Solved Backdoor.Tdss.565 can't remove

I

introuble999

Posts: 16   +0
Hi - Like many others i seem to have been infected by the backdoor.tdss.565 virus. I have tried everything avaialble on searching for this virus to no avail.

I have superantispyware and it shows nothing. I have malware bytes and it shows nothing. I have Drweb Cure it and it shows the spyware as terminated but it always come back.

In normal mode the PC is unstable and crashes almost immediately to the blue screen. In safe mode it runs until i try to run something it doesnt like and goes to the blue screen.

I have combofix but it causes the PC to crash. Backdoorkiller from Kaspersky always crashes on 80% and i have tried renaming it to all sorts.

I have tried most online scans and they come up blank.

Please help as i'm at the end of my tether here as i have been working on this for about 2 days and no results. Everytime the PC crashes it restarts. Im on windows 7 ultimate wich should be up to date.
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thanks Broni

I have done the preliminary tasks. A few things to mention:

I downloaded Avira but can't update it. Some thing is blocking it. Even if i do a manual update it is blocking it. I ran Dr Web and it always shows Backdoor.tdss.565 after every boot. I cant get a scan log out of Dr Web though.





Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6465

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

2011/04/28 18:47:46
mbam-log-2011-04-28 (18-47-46).txt

Scan type: Quick scan
Objects scanned: 151525
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Attach.txt

DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 2010/09/03 16:25:48
System Uptime: 2011/04/29 10:36:54 (4 hours ago)
.
Motherboard: TOSHIBA | | EQUIUM U400
Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz | U2E1 | 1862/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 44 GiB total, 7.655 GiB free.
D: is FIXED (NTFS) - 104 GiB total, 30.394 GiB free.
E: is CDROM ()
H: is FIXED (FAT32) - 298 GiB total, 131.79 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
7-Zip 4.65
Acrobat.com
ActionOutline Pro 3.2
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
AI RoboForm (All Users)
Akamai NetSession Interface
Allscoop RSS Submit Pro 1.0
AML Free Registry Cleaner 4.21
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
BitTorrent
Bluetooth Stack for Windows by Toshiba
Bonjour
Bookmarkwiz
Brother MFL-Pro Suite
Camera Assistant Software for Toshiba
Camtasia Studio 6
CCleaner
CD/DVD Drive Acoustic Silencer
Cinescore Studio 1.0
Collaboration Data Objects 1.2.1
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Content Mania
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Doit.im
Dropbox
eMule
ESET Online Scanner v3
Exterminate It!
FeedDemon
FeedForAll v2.0
FileZilla Client 3.3.5.1
FlipShare
FLV Producer
FLV Producer Bonus Players
Gadwin PrintScreen
Gadwin Web Snapshot
Google AdWords Editor
Google Chrome
Google Desktop
Google Earth
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.416
GPScraper 2011
GreyHatSoftware TestBot
HDAUDIO Soft Data Fax Modem with SmartCP
HDMI Control Manager
Hotspot_Shield Toolbar
IBP 11.7.8
Instant Business Finder v2.21
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iSpring Presenter 4.2
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Java(TM) 6 Update 3
K-Lite Codec Pack 6.3.0 (Standard)
LinkedIn Outlook Connector
LinkedIn Outlook Toolbar
Magic Article Rewriter
Magic Article Submitter
Magic Submitter version 1.41
Magic Tokens Database
Magic Tokens Database 2.0
Malwarebytes' Anti-Malware
Market Samurai
Marvell Miniport Driver
Micro Niche Finder 5.0
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Social Connector 32-bit
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Basic PowerPacks 10.0
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XML Parser
Mindjet MindManager 9
MiPony 1.2.2
MMaster
MobileMe Control Panel
Mozilla Firefox (3.6.16)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyLife Organized 3.5.5 (Unregistered)
MySQL Connector/ODBC 5.1
NaturalReader
O2Micro Flash Memory Card Reader Driver (x86)
OGA Notifier 2.0.0048.0
Pamela Business 4.6
PDF-XChange 3
PDFCreator
Podcast Plug-in for RSS Submit v1.0
PPC Keyword Toolz
PressBot
QuickTime
REALTEK RTL8187B Wireless LAN Driver
Realtek WiFi Protected Setup Library
Registry Mechanic 10.0
RescueTime 2.2.3
Robin Good's RSSTop55 Plug-in for RSS Submit v1.2
RSS Submit RSS Submit SEO Expansion Pack v1.0
RSSBot
S3 Ripper 1.3
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SENukeUpdate
SEO PowerSuite
Service Pack 1 for SQL Server 2008 (KB968369)
Sick Submitter
Sizer 3.33
Skype™ 5.1
Smart PDF Converter 4.2
Sony DVD Architect Studio 4.5
SpeedPPC Campaign Builder Version 4
Sql Server Customer Experience Improvement Program
SUPERAntiSpyware
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Traffic Travis 3.3.12
TRDCReminder
TRORDCLauncher
Tweet Whistle 2.1.8
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
VC80CRTRedist - 8.0.50727.762
Vegas Movie Studio 9.0
VideoBot
Virgin Media Service Manager 3.7.47
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ Runtime for Dragon NaturallySpeaking
VLC media player 1.1.8
WebEx Training Manager for Firefox or Chrome
WebEx Training Manager for Internet Explorer
Windows Installer Clean Up
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR 4.00 beta 4 (32-bit)
.
==== End Of File ===========================


DDS.txt


DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Peter at 14:43:10.71 on 2011/04/29
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.298.1033.18.2038.1186 [GMT 1:00]
.
AV: Doctor Web Anti-Virus *Enabled/Outdated* {6CC6AE29-BD86-6306-5444-113FA6A626D8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Doctor Web Anti-Virus *Enabled/Outdated* {D7A74FCD-9BBC-6C88-6EF4-2A4DDD216C65}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\DrWeb\drweb32w.exe
C:\Windows\system32\msiexec.exe
H:\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} -
BHO: {BCBF738C-4891-4B9A-959A-C6BF7F608C3A}: {0b1b0d47-95f7-4bad-9309-a945b655ae61} - NVRShowBar
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - Hotspot Shield Toolbar
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} -
TB: NVRIEbar.IEbar: {bcbf738c-4891-4b9a-959a-c6bf7f608c3a} - c:\program files\naturalsoft\naturalreader66\NVRIEbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4064EA35-578D-4073-A834-C96D82CBCF40} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {90D46C30-9F25-4104-AEA9-35C3F84477FF} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [IBP]
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Magic Submitter] "c:\program files\alexandr krulik\magic submitter\MagicSubmitter.exe" minimized
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [SEnukeX] c:\users\peter\appdata\local\senukex\senuke.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ServiceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [SpIDerMail] "c:\program files\drweb\spiderml.exe" -autorun
mRun: [SpIDerAgent] "c:\program files\drweb\SpIDerAgent.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIAUQBYADkAMwAtAFcAWQBaAEsAVwAtAEIARQAyAEYAUgAtAFEAQgBFAEYARgAtAFAARQBNAEIAUgA"&"inst=NwA2AC0ANQAxADQAMwAyADgAMgA4ADMALQBYAE8AMwA2ACsAMQAtAEQAMwA4ADEATAArADUALQBOADEARAArADEALQBUAEIAOQArADIALQBQAEwAKwA5AA"&"prod=54"&"ver=9.0.894
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\peter\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\peter\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\peter\appdata\roaming\micros~1\windows\startm~1\programs\startup\is-crmhj.lnk - c:\users\peter\desktop\virus removal tool1\is-crmhj\startup.exe
StartupFolder: c:\users\peter\appdata\roaming\micros~1\windows\startm~1\programs\startup\is-js7ib.lnk - c:\users\peter\desktop\virus removal tool\is-js7ib\startup.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\program files\drweb\drwebsp.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: AVGRSSTX.DLL c:\progra~1\google\google~2\GO36F4~1.DLL
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\peter\appdata\roaming\mozilla\firefox\profiles\0258qkbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\users\peter\appdata\roaming\mozilla\firefox\profiles\0258qkbr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\peter\appdata\roaming\mozilla\firefox\profiles\0258qkbr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\users\peter\appdata\roaming\mozilla\firefox\profiles\0258qkbr.default\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\peter\appdata\roaming\mozilla\firefox\profiles\0258qkbr.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
FF - component: c:\users\peter\appdata\roaming\mozilla\firefox\profiles\0258qkbr.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: S3 Firefox Organizer(S3Fox): {7CEA821D-3DAB-4238-B424-BF7324531750} - %profile%\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Google Global: {B97F57B9-1B42-4aed-9475-0022600C62DC} - %profile%\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: mipony-plugin Community Toolbar: {90d46c30-9f25-4104-aea9-35c3f84477ff} - %profile%\extensions\{90d46c30-9f25-4104-aea9-35c3f84477ff}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: CheckFox: {BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87} - %profile%\extensions\{BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
============= SERVICES / DRIVERS ===============
.
R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2011-4-25 139768]
R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [2011-4-25 93944]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-8-6 25896]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2011-4-20 689464]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347136]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S1 is-CRMHJdrv;is-CRMHJdrv;c:\windows\system32\drivers\32268217.sys [2011-4-25 148496]
S1 is-JS7IBdrv;is-JS7IBdrv;c:\windows\system32\drivers\41181096.sys [2011-4-25 148496]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-28 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-28 269480]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-28 61960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\common files\doctor web\scanning engine\dwengine.exe [2011-3-1 1667416]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-1 133104]
S2 MSSQL$SMARTSQL;SQL Server (SMARTSQL);c:\program files\microsoft sql server\mssql10.smartsql\mssql\binn\sqlservr.exe [2008-7-11 40999448]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-4-22 632792]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-3-18 187904]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2009-8-9 123784]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-18 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-1 133104]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-3-18 111616]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
S3 rkhdrv40;Rootkit Unhooker Driver;c:\windows\system32\drivers\rkhdrv40.sys [2011-4-25 24448]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-3-3 51576]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-4 1343400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SMARTSQL;SQL Server Agent (SMARTSQL);c:\program files\microsoft sql server\mssql10.smartsql\mssql\binn\SQLAGENT.EXE [2008-7-11 369688]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-04-28 15:26:26 -------- d-----w- c:\users\peter\appdata\roaming\Avira
2011-04-28 15:21:42 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-28 15:21:41 -------- d-----w- c:\program files\Avira
2011-04-28 15:21:41 -------- d-----w- c:\progra~2\Avira
2011-04-26 18:13:58 -------- d-sh--w- C:\found.000
2011-04-25 22:49:38 0 ---ha-w- c:\users\peter\appdata\local\BIT987.tmp
2011-04-25 22:43:52 0 ---ha-w- c:\users\peter\appdata\local\BIT12A7.tmp
2011-04-25 22:09:25 -------- d-----w- c:\progra~2\is-BG0OA
2011-04-25 21:56:10 -------- d-----w- c:\progra~2\is-CRMHJ
2011-04-25 21:55:43 148496 ----a-w- c:\windows\system32\drivers\32268217.sys
2011-04-25 18:28:21 -------- d-sh--w- C:\DrWeb Quarantine
2011-04-25 18:24:28 589792 --sha-w- c:\windows\system32\drivers\fidbox.dat
2011-04-25 17:27:55 -------- d-----w- c:\progra~2\is-JS7IB
2011-04-25 17:27:28 148496 ----a-w- c:\windows\system32\drivers\41181096.sys
2011-04-25 17:26:54 -------- d-----w- c:\users\peter\appdata\roaming\GetRightToGo
2011-04-25 16:38:19 -------- d-----w- c:\program files\ESET
2011-04-25 14:49:58 139768 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-04-25 14:49:50 93944 ----a-w- c:\windows\system32\drivers\spiderg3.sys
2011-04-25 14:49:21 -------- d-----w- c:\program files\common files\Doctor Web
2011-04-25 14:49:21 -------- d-----w- c:\progra~2\Doctor Web
2011-04-25 14:49:20 -------- d-----w- c:\program files\DrWeb
2011-04-25 13:42:19 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{04ca0143-d0bf-4b30-ac38-fc04eed3a0e2}\mpengine.dll
2011-04-25 10:21:59 24448 ----a-w- c:\windows\system32\drivers\rkhdrv40.sys
2011-04-25 10:18:37 -------- d-----w- c:\program files\Exterminate It!
2011-04-24 14:40:43 -------- d-----w- c:\users\peter\appdata\roaming\Registry Mechanic
2011-04-22 07:26:38 -------- d-----w- c:\users\peter\appdata\local\DDMSettings
2011-04-22 07:24:12 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-04-22 07:24:12 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-04-22 07:24:12 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-04-22 07:24:12 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-04-22 07:24:07 -------- d-----w- c:\program files\common files\PC Tools
2011-04-20 23:04:15 434688 ----a-w- c:\windows\system32\ss2uinst.exe
2011-04-20 23:04:15 -------- d-----w- c:\program files\Allscoop RSS Submit Pro
2011-04-20 17:08:40 -------- d-----w- c:\program files\Virgin Media
2011-04-16 11:06:30 -------- d-----w- c:\users\peter\appdata\local\PackageAware
2011-04-14 10:32:55 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 10:32:53 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 10:32:53 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 10:32:51 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 10:32:51 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 10:32:50 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 10:32:49 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 10:32:49 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-14 10:32:49 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 10:32:49 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 21:09:37 -------- d-----w- c:\progra~2\RoboTask
2011-04-13 21:00:07 -------- d-----w- c:\users\peter\appdata\local\RoboTask
2011-04-13 21:00:07 -------- d-----w- c:\program files\RoboTask
2011-04-11 00:11:52 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-04-11 00:11:17 -------- d-----w- c:\program files\Memorisation master
2011-04-10 22:27:43 -------- d-----w- c:\program files\Market Samurai
2011-04-07 08:05:20 -------- d-----w- c:\users\peter\appdata\local\SENukeX
2011-04-05 14:34:00 -------- d-----w- c:\windows\Panther
2011-04-02 16:38:28 -------- d-----w- c:\users\peter\appdata\roaming\TrafficAnarchy
2011-03-31 10:07:11 -------- d-----w- c:\users\peter\DoctorWeb
.
==================== Find3M ====================
.
2011-04-06 16:51:58 66 ----a-w- c:\users\peter\appdata\roaming\ispresenter4_1.tmp
2011-03-03 05:29:23 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27:30 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-02-24 05:32:44 981504 ----a-w- c:\windows\system32\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-24 04:23:48 386048 ----a-w- c:\windows\system32\html.iec
2011-02-24 03:50:26 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-19 05:33:11 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 03:37:02 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-18 05:36:26 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 14:43:32.08 ===============


GMER log

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-29 10:30:13
Windows 6.1.7600
Running: h9f7w1dk.exe; Driver: C:\Users\Peter\AppData\Local\Temp\pwtyypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwAllocateVirtualMemory [0x88571D90]
SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwCreateThread [0x885731E4]
SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwCreateThreadEx [0x885732BA]
SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwFreeVirtualMemory [0x8857200E]
SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwQueueApcThread [0x885732E6]
SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwQueueApcThreadEx [0x8857330C]
SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSetContextThread [0x88573332]
SSDT \SystemRoot\system32\drivers\dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwWriteVirtualMemory [0x8857211E]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 8228E589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822B3092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 822BA84C 4 Bytes [90, 1D, 57, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 822BA95C 8 Bytes [E4, 31, 57, 88, BA, 32, 57, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 3FC 822BAA0C 4 Bytes [0E, 20, 57, 88] {PUSH CS; AND [EDI-0x78], DL}
.text ntkrnlpa.exe!RtlSidHashLookup + 624 822BAC34 8 Bytes [E6, 32, 57, 88, 0C, 33, 57, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 6E0 822BACF0 4 Bytes [32, 33, 57, 88]
.text ...
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Can't do

Sorry - I can't do that. Everytime i try to run this program it stalls on 80%. I have run as administrator and renamed it as you have indicated in other peoples posts. Nothing i do can get it to run.
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

================================================================

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Thanks Broni

Hi Broni. Here are the requested logs:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: EQUIUM U400
Logical Drives Mask: 0x0000009c

Kernel Drivers (total 169):
0x82217000 \SystemRoot\system32\ntkrnlpa.exe
0x82627000 \SystemRoot\system32\halmacpi.dll
0x859E4000 \SystemRoot\system32\kdcom.dll
0x88035000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x880AD000 \SystemRoot\system32\PSHED.dll
0x880BE000 \SystemRoot\system32\BOOTVID.dll
0x880C6000 \SystemRoot\system32\CLFS.SYS
0x88108000 \SystemRoot\system32\CI.dll
0x8821A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8828B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88299000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x882E1000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x882EA000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x882F2000 \SystemRoot\system32\DRIVERS\pci.sys
0x8831C000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x88327000 \SystemRoot\System32\drivers\partmgr.sys
0x88338000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x88348000 \SystemRoot\System32\drivers\volmgrx.sys
0x88393000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8839A000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x883A8000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x883B0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x883BB000 \SystemRoot\System32\drivers\mountmgr.sys
0x88415000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x884DD000 \SystemRoot\system32\DRIVERS\atapi.sys
0x884E6000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x88509000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x88512000 \SystemRoot\system32\drivers\fltmgr.sys
0x88546000 \SystemRoot\system32\drivers\fileinfo.sys
0x88557000 \SystemRoot\system32\drivers\spiderg3.sys
0x8856D000 \SystemRoot\system32\drivers\dwprot.sys
0x8858E000 \SystemRoot\system32\drivers\msrpc.sys
0x885B9000 \SystemRoot\system32\drivers\NETIO.SYS
0x88625000 \SystemRoot\system32\drivers\NDIS.SYS
0x886DC000 \SystemRoot\system32\drivers\TDI.SYS
0x88822000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88951000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88964000 \SystemRoot\System32\Drivers\cng.sys
0x889C1000 \SystemRoot\System32\drivers\pcw.sys
0x889CF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x889D8000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x88A19000 \SystemRoot\System32\drivers\tcpip.sys
0x88B62000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88B93000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x88B9C000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x88BDB000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x886E7000 \SystemRoot\System32\drivers\rdyboost.sys
0x88BE8000 \SystemRoot\System32\Drivers\mup.sys
0x88BF8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x88714000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x88A00000 \SystemRoot\system32\DRIVERS\disk.sys
0x88746000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8C4FF000 \SystemRoot\System32\Drivers\Null.SYS
0x8C506000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C50D000 \SystemRoot\System32\drivers\vga.sys
0x8C519000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C53A000 \SystemRoot\System32\drivers\watchdog.sys
0x8C547000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C54F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C55A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C568000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C57F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8876B000 \SystemRoot\system32\drivers\afd.sys
0x8C5B1000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8C5BA000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8C5C1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C5E0000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8C5F1000 \SystemRoot\system32\DRIVERS\rtlprot.sys
0x8C400000 \SystemRoot\system32\DRIVERS\netbios.sys
0x881B3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C40E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C813000 \SystemRoot\system32\drivers\csc.sys
0x8C877000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C88F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8C8B0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8C8B9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8C8C4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C90F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C91E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8C93D000 \SystemRoot\system32\DRIVERS\yk62x86.sys
0x8C98D000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x8C9B9000 \SystemRoot\system32\DRIVERS\o2media.sys
0x8C9C4000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x887C5000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8C9EA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x883D1000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8C9F7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C800000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C80D000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x887DD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8C9F9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8C418000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8880D000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x88600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8860A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x88200000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x88400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x88000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E012000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E02A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E041000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E058000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8E062000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E072000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E074000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E0A8000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E0B6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E0FA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E10B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E118000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8E1E0000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x812B0000 \SystemRoot\System32\win32k.sys
0x8E1F1000 \SystemRoot\System32\drivers\Dxapi.sys
0x81500000 \SystemRoot\System32\drivers\dxg.sys
0x81530000 \SystemRoot\System32\TSDDD.dll
0x815B0000 \SystemRoot\System32\framebuf.dll
0x8C43D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8C454000 \SystemRoot\system32\DRIVERS\RTL8187B.sys
0x8C4B2000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8C4DC000 \SystemRoot\system32\drivers\WudfPf.sys
0x8F224000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8F26A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8F27A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8F293000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8F2A5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x8F2C8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8F303000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x8F31E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8F335000 \??\C:\Users\Peter\AppData\Local\Temp\6Rd8txm1.sys
0x8F368000 \??\C:\Users\Peter\AppData\Local\Temp\mbr.sys
0x77440000 \Windows\System32\ntdll.dll
0x47E60000 \Windows\System32\smss.exe
0x77680000 \Windows\System32\apisetschema.dll
0x00A00000 \Windows\System32\autochk.exe
0x772A0000 \Windows\System32\setupapi.dll
0x77590000 \Windows\System32\kernel32.dll
0x771D0000 \Windows\System32\user32.dll
0x77180000 \Windows\System32\Wldap32.dll
0x76F80000 \Windows\System32\iertutil.dll
0x76ED0000 \Windows\System32\rpcrt4.dll
0x77580000 \Windows\System32\lpk.dll
0x76DD0000 \Windows\System32\wininet.dll
0x76D80000 \Windows\System32\gdi32.dll
0x76D40000 \Windows\System32\ws2_32.dll
0x76CE0000 \Windows\System32\difxapi.dll
0x76BA0000 \Windows\System32\urlmon.dll
0x75F50000 \Windows\System32\shell32.dll
0x75EA0000 \Windows\System32\msvcrt.dll
0x75E80000 \Windows\System32\imm32.dll
0x75E00000 \Windows\System32\comdlg32.dll
0x75D70000 \Windows\System32\clbcatq.dll
0x75D40000 \Windows\System32\imagehlp.dll
0x75CA0000 \Windows\System32\usp10.dll
0x75C80000 \Windows\System32\sechost.dll
0x75BE0000 \Windows\System32\advapi32.dll
0x75BD0000 \Windows\System32\psapi.dll
0x75BC0000 \Windows\System32\nsi.dll
0x75AF0000 \Windows\System32\msctf.dll
0x75A90000 \Windows\System32\shlwapi.dll
0x75A00000 \Windows\System32\oleaut32.dll
0x758A0000 \Windows\System32\ole32.dll
0x75890000 \Windows\System32\normaliz.dll
0x75800000 \Windows\System32\comctl32.dll
0x756E0000 \Windows\System32\crypt32.dll
0x75690000 \Windows\System32\KernelBase.dll
0x75660000 \Windows\System32\wintrust.dll
0x75640000 \Windows\System32\devobj.dll
0x75610000 \Windows\System32\cfgmgr32.dll
0x75600000 \Windows\System32\msasn1.dll

Processes (total 26):
0 System Idle Process
4 System
232 C:\Windows\System32\smss.exe
320 csrss.exe
356 csrss.exe
364 C:\Windows\System32\wininit.exe
392 C:\Windows\System32\winlogon.exe
452 C:\Windows\System32\services.exe
460 C:\Windows\System32\lsass.exe
468 C:\Windows\System32\lsm.exe
576 C:\Windows\System32\svchost.exe
652 C:\Windows\System32\svchost.exe
744 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\svchost.exe
840 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\svchost.exe
1144 C:\Windows\explorer.exe
1276 C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe
1404 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\ctfmon.exe
1132 C:\Windows\System32\svchost.exe
1608 C:\Windows\System32\igfxsrvc.exe
1968 C:\Users\Peter\Desktop\MBRCheck.exe
1840 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000b`5ac7d200 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: HitachiHTS542516K9SA00, Rev: BBCOC33P
PhysicalDrive1 Model Number: WD3200BEV External, Rev: 1.04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
298 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 2BE9ACE700A45722604874D4A10E3B6A212931F3


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:










Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
Your MBR seems to be infected.

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.vistax64.com/tutorials/141820-create-recovery-disc.html (Option Two)
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:
setup-option.jpg


Windows 7 users. At first screen click on Install now:
25672d1251414873-mbr-restore-windows-7-master-boot-record-mbr_02.png

Select your language and click next:
25673d1251414836-mbr-restore-windows-7-master-boot-record-mbr_03.png

Click the button for "Use recovery tools":
25674d1251414836-mbr-restore-windows-7-master-boot-record-mbr_04.png


The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
system-recovery-options.jpg

After this, it will present you with a list of options including startup repair, system restore and command prompt:
systemrecovery.jpg

Select Command Prompt

Type in:
bootrec /fixmbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh Bootkit Remover log.
 
logs

Hi

I did the first part and the log is here:

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows 7 Ultimate Edition (build 7600), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000
Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

Also that also allowed me to run the tdskiller which i did and the log is here:

2011/05/02 20:58:43.0124 1920 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/02 20:58:43.0139 1920 ================================================================================
2011/05/02 20:58:43.0139 1920 SystemInfo:
2011/05/02 20:58:43.0139 1920
2011/05/02 20:58:43.0139 1920 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/02 20:58:43.0139 1920 Product type: Workstation
2011/05/02 20:58:43.0139 1920 ComputerName: PETER-LAPTOP
2011/05/02 20:58:43.0139 1920 UserName: Peter
2011/05/02 20:58:43.0139 1920 Windows directory: C:\Windows
2011/05/02 20:58:43.0139 1920 System windows directory: C:\Windows
2011/05/02 20:58:43.0139 1920 Processor architecture: Intel x86
2011/05/02 20:58:43.0139 1920 Number of processors: 2
2011/05/02 20:58:43.0139 1920 Page size: 0x1000
2011/05/02 20:58:43.0139 1920 Boot type: Safe boot with network
2011/05/02 20:58:43.0139 1920 ================================================================================
2011/05/02 20:58:43.0529 1920 Initialize success
2011/05/02 20:58:49.0800 0516 ================================================================================
2011/05/02 20:58:49.0800 0516 Scan started
2011/05/02 20:58:49.0800 0516 Mode: Manual;
2011/05/02 20:58:49.0800 0516 ================================================================================
2011/05/02 20:58:50.0612 0516 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/02 20:58:50.0690 0516 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/02 20:58:50.0752 0516 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/02 20:58:50.0924 0516 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/02 20:58:51.0002 0516 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/02 20:58:51.0142 0516 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/02 20:58:51.0251 0516 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/05/02 20:58:51.0298 0516 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/02 20:58:51.0423 0516 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/02 20:58:51.0516 0516 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/02 20:58:51.0641 0516 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/05/02 20:58:51.0688 0516 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/02 20:58:51.0766 0516 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/02 20:58:51.0844 0516 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/02 20:58:51.0938 0516 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/05/02 20:58:52.0047 0516 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/02 20:58:52.0109 0516 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/05/02 20:58:52.0203 0516 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/05/02 20:58:52.0359 0516 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/02 20:58:52.0390 0516 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/02 20:58:52.0608 0516 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/02 20:58:52.0655 0516 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/02 20:58:52.0796 0516 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/02 20:58:52.0874 0516 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/02 20:58:53.0030 0516 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/02 20:58:53.0139 0516 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/02 20:58:53.0248 0516 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/02 20:58:53.0342 0516 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/02 20:58:53.0435 0516 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/02 20:58:53.0513 0516 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/02 20:58:53.0576 0516 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/02 20:58:53.0622 0516 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/02 20:58:53.0700 0516 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/02 20:58:53.0778 0516 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/02 20:58:53.0794 0516 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/02 20:58:53.0841 0516 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/02 20:58:53.0934 0516 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/02 20:58:54.0028 0516 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/02 20:58:54.0106 0516 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/02 20:58:54.0200 0516 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/02 20:58:54.0371 0516 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/02 20:58:54.0402 0516 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/02 20:58:54.0449 0516 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/02 20:58:54.0558 0516 CnxtHdAudAddService (76ffd950394c45196d09239edc9b006b) C:\Windows\system32\drivers\CHDART.sys
2011/05/02 20:58:54.0605 0516 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/02 20:58:54.0683 0516 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/02 20:58:54.0761 0516 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/02 20:58:54.0870 0516 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/05/02 20:58:54.0995 0516 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/05/02 20:58:55.0104 0516 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/02 20:58:55.0182 0516 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/02 20:58:55.0323 0516 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/02 20:58:55.0416 0516 DwProt (249a3ed0b70e4aba4d11c9f07a10209f) C:\Windows\system32\drivers\dwprot.sys
2011/05/02 20:58:55.0588 0516 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/02 20:58:55.0838 0516 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/02 20:58:56.0087 0516 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/02 20:58:56.0134 0516 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/02 20:58:56.0274 0516 EuDisk (53daf11c60565dcb434ecebca8c3de93) C:\Windows\system32\DRIVERS\EuDisk.sys
2011/05/02 20:58:56.0337 0516 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/02 20:58:56.0384 0516 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/02 20:58:56.0524 0516 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/02 20:58:56.0555 0516 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/02 20:58:56.0602 0516 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/02 20:58:56.0649 0516 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/02 20:58:56.0774 0516 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/02 20:58:56.0820 0516 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/02 20:58:56.0852 0516 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/02 20:58:56.0898 0516 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/02 20:58:57.0023 0516 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/02 20:58:57.0070 0516 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/02 20:58:57.0226 0516 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/02 20:58:57.0257 0516 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/02 20:58:57.0288 0516 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/02 20:58:57.0320 0516 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/02 20:58:57.0351 0516 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/02 20:58:57.0491 0516 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/02 20:58:57.0554 0516 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/02 20:58:57.0647 0516 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/02 20:58:57.0772 0516 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/02 20:58:57.0850 0516 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/05/02 20:58:57.0959 0516 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/02 20:58:58.0006 0516 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/02 20:58:58.0068 0516 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/02 20:58:58.0193 0516 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/05/02 20:58:58.0396 0516 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/02 20:58:58.0646 0516 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/02 20:58:58.0724 0516 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
2011/05/02 20:58:58.0755 0516 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/02 20:58:58.0880 0516 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/02 20:58:58.0926 0516 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/02 20:58:58.0989 0516 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/02 20:58:59.0098 0516 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/02 20:58:59.0160 0516 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/02 20:58:59.0254 0516 is-CRMHJdrv (0aa3ad071827118fcc8f37f7a6ab7aa1) C:\Windows\system32\DRIVERS\32268217.sys
2011/05/02 20:58:59.0348 0516 is-JS7IBdrv (0aa3ad071827118fcc8f37f7a6ab7aa1) C:\Windows\system32\DRIVERS\41181096.sys
2011/05/02 20:58:59.0426 0516 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/02 20:58:59.0488 0516 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/02 20:58:59.0550 0516 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/02 20:58:59.0628 0516 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/02 20:58:59.0706 0516 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/02 20:58:59.0738 0516 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/02 20:58:59.0862 0516 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/02 20:58:59.0956 0516 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/02 20:59:00.0003 0516 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/02 20:59:00.0081 0516 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/02 20:59:00.0143 0516 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/02 20:59:00.0190 0516 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/02 20:59:00.0268 0516 Machnm32 (fd65bef5ff8275711d9a56f0b8bb43f1) C:\Windows\System32\Machnm32.sys
2011/05/02 20:59:00.0377 0516 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/02 20:59:00.0408 0516 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/02 20:59:00.0486 0516 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/02 20:59:00.0564 0516 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/02 20:59:00.0611 0516 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/02 20:59:00.0705 0516 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/02 20:59:00.0767 0516 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/02 20:59:00.0798 0516 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/05/02 20:59:00.0892 0516 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/02 20:59:00.0954 0516 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/02 20:59:00.0986 0516 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/02 20:59:01.0079 0516 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/02 20:59:01.0142 0516 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/02 20:59:01.0188 0516 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/02 20:59:01.0235 0516 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/02 20:59:01.0298 0516 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/02 20:59:01.0391 0516 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/02 20:59:01.0422 0516 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/02 20:59:01.0454 0516 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/02 20:59:01.0563 0516 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/02 20:59:01.0625 0516 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/02 20:59:01.0641 0516 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/02 20:59:01.0688 0516 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/02 20:59:01.0734 0516 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/02 20:59:01.0844 0516 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/02 20:59:01.0890 0516 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/02 20:59:01.0922 0516 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/02 20:59:02.0031 0516 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/02 20:59:02.0124 0516 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/05/02 20:59:02.0218 0516 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/02 20:59:02.0280 0516 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/02 20:59:02.0327 0516 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/02 20:59:02.0405 0516 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/02 20:59:02.0452 0516 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/05/02 20:59:02.0514 0516 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/02 20:59:02.0577 0516 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/02 20:59:02.0717 0516 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
2011/05/02 20:59:02.0858 0516 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/02 20:59:02.0904 0516 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/02 20:59:02.0936 0516 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/02 20:59:03.0014 0516 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/05/02 20:59:03.0123 0516 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/02 20:59:03.0154 0516 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/05/02 20:59:03.0185 0516 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/05/02 20:59:03.0216 0516 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/02 20:59:03.0326 0516 O2MDRDR (d51942f12090fc947ca8aa01736dade2) C:\Windows\system32\DRIVERS\o2media.sys
2011/05/02 20:59:03.0388 0516 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/02 20:59:03.0450 0516 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/02 20:59:03.0560 0516 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/05/02 20:59:03.0591 0516 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/02 20:59:03.0638 0516 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/05/02 20:59:03.0684 0516 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/02 20:59:03.0716 0516 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/02 20:59:03.0856 0516 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/02 20:59:03.0887 0516 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/02 20:59:04.0106 0516 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/02 20:59:04.0152 0516 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/02 20:59:04.0215 0516 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/02 20:59:04.0355 0516 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/02 20:59:04.0480 0516 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/02 20:59:04.0527 0516 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/02 20:59:04.0574 0516 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/02 20:59:04.0620 0516 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/02 20:59:04.0667 0516 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/02 20:59:04.0776 0516 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/02 20:59:04.0823 0516 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/02 20:59:04.0854 0516 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/02 20:59:04.0901 0516 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/02 20:59:04.0995 0516 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/02 20:59:05.0042 0516 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/05/02 20:59:05.0104 0516 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/02 20:59:05.0166 0516 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/02 20:59:05.0229 0516 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/05/02 20:59:05.0307 0516 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/05/02 20:59:05.0369 0516 rkhdrv40 (ba96e9fc124585f4cbec11416d85dc1e) C:\Windows\system32\drivers\rkhdrv40.sys
2011/05/02 20:59:05.0478 0516 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
2011/05/02 20:59:05.0603 0516 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
2011/05/02 20:59:05.0666 0516 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/02 20:59:05.0744 0516 RTL8187B (ca5a4fbfe341f13733955b8aac98f0b5) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/05/02 20:59:05.0822 0516 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
2011/05/02 20:59:05.0868 0516 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/05/02 20:59:05.0978 0516 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/02 20:59:06.0024 0516 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/02 20:59:06.0149 0516 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/02 20:59:06.0180 0516 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/02 20:59:06.0258 0516 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/02 20:59:06.0383 0516 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/02 20:59:06.0430 0516 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/02 20:59:06.0461 0516 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/02 20:59:06.0508 0516 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/02 20:59:06.0664 0516 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/02 20:59:06.0711 0516 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/02 20:59:06.0742 0516 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/02 20:59:06.0773 0516 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/02 20:59:06.0836 0516 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/05/02 20:59:06.0960 0516 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/02 20:59:06.0992 0516 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/02 20:59:07.0054 0516 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/02 20:59:07.0210 0516 SpiderG3 (8f683d6aac09b0f8c15e4d2d6728758c) C:\Windows\system32\drivers\spiderg3.sys
2011/05/02 20:59:07.0257 0516 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/02 20:59:07.0366 0516 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
2011/05/02 20:59:07.0491 0516 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/02 20:59:07.0522 0516 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/02 20:59:07.0584 0516 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/02 20:59:07.0631 0516 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/02 20:59:07.0740 0516 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/05/02 20:59:07.0803 0516 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/05/02 20:59:07.0850 0516 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/02 20:59:07.0974 0516 SynTP (91ac243740ca09a907e7cbd2da274c96) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/02 20:59:08.0037 0516 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/05/02 20:59:08.0130 0516 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/05/02 20:59:08.0318 0516 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/02 20:59:08.0442 0516 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/02 20:59:08.0489 0516 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/05/02 20:59:08.0520 0516 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/05/02 20:59:08.0567 0516 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/05/02 20:59:08.0598 0516 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/02 20:59:08.0676 0516 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/02 20:59:08.0879 0516 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
2011/05/02 20:59:08.0942 0516 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/02 20:59:09.0066 0516 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/02 20:59:09.0129 0516 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/05/02 20:59:09.0160 0516 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/02 20:59:09.0285 0516 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/02 20:59:09.0363 0516 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/02 20:59:09.0394 0516 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/02 20:59:09.0441 0516 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/02 20:59:09.0581 0516 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/02 20:59:09.0644 0516 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/05/02 20:59:09.0753 0516 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/02 20:59:09.0784 0516 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/02 20:59:09.0831 0516 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/02 20:59:09.0893 0516 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/02 20:59:09.0971 0516 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/02 20:59:10.0034 0516 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/02 20:59:10.0080 0516 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/02 20:59:10.0096 0516 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/02 20:59:10.0190 0516 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/02 20:59:10.0268 0516 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2011/05/02 20:59:10.0330 0516 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/02 20:59:10.0408 0516 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/02 20:59:10.0470 0516 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/02 20:59:10.0502 0516 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/02 20:59:10.0548 0516 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/05/02 20:59:10.0626 0516 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/02 20:59:10.0689 0516 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/02 20:59:10.0736 0516 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/05/02 20:59:10.0767 0516 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/05/02 20:59:10.0845 0516 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/02 20:59:10.0938 0516 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/02 20:59:10.0970 0516 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/02 20:59:11.0079 0516 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/02 20:59:11.0141 0516 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/02 20:59:11.0172 0516 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/02 20:59:11.0219 0516 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/02 20:59:11.0328 0516 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 20:59:11.0344 0516 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/02 20:59:11.0453 0516 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/02 20:59:11.0516 0516 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/02 20:59:11.0687 0516 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/02 20:59:11.0718 0516 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/02 20:59:11.0796 0516 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/02 20:59:11.0999 0516 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/02 20:59:12.0062 0516 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/02 20:59:12.0218 0516 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/02 20:59:12.0280 0516 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/05/02 20:59:12.0311 0516 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/02 20:59:12.0389 0516 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/02 20:59:12.0514 0516 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
2011/05/02 20:59:12.0592 0516 ================================================================================
2011/05/02 20:59:12.0592 0516 Scan finished
2011/05/02 20:59:12.0592 0516 ================================================================================
 
Looks good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hi

Combofix ran smoothly and the log is here:

ComboFix 11-05-02.04 - Peter 2011/05/03 9:57.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.298.1033.18.2038.460 [GMT 1:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Doctor Web Anti-Virus *Disabled/Updated* {6CC6AE29-BD86-6306-5444-113FA6A626D8}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Doctor Web Anti-Virus *Disabled/Updated* {D7A74FCD-9BBC-6C88-6EF4-2A4DDD216C65}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Peter\AppData\Local\{89E95C18-9EC9-4B17-8781-84B54C1F8705}
c:\users\Peter\AppData\Local\{89E95C18-9EC9-4B17-8781-84B54C1F8705}\chrome.manifest
c:\users\Peter\AppData\Local\{89E95C18-9EC9-4B17-8781-84B54C1F8705}\chrome\content\_cfg.js
c:\users\Peter\AppData\Local\{89E95C18-9EC9-4B17-8781-84B54C1F8705}\chrome\content\overlay.xul
c:\users\Peter\AppData\Local\{89E95C18-9EC9-4B17-8781-84B54C1F8705}\install.rdf
c:\users\Peter\AppData\Roaming\.#
c:\users\Peter\AppData\Roaming\.#\MBX@1C50@1972910.###
c:\users\Peter\AppData\Roaming\.#\MBX@1C50@1972940.###
c:\users\Peter\AppData\Roaming\.#\MBX@1C50@1972970.###
c:\users\Peter\AppData\Roaming\EurekaLog
c:\users\Peter\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\1551694079
c:\windows\system32\C
c:\windows\system32\ChilkatMail_v7_9.dll
c:\windows\system32\Ijl11.dll
c:\windows\system32\system
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2011-04-03 to 2011-05-03 )))))))))))))))))))))))))))))))
.
.
2011-05-03 09:17 . 2011-05-03 09:18 -------- d-----w- c:\users\Peter\AppData\Local\temp
2011-05-03 09:17 . 2011-05-03 09:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-03 08:50 . 2011-05-03 08:51 -------- d-----w- C:\32788R22FWJFW
2011-05-02 22:17 . 2011-05-02 22:17 -------- d-----w- c:\program files\iPod
2011-05-02 22:16 . 2011-05-02 22:27 -------- d-----w- c:\program files\iTunes
2011-05-02 21:53 . 2011-05-02 21:54 -------- d-----w- c:\program files\Bonjour
2011-05-02 21:31 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6EBC7741-B895-45ED-B399-D30C0EE5F59E}\mpengine.dll
2011-05-02 21:18 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-02 21:18 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-05-02 20:02 . 2011-05-02 20:02 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2011-05-02 19:33 . 2011-05-02 19:33 0 ---ha-w- c:\users\Peter\AppData\Local\BIT893B.tmp
2011-05-02 19:29 . 2011-05-02 19:29 0 ---ha-w- c:\users\Peter\AppData\Local\BIT76F.tmp
2011-05-02 19:24 . 2011-05-02 19:24 0 ---ha-w- c:\users\Peter\AppData\Local\BIT195.tmp
2011-04-28 15:26 . 2011-04-28 15:26 -------- d-----w- c:\users\Peter\AppData\Roaming\Avira
2011-04-28 15:21 . 2011-04-01 16:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-28 15:21 . 2011-04-01 16:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-28 15:21 . 2011-04-28 15:21 -------- d-----w- c:\programdata\Avira
2011-04-28 15:21 . 2011-04-28 15:21 -------- d-----w- c:\program files\Avira
2011-04-26 18:13 . 2011-04-26 18:13 -------- d-----w- C:\found.000
2011-04-25 22:49 . 2011-04-25 22:49 0 ---ha-w- c:\users\Peter\AppData\Local\BIT987.tmp
2011-04-25 22:43 . 2011-04-25 22:43 0 ---ha-w- c:\users\Peter\AppData\Local\BIT12A7.tmp
2011-04-25 22:09 . 2011-04-25 22:09 -------- d-----w- c:\programdata\is-BG0OA
2011-04-25 21:56 . 2011-04-25 21:56 -------- d-----w- c:\programdata\is-CRMHJ
2011-04-25 21:55 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\32268217.sys
2011-04-25 18:28 . 2011-04-25 19:59 -------- d-sh--w- C:\DrWeb Quarantine
2011-04-25 18:24 . 2011-05-03 09:21 43980832 --sha-w- c:\windows\system32\drivers\fidbox.dat
2011-04-25 17:27 . 2011-04-25 17:27 -------- d-----w- c:\programdata\is-JS7IB
2011-04-25 17:27 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\41181096.sys
2011-04-25 17:26 . 2011-04-25 22:09 -------- d-----w- c:\users\Peter\AppData\Roaming\GetRightToGo
2011-04-25 16:38 . 2011-04-25 16:38 -------- d-----w- c:\program files\ESET
2011-04-25 14:49 . 2011-03-01 15:42 139768 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-04-25 14:49 . 2011-01-31 14:41 93944 ----a-w- c:\windows\system32\drivers\spiderg3.sys
2011-04-25 14:49 . 2011-04-25 14:49 -------- d-----w- c:\programdata\Doctor Web
2011-04-25 14:49 . 2011-04-25 14:49 -------- d-----w- c:\program files\Common Files\Doctor Web
2011-04-25 14:49 . 2011-05-03 09:19 -------- d-----w- c:\program files\DrWeb
2011-04-25 10:21 . 2011-04-25 18:45 24448 ----a-w- c:\windows\system32\drivers\rkhdrv40.sys
2011-04-25 10:18 . 2011-04-26 23:18 -------- d-----w- c:\program files\Exterminate It!
2011-04-24 14:40 . 2011-05-02 22:58 -------- d-----w- c:\users\Peter\AppData\Roaming\Registry Mechanic
2011-04-22 07:26 . 2011-04-22 07:26 -------- d-----w- c:\users\Peter\AppData\Local\DDMSettings
2011-04-22 07:24 . 2010-09-16 11:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-04-22 07:24 . 2008-04-02 15:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-04-22 07:24 . 2008-04-02 15:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-04-22 07:24 . 2008-04-02 15:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-04-22 07:24 . 2011-04-22 07:24 -------- d-----w- c:\program files\Common Files\PC Tools
2011-04-20 23:04 . 2011-04-20 23:13 -------- d-----w- c:\program files\Allscoop RSS Submit Pro
2011-04-20 23:04 . 2011-04-20 23:04 434688 ----a-w- c:\windows\system32\ss2uinst.exe
2011-04-20 17:08 . 2011-05-03 08:23 -------- d-----w- c:\program files\Virgin Media
2011-04-16 11:06 . 2011-04-16 11:06 -------- d-----w- c:\users\Peter\AppData\Local\PackageAware
2011-04-14 10:33 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 10:33 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 10:33 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 10:33 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 10:33 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 10:33 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 10:33 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 10:32 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 10:32 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 10:32 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 10:32 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 10:32 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 10:32 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 10:32 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 10:32 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 10:32 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 10:32 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-13 21:09 . 2011-04-13 21:09 -------- d-----w- c:\programdata\RoboTask
2011-04-13 21:00 . 2011-04-22 07:43 -------- d-----w- c:\program files\RoboTask
2011-04-13 21:00 . 2011-04-22 07:43 -------- d-----w- c:\users\Peter\AppData\Local\RoboTask
2011-04-11 00:11 . 2011-04-11 00:11 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-04-11 00:11 . 2011-04-11 00:11 -------- d-----w- c:\program files\Memorisation master
2011-04-10 22:27 . 2011-04-10 22:27 -------- d-----w- c:\program files\Market Samurai
2011-04-07 08:05 . 2011-05-03 08:23 -------- d-----w- c:\users\Peter\AppData\Local\SENukeX
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-05 14:34 . 2011-05-03 08:18 -------- d-----w- c:\windows\Panther
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-06 16:51 . 2010-09-03 21:31 66 ----a-w- c:\users\Peter\AppData\Roaming\ispresenter4_1.tmp
2011-02-19 05:33 . 2011-03-09 03:40 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 03:40 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 03:40 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 16:36 . 2011-02-18 16:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-03 05:45 . 2011-02-09 21:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2010-08-20 00:17 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-12 22:58 . 2010-09-12 22:58 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-24 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-22 2423752]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-07-23 1755960]
"SEnukeX"="c:\users\Peter\AppData\Local\SENukeX\senuke.exe" [2011-04-24 6303232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-08 622592]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-12 30192]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-01-25 716800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-07-27 424496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"SpIDerMail"="c:\program files\DrWeb\spiderml.exe" [2011-03-16 1572592]
"SpIDerAgent"="c:\program files\DrWeb\SpIDerAgent.exe" [2011-04-20 1473264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMReminderService
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Submit Equalizer
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-07-19 13:51 65536 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2007-05-04 10:05 571024 ----a-w- c:\program files\Toshiba\Registration\ToshibaRegistration.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 133104]
R2 MSSQL$SMARTSQL;SQL Server (SMARTSQL);c:\program files\Microsoft SQL Server\MSSQL10.SMARTSQL\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [2009-07-28 123784]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-12 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 133104]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 Normandy;Normandy SR2; [x]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-04 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SMARTSQL;SQL Server Agent (SMARTSQL);c:\program files\Microsoft SQL Server\MSSQL10.SMARTSQL\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2011-03-01 139768]
S0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [2011-01-31 93944]
S1 is-CRMHJdrv;is-CRMHJdrv;c:\windows\system32\DRIVERS\32268217.sys [2008-07-08 148496]
S1 is-JS7IBdrv;is-JS7IBdrv;c:\windows\system32\DRIVERS\41181096.sys [2008-07-08 148496]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2011-03-01 1667416]
S2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [2011-03-23 1406264]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-02-01 187904]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 15:59]
.
2011-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 15:59]
.
2011-04-23 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-04-22 16:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
LSP: c:\program files\DrWeb\drwebsp.dll
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: S3 Firefox Organizer(S3Fox): {7CEA821D-3DAB-4238-B424-BF7324531750} - %profile%\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Google Global: {B97F57B9-1B42-4aed-9475-0022600C62DC} - %profile%\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: CheckFox: {BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87} - %profile%\extensions\{BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
Toolbar-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
WebBrowser-{90D46C30-9F25-4104-AEA9-35C3F84477FF} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-IBP - (no file)
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
.
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-03 10:35:39
ComboFix-quarantined-files.txt 2011-05-03 09:35
.
Pre-Run: 5,539,713,024 bytes free
Post-Run: 5,832,196,096 bytes free
.
- - End Of File - - 0FF0F53C9A631A1ACD124EEA8C13A030
 
I can see two AV programs running, Doctor Web Anti-Virus and Avira.
One of them has to go.
Your choice.

=====================================================================

Uninstall Registry Mechanic.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


======================================================================

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\users\Peter\AppData\Local\BIT893B.tmp
c:\users\Peter\AppData\Local\BIT76F.tmp
c:\users\Peter\AppData\Local\BIT195.tmp
c:\users\Peter\AppData\Local\BIT987.tmp
c:\users\Peter\AppData\Local\BIT12A7.tmp
c:\windows\system32\drivers\32268217.sys
c:\windows\system32\drivers\41181096.sys
c:\users\Peter\AppData\Roaming\ispresenter4_1.tmp


Folder::
c:\programdata\is-BG0OA
c:\programdata\is-CRMHJ
c:\programdata\is-JS7IB


Driver::
is-CRMHJdrv
is-JS7IBdrv


Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Hi Broni.

Regmechanic gone and just working out which Antivirus to ditch. All appears to be well, everything is running although I'm sure there is still a risk of something lurking.




ComboFix 11-05-03.07 - Peter 2011/05/04 15:45:24.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.298.1033.18.2038.590 [GMT 1:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
Command switches used :: c:\users\Peter\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Doctor Web Anti-Virus *Disabled/Updated* {6CC6AE29-BD86-6306-5444-113FA6A626D8}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Doctor Web Anti-Virus *Disabled/Updated* {D7A74FCD-9BBC-6C88-6EF4-2A4DDD216C65}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Peter\AppData\Local\BIT12A7.tmp"
"c:\users\Peter\AppData\Local\BIT195.tmp"
"c:\users\Peter\AppData\Local\BIT76F.tmp"
"c:\users\Peter\AppData\Local\BIT893B.tmp"
"c:\users\Peter\AppData\Local\BIT987.tmp"
"c:\users\Peter\AppData\Roaming\ispresenter4_1.tmp"
"c:\windows\system32\drivers\32268217.sys"
"c:\windows\system32\drivers\41181096.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\is-BG0OA
c:\programdata\is-BG0OA\~PRCustomProps#122.dat
c:\programdata\is-BG0OA\~PRObjects#122.dat
c:\programdata\is-CRMHJ
c:\programdata\is-CRMHJ\~PRCustomProps#122.dat
c:\programdata\is-CRMHJ\~PRObjects#122.dat
c:\programdata\is-JS7IB
c:\programdata\is-JS7IB\~PRCustomProps#122.dat
c:\programdata\is-JS7IB\~PRObjects#122.dat
c:\users\Peter\AppData\Local\BIT12A7.tmp
c:\users\Peter\AppData\Local\BIT195.tmp
c:\users\Peter\AppData\Local\BIT76F.tmp
c:\users\Peter\AppData\Local\BIT893B.tmp
c:\users\Peter\AppData\Local\BIT987.tmp
c:\users\Peter\AppData\Roaming\Adobe\plugs
c:\users\Peter\AppData\Roaming\Adobe\shed
c:\users\Peter\AppData\Roaming\ispresenter4_1.tmp
c:\windows\system32\drivers\32268217.sys
c:\windows\system32\drivers\41181096.sys
G:\autorun.inf
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IS-CRMHJDRV
-------\Legacy_IS-JS7IBDRV
-------\Service_is-CRMHJdrv
-------\Service_is-JS7IBdrv
.
.
((((((((((((((((((((((((( Files Created from 2011-04-04 to 2011-05-04 )))))))))))))))))))))))))))))))
.
.
2011-05-04 15:06 . 2011-05-04 15:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-04 10:01 . 2011-05-04 10:05 -------- d-----w- c:\users\Peter\AppData\Roaming\E342D1DAEC6FE24738CB292987A90C74
2011-05-04 00:20 . 2011-04-18 08:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C66590F-A57E-4F4B-A56C-B20EF23BDB0B}\mpengine.dll
2011-05-03 21:28 . 2011-05-03 21:29 -------- d-----w- c:\program files\Market Samurai
2011-05-03 10:04 . 2011-05-03 10:04 -------- d-----w- c:\users\Peter\AppData\Roaming\Radialpoint
2011-05-03 09:35 . 2011-05-04 15:06 -------- d-----w- c:\users\Peter\AppData\Local\temp
2011-05-02 22:17 . 2011-05-02 22:17 -------- d-----w- c:\program files\iPod
2011-05-02 22:16 . 2011-05-02 22:27 -------- d-----w- c:\program files\iTunes
2011-05-02 21:53 . 2011-05-02 21:54 -------- d-----w- c:\program files\Bonjour
2011-05-02 21:19 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-05-02 21:19 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-05-02 21:19 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-05-02 21:19 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-05-02 21:19 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-05-02 21:19 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-05-02 21:19 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-05-02 21:19 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-05-02 21:19 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-05-02 21:19 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-05-02 21:18 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-02 21:18 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-05-02 20:02 . 2011-05-02 20:02 34560 ----a-w- c:\windows\system32\drivers\Normandy.sys
2011-04-28 15:26 . 2011-04-28 15:26 -------- d-----w- c:\users\Peter\AppData\Roaming\Avira
2011-04-28 15:21 . 2011-04-01 16:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-04-28 15:21 . 2011-04-01 16:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-04-28 15:21 . 2011-04-28 15:21 -------- d-----w- c:\programdata\Avira
2011-04-28 15:21 . 2011-04-28 15:21 -------- d-----w- c:\program files\Avira
2011-04-26 18:13 . 2011-04-26 18:13 -------- d-----w- C:\found.000
2011-04-25 18:28 . 2011-05-04 10:01 -------- d-sh--w- C:\DrWeb Quarantine
2011-04-25 18:24 . 2011-05-04 15:08 179843104 --sha-w- c:\windows\system32\drivers\fidbox.dat
2011-04-25 17:26 . 2011-04-25 22:09 -------- d-----w- c:\users\Peter\AppData\Roaming\GetRightToGo
2011-04-25 16:38 . 2011-04-25 16:38 -------- d-----w- c:\program files\ESET
2011-04-25 14:49 . 2011-03-01 15:42 139768 ----a-w- c:\windows\system32\drivers\dwprot.sys
2011-04-25 14:49 . 2011-01-31 14:41 93944 ----a-w- c:\windows\system32\drivers\spiderg3.sys
2011-04-25 14:49 . 2011-04-25 14:49 -------- d-----w- c:\programdata\Doctor Web
2011-04-25 14:49 . 2011-04-25 14:49 -------- d-----w- c:\program files\Common Files\Doctor Web
2011-04-25 14:49 . 2011-05-04 14:51 -------- d-----w- c:\program files\DrWeb
2011-04-25 10:21 . 2011-04-25 18:45 24448 ----a-w- c:\windows\system32\drivers\rkhdrv40.sys
2011-04-25 10:18 . 2011-04-26 23:18 -------- d-----w- c:\program files\Exterminate It!
2011-04-24 14:40 . 2011-05-02 22:58 -------- d-----w- c:\users\Peter\AppData\Roaming\Registry Mechanic
2011-04-22 07:26 . 2011-04-22 07:26 -------- d-----w- c:\users\Peter\AppData\Local\DDMSettings
2011-04-20 23:04 . 2011-05-04 10:31 -------- d-----w- c:\program files\Allscoop RSS Submit Pro
2011-04-20 23:04 . 2011-04-20 23:04 434688 ----a-w- c:\windows\system32\ss2uinst.exe
2011-04-20 17:08 . 2011-05-03 08:23 -------- d-----w- c:\program files\Virgin Media
2011-04-16 11:06 . 2011-04-16 11:06 -------- d-----w- c:\users\Peter\AppData\Local\PackageAware
2011-04-14 10:33 . 2011-02-23 05:05 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-14 10:33 . 2011-02-23 05:06 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-14 10:33 . 2011-02-23 05:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-14 10:33 . 2011-03-03 05:29 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-14 10:33 . 2011-03-03 05:27 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-14 10:33 . 2011-02-19 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-14 10:33 . 2011-02-19 03:37 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-04-14 10:32 . 2011-03-03 03:31 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 10:32 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-14 10:32 . 2011-02-12 05:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 10:32 . 2011-03-11 05:40 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-14 10:32 . 2011-03-08 05:38 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-14 10:32 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-14 10:32 . 2011-02-23 05:05 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-14 10:32 . 2011-02-23 05:05 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-14 10:32 . 2011-02-23 05:05 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-14 10:32 . 2011-02-23 05:05 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-13 21:09 . 2011-04-13 21:09 -------- d-----w- c:\programdata\RoboTask
2011-04-13 21:00 . 2011-04-22 07:43 -------- d-----w- c:\program files\RoboTask
2011-04-13 21:00 . 2011-04-22 07:43 -------- d-----w- c:\users\Peter\AppData\Local\RoboTask
2011-04-11 00:11 . 2011-04-11 00:11 131584 ----a-w- c:\windows\system32\SpoonUninstall.exe
2011-04-11 00:11 . 2011-04-11 00:11 -------- d-----w- c:\program files\Memorisation master
2011-04-07 08:05 . 2011-05-04 14:19 -------- d-----w- c:\users\Peter\AppData\Local\SENukeX
2011-04-06 15:20 . 2011-04-06 15:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20 . 2011-04-06 15:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:20 . 2011-04-06 15:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20 . 2011-04-06 15:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-05 14:34 . 2011-05-03 08:18 -------- d-----w- c:\windows\Panther
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 05:33 . 2011-03-09 03:40 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 03:40 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 03:40 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 16:36 . 2011-02-18 16:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 16:36 . 2011-02-18 16:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-12 22:58 . 2010-09-12 22:58 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-24 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-22 2423752]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-07-23 1755960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-08 622592]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-12 30192]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-01-25 716800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2009-07-27 424496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SpIDerMail"="c:\program files\DrWeb\spiderml.exe" [2011-03-16 1572592]
"SpIDerAgent"="c:\program files\DrWeb\SpIDerAgent.exe" [2011-04-20 1473264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"DHSClient.exe"="c:\program files\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
.
c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-07-19 13:51 65536 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 133104]
R2 MSSQL$SMARTSQL;SQL Server (SMARTSQL);c:\program files\Microsoft SQL Server\MSSQL10.SMARTSQL\MSSQL\Binn\sqlservr.exe [2008-07-11 40999448]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [2009-07-28 123784]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-12 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 133104]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 Normandy;Normandy SR2; [x]
R3 rkhdrv40;Rootkit Unhooker Driver; [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-04 1343400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SMARTSQL;SQL Server Agent (SMARTSQL);c:\program files\Microsoft SQL Server\MSSQL10.SMARTSQL\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2011-03-01 139768]
S0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [2011-01-31 93944]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\Common Files\Doctor Web\Scanning Engine\dwengine.exe [2011-03-01 1667416]
S2 HsdService;HsdService;c:\program files\Virgin Media\Digital Home Support\HsdService.exe [2011-03-23 1406264]
S2 ServicepointService;ServicepointService;c:\program files\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-02-01 187904]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 15:59]
.
2011-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 15:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
LSP: c:\program files\DrWeb\drwebsp.dll
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\Siber Systems\AI RoboForm\Firefox
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: S3 Firefox Organizer(S3Fox): {7CEA821D-3DAB-4238-B424-BF7324531750} - %profile%\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
FF - Ext: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - %profile%\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: Google Global: {B97F57B9-1B42-4aed-9475-0022600C62DC} - %profile%\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: CheckFox: {BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87} - %profile%\extensions\{BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
"ImagePath"="system32\drivers\dwprot.sys"
"Name"="ImagePath"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5288)
c:\users\Peter\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
c:\program files\7-Zip\7-zip.dll
c:\program files\Avira\AntiVir Desktop\shlext.dll
c:\program files\DrWeb\drwsxtn.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DrWeb\DrWebUpW.exe
.
**************************************************************************
.
Completion time: 2011-05-04 16:19:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-04 15:19
ComboFix2.txt 2011-05-03 09:35
.
Pre-Run: 2,744,745,984 bytes free
Post-Run: 3,014,881,280 bytes free
.
- - End Of File - - AE366E1239883F6C1610439B0ABCFE07
 
Good news :)

just working out which Antivirus to ditch
Click to expand...
You have to do it now, before we go to next steps...

=======================================================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
I dont know what happened but it only created 1 log which was the otl.txt

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
 
ooooops - pasted the wrong thing by mistake - here it is again

OTL logfile created on: 2011/05/05 00:57:42 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Peter\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: yyyy/MM/dd

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 37.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43.95 Gb Total Space | 8.71 Gb Free Space | 19.81% Space Free | Partition Type: NTFS
Drive D: | 103.63 Gb Total Space | 29.81 Gb Free Space | 28.76% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 560.39 Gb Free Space | 60.16% Space Free | Partition Type: NTFS

Computer Name: PETER-LAPTOP | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/05 00:54:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
PRC - [2011/05/04 12:14:27 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/05/03 17:29:53 | 000,109,568 | ---- | M] (Microsoft) -- C:\Users\Peter\AppData\Local\SENukeX\SENukeRecovery.exe
PRC - [2011/05/03 17:29:52 | 006,384,128 | ---- | M] () -- C:\Users\Peter\AppData\Local\SENukeX\SENuke.exe
PRC - [2011/04/22 13:34:17 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
PRC - [2011/04/22 08:19:33 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/03/21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/29 14:58:34 | 001,294,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
PRC - [2010/10/11 15:43:06 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2008/01/25 15:43:22 | 000,716,800 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
PRC - [2008/01/21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe


========== Modules (SafeList) ==========

MOD - [2011/05/05 00:54:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
MOD - [2010/12/21 06:34:12 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2009/07/14 02:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
MOD - [2009/07/14 02:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2009/07/14 02:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll
MOD - [2009/07/14 02:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davhlpr.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/03 22:24:29 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/29 14:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/11 15:43:06 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/09/04 07:17:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/24 21:09:06 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/12/10 01:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/01/21 17:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/17 16:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/03 17:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 18:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/02/12 16:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)


========== Driver Services (SafeList) ==========

DRV - [2011/05/02 21:02:17 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Normandy.sys -- (Normandy)
DRV - [2011/04/25 19:45:26 | 000,024,448 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rkhdrv40.sys -- (rkhdrv40)
DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/12 22:42:16 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/07/28 21:31:48 | 000,123,784 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/07/13 23:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/07/13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/04/10 18:09:40 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2009/03/30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/01/13 17:01:26 | 000,002,304 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\Machnm32.sys -- (Machnm32)
DRV - [2008/07/10 02:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/02/01 11:46:08 | 000,187,904 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (CnxtHdAudAddService)
DRV - [2008/01/15 10:34:58 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/11/09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/10/17 22:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/06 15:21:32 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2007/04/23 10:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2006/10/23 17:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - Reg Error: Key error. File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/09/03 14:54:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/09/03 14:58:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/22 08:26:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/22 08:26:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/04 19:48:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/04 12:14:33 | 000,000,000 | ---D | M]

[2011/01/10 16:45:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Extensions
[2009/12/20 20:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010/08/11 21:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/10 16:45:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2011/05/04 23:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions
[2011/02/16 17:41:28 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/04/14 23:22:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/13 17:39:08 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/02/19 17:38:07 | 000,000,000 | ---D | M] ("S3 Firefox Organizer(S3Fox)") -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
[2010/09/03 15:17:21 | 000,000,000 | ---D | M] (Google Global) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
[2010/09/03 15:17:21 | 000,000,000 | ---D | M] (Google Global) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}(36)
[2011/04/06 23:38:43 | 000,000,000 | ---D | M] (CheckFox) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\{BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}
[2010/09/03 15:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2011/02/08 22:27:18 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2011/02/08 22:27:18 | 000,000,000 | ---D | M] (SearchStatus) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2011/03/22 00:55:14 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/05/03 09:29:47 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010/09/03 15:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\bonjourfoxy@bonjourfoxy.net
[2010/09/03 15:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\bonjourfoxy@bonjourfoxy.net-trash
[2011/04/11 01:16:42 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\firebug@software.joehewitt.com
[2010/09/03 15:17:16 | 000,000,000 | ---D | M] (Shareaholic) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\firefox-extension@shareaholic(35).com
[2010/09/03 15:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\0258qkbr.default\extensions\firefox-extension@shareaholic(35).com\chrome
[2011/05/04 23:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/04 10:47:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/04 10:56:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/09/08 19:48:24 | 000,064,392 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/03 18:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 18:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 18:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 18:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/05/04 16:10:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0B1B0D47-95F7-4bad-9309-A945B655AE61} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - No CLSID value found.
O3 - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.
O3 - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper: C:\Users\Peter\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Peter\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/07/10 05:38:16 | 000,000,000 | R--D | M] - G:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\Windows\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
and the second half...........

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 00:54:08 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2011/05/04 23:23:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/04 23:05:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/04 21:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2011/05/04 21:57:09 | 000,000,000 | ---D | C] -- C:\Users\Peter\.ranktracker
[2011/05/04 19:58:58 | 000,000,000 | ---D | C] -- C:\Users\Peter\.seospyglass
[2011/05/04 19:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flying Logic Pro
[2011/05/04 19:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Flying Logic Pro
[2011/05/04 15:51:30 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skype and Pamela
[2011/05/04 11:01:50 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\E342D1DAEC6FE24738CB292987A90C74
[2011/05/03 11:04:56 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Radialpoint
[2011/05/03 10:35:57 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\temp
[2011/05/03 10:17:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/03 09:51:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/03 09:51:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/03 09:51:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/02 23:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/02 23:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/05/02 23:01:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/02 22:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/04/28 16:26:26 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Avira
[2011/04/28 16:21:42 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/04/28 16:21:42 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/04/28 16:21:42 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/04/28 16:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/04/28 16:21:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/25 19:28:21 | 000,000,000 | -HSD | C] -- C:\DrWeb Quarantine
[2011/04/25 18:54:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/25 18:26:54 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\GetRightToGo
[2011/04/25 15:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2011/04/25 11:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2011/04/24 15:40:43 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Registry Mechanic
[2011/04/22 08:26:38 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\DDMSettings
[2011/04/21 00:04:16 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allscoop RSS Submit Pro
[2011/04/21 00:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allscoop RSS Submit Pro
[2011/04/21 00:04:15 | 000,434,688 | ---- | C] (Virtualzone.de) -- C:\Windows\System32\ss2uinst.exe
[2011/04/21 00:04:15 | 000,000,000 | ---D | C] -- C:\Program Files\Allscoop RSS Submit Pro
[2011/04/16 12:06:30 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\PackageAware
[2011/04/13 22:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboTask
[2011/04/13 22:00:07 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\RoboTask
[2011/04/13 22:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\RoboTask
[2011/04/11 01:11:29 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect memory
[2011/04/11 01:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect memory
[2011/04/11 01:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Memorisation master
[2011/04/07 09:05:20 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\SENukeX
[2011/04/07 09:05:08 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SENukeX
[2011/04/05 15:34:00 | 000,000,000 | ---D | C] -- C:\Windows\Panther

========== Files - Modified Within 30 Days ==========

[2011/05/05 00:54:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2011/05/05 00:39:07 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/04 23:38:02 | 000,013,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/04 23:38:02 | 000,013,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/04 23:29:42 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/04 23:29:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/04 23:17:39 | 001,075,200 | ---- | M] () -- C:\Users\Peter\Documents\Sales training.msam
[2011/05/04 23:09:43 | 000,002,012 | -H-- | M] () -- C:\Users\Peter\Documents\Default.rdp
[2011/05/04 23:05:27 | 004,337,362 | R--- | M] () -- C:\Users\Peter\Desktop\ComboFix.exe
[2011/05/04 21:57:24 | 000,409,668 | ---- | M] () -- C:\Users\Peter\.ranktracker.properties
[2011/05/04 20:05:59 | 000,001,024 | ---- | M] () -- C:\Users\Peter\Desktop\Keyword Elite 2.0.lnk
[2011/05/04 19:59:17 | 000,462,128 | ---- | M] () -- C:\Users\Peter\.spyglass.properties
[2011/05/04 19:25:38 | 000,002,220 | ---- | M] () -- C:\Users\Peter\Desktop\SEO SpyGlass.lnk
[2011/05/04 16:10:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/04 16:08:58 | 179,843,104 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2011/05/04 16:08:58 | 002,110,700 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2011/05/03 19:45:54 | 000,002,080 | ---- | M] () -- C:\Users\Public\Desktop\Micro Niche Finder 5.0.lnk
[2011/05/03 17:30:13 | 000,002,033 | ---- | M] () -- C:\Users\Peter\Desktop\SENukeX.lnk
[2011/05/03 16:56:44 | 006,254,592 | ---- | M] () -- C:\Users\Peter\s-1-5-21-1867113323-2075334900-1738569641-1000.rrr
[2011/05/03 15:29:37 | 000,792,666 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/03 15:29:37 | 000,179,292 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/03 09:19:11 | 000,001,376 | ---- | M] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/02 22:37:26 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/02 22:29:11 | 000,002,503 | ---- | M] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/05/02 21:02:17 | 000,034,560 | ---- | M] () -- C:\Windows\System32\drivers\Normandy.sys
[2011/05/02 20:32:59 | 000,000,000 | ---- | M] () -- C:\Users\Peter\AppData\Local\{ED4928FE-0BED-4C1A-A89E-2F88249DF065}
[2011/05/02 20:29:03 | 000,000,000 | ---- | M] () -- C:\Users\Peter\AppData\Local\{60E0E245-BE22-408C-B7BE-2AF01E6DD026}
[2011/05/02 20:24:58 | 000,000,000 | ---- | M] () -- C:\Users\Peter\AppData\Local\{35E2D860-2A7C-40F3-97BE-EE2D8E1921C6}
[2011/04/28 18:41:30 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 19:15:38 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2011/04/25 23:49:38 | 000,000,000 | ---- | M] () -- C:\Users\Peter\AppData\Local\{1EB2C635-5AB2-455A-8B12-274CFF65F8DC}
[2011/04/25 23:43:52 | 000,000,000 | ---- | M] () -- C:\Users\Peter\AppData\Local\{3D86D2B9-1D41-4F49-AA09-AE88BE6DA26F}
[2011/04/25 19:45:26 | 000,024,448 | ---- | M] () -- C:\Windows\System32\drivers\rkhdrv40.sys
[2011/04/21 00:04:16 | 000,001,965 | ---- | M] () -- C:\Users\Peter\Desktop\RSS Announcer.lnk
[2011/04/21 00:04:09 | 000,434,688 | ---- | M] (Virtualzone.de) -- C:\Windows\System32\ss2uinst.exe
[2011/04/17 13:16:36 | 000,440,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/16 18:49:54 | 000,000,976 | ---- | M] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Traffic Travis.lnk
[2011/04/11 19:29:29 | 001,877,005 | ---- | M] () -- C:\Users\Peter\Documents\www.salesdnaltd.com.stk
[2011/04/11 01:11:52 | 000,131,584 | ---- | M] () -- C:\Windows\System32\SpoonUninstall.exe
[2011/04/11 01:11:52 | 000,009,905 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-MMaster.dat
[2011/04/11 01:11:10 | 000,058,554 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-MMaster.bmp
[2011/04/11 00:51:18 | 000,095,232 | ---- | M] () -- C:\Users\Peter\Documents\experiential training.msam
[2011/04/06 17:51:56 | 000,000,236 | -H-- | M] () -- C:\Users\Peter\AppData\Roaming\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2011/04/06 17:51:56 | 000,000,236 | -H-- | M] () -- C:\ProgramData\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2011/04/05 09:15:18 | 000,002,649 | ---- | M] () -- C:\Users\Peter\Desktop\Magic Article Rewriter.lnk

========== Files Created - No Company Name ==========

[2011/05/04 22:01:49 | 000,000,878 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2011/05/04 20:04:18 | 000,001,024 | ---- | C] () -- C:\Users\Peter\Desktop\Keyword Elite 2.0.lnk
[2011/05/04 19:25:38 | 000,002,220 | ---- | C] () -- C:\Users\Peter\Desktop\SEO SpyGlass.lnk
[2011/05/04 15:24:51 | 004,337,362 | R--- | C] () -- C:\Users\Peter\Desktop\ComboFix.exe
[2011/05/03 16:56:38 | 006,254,592 | ---- | C] () -- C:\Users\Peter\s-1-5-21-1867113323-2075334900-1738569641-1000.rrr
[2011/05/03 09:51:52 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/03 09:51:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/03 09:51:52 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/03 09:51:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/03 09:51:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/02 22:37:26 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/02 22:29:11 | 000,002,503 | ---- | C] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/05/02 22:29:11 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/05/02 21:02:14 | 000,034,560 | ---- | C] () -- C:\Windows\System32\drivers\Normandy.sys
[2011/05/02 20:32:59 | 000,000,000 | ---- | C] () -- C:\Users\Peter\AppData\Local\{ED4928FE-0BED-4C1A-A89E-2F88249DF065}
[2011/05/02 20:29:03 | 000,000,000 | ---- | C] () -- C:\Users\Peter\AppData\Local\{60E0E245-BE22-408C-B7BE-2AF01E6DD026}
[2011/05/02 20:24:58 | 000,000,000 | ---- | C] () -- C:\Users\Peter\AppData\Local\{35E2D860-2A7C-40F3-97BE-EE2D8E1921C6}
[2011/04/28 18:41:30 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/26 19:15:38 | 000,003,408 | ---- | C] () -- C:\bootsqm.dat
[2011/04/25 23:49:22 | 000,000,000 | ---- | C] () -- C:\Users\Peter\AppData\Local\{1EB2C635-5AB2-455A-8B12-274CFF65F8DC}
[2011/04/25 23:43:36 | 000,000,000 | ---- | C] () -- C:\Users\Peter\AppData\Local\{3D86D2B9-1D41-4F49-AA09-AE88BE6DA26F}
[2011/04/25 19:24:28 | 179,843,104 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2011/04/25 19:24:28 | 002,110,700 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2011/04/25 11:21:59 | 000,024,448 | ---- | C] () -- C:\Windows\System32\drivers\rkhdrv40.sys
[2011/04/21 00:04:16 | 000,001,965 | ---- | C] () -- C:\Users\Peter\Desktop\RSS Announcer.lnk
[2011/04/11 01:11:52 | 000,131,584 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2011/04/11 01:11:52 | 000,058,554 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-MMaster.bmp
[2011/04/11 01:11:52 | 000,009,905 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-MMaster.dat
[2011/04/10 23:29:08 | 000,095,232 | ---- | C] () -- C:\Users\Peter\Documents\experiential training.msam
[2011/04/10 23:24:17 | 000,000,878 | ---- | C] () -- C:\Users\Peter\Desktop\Market Samurai.lnk
[2011/04/10 23:01:36 | 000,002,080 | ---- | C] () -- C:\Users\Public\Desktop\Micro Niche Finder 5.0.lnk
[2011/04/07 09:07:35 | 000,002,033 | ---- | C] () -- C:\Users\Peter\Desktop\SENukeX.lnk
[2011/04/05 09:15:18 | 000,002,649 | ---- | C] () -- C:\Users\Peter\Desktop\Magic Article Rewriter.lnk
[2011/03/23 14:44:28 | 000,000,056 | ---- | C] () -- C:\Windows\LiveUpdate.INI
[2010/09/26 11:55:58 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/09/25 12:49:31 | 000,000,265 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/09/04 16:35:12 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/09/03 22:31:20 | 000,000,236 | -H-- | C] () -- C:\Users\Peter\AppData\Roaming\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2010/09/03 22:31:20 | 000,000,236 | -H-- | C] () -- C:\ProgramData\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2010/09/03 15:25:54 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2010/09/01 17:21:22 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010/09/01 17:16:46 | 000,333,288 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2010/08/27 19:06:06 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/08/16 01:08:37 | 000,000,005 | ---- | C] () -- C:\Windows\Windows9XP.dat
[2010/08/16 01:05:09 | 000,028,672 | ---- | C] () -- C:\Windows\System32\SRISLogger.dll
[2010/08/16 01:05:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ToolsDll_v3.dll
[2010/08/16 01:05:08 | 000,044,544 | ---- | C] () -- C:\Windows\System32\Gprcore.dll
[2010/08/16 01:05:07 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ExProwl.dll
[2010/08/16 01:05:06 | 000,192,512 | ---- | C] () -- C:\Windows\System32\DomainEMail.dll
[2010/04/06 18:53:17 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/01/12 15:27:47 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2009/11/06 22:34:10 | 000,000,119 | ---- | C] () -- C:\Windows\System32\messages.dat
[2009/11/06 20:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\twitter_profiles.dat
[2009/11/06 19:28:53 | 000,001,000 | ---- | C] () -- C:\Windows\System32\tw_auto.dat
[2009/09/23 19:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/09/17 19:36:37 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/09/15 10:20:58 | 000,000,463 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/09/15 10:20:58 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2009/09/15 10:20:58 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/09/15 10:19:05 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009/09/15 10:13:04 | 000,000,226 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/09/15 10:13:04 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/09/15 10:13:04 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF04A.dat
[2009/09/15 10:10:57 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/09/15 10:10:56 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009/09/11 17:49:44 | 000,000,040 | ---- | C] () -- C:\Windows\submitequalizer.ini
[2009/09/07 18:44:23 | 000,000,635 | ---- | C] () -- C:\Windows\System32\OEMINFO.INI
[2009/09/07 18:32:40 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2009/09/04 22:51:37 | 000,000,073 | ---- | C] () -- C:\Windows\pressequalizer.ini
[2009/09/04 17:29:16 | 000,213,768 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/08/25 18:12:44 | 000,004,096 | ---- | C] () -- C:\Windows\System32\tuelz.dat
[2009/08/14 09:20:51 | 002,139,136 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\TweetAdder
[2009/08/09 18:10:17 | 000,003,120 | ---- | C] () -- C:\Windows\sptm.dll
[2009/08/09 08:51:57 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/06 21:28:06 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 05:33:53 | 000,440,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,792,666 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,179,292 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/01/13 17:01:26 | 000,015,840 | ---- | C] () -- C:\Windows\System32\Machnm1.exe
[2009/01/13 17:01:26 | 000,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2008/03/19 14:11:08 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/03/18 14:23:10 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/03/18 14:23:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/03/18 14:23:10 | 000,009,484 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/03/18 14:23:10 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/03/18 14:18:01 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/03/18 13:51:25 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/02/19 07:33:34 | 000,446,352 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2007/12/21 17:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2005/07/22 22:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2004/02/28 05:30:12 | 000,049,152 | ---- | C] () -- C:\Windows\System32\TrustSupport.dll
[2002/09/10 17:50:22 | 000,036,864 | ---- | C] () -- C:\Windows\System32\DiskID32.dll

========== LOP Check ==========

[2010/09/03 15:14:35 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Affilorama
[2010/09/03 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Bookmarkwiz
[2010/09/03 15:16:43 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/19 16:57:33 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\CommissionBlueprint.KeywordBlueprint2.E611A7DFA7A14643DD636F3114ECD771F85A61E0.1
[2011/05/04 23:30:25 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Dropbox
[2011/05/04 11:05:25 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\E342D1DAEC6FE24738CB292987A90C74
[2011/02/05 16:38:50 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\EasyLeadFinderv2
[2011/03/23 14:44:17 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\eGrabber
[2011/05/04 15:39:12 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\FileZilla
[2011/01/10 16:45:38 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Flickr
[2011/04/25 23:09:33 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\GetRightToGo
[2010/11/24 21:20:31 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\GoodSync
[2011/03/23 11:12:56 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\GPScraper 2011
[2011/03/23 11:27:11 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\GPScraper.com
[2010/09/05 22:13:19 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\GrabPro
[2010/11/15 12:46:18 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Green Parrots Software
[2010/09/03 15:16:44 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\gtk-2.0
[2010/09/03 15:16:44 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Helios
[2010/09/03 15:16:45 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Hide IP NG
[2011/05/04 21:49:55 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\IBP
[2010/09/03 15:16:52 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\iSpring Solutions
[2010/11/08 22:58:16 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\LinkBounder
[2010/09/03 15:16:52 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\LinkedIn
[2010/09/03 15:16:53 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\MAPILab Ltd
[2010/09/03 15:16:53 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/05/02 23:36:21 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Mipony
[2010/09/03 15:17:15 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Moyea
[2010/12/10 20:22:18 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\NCH Swift Sound
[2010/09/18 13:13:48 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\northworks.biz
[2010/09/12 22:05:22 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Nuance
[2010/09/03 15:17:23 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Pamela
[2010/09/03 15:17:23 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\pinpoint Marketing tool
[2010/09/05 22:13:25 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ProgSense
[2011/05/03 11:04:56 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Radialpoint
[2011/05/02 23:58:35 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Registry Mechanic
[2010/09/18 12:15:40 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\ScrapePro.Designer
[2011/03/28 19:25:05 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Sick Marketing
[2010/11/15 13:53:43 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Snoworange
[2010/09/03 15:17:25 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Software Defender
[2010/09/03 15:17:25 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Sony
[2011/02/01 01:35:22 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\SpeedPPC4
[2010/09/03 15:17:32 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\SQLite Administrator
[2011/01/27 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Thinstall
[2010/09/03 15:17:33 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Toshiba
[2011/02/05 16:44:34 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Touche Software
[2011/04/02 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TrafficAnarchy
[2010/09/03 15:17:33 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/04/20 18:09:07 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Virgin Media
[2010/09/11 20:31:47 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\VSO
[2011/03/03 00:35:22 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\WinBatch
[2010/09/03 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Xtranormal
[2011/04/25 13:41:17 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/09/03 23:44:59 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011/04/26 19:15:38 | 000,003,408 | ---- | M] () -- C:\bootsqm.dat
[2011/05/04 23:25:17 | 000,018,598 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/04/01 09:04:10 | 000,116,174 | ---- | M] () -- C:\Copy of Peters sick - url list.xlsx
[2009/10/27 22:04:03 | 000,003,502 | ---- | M] () -- C:\Enlish.lng
[2008/03/18 15:08:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/24 20:35:54 | 000,001,015 | R--- | M] () -- C:\logFile.xsl
[2008/03/18 15:08:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/05/04 23:29:19 | 2137,448,448 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2009/07/14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/09 00:00:00 | 000,026,364 | ---- | M] (Brother Industries ,Ltd ) -- C:\Windows\System32\spool\prtprocs\w32x86\brmfpp1.dll
[2008/10/24 12:48:38 | 000,321,536 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp696.dll
[2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009/07/14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2010/11/09 22:25:57 | 000,001,654 | -HS- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009/07/14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/25 20:07:32 | 000,000,480 | -HS- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
[2011/05/03 09:19:11 | 000,000,221 | -HS- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/05/04 23:05:27 | 004,337,362 | R--- | M] () -- C:\Users\Peter\Desktop\ComboFix.exe
[2011/05/05 00:54:16 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 22:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/04 16:35:41 | 000,000,402 | -HS- | M] () -- C:\Users\Peter\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/04/06 17:51:56 | 000,000,236 | -H-- | M] () -- C:\ProgramData\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2010/10/11 09:12:47 | 000,000,265 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Windows\System32\€ó:pctlsp.log
@Alternate Data Stream - 236 bytes -> C:\ProgramData:iSpring Presenter 4
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
 
Hi

I have run it again and no extras.txt. I did every thing as you said. Are you sure i need to run quich scan as indicated in your instructions?
 
Navigate to C:\Program Files\OTListIt2 folder and see, if there is Extras.txt log.
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
O2 - BHO: (no name) - {0B1B0D47-95F7-4bad-9309-A945B655AE61} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - No CLSID value found.
O3 - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.
O3 - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O15 - HKU\S-1-5-21-1867113323-2075334900-1738569641-1000\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011/05/04 11:01:50 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\E342D1DAEC6FE24738CB292987A90C74
[2011/04/25 19:28:21 | 000,000,000 | -HSD | C] -- C:\DrWeb Quarantine
[2011/04/25 15:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web
[2011/04/24 15:40:43 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Registry Mechanic
[2011/04/06 17:51:56 | 000,000,236 | -H-- | M] () -- C:\Users\Peter\AppData\Roaming\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
[2011/04/06 17:51:56 | 000,000,236 | -H-- | M] () -- C:\ProgramData\ee6fe4d84748049fa23c8b8638a22cacf0cffd15
@Alternate Data Stream - 64 bytes -> C:\Windows\System32\€ó:pctlsp.log
@Alternate Data Stream - 236 bytes -> C:\ProgramData:iSpring Presenter 4
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F35A93AD
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Heres the first scan - Just waiting for the online scan now

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 25
Java(TM) 6 Update 3
Out of date Java installed!
Adobe Flash Player 10.2.152.32
Adobe Reader 9.4.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````
 

Similar threads

zohaibahd
Nvidia is investigating RTX 50 crashes and black screen issues, but no fix date yet
2
Replies
28
Views
576
LimyG
LimyG
W
Strange one to get your teeth into...
Replies
2
Views
112
Wazhead
W
Daniel Sims
New Nvidia drivers improve performance in benchmarks, but crashes and gaming issues remain
Replies
18
Views
232
LimyG
LimyG

Latest posts

Back