Solved Win64

For some reason my Laptop came installed with NOD32 ESET antivirus but they decided not to provide me with the password with it when I bought it so I can't find any way to disable my antivirus. I've run Combofix in the past without any ill effect. Should I do that again or is there a way to get around the antivirus password?
 
Also I cant get any of the links in your last post to work. Could it be the effect of the trojans?
 
I tried to run it in safe mode but it kept displaying error messages while trying to load some of the files. I did risk running it regardless today out of frustration if the log is still useful. Also, in regards to Rkill I've downloaded it but im not sure what you mean in regards to running your_name.exe.
 
ComboFix 12-07-06.02 - Dean Robinson 07/07/2012 5:13.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4004.2165 [GMT 1:00]
Running from: c:\users\Dean Robinson\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-07 04:21 . 2012-07-07 04:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 10:00 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4311374-B5EC-4266-85D0-093D6FE063C9}\mpengine.dll
2012-07-04 23:44 . 2012-07-04 23:44 -------- d-----w- c:\program files (x86)\Microsoft Games
2012-07-04 22:16 . 2012-07-04 22:16 -------- d-----w- C:\spitfire
2012-07-04 21:20 . 2012-07-04 21:20 -------- d-----w- c:\program files\7-Zip
2012-07-03 10:41 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-03 09:37 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-07-03 09:37 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-30 19:20 . 2012-06-30 19:43 -------- d-----w- C:\sh4ldr
2012-06-30 19:20 . 2012-06-30 19:20 -------- d-----w- c:\program files\Enigma Software Group
2012-06-30 19:19 . 2012-06-30 19:42 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-30 19:19 . 2012-06-30 19:19 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-30 11:03 . 2012-06-30 11:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-29 23:23 . 2012-06-29 23:43 -------- d-----w- c:\programdata\PLAV
2012-06-29 23:22 . 2012-06-29 23:22 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2012-06-29 23:22 . 2012-06-29 23:44 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-06-29 20:16 . 2012-07-03 02:02 -------- d-----w- C:\FRST
2012-06-29 20:06 . 2012-06-29 20:06 -------- d-----w- c:\users\Dean Robinson\AppData\Roaming\SpeedMaxPc
2012-06-29 20:06 . 2012-06-29 20:06 -------- d-----w- c:\users\Dean Robinson\AppData\Roaming\DriverCure
2012-06-29 20:06 . 2012-06-29 20:06 -------- d-----w- c:\program files (x86)\Common Files\SpeedMaxPc
2012-06-29 20:06 . 2012-06-29 20:06 -------- d-----w- c:\programdata\SpeedMaxPc
2012-06-29 20:06 . 2012-06-29 20:06 -------- d-----w- c:\program files (x86)\SpeedMaxPc
2012-06-29 18:26 . 2012-06-29 18:26 -------- d-----w- c:\program files (x86)\ESET
2012-06-29 14:56 . 2012-06-29 14:56 -------- d-----w- C:\_OTL
2012-06-29 14:29 . 2012-06-29 18:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-19 10:15 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 10:15 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 10:15 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 10:15 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 10:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 10:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 10:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 10:14 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 10:14 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 22:59 . 2012-06-16 22:59 -------- d-----w- c:\users\Dean Robinson\AppData\Local\ESET
2012-06-13 17:32 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 17:32 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 17:32 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 17:32 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 17:32 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 17:32 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 17:31 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 17:31 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 17:31 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:31 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 17:31 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 17:31 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 17:31 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 17:31 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 17:31 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 17:31 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 17:31 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 12:06 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-13 12:06 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-06-13 12:06 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-06-13 12:05 . 2012-06-13 12:06 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-13 12:05 . 2012-06-13 12:06 -------- d-----w- c:\program files\iTunes
2012-06-13 12:05 . 2012-06-13 12:06 -------- d-----w- c:\program files (x86)\iTunes
2012-06-13 12:05 . 2012-06-13 12:05 -------- d-----w- c:\program files\iPod
2012-06-13 11:56 . 2012-06-13 11:56 -------- d-----w- c:\program files\Common Files\Apple
2012-06-13 11:56 . 2012-06-13 11:56 -------- d-----w- c:\program files\Bonjour
2012-06-13 11:56 . 2012-06-13 11:56 -------- d-----w- c:\program files (x86)\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-06 10:11 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-06-13 11:50 . 2012-04-04 08:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 11:50 . 2012-02-14 17:01 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-02 09:54 . 2012-03-19 18:14 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-02 09:54 . 2012-03-19 18:14 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-02 09:53 . 2012-03-19 18:14 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-24 15:39 . 2012-04-24 15:39 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-06_15.35.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-07 03:58 47636 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-07-06 09:59 36660 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-07 03:58 36660 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-31 11:51 . 2012-07-07 03:58 10218 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-513205670-3671557487-987698992-1000_UserData.bin
- 2012-01-31 11:50 . 2012-07-06 02:52 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-31 11:50 . 2012-07-07 04:09 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-30 01:11 . 2012-07-06 02:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-30 01:11 . 2012-07-07 04:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:46 . 2012-07-06 16:19 95344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-07-06 15:35 . 2012-07-06 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-07 04:22 . 2012-07-07 04:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-06 15:35 . 2012-07-06 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-07 04:22 . 2012-07-07 04:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-07-07 04:09 212992 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-06 02:52 212992 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:01 . 2012-07-06 15:34 390244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-07 04:22 390244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-31 13:34 . 2012-07-06 15:34 2924504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-31 13:34 . 2012-07-07 04:22 2924504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-01-31 13:34 . 2012-07-07 04:22 20181612 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-513205670-3671557487-987698992-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-02-08 1242448]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-06-29 1409424]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2012-03-30 1858152]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Dean Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Global AutoCorrect.lnk - c:\program files (x86)\LexAble\Global AutoCorrect\Global AutoCorrect.exe [2012-2-1 701253]
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2006-1-5 3469448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 4.lnk - c:\program files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe [2011-4-27 417792]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-8-26 1493888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 257224]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-07-20 247400]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-08 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-08-09 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2011-10-21 20592]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-04 1109096]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:50]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 17:01]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-14 17:01]
.
2012-07-06 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-07-05 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2011-12-12 22:43]
.
2012-07-01 c:\windows\Tasks\SpeedMaxPc.job
- c:\program files (x86)\SpeedMaxPc\SpeedMaxPc\SpeedMaxPc.exe [2011-12-22 00:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-08-26 150992]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-08-09 4030008]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-07-07 05:35:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 04:35
ComboFix2.txt 2012-07-07 03:49
ComboFix3.txt 2012-07-06 15:48
ComboFix4.txt 2012-07-03 19:07
ComboFix5.txt 2012-07-07 04:12
.
Pre-Run: 14,695,149,568 bytes free
Post-Run: 14,626,304,000 bytes free
.
- - End Of File - - 1B151A51F3E891E54EF59B810770E1EF
 
Looks good :)

Any current issues?

=========================================

Uninstall SpeedMaxPc.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


===================================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
did you want me to run Rkill still? The Virus has stopped flashing up and things are looking ok but theres a few things I've noticed. I'm not sure if they're down to the virus though. Online I'm finding that often pictures, videos and links on pages refuse to load and will do again inexplicably later. Also on places like BBC news feed I'm finding that each video will freeze after 7 seconds. I'm not sure if it's a problem with the site but it's never happened before. One last thing I've noticed is that in my files I'm finding copies of things like my document folders which are locked and restricted to me.
 
07/07/2012 14:43:28
mbam-log-2012-07-07 (14-43-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217811
Time elapsed: 2 minute(s), 22 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
OTL logfile created on: 07/07/2012 15:32:30 - Run 4
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Dean Robinson\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 38.37% Memory free
7.82 Gb Paging File | 5.19 Gb Available in Paging File | 66.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 109.04 Gb Total Space | 13.50 Gb Free Space | 12.38% Space Free | Partition Type: NTFS
Drive D: | 148.65 Gb Total Space | 137.33 Gb Free Space | 92.38% Space Free | Partition Type: NTFS
Drive E: | 6.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive R: | 40.00 Gb Total Space | 15.72 Gb Free Space | 39.31% Space Free | Partition Type: NTFS

Computer Name: DEANROBINSON | User Name: Dean Robinson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dean Robinson\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\LexAble\Global AutoCorrect\Components\GACcorrect.exe ()
PRC - C:\Program Files (x86)\LexAble\Global AutoCorrect\Global AutoCorrect.exe ()
PRC - C:\Program Files (x86)\OLYMPUS\DeviceDetector\DeviceDetector4.exe (OLYMPUS IMAGING CORP.)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\LexAble\Global AutoCorrect\Components\GACcorrect.exe ()
MOD - C:\Program Files (x86)\LexAble\Global AutoCorrect\Global AutoCorrect.exe ()
MOD - C:\Program Files (x86)\LexAble\Global AutoCorrect\Components\lexsrch.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\LexAble\Global AutoCorrect\Components\Wordnet.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NAUpdate) @c:\Program Files (x86) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (CeKbFilter) -- C:\Windows\SysNative\drivers\CeKbFilter.sys (Compal Electronics, INC.)
DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (LPCFilter) -- C:\Windows\SysNative\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-513205670-3671557487-987698992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-513205670-3671557487-987698992-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-513205670-3671557487-987698992-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...ncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-513205670-3671557487-987698992-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-513205670-3671557487-987698992-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dean Robinson\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2012/01/31 16:47:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/02 17:36:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/31 16:47:31 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Dean Robinson\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - Extension: YouTube = C:\Users\Dean Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dean Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: I Want This = C:\Users\Dean Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk\1.17.57_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Dean Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Dean Robinson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/07 05:23:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKU\S-1-5-21-513205670-3671557487-987698992-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-513205670-3671557487-987698992-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Dean Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Global AutoCorrect.lnk = C:\Program Files (x86)\LexAble\Global AutoCorrect\Global AutoCorrect.exe ()
O4 - Startup: C:\Users\Dean Robinson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-513205670-3671557487-987698992-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-513205670-3671557487-987698992-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-513205670-3671557487-987698992-1000\..Trusted Domains: dsaserver ([]file in Local intranet)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E740584E-C03C-44A1-9B6E-4DB5C13DD67E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/16 02:07:53 | 000,000,044 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/07 05:38:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/07 05:36:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/07 04:19:09 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{3A430EB3-AFB9-466B-B72E-4E240A937AA7}
[2012/07/07 04:18:59 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{0639C4C0-FFA5-45E2-8A7B-12116B852AD4}
[2012/07/06 16:18:29 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{68C53CF9-FA8E-4021-92F1-C2BF9B590DF7}
[2012/07/06 16:18:19 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{EB958A7F-B6EC-4B81-92FC-F6DD968AA283}
[2012/07/06 02:34:24 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{637EF144-502B-438D-86FE-4A02B3C9DD35}
[2012/07/06 02:34:14 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{E74578E3-84FF-4ABE-8605-C9ED7919D016}
[2012/07/05 14:31:54 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{E42D9CD8-B22E-4FE9-8981-A7340A2C94C2}
[2012/07/05 14:31:44 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{611422C3-7258-489C-BFE1-5AE898A2A48D}
[2012/07/05 02:31:12 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{D1DF8CFA-BACD-4776-8142-21459FF5B160}
[2012/07/05 02:31:02 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{F5185D2D-A0BE-4587-970C-D550CA24D06E}
[2012/07/05 00:52:55 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\Documents\Flight Simulator X Demo Files
[2012/07/05 00:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/07/05 00:44:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2012/07/04 23:16:18 | 000,000,000 | ---D | C] -- C:\spitfire
[2012/07/04 22:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/07/04 22:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/07/04 14:30:31 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{C9854CA4-3479-4A3A-8F02-0C25BF18EB1B}
[2012/07/04 14:30:21 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{CD95ED31-01E9-4812-AC4B-CA6947CD81E5}
[2012/07/04 02:29:44 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{342E3C35-270A-455B-9F9A-30231688B7C5}
[2012/07/04 02:29:33 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{44EE6A37-A46E-4719-B370-244C02CE5A82}
[2012/07/03 14:10:55 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{B5092B25-33E5-483F-98DD-5AFC0637B1D2}
[2012/07/03 14:10:45 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{4BACA35A-7911-4FF8-93A7-9AF36A8F7F80}
[2012/07/03 14:04:53 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\Documents\tdsskiller
[2012/07/01 00:36:24 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\Desktop\RK_Quarantine
[2012/06/30 22:02:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/30 22:02:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/30 22:02:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/30 20:20:00 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/06/30 20:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/06/30 20:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/06/30 12:03:35 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/30 11:46:03 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{032D6A75-2C53-49AB-B435-AFA784982AEF}
[2012/06/30 11:45:53 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{A2298A9A-06DA-45AB-856B-B3BA4D8C1BC7}
[2012/06/30 00:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PLAV
[2012/06/30 00:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic Anti-Virus PLUS
[2012/06/30 00:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ParetoLogic
[2012/06/29 23:45:22 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{AF6C1070-3069-48AF-8735-538B1D2A612D}
[2012/06/29 23:45:12 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{61798F99-8C94-4E71-9E5D-7D69C4F57A12}
[2012/06/29 21:16:00 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/29 21:06:18 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Roaming\SpeedMaxPc
[2012/06/29 21:06:18 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Roaming\DriverCure
[2012/06/29 21:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedMaxPc
[2012/06/29 21:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/06/29 21:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedMaxPc
[2012/06/29 20:34:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/29 19:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/29 15:56:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/29 15:55:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/29 15:29:59 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/29 11:44:31 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{97B7A1D6-DDDE-4DB6-80B6-45EAB02FD9C3}
[2012/06/29 11:44:19 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{953D2832-9865-4105-91B2-076715BCC656}
[2012/06/28 14:20:38 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{C61E148D-B473-4995-BB84-CCDE3B6AF8C8}
[2012/06/28 14:20:28 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{B1BBD1C3-47DE-4AF1-A5C6-8C7E8E138ADA}
[2012/06/28 02:19:59 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{3C9B7626-C216-4C8F-915C-17B65435FF5C}
[2012/06/27 14:19:31 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{54DC5E30-5C44-416E-8088-76BE2FF5F618}
[2012/06/27 14:19:21 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{90E23ED0-4CCE-4059-A0F7-661D5302585C}
[2012/06/27 02:18:51 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{C574D389-2109-4FC7-9E68-145C4DE2268D}
[2012/06/27 02:18:41 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{4D58D0B7-53A8-4F75-B8C6-E0CF590E49E4}
[2012/06/26 12:24:46 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{BB2B14F2-CD68-4E93-938B-D8634CE19A25}
[2012/06/26 12:24:34 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{7489700D-52EB-4B61-ADA6-0EB615E3E182}
[2012/06/25 23:25:28 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{EBECFA11-E8F4-4EEF-AA3B-BA2CC744DCAF}
[2012/06/25 23:25:18 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{AC6B61D7-F252-4715-853A-428209B00088}
[2012/06/25 11:24:48 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{69A62357-AC72-4DD4-8CCD-5F34AC4098AB}
[2012/06/25 11:24:39 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{45AEB713-2B92-4424-84FF-D16A42A4FF19}
[2012/06/24 11:19:09 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{227DD3AD-F7DE-4DAD-BD8B-4310D7649CCB}
[2012/06/24 11:18:59 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{E37A1F20-1F07-49AD-8C87-B4A9371452BF}
[2012/06/23 14:08:54 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{9ED8930D-0056-478C-B3B3-02F0A53AEB51}
[2012/06/23 14:08:43 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{F737FCA2-77D9-4E4B-A340-4CFABECB05D1}
[2012/06/23 00:41:55 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{6076A746-2C24-42F2-BAFE-9906996AF95B}
[2012/06/23 00:41:44 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{2BF727AE-17D3-479E-90C5-7D97BB229110}
[2012/06/22 12:41:14 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{4CD9E750-0C27-4697-84EC-C8B26B96AC9F}
[2012/06/22 12:41:04 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{A355819C-A665-4B62-83BA-1F7A7368469D}
[2012/06/22 00:19:34 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{0A579BD4-FFCF-4359-8BBA-D23F1C2DFDC6}
[2012/06/22 00:19:24 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{0AD8BC16-E285-4801-AB30-85122DE98A2C}
[2012/06/21 12:18:41 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{596B37E9-798D-4245-A683-0163B3576BCA}
[2012/06/21 12:18:29 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{BDFCDBB8-51CF-4C5E-A883-34E6F41F46BC}
[2012/06/20 13:06:30 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{8A821F4A-5AA9-4D76-9C6A-038717037A09}
[2012/06/20 13:06:20 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{37C679F0-8CF6-4B88-857B-700B2A357D2C}
[2012/06/20 00:39:27 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{51FC14F5-00A8-41A5-9424-5E915D73C52D}
[2012/06/20 00:39:17 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{2BB268EC-5A8A-43C5-9AE6-F5C6B45825BD}
[2012/06/19 12:38:42 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{7B6D1247-B472-40A8-A4F5-E1926151972B}
[2012/06/19 12:38:32 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{349BB3AB-B60C-4DEC-810F-B1CF3932CAD2}
[2012/06/19 00:38:08 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{21C721A4-3142-4545-B471-A0E1F4A5E4C8}
[2012/06/18 12:37:45 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{B2C85237-3942-427E-9027-F11FE0E7C1ED}
[2012/06/17 12:25:23 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{77629DAD-F5B2-44FE-8E37-E71D50A27D06}
[2012/06/16 23:59:36 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\ESET
[2012/06/16 19:39:26 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{23870DCB-2FDB-45F7-9445-815B7CB795FB}
[2012/06/16 07:38:43 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{AB4B926A-D115-4508-B36E-EDD4F818847B}
[2012/06/15 17:00:02 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{DF9C6A1D-292E-42CB-9CD0-43057B4BFF6F}
[2012/06/15 01:49:32 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{495D8B6C-E89D-4D50-9F0C-9842CC7E8AE3}
[2012/06/14 13:12:20 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{F2CC2885-BCE7-4B18-97EE-70FADDC61966}
[2012/06/14 13:12:10 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{6311101E-2FCB-4247-BAC4-E4963D5C7803}
[2012/06/14 00:51:03 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{87AD7D55-9FAD-45AE-B1AC-754AE9CF22CD}
[2012/06/14 00:50:52 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{1FB9845E-ED44-4E54-9249-D46E54B3167D}
[2012/06/13 13:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/13 13:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/13 13:05:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/13 13:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/13 13:05:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/06/13 12:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/06/13 12:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/13 12:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/06/13 12:50:22 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{BE4A465E-03C7-494E-831D-B5E0EAC3A771}
[2012/06/13 12:50:12 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{0EBE9B5C-E2A0-4064-89D3-9D531C3611DB}
[2012/06/12 23:14:44 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{9321AA0F-D815-47E3-A481-7DD1E10A0FEC}
[2012/06/12 23:14:33 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{F206F68C-1834-40B5-90D6-254580DA02E4}
[2012/06/12 11:14:03 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{0BB90342-4055-4CBD-9835-9085A5470C63}
[2012/06/12 11:13:53 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{C44B09A4-051E-4EC1-9907-8E6DCAFF60B4}
[2012/06/11 15:34:54 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{6D1F14CC-722D-4E18-8192-D40096CA2D1B}
[2012/06/11 15:34:42 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{0733E1E7-FC05-4FF3-A923-868C3AB6AAAE}
[2012/06/08 00:14:06 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{AE528034-B082-4B2F-A1FF-FF0CEE769FF4}
[2012/06/08 00:13:56 | 000,000,000 | ---D | C] -- C:\Users\Dean Robinson\AppData\Local\{2C6DD124-3734-4C4D-8491-285B4F5C9D74}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/07 15:16:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/07 14:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/07 13:47:54 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/07 13:31:41 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 13:31:41 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 13:24:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/07 13:24:12 | 3148,685,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/07 05:23:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/06 18:00:00 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2012/07/06 16:21:02 | 000,739,790 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/06 16:21:02 | 000,637,560 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/06 16:21:02 | 000,114,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/05 03:37:35 | 000,418,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/05 01:08:09 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2012/07/05 00:48:25 | 000,002,250 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Flight Simulator X Demo.lnk
[2012/07/03 15:37:44 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012/07/01 01:01:28 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc.job
[2012/07/01 00:17:18 | 000,002,307 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/30 00:36:19 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/06/30 00:36:19 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/06/29 19:35:59 | 000,000,612 | ---- | M] () -- C:\Users\Dean Robinson\Desktop\Services.bat
[2012/06/29 15:52:27 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/13 13:07:09 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/05 00:48:25 | 000,002,250 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Flight Simulator X Demo.lnk
[2012/07/03 15:37:44 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012/06/30 22:02:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/30 22:02:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/30 22:02:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/30 22:02:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/30 22:02:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/30 00:36:19 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012/06/30 00:36:19 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012/06/29 21:06:21 | 000,000,480 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2012/06/29 21:06:13 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2012/06/29 21:06:13 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc.job
[2012/06/29 19:32:23 | 000,000,612 | ---- | C] () -- C:\Users\Dean Robinson\Desktop\Services.bat
[2012/06/13 13:07:09 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/01 22:38:25 | 000,747,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/31 16:49:40 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/01/31 16:39:36 | 000,000,294 | ---- | C] () -- C:\Windows\Support.ini
[2011/10/21 06:46:52 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/10/21 06:31:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/04/04 19:07:00 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/04 19:06:58 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/04 19:06:58 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/02/03 18:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/11/09 11:09:58 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll

========== LOP Check ==========

[2012/02/14 17:56:41 | 000,000,000 | ---D | M] -- C:\Users\Dean Robinson\AppData\Roaming\Babylon
[2012/06/29 21:06:18 | 000,000,000 | ---D | M] -- C:\Users\Dean Robinson\AppData\Roaming\DriverCure
[2012/02/01 11:00:19 | 000,000,000 | ---D | M] -- C:\Users\Dean Robinson\AppData\Roaming\LexAble
[2012/02/01 10:47:47 | 000,000,000 | ---D | M] -- C:\Users\Dean Robinson\AppData\Roaming\MatchWare
[2012/02/15 01:47:58 | 000,000,000 | ---D | M] -- C:\Users\Dean Robinson\AppData\Roaming\Petroglyph
[2012/02/01 10:36:22 | 000,000,000 | ---D | M] -- C:\Users\Dean Robinson\AppData\Roaming\Sonocent
[2012/04/04 23:20:23 | 000,000,000 | ---D | M] -- C:\Users\Dean Robinson\AppData\Roaming\Sony
[2012/06/29 21:06:18 | 000,000,000 | ---D | M] -- C:\Users\Dean Robinson\AppData\Roaming\SpeedMaxPc
[2012/02/01 10:56:15 | 000,000,000 | ---D | M] -- C:\Users\Dean Robinson\AppData\Roaming\Texthelp Systems
[2012/02/08 15:12:09 | 000,000,000 | ---D | M] -- C:\Users\Dean Robinson\AppData\Roaming\The Creative Assembly
[2012/01/31 12:55:05 | 000,000,000 | ---D | M] -- C:\Users\Dean Robinson\AppData\Roaming\Toshiba
[2012/06/06 21:19:27 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/06 18:00:00 | 000,000,480 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc Registration3.job
[2012/07/05 01:08:09 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc Update3.job
[2012/07/01 01:01:28 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc.job

========== Purity Check ==========


< End of report >
 
That's fine.

Online I'm finding that often pictures, videos and links on pages refuse to load and will do again inexplicably later. Also on places like BBC news feed I'm finding that each video will freeze after 7 seconds
Which browser? Did you try different browser?

I've noticed is that in my files I'm finding copies of things like my document folders which are locked and restricted to me.
Take ownership of any stubborn folders/files: http://www.howtogeek.com/howto/wind...ership-to-explorer-right-click-menu-in-vista/

===============================================

OTL log looks good :)

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please, run F-Secure Online Scanner

  • Disable your Antivirus program.
  • Checkmark I have read and accepted the license terms.
  • Click on Run Check button.
  • Quick scan (recommended) option will come pre-checked. Don't change it.
  • Click on Start button.
  • When scan is done, in Step 3: Clean the files, leave all settings as they're.
  • Click Next button.
  • Click Full report... button.
  • Copy report's content and paste it into your next reply.
 
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 20
Out of date Java installed!
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````
 
Farbar Service Scanner Version: 08-07-2012
Ran by Dean Robinson (administrator) on 08-07-2012 at 18:37:27
Running from "C:\Users\Dean Robinson\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================
 
Computer name: DEANROBINSON
Scanning type: Quick scan
Target: System
[FONT=Arial]No malware found[/FONT]


[FONT=Arial]Statistics[/FONT]

Scanned:
  • Files: 6209
  • System: 6209
  • Not scanned: 0
Actions:
  • Disinfected: 0
  • Renamed: 0
  • Deleted: 0
  • Not cleaned: 0
  • Submitted: 0
 
I ran Farbar again but it came up the same. I usually use internet explorer. I tried running the same videos on google chrome instead and its working fine.
 
I've downloaded Take Ownership but it loads up 7-zip and I'm not quite sure what to do after that.
 
Delete FSS file, download fresh one and post new log.

I've downloaded Take Ownership but it loads up 7-zip
I don't think you read my link carefully.
Did you unzip downloaded file?
 
Sorry about that I figured out takeownership and started unlocking files....they werent there before but they dont seem threatening.....they seem to just be duplicates of other folders like pictures and music. Anything to do with the virus? I redownloaded farbar and tried again but it's still coming out the same.
 
In Windows (C:) Documents folder there are two sets of my Pictures, Videos and Music folders. One set had locks on them, the others didn't but both were inaccessable. Both sets folder pictures looked transparent in comparison to my normal folders. Once I got into them they had the same things in that the originals had. There are also others like System volume information and Documents and Settings that show the same characteristics. When I go into those the bar at the top doesn't show that I'm in any folder at all. They definately werent there before the trojans
 
System volume information and Documents and Settings are all hidden system folders and there is no reason to access them.
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Hide protected operating system files.
Press F5 to refresh the view.

In Windows (C:) Documents folder
Normally there is no "Documents" folder in root C:\ directory.
Did you create that folder?
 
Back