0905 0256 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:12:50.0905 0256 TDPIPE - ok
22:12:50.0936 0256 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:12:50.0936 0256 TDTCP - ok
22:12:50.0936 0256 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
22:12:50.0936 0256 tdx - ok
22:12:50.0967 0256 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
22:12:50.0967 0256 TermDD - ok
22:12:51.0014 0256 Trufos - ok
22:12:51.0045 0256 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:12:51.0045 0256 tssecsrv - ok
22:12:51.0076 0256 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:12:51.0076 0256 tunmp - ok
22:12:51.0139 0256 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
22:12:51.0139 0256 tunnel - ok
22:12:51.0170 0256 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:12:51.0170 0256 uagp35 - ok
22:12:51.0232 0256 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
22:12:51.0232 0256 udfs - ok
22:12:51.0264 0256 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:12:51.0264 0256 uliagpkx - ok
22:12:51.0279 0256 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:12:51.0279 0256 uliahci - ok
22:12:51.0310 0256 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:12:51.0310 0256 UlSata - ok
22:12:51.0326 0256 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:12:51.0326 0256 ulsata2 - ok
22:12:51.0342 0256 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:12:51.0342 0256 umbus - ok
22:12:51.0404 0256 usbaudio (f89033df77b636621cf6b090f7e1913d) C:\Windows\system32\drivers\usbaudio.sys
22:12:51.0404 0256 usbaudio - ok
22:12:51.0466 0256 usbccgp (4073a94046d5f1025766eefd6abdc8db) C:\Windows\system32\DRIVERS\usbccgp.sys
22:12:51.0466 0256 usbccgp - ok
22:12:51.0513 0256 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:12:51.0513 0256 usbcir - ok
22:12:51.0560 0256 usbehci (8625e96957cb855413628abb306c7b89) C:\Windows\system32\DRIVERS\usbehci.sys
22:12:51.0560 0256 usbehci - ok
22:12:51.0576 0256 usbhub (bc1912ebb127b4e0905c7574349c6dce) C:\Windows\system32\DRIVERS\usbhub.sys
22:12:51.0576 0256 usbhub - ok
22:12:51.0591 0256 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:12:51.0591 0256 usbohci - ok
22:12:51.0607 0256 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:12:51.0607 0256 usbprint - ok
22:12:51.0700 0256 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:12:51.0700 0256 usbscan - ok
22:12:51.0732 0256 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:12:51.0732 0256 USBSTOR - ok
22:12:51.0747 0256 usbuhci (4ba9542f67c63979761f1e0b8ab7141f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:12:51.0747 0256 usbuhci - ok
22:12:51.0778 0256 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:12:51.0778 0256 usbvideo - ok
22:12:51.0825 0256 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:12:51.0825 0256 vga - ok
22:12:51.0841 0256 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:12:51.0841 0256 VgaSave - ok
22:12:51.0856 0256 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:12:51.0856 0256 viaagp - ok
22:12:51.0872 0256 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:12:51.0872 0256 ViaC7 - ok
22:12:51.0903 0256 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:12:51.0903 0256 viaide - ok
22:12:51.0919 0256 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:12:51.0919 0256 volmgr - ok
22:12:51.0934 0256 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
22:12:51.0934 0256 volmgrx - ok
22:12:51.0966 0256 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
22:12:51.0966 0256 volsnap - ok
22:12:51.0981 0256 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:12:51.0997 0256 vsmraid - ok
22:12:52.0028 0256 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:12:52.0028 0256 WacomPen - ok
22:12:52.0059 0256 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:12:52.0059 0256 Wanarp - ok
22:12:52.0059 0256 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:12:52.0059 0256 Wanarpv6 - ok
22:12:52.0075 0256 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:12:52.0075 0256 Wd - ok
22:12:52.0122 0256 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:12:52.0122 0256 Wdf01000 - ok
22:12:52.0168 0256 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys
22:12:52.0168 0256 WmiAcpi - ok
22:12:52.0231 0256 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
22:12:52.0231 0256 WpdUsb - ok
22:12:52.0246 0256 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:12:52.0262 0256 ws2ifsl - ok
22:12:52.0278 0256 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:12:52.0278 0256 WUDFRd - ok
22:12:52.0309 0256 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:12:52.0371 0256 \Device\Harddisk0\DR0 - ok
22:12:52.0387 0256 Boot (0x1200) (7cc15000850479ddb193b6958562054d) \Device\Harddisk0\DR0\Partition0
22:12:52.0387 0256 \Device\Harddisk0\DR0\Partition0 - ok
22:12:52.0387 0256 Boot (0x1200) (5117643498468ee0d1cf8edc692be0d3) \Device\Harddisk0\DR0\Partition1
22:12:52.0387 0256 \Device\Harddisk0\DR0\Partition1 - ok
22:12:52.0387 0256 ============================================================
22:12:52.0387 0256 Scan finished
22:12:52.0387 0256 ============================================================
22:12:52.0387 5564 Detected object count: 0
22:12:52.0387 5564 Actual detected object count: 0
Jamie56
Active Member
 
Posts: 10
Joined: March 13th, 2012, 1:32 pm

Re: Trojan.Win32.Generic!BT removed but is PC really clean?

Unread postby Jamie56 » March 17th, 2012, 6:39 pm

OTL.txt
OTL logfile created on: 17/03/2012 22:33:05 - Run 1
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\Jamie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 42.14% Memory free
6.21 Gb Paging File | 4.55 Gb Available in Paging File | 73.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.03 Gb Total Space | 198.74 Gb Free Space | 70.22% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.62 Gb Free Space | 64.10% Space Free | Partition Type: NTFS

Computer Name: THE-DON-PC | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/16 19:11:44 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
PRC - [2012/02/26 02:04:55 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/05/18 14:38:36 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/09/06 11:30:02 | 000,123,392 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2010/09/06 11:29:42 | 000,227,840 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/13 18:35:15 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/27 13:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/01/13 10:32:52 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/18 18:57:22 | 000,044,176 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/23 18:21:14 | 015,881,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\56fd76112f84bd051d35b1341159e78b\MenuSkinning.ni.dll
MOD - [2011/06/23 18:21:03 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\3f976b1714e87ee48c12baf5d7a22c14\VistaBridgeLibrary.ni.dll
MOD - [2011/06/23 18:21:01 | 002,557,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\6e075ef304f8e2ff2d4e431256a0eee5\DellDock.ni.exe
MOD - [2011/06/23 18:21:01 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\18f2261a32e4aa98d770c405554bd8d5\System.Management.ni.dll
MOD - [2011/06/23 18:20:59 | 000,286,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\bf4af3655edc913fb5c30067815dd404\MyDock.Util.ni.dll
MOD - [2011/06/23 18:20:48 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\51bdab63dd9dbcddbfef9c82bffdbd59\System.Web.Services.ni.dll
MOD - [2011/06/23 18:20:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f183e57f94e56ac92ee99eed8e63943d\System.Configuration.ni.dll
MOD - [2011/06/23 18:20:35 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bc78764e2649bd53edc5c9884efba391\Accessibility.ni.dll
MOD - [2011/06/23 11:05:56 | 005,451,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\59f9dfe0ea64752c07f5a59c283c163b\System.Xml.ni.dll
MOD - [2011/06/23 11:05:39 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f4fbd5c3aa0de64cce8f542b447a31a8\System.Windows.Forms.ni.dll
MOD - [2011/06/23 11:05:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d1bb7213f94f2bfa67b0b560785220\System.Drawing.ni.dll
MOD - [2011/06/23 11:04:47 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll
MOD - [2011/06/23 11:04:41 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 16:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 16:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 16:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 16:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll
MOD - [2008/11/03 07:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/06/13 09:01:07 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/13 10:32:52 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/04/17 13:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/12/02 22:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/09/07 09:10:56 | 000,043,656 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2010/09/07 09:10:56 | 000,020,744 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009/01/13 12:39:40 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/12 08:32:40 | 000,107,008 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiK0836.sys -- (SaiK0836)
DRV - [2008/01/21 02:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/08/09 05:44:40 | 000,082,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2004/08/09 05:44:40 | 000,051,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) USB Cable DCU-11 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{48E14106-F5C3-438A-84AE-747D7A3F735C}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bbc.co.uk/ [binary data]
IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\..\SearchScopes,DefaultScope = {48E14106-F5C3-438A-84AE-747D7A3F735C}
IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\..\SearchScopes\{069A61F8-8EA5-4AF4-869E-284519058E58}: "URL" = http://search.avg.com/route/?d=4b3d2cf0 ... =chrome&q={searchTerms}&lng={language}&ychte=uk&nt=1
IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\..\SearchScopes\{48E14106-F5C3-438A-84AE-747D7A3F735C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/06 11:41:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/31 18:08:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/18 14:38:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/06 11:41:40 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-GB&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: AVG Safe Search = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: AVG Safe Search = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Val\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4034D2D6-2766-4F43-8A48-138EDB042CAA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/17 22:11:41 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\tdsskiller.exe
[2012/03/16 19:11:43 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2012/03/13 17:25:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jamie\Desktop\dds.scr
[2012/03/12 20:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/03 19:27:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Malwarebytes
[2012/03/03 19:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/03 19:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/03 19:26:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/03 19:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/02 14:42:15 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/03/02 14:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/03/02 01:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/17 22:36:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{56EA6801-714B-4500-9E2E-120F7CB0A146}.job
[2012/03/17 22:11:44 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\tdsskiller.exe
[2012/03/17 21:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/17 21:59:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/17 20:50:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/17 20:50:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/17 18:35:48 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D7B2F990-96B3-4DB1-A82A-B0893552212A}.job
[2012/03/17 18:35:03 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/17 18:06:20 | 000,399,826 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/17 15:33:26 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6CF611AF-87CF-4032-A80B-1B74C451200E}.job
[2012/03/17 14:56:37 | 092,069,082 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/17 14:50:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/17 14:50:28 | 3209,875,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/16 22:57:42 | 273,899,054 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/16 19:28:59 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/03/16 19:11:44 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2012/03/13 17:25:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jamie\Desktop\dds.scr
[2012/03/12 21:43:16 | 000,280,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/12 20:00:14 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/12 18:52:58 | 000,000,680 | ---- | M] () -- C:\Users\Jamie\AppData\Local\d3d9caps.dat
[2012/03/12 14:53:41 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/03/12 14:53:41 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/03/03 19:26:58 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/02 17:07:05 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/02 17:07:05 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/02 14:42:14 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/03/02 13:31:18 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/26 16:05:37 | 000,003,963 | ---- | M] () -- C:\Users\Jamie\.recently-used.xbel
[2012/02/26 02:04:55 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/16 22:57:44 | 3209,875,456 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/16 14:43:56 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/03/05 15:20:35 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/03/05 15:20:35 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012/03/03 19:26:58 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/26 16:05:37 | 000,003,963 | ---- | C] () -- C:\Users\Jamie\.recently-used.xbel
[2010/06/07 18:45:48 | 001,273,856 | ---- | C] () -- C:\Windows\System32\SaiC0836.Dll
[2010/06/07 18:45:48 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0836_0C.dll
[2010/06/07 18:45:48 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0836_10.dll
[2010/06/07 18:45:48 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0836_0A.dll
[2010/06/07 18:45:48 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0836_07.dll
[2010/06/07 18:45:48 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0836_09.dll
[2010/06/07 18:45:48 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0836_0402.dll
[2010/06/07 18:45:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0836_11.dll
[2010/04/06 11:41:16 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/06 11:38:08 | 000,077,351 | ---- | C] () -- C:\Windows\hpqins05.dat

< End of report >



Extras.txt
OTL Extras logfile created on: 17/03/2012 22:33:05 - Run 1
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\Jamie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 42.14% Memory free
6.21 Gb Paging File | 4.55 Gb Available in Paging File | 73.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.03 Gb Total Space | 198.74 Gb Free Space | 70.22% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.62 Gb Free Space | 64.10% Space Free | Partition Type: NTFS

Computer Name: THE-DON-PC | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0534B354-2E66-434E-A645-7020571DE0E3}" = lport=445 | protocol=6 | dir=in | app=system |
"{063D635F-BD77-4CFA-983B-95D711CCC902}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5089220F-7920-4962-95FD-113085410D40}" = rport=445 | protocol=6 | dir=out | app=system |
"{7483E417-FFA9-4EDD-922C-96212F8DDE21}" = rport=137 | protocol=17 | dir=out | app=system |
"{84FC42F5-1D19-42DE-A8E9-D9D3178D0481}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A6D42FEA-3299-4956-99D5-9F6358F9397B}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB0BF1A0-223E-451B-A585-CD2C3A6B9057}" = lport=138 | protocol=17 | dir=in | app=system |
"{BFDEE0B3-B7E6-4DFE-BF6E-481E2240E2D6}" = rport=138 | protocol=17 | dir=out | app=system |
"{C07DA0FB-055A-455C-98DD-DC4DF3C00CD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DCDF640E-3846-404C-B1DA-9DE8C33C8BB5}" = rport=139 | protocol=6 | dir=out | app=system |
"{EAC9BDAC-9BDA-4F77-A1DD-AF83273AA87C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F88849B7-77A1-4B41-9D52-854A426C8561}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039E6E6E-1EA8-4316-80A2-09EEC2E368E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{03FBA2D7-9A36-49FF-831C-A9E1BBE0CF78}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0C9DF0BB-95B9-4085-8A2E-EE29D2220979}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{12C69AF8-4E07-4601-8CE9-37A4FB0C7A94}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{1586509D-8F62-4FFA-A2BB-9E78CD91E1B0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{201720D3-E11B-411C-9CA8-CA311E72D188}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{28363636-99EB-45B8-A0F4-AE3054538180}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{289D5B8E-1C6E-49B0-88C4-99767E628B91}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{2B302C0D-2BC0-4A19-8E5E-789A79251727}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{33EAD092-0C45-44B0-90CE-7B55C635A6D6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{3D2A8F8C-8573-44ED-AE29-EB970C5E2374}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3DB2A2C8-1D1A-4350-ABEF-4ACCED813912}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{3F561A92-64C3-4D49-BBD6-FB6337F926AA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{42134424-5FD7-49B4-9063-1264C57B513E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{48CC4FC5-A2FB-4345-9504-E39147FF9E1D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4DF18558-402B-4B63-A247-6AA4CA5BFC55}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{4FD7A54F-E275-4979-84DF-BF82F31083E3}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{53628B63-E4A8-4278-8F75-ECE29C266787}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{54B03181-9E93-44B9-949B-BB06061355A7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{556523EC-C6EE-42A3-8EAB-86D0027F4E20}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{5A9BADBD-3CD4-417A-AB11-A2B36F83CF23}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5E36CDB7-FA5A-4B63-BCA9-C86B876CD5A6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{5E7BC8EE-82DC-48BD-A7CA-979A9408CB9A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{5F4C77B8-C591-4AF1-85DB-5A55C5F8CC91}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{63EFD214-18EC-4B0B-94C7-9591FE3940B9}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{653CF728-D6C6-4EA2-A2A1-1194DF6B53BE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{75735385-E4C4-4CD0-A1A1-E5C223FC1C05}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{7C245BBA-13CD-468C-8BE1-71138F3AF15D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{859D5385-BA82-4891-8683-8732CEFF414F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9E265D8E-5E85-490D-8E95-CF28C2F346DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A3184C4E-1C01-4C38-BD68-9AFC60674638}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{A799DBD1-EE56-4848-A191-EA258C41652B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{A82BC407-0059-49CE-8BC3-156119E4ED6D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{A9E7ECFB-670F-49DC-9FFC-9F9E00CB86A7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{ACAB1568-B635-4685-9F07-3CD74D64F388}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{B923E772-3F0C-40A0-878B-0B289991185F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{BF32E427-D56D-46E2-B5EE-BD7AD91BDE78}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{BF8087FD-7CC3-4027-98F0-EED0A9DF9289}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C4A879FB-01E3-443D-8DF9-BD03D9A9BD77}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{C707FFB8-6C28-4346-BA23-A2B0D117A851}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C9C20F18-A038-44F1-91B0-9FD27DA9ECF6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{C9D56F44-4A9F-4E87-A807-5548DFB04B3D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{CC95D81F-B974-496E-8F7F-CEE25A861DF5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{D8D8269D-40B9-4860-8001-F0044393C28F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{E22C4A4D-606C-4D88-9232-BB9EBFF3205A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3C63200-DEF0-4AD4-99B9-43CDA0E493C0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E46E654D-EE8B-49AF-918C-B8948E86B2C1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{E90CF187-9722-4DC2-8C5F-27BF252062AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EB525C7B-2861-488D-A476-E3D8B104F049}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"TCP Query User{1CD46CEA-51D4-4621-BAC6-13D6AB34A217}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{2F4C3416-0A22-4137-9C80-B33182CE403D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{CB2FFFB2-F13B-43F2-BFA3-1D5F41647265}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{01074274-1249-4844-B9FE-342B8AD714A3}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{52FCA75D-F1BF-4FDD-BEEC-143E3477BE55}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EDFD60F2-86A3-4B81-B1FC-71588C4B3F7B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F45C0EC-17A4-4EE9-874D-A88757BD6C09}" = CapMan
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3675CF90-85D3-4DC2-85C9-C169BBCD2B2D}" = Sony Ericsson OCS
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4FB0FB47-8F1D-4339-8BE9-39819362AE05}" = Sony Ericsson Image Editor
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{668811DB-025F-45DA-9E2B-7D5B33FEC508}" = HyperLobby client
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{754854DC-2E0A-49D8-A1A1-426C1F9B1459}" = Intel(R) IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32
"{75B4F73F-4EB1-4126-AE4B-639F3CE6E411}" = Sony Ericsson Mobile Phone Monitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{778DBCBC-68F4-479E-B14F-4BF708454B90}" = NHL Eastside Hockey Manager 2005
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7AA828F3-BD67-495E-9742-BD9C3F196E78}" = PC Suite
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E9FDFD-B4E9-4FB7-A767-8339664CDE96}" = Sony Ericsson MMS Home Studio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9029363A-8173-435A-9C7C-94AE7E4945D8}_is1" = floAt's Mobile Agent 2
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A4A7A24D-2523-49C3-AEB2-A857A149E831}" = Smart Technology Programming Software 7.0.2.9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4421C89-1F2F-479D-AED1-27ACBF1310E8}" = BTOffer
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D689A337-E824-4AE5-828B-6E529BDF609A}" = FaceTrackNoIR
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2012
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DCUCOMM&10A6&AA26" = USB Cable DCU-11
"Dell Support Center" = Dell Support Center
"Deus Ex" = Deus Ex
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MechCommander2 1.0" = Microsoft MechCommander 2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2871196156-2517704515-1570671185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/03/2012 10:41:04 | Computer Name = The-Don-PC | Source = Perflib | ID = 1008
Description =

Error - 12/03/2012 14:37:58 | Computer Name = The-Don-PC | Source = Application Error | ID = 1000
Description = Faulting application RealUpgrade.exe, version 12.0.1.647, time stamp
0xf36bac23, faulting module upgrade.dll, version 12.0.1.647, time stamp 0x4d921b40,
exception code 0xc0000005, fault offset 0x000242e3, process id 0x181c, application
start time 0x01cd007f3ea9c2f0.

Error - 12/03/2012 14:51:50 | Computer Name = The-Don-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/03/2012 15:01:50 | Computer Name = The-Don-PC | Source = Application Error | ID = 1000
Description = Faulting application RealUpgrade.exe, version 12.0.1.647, time stamp
0xf36bac23, faulting module upgrade.dll, version 12.0.1.647, time stamp 0x4d921b40,
exception code 0xc0000005, fault offset 0x000242e3, process id 0x2a4, application
start time 0x01cd008294819e1d.

Error - 12/03/2012 15:21:43 | Computer Name = The-Don-PC | Source = Application Error | ID = 1000
Description = Faulting application RealUpgrade.exe, version 12.0.1.647, time stamp
0xf36bac23, faulting module upgrade.dll, version 12.0.1.647, time stamp 0x4d921b40,
exception code 0xc0000005, fault offset 0x000242e3, process id 0xe44, application
start time 0x01cd008559f7defd.

Error - 12/03/2012 15:39:37 | Computer Name = The-Don-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/03/2012 15:54:43 | Computer Name = The-Don-PC | Source = Application Error | ID = 1000
Description = Faulting application RealUpgrade.exe, version 12.0.1.647, time stamp
0xf36bac23, faulting module upgrade.dll, version 12.0.1.647, time stamp 0x4d921b40,
exception code 0xc0000005, fault offset 0x000242e3, process id 0x1468, application
start time 0x01cd0089f75e4a40.

Error - 12/03/2012 15:57:46 | Computer Name = The-Don-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
0xf36bac23, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc00000fd, fault offset 0x20051e00, process id 0xd5c, application start time
0x01cd0088edd072b0.

Error - 12/03/2012 15:58:26 | Computer Name = The-Don-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.19088, time stamp
0xf36bac23, faulting module WININET.dll, version 8.0.6001.19088, time stamp 0x4de091b6,
exception code 0xc00000fd, fault offset 0x00010061, process id 0x11a0, application
start time 0x01cd008a690f9b30.

Error - 12/03/2012 16:03:27 | Computer Name = The-Don-PC | Source = Application Error | ID = 1000
Description = Faulting application RealUpgrade.exe, version 12.0.1.647, time stamp
0xf36bac23, faulting module upgrade.dll, version 12.0.1.647, time stamp 0x4d921b40,
exception code 0xc0000005, fault offset 0x000242e3, process id 0x63c, application
start time 0x01cd008b2fd2c120.

[ System Events ]
Error - 16/03/2012 18:57:56 | Computer Name = The-Don-PC | Source = HTTP | ID = 15016
Description =

Error - 16/03/2012 18:59:23 | Computer Name = The-Don-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16/03/2012 18:59:32 | Computer Name = The-Don-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 16/03/2012 19:21:59 | Computer Name = The-Don-PC | Source = HTTP | ID = 15016
Description =

Error - 16/03/2012 19:23:29 | Computer Name = The-Don-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16/03/2012 19:23:33 | Computer Name = The-Don-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 17/03/2012 10:50:38 | Computer Name = The-Don-PC | Source = HTTP | ID = 15016
Description =

Error - 17/03/2012 10:52:11 | Computer Name = The-Don-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17/03/2012 10:52:31 | Computer Name = The-Don-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 17/03/2012 14:12:28 | Computer Name = The-Don-PC | Source = DCOM | ID = 10010
Description =


< End of report >
Jamie56
Active Member
 
Posts: 10
Joined: March 13th, 2012, 1:32 pm

Re: Trojan.Win32.Generic!BT removed but is PC really clean?

Unread postby maxi » March 18th, 2012, 12:17 pm

Hi Jamie56 ,

Step 1
Run OTL Script


We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    
    :otl
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O3 - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    [2012/03/02 01:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
    
    :files
    C:\Windows\tasks\Ad-Aware Update (Weekly).job
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [emptyjava]
    [createrestorepoint] 
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Step 2
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


In your next reply please incluse:
The OTL log.
The eset log.
How your machine is behaving now.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Trojan.Win32.Generic!BT removed but is PC really clean?

Unread postby Jamie56 » March 20th, 2012, 3:59 pm

OTL Stopped working while running the fix. I had to reboot from ctrl alt del screen as start bar was gone. After reboot notepad had this log...

Files\Folders moved on Reboot...
File\Folder C:\Users\Jamie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RQPAN6IN\viewtopic[1].htm not found!
C:\Users\Jamie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...


ESET Scan log
C:\Users\Jamie\AppData\Local\Temp\Inc.class a variant of Java/Exploit.CVE-2011-3544.AW trojan
C:\Users\Jamie\AppData\Local\Temp\jar_cache458849937874945295.tmp Java/Exploit.CVE-2011-3544.AT trojan
C:\Users\Jamie\AppData\Local\Temp\Main.class a variant of Java/TrojanDownloader.Agent.NDQ trojan
Jamie56
Active Member
 
Posts: 10
Joined: March 13th, 2012, 1:32 pm

Re: Trojan.Win32.Generic!BT removed but is PC really clean?

Unread postby maxi » March 21st, 2012, 2:18 pm

Hi Jamie56, We need to run a OTL scan again to see if it worked. Please post the logs in your next reply.
    OTL Scan
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Trojan.Win32.Generic!BT removed but is PC really clean?

Unread postby Jamie56 » March 21st, 2012, 4:05 pm

Ok, here is new OTL scan logs

OTL.txt
OTL logfile created on: 21/03/2012 19:56:57 - Run 2
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\Jamie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.49% Memory free
6.21 Gb Paging File | 4.93 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.03 Gb Total Space | 200.60 Gb Free Space | 70.88% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.62 Gb Free Space | 64.10% Space Free | Partition Type: NTFS

Computer Name: THE-DON-PC | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/16 19:11:44 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/05/18 14:38:36 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2010/09/06 11:30:02 | 000,123,392 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2010/09/06 11:29:42 | 000,227,840 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/13 18:35:15 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/27 13:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009/01/13 10:32:52 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/18 18:57:22 | 000,044,176 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/23 18:21:14 | 015,881,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\56fd76112f84bd051d35b1341159e78b\MenuSkinning.ni.dll
MOD - [2011/06/23 18:21:03 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\3f976b1714e87ee48c12baf5d7a22c14\VistaBridgeLibrary.ni.dll
MOD - [2011/06/23 18:21:01 | 002,557,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\6e075ef304f8e2ff2d4e431256a0eee5\DellDock.ni.exe
MOD - [2011/06/23 18:21:01 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\18f2261a32e4aa98d770c405554bd8d5\System.Management.ni.dll
MOD - [2011/06/23 18:20:59 | 000,286,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\bf4af3655edc913fb5c30067815dd404\MyDock.Util.ni.dll
MOD - [2011/06/23 18:20:48 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\51bdab63dd9dbcddbfef9c82bffdbd59\System.Web.Services.ni.dll
MOD - [2011/06/23 18:20:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f183e57f94e56ac92ee99eed8e63943d\System.Configuration.ni.dll
MOD - [2011/06/23 18:20:35 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bc78764e2649bd53edc5c9884efba391\Accessibility.ni.dll
MOD - [2011/06/23 11:05:56 | 005,451,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\59f9dfe0ea64752c07f5a59c283c163b\System.Xml.ni.dll
MOD - [2011/06/23 11:05:39 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f4fbd5c3aa0de64cce8f542b447a31a8\System.Windows.Forms.ni.dll
MOD - [2011/06/23 11:05:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d1bb7213f94f2bfa67b0b560785220\System.Drawing.ni.dll
MOD - [2011/06/23 11:04:47 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll
MOD - [2011/06/23 11:04:41 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 16:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 16:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 16:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 16:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll
MOD - [2008/11/03 07:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/12/13 14:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/06/13 09:01:07 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/13 10:32:52 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/04/17 13:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/12/02 22:30:44 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/09/07 09:10:56 | 000,043,656 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2010/09/07 09:10:56 | 000,020,744 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009/01/13 12:39:40 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/09/12 08:32:40 | 000,107,008 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiK0836.sys -- (SaiK0836)
DRV - [2008/01/21 02:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2004/08/09 05:44:40 | 000,082,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
DRV - [2004/08/09 05:44:40 | 000,051,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) USB Cable DCU-11 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{48E14106-F5C3-438A-84AE-747D7A3F735C}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bbc.co.uk/ [binary data]
IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\..\SearchScopes,DefaultScope = {48E14106-F5C3-438A-84AE-747D7A3F735C}
IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\..\SearchScopes\{069A61F8-8EA5-4AF4-869E-284519058E58}: "URL" = http://search.avg.com/route/?d=4b3d2cf0 ... =chrome&q={searchTerms}&lng={language}&ychte=uk&nt=1
IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\..\SearchScopes\{48E14106-F5C3-438A-84AE-747D7A3F735C}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKU\S-1-5-21-2871196156-2517704515-1570671185-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/06 11:41:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/31 18:08:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/18 14:38:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/06 11:41:40 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-GB&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: AVG Safe Search = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: AVG Safe Search = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Val\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4034D2D6-2766-4F43-8A48-138EDB042CAA}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Jamie\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/20 20:06:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/20 19:45:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/17 22:11:41 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\tdsskiller.exe
[2012/03/16 19:11:43 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2012/03/13 17:25:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jamie\Desktop\dds.scr
[2012/03/12 20:15:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/03 19:27:12 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Malwarebytes
[2012/03/03 19:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/03 19:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/03 19:26:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/03 19:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/02 14:42:15 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/03/02 14:39:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/21 19:59:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/21 19:58:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6CF611AF-87CF-4032-A80B-1B74C451200E}.job
[2012/03/21 19:56:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{56EA6801-714B-4500-9E2E-120F7CB0A146}.job
[2012/03/21 19:53:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/21 19:40:04 | 092,351,246 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/21 19:39:56 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D7B2F990-96B3-4DB1-A82A-B0893552212A}.job
[2012/03/21 19:36:29 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/21 19:36:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 19:36:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/21 19:36:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/21 19:36:11 | 3209,875,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/18 18:23:52 | 000,401,507 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/03/17 22:11:44 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jamie\Desktop\tdsskiller.exe
[2012/03/16 22:57:42 | 273,899,054 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/16 19:11:44 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Desktop\OTL.exe
[2012/03/13 17:25:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jamie\Desktop\dds.scr
[2012/03/12 21:43:16 | 000,280,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/12 20:00:14 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/12 18:52:58 | 000,000,680 | ---- | M] () -- C:\Users\Jamie\AppData\Local\d3d9caps.dat
[2012/03/12 14:53:41 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/03/12 14:53:41 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/03/03 19:26:58 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/02 17:07:05 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/02 17:07:05 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/02 14:42:14 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/03/02 13:31:18 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/26 16:05:37 | 000,003,963 | ---- | M] () -- C:\Users\Jamie\.recently-used.xbel
[2012/02/26 02:04:55 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/16 22:57:44 | 3209,875,456 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/05 15:20:35 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2012/03/05 15:20:35 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2012/03/03 19:26:58 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/26 16:05:37 | 000,003,963 | ---- | C] () -- C:\Users\Jamie\.recently-used.xbel
[2010/06/07 18:45:48 | 001,273,856 | ---- | C] () -- C:\Windows\System32\SaiC0836.Dll
[2010/06/07 18:45:48 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC0836_0C.dll
[2010/06/07 18:45:48 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0836_10.dll
[2010/06/07 18:45:48 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0836_0A.dll
[2010/06/07 18:45:48 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC0836_07.dll
[2010/06/07 18:45:48 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC0836_09.dll
[2010/06/07 18:45:48 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC0836_0402.dll
[2010/06/07 18:45:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC0836_11.dll
[2010/04/06 11:41:16 | 000,023,112 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/04/06 11:38:08 | 000,077,351 | ---- | C] () -- C:\Windows\hpqins05.dat

< End of report >



Extras.txt
OTL Extras logfile created on: 21/03/2012 19:56:57 - Run 2
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\Jamie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.49% Memory free
6.21 Gb Paging File | 4.93 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.03 Gb Total Space | 200.60 Gb Free Space | 70.88% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.62 Gb Free Space | 64.10% Space Free | Partition Type: NTFS

Computer Name: THE-DON-PC | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0534B354-2E66-434E-A645-7020571DE0E3}" = lport=445 | protocol=6 | dir=in | app=system |
"{063D635F-BD77-4CFA-983B-95D711CCC902}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5089220F-7920-4962-95FD-113085410D40}" = rport=445 | protocol=6 | dir=out | app=system |
"{7483E417-FFA9-4EDD-922C-96212F8DDE21}" = rport=137 | protocol=17 | dir=out | app=system |
"{84FC42F5-1D19-42DE-A8E9-D9D3178D0481}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A6D42FEA-3299-4956-99D5-9F6358F9397B}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB0BF1A0-223E-451B-A585-CD2C3A6B9057}" = lport=138 | protocol=17 | dir=in | app=system |
"{BFDEE0B3-B7E6-4DFE-BF6E-481E2240E2D6}" = rport=138 | protocol=17 | dir=out | app=system |
"{C07DA0FB-055A-455C-98DD-DC4DF3C00CD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DCDF640E-3846-404C-B1DA-9DE8C33C8BB5}" = rport=139 | protocol=6 | dir=out | app=system |
"{EAC9BDAC-9BDA-4F77-A1DD-AF83273AA87C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F88849B7-77A1-4B41-9D52-854A426C8561}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039E6E6E-1EA8-4316-80A2-09EEC2E368E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{03FBA2D7-9A36-49FF-831C-A9E1BBE0CF78}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0C9DF0BB-95B9-4085-8A2E-EE29D2220979}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{12C69AF8-4E07-4601-8CE9-37A4FB0C7A94}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{1586509D-8F62-4FFA-A2BB-9E78CD91E1B0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{201720D3-E11B-411C-9CA8-CA311E72D188}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{28363636-99EB-45B8-A0F4-AE3054538180}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{289D5B8E-1C6E-49B0-88C4-99767E628B91}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{2B302C0D-2BC0-4A19-8E5E-789A79251727}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{33EAD092-0C45-44B0-90CE-7B55C635A6D6}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{3D2A8F8C-8573-44ED-AE29-EB970C5E2374}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3DB2A2C8-1D1A-4350-ABEF-4ACCED813912}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{3F561A92-64C3-4D49-BBD6-FB6337F926AA}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{42134424-5FD7-49B4-9063-1264C57B513E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{48CC4FC5-A2FB-4345-9504-E39147FF9E1D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4DF18558-402B-4B63-A247-6AA4CA5BFC55}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{4FD7A54F-E275-4979-84DF-BF82F31083E3}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{53628B63-E4A8-4278-8F75-ECE29C266787}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{54B03181-9E93-44B9-949B-BB06061355A7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{556523EC-C6EE-42A3-8EAB-86D0027F4E20}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{5A9BADBD-3CD4-417A-AB11-A2B36F83CF23}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5E36CDB7-FA5A-4B63-BCA9-C86B876CD5A6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{5E7BC8EE-82DC-48BD-A7CA-979A9408CB9A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{5F4C77B8-C591-4AF1-85DB-5A55C5F8CC91}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{63EFD214-18EC-4B0B-94C7-9591FE3940B9}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{653CF728-D6C6-4EA2-A2A1-1194DF6B53BE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{75735385-E4C4-4CD0-A1A1-E5C223FC1C05}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{7C245BBA-13CD-468C-8BE1-71138F3AF15D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{859D5385-BA82-4891-8683-8732CEFF414F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9E265D8E-5E85-490D-8E95-CF28C2F346DC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A3184C4E-1C01-4C38-BD68-9AFC60674638}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{A799DBD1-EE56-4848-A191-EA258C41652B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{A82BC407-0059-49CE-8BC3-156119E4ED6D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{A9E7ECFB-670F-49DC-9FFC-9F9E00CB86A7}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{ACAB1568-B635-4685-9F07-3CD74D64F388}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{B923E772-3F0C-40A0-878B-0B289991185F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{BF32E427-D56D-46E2-B5EE-BD7AD91BDE78}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{BF8087FD-7CC3-4027-98F0-EED0A9DF9289}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C4A879FB-01E3-443D-8DF9-BD03D9A9BD77}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{C707FFB8-6C28-4346-BA23-A2B0D117A851}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C9C20F18-A038-44F1-91B0-9FD27DA9ECF6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{C9D56F44-4A9F-4E87-A807-5548DFB04B3D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{CC95D81F-B974-496E-8F7F-CEE25A861DF5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{D8D8269D-40B9-4860-8001-F0044393C28F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{E22C4A4D-606C-4D88-9232-BB9EBFF3205A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3C63200-DEF0-4AD4-99B9-43CDA0E493C0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E46E654D-EE8B-49AF-918C-B8948E86B2C1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{E90CF187-9722-4DC2-8C5F-27BF252062AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EB525C7B-2861-488D-A476-E3D8B104F049}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"TCP Query User{1CD46CEA-51D4-4621-BAC6-13D6AB34A217}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{2F4C3416-0A22-4137-9C80-B33182CE403D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{CB2FFFB2-F13B-43F2-BFA3-1D5F41647265}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{01074274-1249-4844-B9FE-342B8AD714A3}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{52FCA75D-F1BF-4FDD-BEEC-143E3477BE55}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{EDFD60F2-86A3-4B81-B1FC-71588C4B3F7B}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F45C0EC-17A4-4EE9-874D-A88757BD6C09}" = CapMan
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{3675CF90-85D3-4DC2-85C9-C169BBCD2B2D}" = Sony Ericsson OCS
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{4FB0FB47-8F1D-4339-8BE9-39819362AE05}" = Sony Ericsson Image Editor
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{668811DB-025F-45DA-9E2B-7D5B33FEC508}" = HyperLobby client
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{754854DC-2E0A-49D8-A1A1-426C1F9B1459}" = Intel(R) IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32
"{75B4F73F-4EB1-4126-AE4B-639F3CE6E411}" = Sony Ericsson Mobile Phone Monitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{778DBCBC-68F4-479E-B14F-4BF708454B90}" = NHL Eastside Hockey Manager 2005
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7AA828F3-BD67-495E-9742-BD9C3F196E78}" = PC Suite
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E9FDFD-B4E9-4FB7-A767-8339664CDE96}" = Sony Ericsson MMS Home Studio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9029363A-8173-435A-9C7C-94AE7E4945D8}_is1" = floAt's Mobile Agent 2
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A4A7A24D-2523-49C3-AEB2-A857A149E831}" = Smart Technology Programming Software 7.0.2.9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4421C89-1F2F-479D-AED1-27ACBF1310E8}" = BTOffer
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D689A337-E824-4AE5-828B-6E529BDF609A}" = FaceTrackNoIR
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7E84E23-C5C0-4B15-B13A-C63149E59C98}" = AVG 2012
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2012
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DCUCOMM&10A6&AA26" = USB Cable DCU-11
"Dell Support Center" = Dell Support Center
"Deus Ex" = Deus Ex
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}" = IL-2 Sturmovik 1946
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MechCommander2 1.0" = Microsoft MechCommander 2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"RealPlayer 12.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2871196156-2517704515-1570671185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/03/2012 17:59:14 | Computer Name = The-Don-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/03/2012 07:53:39 | Computer Name = The-Don-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/03/2012 10:56:18 | Computer Name = The-Don-PC | Source = WinMgmt | ID = 10
Description =

Error - 14/03/2012 09:07:12 | Computer Name = The-Don-PC | Source = WinMgmt | ID = 10
Description =

Error - 14/03/2012 09:10:02 | Computer Name = The-Don-PC | Source = Perflib | ID = 1010
Description =

Error - 14/03/2012 09:10:04 | Computer Name = The-Don-PC | Source = Perflib | ID = 1008
Description =

Error - 15/03/2012 11:46:05 | Computer Name = The-Don-PC | Source = WinMgmt | ID = 10
Description =

Error - 15/03/2012 11:46:07 | Computer Name = The-Don-PC | Source = Perflib | ID = 1008
Description =

Error - 15/03/2012 11:46:07 | Computer Name = The-Don-PC | Source = Perflib | ID = 1010
Description =

Error - 15/03/2012 11:46:08 | Computer Name = The-Don-PC | Source = Perflib | ID = 1008
Description =

[ System Events ]
Error - 20/03/2012 14:34:26 | Computer Name = The-Don-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 0024E80CE511 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 20/03/2012 14:34:26 | Computer Name = The-Don-PC | Source = HTTP | ID = 15016
Description =

Error - 20/03/2012 14:35:54 | Computer Name = The-Don-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20/03/2012 14:36:15 | Computer Name = The-Don-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 20/03/2012 15:49:22 | Computer Name = The-Don-PC | Source = HTTP | ID = 15016
Description =

Error - 20/03/2012 15:50:59 | Computer Name = The-Don-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20/03/2012 15:51:06 | Computer Name = The-Don-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 21/03/2012 15:36:17 | Computer Name = The-Don-PC | Source = HTTP | ID = 15016
Description =

Error - 21/03/2012 15:37:52 | Computer Name = The-Don-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/03/2012 15:38:01 | Computer Name = The-Don-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >


Thanks again Maxi :)
Jamie56
Active Member
 
Posts: 10
Joined: March 13th, 2012, 1:32 pm

Re: Trojan.Win32.Generic!BT removed but is PC really clean?

Unread postby maxi » March 22nd, 2012, 3:26 pm

Hi Jamie56, Nearly there :)


OTL FIX
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Minimal Output is selected.
  3. Under the Standard Registry box change it to All.
  4. Check/tick the boxes beside LOP Check and Purity Check.
  5. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    
    :Files
    C:\Users\Jamie\AppData\Local\Temp\Inc.class 
    C:\Users\Jamie\AppData\Local\Temp\jar_cache458849937874945295.tmp 
    C:\Users\Jamie\AppData\Local\Temp\Main.class
    
    :Commands
    
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
    
  6. Click under the Custom Scan/Fixes box and paste the copied text.
  7. Click the Run Fix button. If prompted... click OK.
  8. OTL may ask to reboot the machine. Please do so if asked.
  9. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  10. Please post the contents of report in your next reply.


Security Check

  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.

In your next reply please include:
The OTL logfile.
The SecurityCheck logfile.
How your computer is running now.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Trojan.Win32.Generic!BT removed but is PC really clean?

Unread postby Jamie56 » March 24th, 2012, 8:21 pm

Sorry for the slow reply Maxi. I will be able to run these fixes/checks later today (Sunday).
Jamie56
Active Member
 
Posts: 10
Joined: March 13th, 2012, 1:32 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 135 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware