Solved Browser hijacked - Bamital virus

[Broni]

See if TDSSKiller will run now.

 

[Gremmy]

04:29:43.0316 1876 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
04:29:43.0422 1876 ============================================================
04:29:43.0422 1876 Current date / time: 2011/10/04 04:29:43.0422
04:29:43.0422 1876 SystemInfo:
04:29:43.0422 1876
04:29:43.0422 1876 OS Version: 6.0.6002 ServicePack: 2.0
04:29:43.0422 1876 Product type: Workstation
04:29:43.0422 1876 ComputerName: THEO-PC
04:29:43.0423 1876 UserName: Theo
04:29:43.0423 1876 Windows directory: C:\Windows
04:29:43.0423 1876 System windows directory: C:\Windows
04:29:43.0423 1876 Processor architecture: Intel x86
04:29:43.0423 1876 Number of processors: 4
04:29:43.0423 1876 Page size: 0x1000
04:29:43.0423 1876 Boot type: Normal boot
04:29:43.0423 1876 ============================================================
04:29:45.0858 1876 Initialize success
04:29:48.0868 4468 ============================================================
04:29:48.0868 4468 Scan started
04:29:48.0868 4468 Mode: Manual;
04:29:48.0868 4468 ============================================================
04:29:50.0458 4468 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
04:29:50.0460 4468 ACPI - ok
04:29:50.0520 4468 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
04:29:50.0525 4468 adp94xx - ok
04:29:50.0553 4468 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
04:29:50.0556 4468 adpahci - ok
04:29:50.0587 4468 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
04:29:50.0631 4468 adpu160m - ok
04:29:50.0954 4468 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
04:29:50.0965 4468 adpu320 - ok
04:29:51.0536 4468 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
04:29:51.0538 4468 AFD - ok
04:29:51.0617 4468 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
04:29:51.0619 4468 agp440 - ok
04:29:51.0687 4468 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
04:29:51.0689 4468 aic78xx - ok
04:29:51.0718 4468 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
04:29:51.0719 4468 aliide - ok
04:29:51.0746 4468 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
04:29:51.0747 4468 amdagp - ok
04:29:51.0774 4468 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
04:29:51.0775 4468 amdide - ok
04:29:51.0787 4468 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
04:29:51.0788 4468 AmdK7 - ok
04:29:51.0798 4468 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
04:29:51.0800 4468 AmdK8 - ok
04:29:51.0866 4468 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
04:29:51.0868 4468 arc - ok
04:29:51.0879 4468 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
04:29:51.0881 4468 arcsas - ok
04:29:51.0895 4468 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
04:29:51.0896 4468 AsyncMac - ok
04:29:51.0964 4468 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
04:29:51.0965 4468 atapi - ok
04:29:51.0979 4468 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
04:29:51.0980 4468 Beep - ok
04:29:52.0033 4468 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
04:29:52.0034 4468 blbdrive - ok
04:29:52.0098 4468 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
04:29:52.0110 4468 bowser - ok
04:29:52.0139 4468 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
04:29:52.0140 4468 BrFiltLo - ok
04:29:52.0169 4468 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
04:29:52.0170 4468 BrFiltUp - ok
04:29:52.0201 4468 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
04:29:52.0203 4468 Brserid - ok
04:29:52.0232 4468 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
04:29:52.0234 4468 BrSerWdm - ok
04:29:52.0248 4468 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
04:29:52.0249 4468 BrUsbMdm - ok
04:29:52.0262 4468 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
04:29:52.0263 4468 BrUsbSer - ok
04:29:52.0275 4468 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
04:29:52.0276 4468 BTHMODEM - ok
04:29:52.0489 4468 catchme - ok
04:29:52.0728 4468 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
04:29:52.0738 4468 cdfs - ok
04:29:52.0828 4468 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
04:29:52.0829 4468 cdrom - ok
04:29:52.0899 4468 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
04:29:52.0901 4468 circlass - ok
04:29:52.0935 4468 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
04:29:52.0937 4468 CLFS - ok
04:29:53.0018 4468 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
04:29:53.0019 4468 cmdide - ok
04:29:53.0033 4468 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys
04:29:53.0034 4468 Compbatt - ok
04:29:53.0123 4468 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
04:29:53.0123 4468 cpuz135 - ok
04:29:53.0174 4468 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
04:29:53.0175 4468 crcdisk - ok
04:29:53.0200 4468 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
04:29:53.0201 4468 Crusoe - ok
04:29:53.0324 4468 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
04:29:53.0325 4468 DfsC - ok
04:29:53.0338 4468 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
04:29:53.0339 4468 disk - ok
04:29:53.0381 4468 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
04:29:53.0382 4468 drmkaud - ok
04:29:53.0424 4468 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
04:29:53.0428 4468 DXGKrnl - ok
04:29:53.0466 4468 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
04:29:53.0468 4468 e1express - ok
04:29:53.0497 4468 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
04:29:53.0500 4468 E1G60 - ok
04:29:53.0602 4468 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
04:29:53.0603 4468 Ecache - ok
04:29:53.0710 4468 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
04:29:53.0714 4468 elxstor - ok
04:29:53.0762 4468 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
04:29:53.0763 4468 ErrDev - ok
04:29:53.0792 4468 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
04:29:53.0794 4468 exfat - ok
04:29:53.0822 4468 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
04:29:53.0824 4468 fastfat - ok
04:29:53.0842 4468 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
04:29:53.0844 4468 fdc - ok
04:29:53.0901 4468 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
04:29:53.0901 4468 FileInfo - ok
04:29:53.0979 4468 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
04:29:53.0980 4468 Filetrace - ok
04:29:53.0997 4468 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
04:29:53.0998 4468 flpydisk - ok
04:29:54.0021 4468 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
04:29:54.0022 4468 FltMgr - ok
04:29:54.0046 4468 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
04:29:54.0047 4468 Fs_Rec - ok
04:29:54.0063 4468 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
04:29:54.0064 4468 gagp30kx - ok
04:29:54.0125 4468 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:29:54.0126 4468 GEARAspiWDM - ok
04:29:54.0199 4468 GGSAFERDriver - ok
04:29:54.0282 4468 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:29:54.0288 4468 HDAudBus - ok
04:29:54.0311 4468 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
04:29:54.0312 4468 HidBth - ok
04:29:54.0330 4468 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
04:29:54.0332 4468 HidIr - ok
04:29:54.0359 4468 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
04:29:54.0359 4468 HidUsb - ok
04:29:54.0391 4468 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
04:29:54.0392 4468 HpCISSs - ok
04:29:54.0428 4468 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
04:29:54.0433 4468 HTTP - ok
04:29:54.0459 4468 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
04:29:54.0461 4468 i2omp - ok
04:29:54.0475 4468 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
04:29:54.0477 4468 i8042prt - ok
04:29:54.0519 4468 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\Windows\system32\drivers\iastor.sys
04:29:54.0523 4468 iaStor - ok
04:29:54.0545 4468 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
04:29:54.0548 4468 iaStorV - ok
04:29:54.0605 4468 igfx (63c56dac467ef814b60ff2aa2286c917) C:\Windows\system32\DRIVERS\igdkmd32.sys
04:29:54.0638 4468 igfx - ok
04:29:54.0700 4468 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
04:29:54.0703 4468 iirsp - ok
04:29:54.0753 4468 IntcAzAudAddService (daad0b351a544d3a76770f4bbd75260f) C:\Windows\system32\drivers\RTKVHDA.sys
04:29:54.0766 4468 IntcAzAudAddService - ok
04:29:54.0814 4468 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
04:29:54.0814 4468 intelide - ok
04:29:54.0826 4468 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
04:29:54.0827 4468 intelppm - ok
04:29:54.0850 4468 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:29:54.0851 4468 IpFilterDriver - ok
04:29:54.0882 4468 IpInIp - ok
04:29:54.0917 4468 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
04:29:54.0918 4468 IPMIDRV - ok
04:29:54.0933 4468 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
04:29:54.0935 4468 IPNAT - ok
04:29:54.0992 4468 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
04:29:54.0993 4468 IRENUM - ok
04:29:55.0017 4468 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
04:29:55.0018 4468 isapnp - ok
04:29:55.0058 4468 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
04:29:55.0059 4468 iScsiPrt - ok
04:29:55.0083 4468 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
04:29:55.0084 4468 iteatapi - ok
04:29:55.0132 4468 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
04:29:55.0133 4468 iteraid - ok
04:29:55.0183 4468 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
04:29:55.0184 4468 kbdclass - ok
04:29:55.0191 4468 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
04:29:55.0192 4468 kbdhid - ok
04:29:55.0229 4468 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
04:29:55.0231 4468 KSecDD - ok
04:29:55.0270 4468 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
04:29:55.0271 4468 lltdio - ok
04:29:55.0321 4468 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
04:29:55.0323 4468 LSI_FC - ok
04:29:55.0339 4468 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
04:29:55.0341 4468 LSI_SAS - ok
04:29:55.0367 4468 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
04:29:55.0369 4468 LSI_SCSI - ok
04:29:55.0421 4468 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
04:29:55.0423 4468 luafv - ok
04:29:55.0464 4468 MBAMSwissArmy - ok
04:29:55.0516 4468 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
04:29:55.0518 4468 mcdbus - ok
04:29:55.0552 4468 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
04:29:55.0553 4468 megasas - ok
04:29:55.0583 4468 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
04:29:55.0587 4468 MegaSR - ok
04:29:55.0607 4468 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
04:29:55.0608 4468 Modem - ok
04:29:55.0625 4468 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
04:29:55.0625 4468 monitor - ok
04:29:55.0740 4468 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
04:29:55.0740 4468 mouclass - ok
04:29:55.0748 4468 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
04:29:55.0749 4468 mouhid - ok
04:29:55.0760 4468 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
04:29:55.0761 4468 MountMgr - ok
04:29:55.0839 4468 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
04:29:55.0841 4468 MpFilter - ok
04:29:55.0866 4468 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
04:29:55.0867 4468 mpio - ok
04:29:56.0097 4468 MpKsl2bc3d53e (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FBCFFC87-D025-4CE8-ACDB-502ABC467E87}\MpKsl2bc3d53e.sys
04:29:56.0098 4468 MpKsl2bc3d53e - ok
04:29:56.0117 4468 MpKslb4ddd4bf - ok
04:29:56.0250 4468 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
04:29:56.0251 4468 MpNWMon - ok
04:29:56.0280 4468 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
04:29:56.0282 4468 mpsdrv - ok
04:29:56.0297 4468 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
04:29:56.0298 4468 Mraid35x - ok
04:29:56.0325 4468 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
04:29:56.0327 4468 MRxDAV - ok
04:29:56.0377 4468 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:29:56.0379 4468 mrxsmb - ok
04:29:56.0433 4468 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:29:56.0436 4468 mrxsmb10 - ok
04:29:56.0444 4468 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:29:56.0446 4468 mrxsmb20 - ok
04:29:56.0466 4468 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
04:29:56.0468 4468 msahci - ok
04:29:56.0480 4468 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
04:29:56.0482 4468 msdsm - ok
04:29:56.0548 4468 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
04:29:56.0549 4468 Msfs - ok
04:29:56.0617 4468 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
04:29:56.0617 4468 msisadrv - ok
04:29:56.0668 4468 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
04:29:56.0669 4468 MSKSSRV - ok
04:29:56.0725 4468 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
04:29:56.0726 4468 MSPCLOCK - ok
04:29:56.0742 4468 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
04:29:56.0743 4468 MSPQM - ok
04:29:56.0780 4468 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
04:29:56.0782 4468 MsRPC - ok
04:29:56.0798 4468 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
04:29:56.0799 4468 mssmbios - ok
04:29:56.0823 4468 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
04:29:56.0824 4468 MSTEE - ok
04:29:56.0848 4468 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
04:29:56.0849 4468 Mup - ok
04:29:56.0890 4468 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
04:29:56.0892 4468 NativeWifiP - ok
04:29:56.0916 4468 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
04:29:56.0920 4468 NDIS - ok
04:29:56.0928 4468 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
04:29:56.0929 4468 NdisTapi - ok
04:29:56.0938 4468 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
04:29:56.0939 4468 Ndisuio - ok
04:29:56.0970 4468 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
04:29:56.0972 4468 NdisWan - ok
04:29:56.0984 4468 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
04:29:56.0985 4468 NDProxy - ok
04:29:56.0997 4468 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
04:29:56.0998 4468 NetBIOS - ok
04:29:57.0010 4468 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
04:29:57.0011 4468 netbt - ok
04:29:57.0097 4468 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
04:29:57.0132 4468 nfrd960 - ok
04:29:57.0167 4468 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:29:57.0168 4468 NisDrv - ok
04:29:57.0291 4468 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
04:29:57.0292 4468 Npfs - ok
04:29:57.0504 4468 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
04:29:57.0505 4468 nsiproxy - ok
04:29:57.0865 4468 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
04:29:57.0913 4468 Ntfs - ok
04:29:58.0048 4468 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
04:29:58.0105 4468 ntrigdigi - ok
04:29:58.0146 4468 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
04:29:58.0146 4468 Null - ok
04:29:59.0074 4468 nvlddmkm (01544d3e8b6c8c490f57317ad5e4e9ff) C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:29:59.0135 4468 nvlddmkm - ok
04:29:59.0524 4468 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
04:29:59.0525 4468 nvraid - ok
04:29:59.0532 4468 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
04:29:59.0534 4468 nvstor - ok
04:29:59.0564 4468 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
04:29:59.0588 4468 nv_agp - ok
04:29:59.0595 4468 NwlnkFlt - ok
04:29:59.0604 4468 NwlnkFwd - ok
04:29:59.0615 4468 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
04:29:59.0616 4468 ohci1394 - ok
04:29:59.0645 4468 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
04:29:59.0652 4468 Parport - ok
04:29:59.0714 4468 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
04:29:59.0715 4468 partmgr - ok
04:29:59.0733 4468 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
04:29:59.0734 4468 Parvdm - ok
04:30:00.0147 4468 PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
04:30:00.0197 4468 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
04:30:00.0297 4468 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
04:30:00.0298 4468 pci - ok
04:30:00.0312 4468 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
04:30:00.0313 4468 pciide - ok
04:30:00.0355 4468 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
04:30:00.0358 4468 pcmcia - ok
04:30:00.0397 4468 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
04:30:00.0407 4468 PEAUTH - ok
04:30:00.0500 4468 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
04:30:00.0502 4468 PptpMiniport - ok
04:30:00.0517 4468 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
04:30:00.0519 4468 Processor - ok
04:30:00.0572 4468 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
04:30:00.0573 4468 PSched - ok
04:30:00.0625 4468 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
04:30:00.0626 4468 PxHelp20 - ok
04:30:00.0667 4468 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
04:30:00.0692 4468 ql2300 - ok
04:30:00.0707 4468 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
04:30:00.0709 4468 ql40xx - ok
04:30:00.0739 4468 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
04:30:00.0740 4468 QWAVEdrv - ok
04:30:00.0803 4468 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
04:30:00.0836 4468 R300 - ok
04:30:00.0893 4468 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
04:30:00.0894 4468 RasAcd - ok
04:30:00.0931 4468 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:30:00.0933 4468 Rasl2tp - ok
04:30:01.0006 4468 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
04:30:01.0007 4468 RasPppoe - ok
04:30:01.0035 4468 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
04:30:01.0037 4468 RasSstp - ok
04:30:01.0096 4468 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
04:30:01.0097 4468 rdbss - ok
04:30:01.0111 4468 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:30:01.0112 4468 RDPCDD - ok
04:30:01.0138 4468 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
04:30:01.0141 4468 rdpdr - ok
04:30:01.0149 4468 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
04:30:01.0149 4468 RDPENCDD - ok
04:30:01.0194 4468 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
04:30:01.0197 4468 RDPWD - ok
04:30:01.0267 4468 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
04:30:01.0269 4468 rspndr - ok
04:30:01.0295 4468 RTL8169 (13e97cf38286b8a1d7605d3175db28ee) C:\Windows\system32\DRIVERS\Rtlh86.sys
04:30:01.0298 4468 RTL8169 - ok
04:30:01.0326 4468 RTL8187 (99c27fceb21347daf3ee9e8c205314d6) C:\Windows\system32\DRIVERS\wg111v2.sys
04:30:01.0328 4468 RTL8187 - ok
04:30:01.0334 4468 RTLWUSB (99c27fceb21347daf3ee9e8c205314d6) C:\Windows\system32\DRIVERS\wg111v2.sys
04:30:01.0336 4468 RTLWUSB - ok
04:30:01.0380 4468 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
04:30:01.0414 4468 SASDIFSV - ok
04:30:01.0428 4468 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
04:30:01.0436 4468 SASENUM - ok
04:30:01.0447 4468 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
04:30:01.0467 4468 SASKUTIL - ok
04:30:01.0574 4468 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
04:30:01.0576 4468 sbp2port - ok
04:30:01.0660 4468 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
04:30:01.0660 4468 SCMNdisP - ok
04:30:01.0715 4468 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:30:01.0716 4468 secdrv - ok
04:30:01.0736 4468 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
04:30:01.0737 4468 Serenum - ok
04:30:01.0753 4468 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
04:30:01.0755 4468 Serial - ok
04:30:01.0770 4468 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
04:30:01.0771 4468 sermouse - ok
04:30:01.0826 4468 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
04:30:01.0827 4468 sffdisk - ok
04:30:01.0868 4468 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
04:30:01.0868 4468 sffp_mmc - ok
04:30:01.0878 4468 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
04:30:01.0879 4468 sffp_sd - ok
04:30:01.0904 4468 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
04:30:01.0905 4468 sfloppy - ok
04:30:01.0961 4468 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
04:30:01.0963 4468 sisagp - ok
04:30:01.0992 4468 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
04:30:01.0994 4468 SiSRaid2 - ok
04:30:02.0019 4468 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
04:30:02.0021 4468 SiSRaid4 - ok
04:30:02.0078 4468 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
04:30:02.0078 4468 Smb - ok
04:30:02.0101 4468 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
04:30:02.0102 4468 spldr - ok
04:30:02.0142 4468 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
04:30:02.0144 4468 srv - ok
04:30:02.0203 4468 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
04:30:02.0206 4468 srv2 - ok
04:30:02.0218 4468 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
04:30:02.0220 4468 srvnet - ok
04:30:02.0289 4468 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
04:30:02.0289 4468 swenum - ok
04:30:02.0345 4468 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
04:30:02.0346 4468 Symc8xx - ok
04:30:02.0368 4468 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
04:30:02.0369 4468 Sym_hi - ok
04:30:02.0385 4468 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
04:30:02.0386 4468 Sym_u3 - ok
04:30:02.0454 4468 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys
04:30:02.0460 4468 Tcpip - ok
04:30:02.0477 4468 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys
04:30:02.0483 4468 Tcpip6 - ok
04:30:02.0525 4468 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys
04:30:02.0527 4468 tcpipreg - ok
04:30:02.0576 4468 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
04:30:02.0577 4468 TDPIPE - ok
04:30:02.0590 4468 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
04:30:02.0591 4468 TDTCP - ok
04:30:02.0637 4468 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
04:30:02.0638 4468 tdx - ok
04:30:02.0656 4468 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
04:30:02.0657 4468 TermDD - ok
04:30:02.0697 4468 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:30:02.0698 4468 tssecsrv - ok
04:30:02.0706 4468 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
04:30:02.0707 4468 tunmp - ok
04:30:02.0739 4468 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
04:30:02.0740 4468 tunnel - ok
04:30:02.0761 4468 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
04:30:02.0762 4468 uagp35 - ok
04:30:02.0801 4468 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
04:30:02.0803 4468 udfs - ok
04:30:02.0833 4468 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
04:30:02.0834 4468 uliagpkx - ok
04:30:02.0857 4468 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
04:30:02.0861 4468 uliahci - ok
04:30:02.0869 4468 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
04:30:02.0871 4468 UlSata - ok
04:30:02.0895 4468 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
04:30:02.0898 4468 ulsata2 - ok
04:30:02.0926 4468 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
04:30:02.0927 4468 umbus - ok
04:30:02.0958 4468 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
04:30:02.0959 4468 USBAAPL - ok
04:30:03.0025 4468 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
04:30:03.0027 4468 usbaudio - ok
04:30:03.0055 4468 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
04:30:03.0057 4468 usbccgp - ok
04:30:03.0072 4468 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
04:30:03.0073 4468 usbcir - ok
04:30:03.0095 4468 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
04:30:03.0104 4468 usbehci - ok
04:30:03.0125 4468 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
04:30:03.0127 4468 usbhub - ok
04:30:03.0143 4468 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
04:30:03.0145 4468 usbohci - ok
04:30:03.0155 4468 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
04:30:03.0156 4468 usbprint - ok
04:30:03.0180 4468 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:30:03.0181 4468 USBSTOR - ok
04:30:03.0196 4468 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
04:30:03.0197 4468 usbuhci - ok
04:30:03.0307 4468 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
04:30:03.0308 4468 usbvideo - ok
04:30:03.0394 4468 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
04:30:03.0395 4468 vga - ok
04:30:03.0443 4468 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
04:30:03.0444 4468 VgaSave - ok
04:30:03.0462 4468 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
04:30:03.0464 4468 viaagp - ok
04:30:03.0475 4468 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
04:30:03.0477 4468 ViaC7 - ok
04:30:03.0491 4468 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
04:30:03.0493 4468 viaide - ok
04:30:03.0501 4468 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
04:30:03.0502 4468 volmgr - ok
04:30:03.0567 4468 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
04:30:03.0569 4468 volmgrx - ok
04:30:03.0585 4468 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
04:30:03.0587 4468 volsnap - ok
04:30:03.0606 4468 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
04:30:03.0609 4468 vsmraid - ok
04:30:03.0634 4468 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
04:30:03.0636 4468 WacomPen - ok
04:30:03.0653 4468 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:30:03.0654 4468 Wanarp - ok
04:30:03.0658 4468 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:30:03.0658 4468 Wanarpv6 - ok
04:30:03.0677 4468 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
04:30:03.0703 4468 Wd - ok
04:30:03.0737 4468 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
04:30:03.0741 4468 Wdf01000 - ok
04:30:03.0839 4468 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys
04:30:03.0840 4468 WmiAcpi - ok
04:30:03.0948 4468 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
04:30:03.0973 4468 WpdUsb - ok
04:30:04.0008 4468 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
04:30:04.0010 4468 ws2ifsl - ok
04:30:04.0034 4468 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:30:04.0036 4468 WUDFRd - ok
04:30:04.0060 4468 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
04:30:04.0074 4468 \Device\Harddisk0\DR0 - ok
04:30:04.0077 4468 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
04:30:04.0154 4468 \Device\Harddisk1\DR1 - ok
04:30:04.0181 4468 Boot (0x1200) (ddfe4fba2ac8fae343f5d3eeab34a8d3) \Device\Harddisk0\DR0\Partition0
04:30:04.0182 4468 \Device\Harddisk0\DR0\Partition0 - ok
04:30:04.0186 4468 Boot (0x1200) (e542350c82cbdd07dad43d3bc72bfb3e) \Device\Harddisk0\DR0\Partition1
04:30:04.0187 4468 \Device\Harddisk0\DR0\Partition1 - ok
04:30:04.0203 4468 Boot (0x1200) (e56a8cda86d9e6b3b656e45b28e466f4) \Device\Harddisk1\DR1\Partition0
04:30:04.0204 4468 \Device\Harddisk1\DR1\Partition0 - ok
04:30:04.0204 4468 ============================================================
04:30:04.0204 4468 Scan finished
04:30:04.0204 4468 ============================================================
04:30:04.0214 3484 Detected object count: 0
04:30:04.0214 3484 Actual detected object count: 0

 

[Broni]

Good

How is redirection?

 

[Gremmy]

So far so good, doing some random searches and none have been redirected, yet!! That's great news right?

 

[Broni]

Good news

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Gremmy]

No Extras.txt log was created? Here is the OTL

OTL logfile created on: 05/10/2011 14:18:56 - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Theo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 70.55% Memory free
6.72 Gb Paging File | 5.79 Gb Available in Paging File | 86.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 186.57 Gb Free Space | 41.40% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.56 Gb Free Space | 57.07% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 34.41 Gb Free Space | 23.09% Space Free | Partition Type: NTFS
Drive K: | 480.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: THEO-PC | User Name: Theo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/05 14:17:37 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Theo\Desktop\OTL.exe
PRC - [2011/09/27 12:15:12 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/09/28 12:48:08 | 000,264,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeChat\LifeChat.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 20:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2009/01/29 23:50:06 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/13 11:32:52 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/09/13 17:35:08 | 001,261,568 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 12:15:12 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/08/15 23:36:10 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/15 23:34:18 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/06/19 09:24:10 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/08/10 00:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007/09/13 17:35:08 | 001,261,568 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/01/29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/13 11:32:52 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2011/10/05 13:59:42 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BC380F9F-04C4-49ED-B011-6E57668C94C5}\MpKsl04a651d2.sys -- (MpKsl04a651d2)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/06/08 00:57:00 | 010,888,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/12/20 11:53:32 | 000,234,016 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/11/23 09:43:30 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/23 09:43:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/23 09:43:28 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/11/05 00:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/12/26 03:46:00 | 000,288,768 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2007/12/26 03:46:00 | 000,288,768 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTL8187)
DRV - [2007/01/19 04:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\scmndisp.sys -- (SCMNdisP)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2706452045-893641700-2708655402-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-2706452045-893641700-2708655402-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2706452045-893641700-2708655402-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.21
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.99


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Theo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/28 23:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/28 23:41:23 | 000,000,000 | ---D | M]

[2009/12/27 00:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theo\AppData\Roaming\Mozilla\Extensions
[2011/10/04 23:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\q15h6s1j.default\extensions
[2010/07/04 04:45:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\q15h6s1j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/29 14:36:16 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\q15h6s1j.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011/09/27 17:18:08 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\q15h6s1j.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/08/22 00:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\q15h6s1j.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/07/04 04:45:11 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Theo\AppData\Roaming\Mozilla\Firefox\Profiles\q15h6s1j.default\extensions\firefox@tvunetworks.com
[2011/01/21 18:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/21 11:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-2706452045-893641700-2708655402-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2706452045-893641700-2708655402-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2706452045-893641700-2708655402-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2706452045-893641700-2708655402-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2706452045-893641700-2708655402-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.6.22.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01166B69-3C18-406B-8135-E7DFA986093B}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: F:\Documents and Settings\Nelly\My Documents\My Pictures\2062457065_f3bd393abe_b.jpg
O24 - Desktop BackupWallPaper: F:\Documents and Settings\Nelly\My Documents\My Pictures\2062457065_f3bd393abe_b.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/11 23:59:37 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/05/18 19:54:20 | 000,061,440 | R--- | M] () - K:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2003/02/12 08:01:48 | 000,000,050 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2706452045-893641700-2708655402-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2706452045-893641700-2708655402-1000\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/05 14:17:35 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Theo\Desktop\OTL.exe
[2011/10/05 14:00:47 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{D5B42FC3-5979-4496-BC97-EC488F0D5248}
[2011/10/05 14:00:09 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{722849E4-BF60-4F7D-89CC-D0BDEBFC4275}
[2011/10/04 23:24:26 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{914971F5-5445-41D0-A84F-005F81FD6C0D}
[2011/10/04 04:28:51 | 001,548,080 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Theo\Desktop\tdsskiller.exe
[2011/10/04 04:11:22 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{6B6D1DF8-D0DA-4A3D-A465-9DEBCECF9A65}
[2011/10/04 04:10:59 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{08202E02-9CFE-4189-8500-B542BB085FB2}
[2011/10/04 04:04:06 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{C36EE130-2982-48D8-9658-1A5B61A06301}
[2011/10/04 04:03:32 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{DD74B400-851D-4101-A6BC-512F88987D5B}
[2011/10/04 03:59:03 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Theo\Desktop\FixTDSS.exe
[2011/10/03 17:53:04 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{4952403D-9101-46A2-B475-EEEAB509D934}
[2011/10/03 17:52:54 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{F2B00644-EE5A-43E3-B607-E917E10542BA}
[2011/09/30 12:50:06 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{B2E4A496-CE8C-4ADB-8704-2A8E989AFE9D}
[2011/09/30 12:49:40 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{FFFF3708-C5BF-4E30-B354-EF7DFE208FAB}
[2011/09/29 16:45:42 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{D868709D-4E85-4A44-9363-A43D41901BFD}
[2011/09/29 16:44:59 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{03F06182-77CE-4005-A984-0F29E4D080F5}
[2011/09/29 16:34:20 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Theo\Desktop\GooredFix.exe
[2011/09/29 16:01:08 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\Apple
[2011/09/29 04:08:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/29 04:03:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/29 03:50:44 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{B4390FC6-D143-4706-8C4D-B05CA589E889}
[2011/09/29 03:50:33 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{2FE08101-6E12-4C38-89CE-5BF85B54A3C4}
[2011/09/29 03:02:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/28 22:26:46 | 004,232,793 | R--- | C] (Swearware) -- C:\Users\Theo\Desktop\ComboFix.exe
[2011/09/28 11:59:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Theo\Desktop\dds.scr
[2011/09/28 11:10:32 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{1670AECF-2D5F-4E7D-922A-0B052B0EA579}
[2011/09/28 11:10:00 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{2FB47DB9-9AD8-4871-9E62-9F56D56F0605}
[2011/09/27 20:16:10 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\Adobe
[2011/09/27 17:43:27 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{200A26C3-ED57-45A1-B9DB-0435EE194784}
[2011/09/27 17:43:14 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{ABB95063-75E0-4388-A824-3CF9B471D228}
[2011/09/27 17:42:54 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\Apple Computer
[2011/09/27 17:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/09/27 17:18:26 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Roaming\QuickScan
[2011/09/27 12:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\LeagueOfLegends
[2011/09/27 12:15:57 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\PMB Files
[2011/09/27 12:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/09/27 01:27:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/27 01:27:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/26 22:23:35 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2011/09/26 22:23:12 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{F41CE8B4-FD8E-4266-86A6-CEA476305902}
[2011/09/26 22:22:48 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{75AE3CB7-217A-4AFA-BD83-3249AB1602E9}
[2011/09/26 17:15:20 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{9CB6E8B9-0D81-457B-AC38-0E2EA13FDD57}
[2011/09/26 17:15:01 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{05D29A35-B1E1-47B3-9171-EB0ACC6C2F17}
[2011/09/23 18:46:50 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\Spotify
[2011/09/23 18:46:48 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Roaming\Spotify
[2011/09/23 04:17:03 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{B971B3B8-19EB-4BB7-9C0E-D8CE9A80C4E2}
[2011/09/23 04:16:41 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{CA5A3D8D-3D9C-418B-B630-C8274D3CC9D7}
[2011/09/21 06:33:07 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{2A0DDE97-D592-4521-A0B1-AD21355B1A36}
[2011/09/21 06:32:46 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{F6ECA60A-813E-4654-B5DB-9567FAAAB8DA}
[2011/09/20 15:11:59 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{2C878E57-B375-4AA5-8C3D-B7A67B2F5C41}
[2011/09/20 15:11:41 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{2B0ABFAA-2FCF-4931-A025-0749BF0F3F44}
[2011/09/20 11:22:10 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{E509769F-7370-4413-8854-A50806F2ECF7}
[2011/09/19 14:06:30 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{0F48F7C2-8FC4-423C-BAC8-3077A6DCCD76}
[2011/09/19 14:06:08 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{FDE01B69-458D-4C52-9F9E-7756FAF0555F}
[2011/09/18 23:23:40 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{59075ACD-82C9-4EA5-8EFE-7E6E06112BCD}
[2011/09/18 23:19:53 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{48A8C448-C682-4280-9E35-7ABBE4DF2E68}
[2011/09/16 05:27:08 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{95CFF71D-705F-46C8-A11B-26C538BBEFEE}
[2011/09/16 05:26:51 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{4A0CF688-B0DF-4E5B-9A79-FAF2ED6D33DA}
[2011/09/15 03:03:29 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{7B03AFD9-695C-4F32-8522-A46B9CCF9E5D}
[2011/09/15 03:03:08 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{B4CDF735-E57B-47D5-A77D-2A33B27E2824}
[2011/09/09 19:36:53 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{68F5182F-73B8-420F-A544-9D1BA6B12C0B}
[2011/09/09 19:36:35 | 000,000,000 | ---D | C] -- C:\Users\Theo\AppData\Local\{FF5461E5-0B25-41B7-B692-7C876A751E35}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/05 14:17:37 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Theo\Desktop\OTL.exe
[2011/10/05 14:06:56 | 000,613,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/05 14:06:56 | 000,110,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/05 14:03:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/05 13:59:53 | 000,055,637 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/10/05 13:59:53 | 000,055,637 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/10/05 13:59:44 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/05 13:59:43 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/05 13:59:40 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/05 13:59:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/04 22:12:58 | 000,021,504 | ---- | M] () -- C:\Users\Theo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/04 16:58:10 | 000,000,774 | ---- | M] () -- C:\Users\Theo\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk
[2011/10/04 04:28:58 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Theo\Desktop\tdsskiller.exe
[2011/10/04 03:59:03 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Theo\Desktop\FixTDSS.exe
[2011/10/03 17:50:33 | 000,020,408 | ---- | M] () -- C:\Users\Theo\AppData\Roaming\wklnhst.dat
[2011/10/03 17:43:17 | 294,296,604 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/09/29 16:48:22 | 000,139,264 | ---- | M] () -- C:\Users\Theo\Desktop\SystemLook.exe
[2011/09/29 16:34:19 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Theo\Desktop\GooredFix.exe
[2011/09/29 03:00:47 | 004,232,793 | R--- | M] (Swearware) -- C:\Users\Theo\Desktop\ComboFix.exe
[2011/09/28 11:59:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Theo\Desktop\dds.scr
[2011/09/28 11:21:05 | 000,302,592 | ---- | M] () -- C:\Users\Theo\Desktop\rjdszd5d.exe
[2011/09/27 20:14:08 | 000,000,104 | ---- | M] () -- C:\Users\Theo\Desktop\Computer.lnk
[2011/09/27 17:37:54 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/09/27 17:23:36 | 000,002,521 | ---- | M] () -- C:\Users\Theo\Desktop\HiJackThis.lnk
[2011/09/27 17:02:51 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/09/27 12:05:26 | 000,000,744 | ---- | M] () -- C:\Users\Theo\Desktop\Play League of Legends.lnk
[2011/09/27 12:04:17 | 000,000,746 | ---- | M] () -- C:\Users\Theo\Desktop\Ventrilo.lnk
[2011/09/27 12:03:27 | 000,000,774 | ---- | M] () -- C:\Users\Theo\Desktop\Firefox.lnk
[2011/09/27 01:11:26 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/26 22:25:17 | 000,000,448 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/26 22:23:40 | 000,000,232 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/09/26 22:23:40 | 000,000,152 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/09/26 22:09:38 | 000,049,244 | ---- | M] () -- C:\Users\Theo\Desktop\tumblr_lrvk2bACXu1qm835jo1_500.jpg
[2011/09/24 21:50:56 | 000,061,658 | ---- | M] () -- C:\Users\Theo\Desktop\301626_10150382107480149_551940148_10261352_2068483297_n.jpg
[2011/09/23 18:46:49 | 000,000,820 | ---- | M] () -- C:\Users\Theo\Desktop\Spotify.lnk
[2011/09/11 08:18:07 | 000,000,104 | ---- | M] () -- C:\Users\Theo\Desktop\Recycle Bin - Shortcut.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/04 16:58:10 | 000,000,774 | ---- | C] () -- C:\Users\Theo\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk
[2011/10/03 17:43:17 | 294,296,604 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/09/29 16:48:24 | 000,139,264 | ---- | C] () -- C:\Users\Theo\Desktop\SystemLook.exe
[2011/09/28 11:21:05 | 000,302,592 | ---- | C] () -- C:\Users\Theo\Desktop\rjdszd5d.exe
[2011/09/27 20:14:08 | 000,000,104 | ---- | C] () -- C:\Users\Theo\Desktop\Computer.lnk
[2011/09/27 17:37:54 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/09/27 17:32:11 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/09/27 12:04:17 | 000,000,746 | ---- | C] () -- C:\Users\Theo\Desktop\Ventrilo.lnk
[2011/09/27 12:03:27 | 000,000,774 | ---- | C] () -- C:\Users\Theo\Desktop\Firefox.lnk
[2011/09/27 01:51:55 | 000,001,866 | ---- | C] () -- C:\Users\Theo\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/27 01:51:52 | 000,000,701 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
[2011/09/27 01:51:51 | 000,001,878 | ---- | C] () -- C:\Users\Theo\Desktop\Skype.lnk
[2011/09/27 01:51:49 | 000,000,744 | ---- | C] () -- C:\Users\Theo\Desktop\Play League of Legends.lnk
[2011/09/27 01:49:37 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2011/09/27 01:49:36 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2011/09/27 01:49:35 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/09/27 01:49:34 | 000,001,229 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/09/27 01:49:33 | 000,001,160 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/09/27 01:49:32 | 000,002,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/09/27 01:49:31 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/09/27 01:49:30 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/09/27 01:49:29 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2011/09/27 01:49:28 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2011/09/27 01:49:27 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2011/09/27 01:49:26 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2011/09/27 01:49:25 | 000,001,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Station Launcher.lnk
[2011/09/27 01:49:24 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/09/27 01:49:23 | 000,001,018 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/09/27 01:49:22 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/09/27 01:49:21 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/09/27 01:49:20 | 000,000,715 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Betfair Casino.lnk
[2011/09/27 01:49:19 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/09/27 01:49:18 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/27 01:49:17 | 000,000,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2011/09/27 01:27:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/27 01:27:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/27 01:27:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/27 01:27:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/27 01:27:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/27 01:11:26 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/26 22:23:40 | 000,000,232 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/09/26 22:23:40 | 000,000,152 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/09/26 22:23:29 | 000,000,448 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/26 22:09:38 | 000,049,244 | ---- | C] () -- C:\Users\Theo\Desktop\tumblr_lrvk2bACXu1qm835jo1_500.jpg
[2011/09/24 21:50:56 | 000,061,658 | ---- | C] () -- C:\Users\Theo\Desktop\301626_10150382107480149_551940148_10261352_2068483297_n.jpg
[2011/09/23 18:46:49 | 000,000,820 | ---- | C] () -- C:\Users\Theo\Desktop\Spotify.lnk
[2011/09/23 18:46:49 | 000,000,806 | ---- | C] () -- C:\Users\Theo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011/09/11 08:18:07 | 000,000,104 | ---- | C] () -- C:\Users\Theo\Desktop\Recycle Bin - Shortcut.lnk
[2011/06/14 18:49:38 | 000,045,202 | ---- | C] () -- C:\Users\Theo\AppData\Roaming\room_v3.dat
[2011/06/14 18:37:06 | 000,099,170 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011/05/14 19:32:12 | 000,009,638 | -HS- | C] () -- C:\Users\Theo\AppData\Local\7w0k63i7188ib0ldt3363x
[2011/05/14 19:32:12 | 000,009,638 | -HS- | C] () -- C:\ProgramData\7w0k63i7188ib0ldt3363x
[2011/05/07 01:03:22 | 000,010,484 | -HS- | C] () -- C:\Users\Theo\AppData\Local\bn5b6b462h21s58w
[2011/05/07 01:03:22 | 000,010,484 | -HS- | C] () -- C:\ProgramData\bn5b6b462h21s58w
[2011/05/05 09:46:04 | 000,176,808 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/11/12 01:17:43 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/11/08 19:32:51 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/08/29 14:47:04 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/08/29 14:45:55 | 000,001,264 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/08/21 15:48:25 | 000,000,691 | ---- | C] () -- C:\Users\Theo\AppData\Roaming\GetValue.vbs
[2010/08/21 15:48:25 | 000,000,035 | ---- | C] () -- C:\Users\Theo\AppData\Roaming\SetValue.bat
[2010/08/21 12:36:50 | 000,000,036 | ---- | C] () -- C:\Users\Theo\AppData\Local\housecall.guid.cache
[2010/06/29 13:53:16 | 000,020,408 | ---- | C] () -- C:\Users\Theo\AppData\Roaming\wklnhst.dat
[2010/04/13 16:12:22 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/03/02 15:16:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/27 18:33:42 | 000,001,356 | ---- | C] () -- C:\Users\Theo\AppData\Local\d3d9caps.dat
[2010/02/05 05:11:45 | 000,000,040 | ---- | C] () -- C:\Windows\ujf635.bin
[2009/12/27 02:22:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/12/27 02:22:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/12/26 21:20:28 | 000,021,504 | ---- | C] () -- C:\Users\Theo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/04 19:42:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1472.dll
[2009/04/11 19:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 17:07:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/02/28 20:25:54 | 001,774,540 | ---- | C] () -- C:\Program Files\Picture 005.jpg
[2007/01/01 01:12:02 | 000,055,637 | ---- | C] () -- C:\ProgramData\nvModes.001
[2007/01/01 01:12:00 | 000,055,637 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,383,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,613,764 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,110,112 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/07/07 04:51:26 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Advanced Combat Tracker
[2010/08/29 14:36:15 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\BitComet
[2010/08/05 03:33:53 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Cyzuy
[2010/08/16 02:37:53 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Elgi
[2010/06/21 19:17:04 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Facebook
[2010/08/05 00:57:40 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Imam
[2010/08/20 23:55:39 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Irce
[2011/06/25 00:51:42 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\LolClient
[2010/08/16 10:03:20 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Mieb
[2011/06/01 23:04:19 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\ProfitUI Reborn Updater
[2011/10/01 02:18:37 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\QuickScan
[2011/01/10 01:08:12 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\RIFT
[2011/09/26 20:54:28 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Spotify
[2010/06/29 13:53:18 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Template
[2011/10/05 04:08:29 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

 

[Gremmy]

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/09/29 04:07:48 | 000,022,414 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/07/04 19:42:27 | 000,004,760 | R--- | M] () -- C:\dell.sdr
[2011/10/05 13:59:30 | 3801,370,624 | -HS- | M] () -- C:\pagefile.sys
[2011/10/04 04:32:51 | 000,142,982 | ---- | M] () -- C:\TDSSKiller.2.6.4.0_04.10.2011_04.29.43_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/01/02 00:11:44 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2004/06/02 01:47:51 | 001,774,540 | ---- | M] () -- C:\Program Files\Picture 005.jpg

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2007/05/15 17:00:16 | 000,069,632 | ---- | M] (Aditu of Nektulos) -- C:\Users\Theo\Desktop\ACT Clipboard Sharer.exe
[2009/12/27 22:33:22 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Theo\Desktop\ATF-Cleaner.exe
[2011/09/29 03:00:47 | 004,232,793 | R--- | M] (Swearware) -- C:\Users\Theo\Desktop\ComboFix.exe
[2011/10/04 03:59:03 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Theo\Desktop\FixTDSS.exe
[2011/09/29 16:34:19 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Theo\Desktop\GooredFix.exe
[2011/10/05 14:17:37 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Theo\Desktop\OTL.exe
[2011/09/28 11:21:05 | 000,302,592 | ---- | M] () -- C:\Users\Theo\Desktop\rjdszd5d.exe
[2011/09/29 16:48:22 | 000,139,264 | ---- | M] () -- C:\Users\Theo\Desktop\SystemLook.exe
[2011/10/04 04:28:58 | 001,548,080 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Theo\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2010/07/04 18:57:40 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2010/07/04 18:57:10 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2010/07/04 18:57:10 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2010/07/04 18:57:10 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2010/07/04 18:57:10 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2010/07/04 18:57:10 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/12/22 17:36:25 | 000,000,402 | -HS- | M] () -- C:\Users\Theo\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/09/26 22:25:17 | 000,000,448 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/05/14 19:34:13 | 000,009,638 | -HS- | M] () -- C:\ProgramData\7w0k63i7188ib0ldt3363x
[2011/05/07 01:05:27 | 000,010,484 | -HS- | M] () -- C:\ProgramData\bn5b6b462h21s58w
[2011/09/27 17:02:51 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/10/05 13:59:53 | 000,055,637 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/29 14:45:55 | 000,001,264 | ---- | M] () -- C:\ProgramData\ss.ini
[2010/08/29 14:47:04 | 000,000,033 | ---- | M] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/09/26 22:23:40 | 000,000,232 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/09/26 22:23:40 | 000,000,152 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >
[2010/05/02 11:23:41 | 000,259,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\o.dat

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

 

[Broni]

You have missing "hosts" file.

Open Notepad.
Paste the following text into it:

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost
::1             localhost

Go File>Save As and...

1. Name the file hosts. (no extension; make sure there is just a "dot" at the end <--- VERY IMPORTANT!)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. File is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

Then...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

• Double-click SystemLook.exe to run it.
• Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
• Copy the content of the following box into the main textfield:
  

  :dir
  C:\WINDOWS\SYSTEM32\DRIVERS\ETC

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

======================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
  [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  [2011/09/26 22:23:40 | 000,000,232 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
  [2011/09/26 22:23:40 | 000,000,152 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
  [2011/09/26 22:23:29 | 000,000,448 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
  [2011/05/14 19:32:12 | 000,009,638 | -HS- | C] () -- C:\Users\Theo\AppData\Local\7w0k63i7188ib0ldt3363x
  [2011/05/14 19:32:12 | 000,009,638 | -HS- | C] () -- C:\ProgramData\7w0k63i7188ib0ldt3363x
  [2011/05/07 01:03:22 | 000,010,484 | -HS- | C] () -- C:\Users\Theo\AppData\Local\bn5b6b462h21s58w
  [2011/05/07 01:03:22 | 000,010,484 | -HS- | C] () -- C:\ProgramData\bn5b6b462h21s58w
  [2010/08/05 03:33:53 | 000,000,000 | ---D | M] -- C:\Users\Theo\AppData\Roaming\Cyzuy
  @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
  @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

==================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Gremmy]

SystemLook 30.07.11 by jpshortstuff
Log created at 01:22 on 08/10/2011 by Theo
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts.msn --a---- 761 bytes [18:26 25/04/2010] [21:41 18/09/2006]
hosts.txt --a---- 734 bytes [00:19 08/10/2011] [00:20 08/10/2011]
lmhosts.sam --a---- 3683 bytes [06:38 02/11/2006] [21:41 18/09/2006]
networks --a---- 407 bytes [10:23 02/11/2006] [21:41 18/09/2006]
protocol --a---- 1358 bytes [10:23 02/11/2006] [21:41 18/09/2006]
services --a---- 17244 bytes [10:23 02/11/2006] [21:41 18/09/2006]

---Folders---
None found.

-= EOF =-

 

[Broni]

Go back to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder and rename "hosts.txt" to just "hosts" (no extension).
Post new System Look log.

 

[Gremmy]

All processes killed
========== OTL ==========
Service gusvc stopped successfully!
Service gusvc deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\ProgramData\~6DSS92c31Apgjk moved successfully.
C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
C:\ProgramData\6DSS92c31Apgjk moved successfully.
C:\Users\Theo\AppData\Local\7w0k63i7188ib0ldt3363x moved successfully.
C:\ProgramData\7w0k63i7188ib0ldt3363x moved successfully.
C:\Users\Theo\AppData\Local\bn5b6b462h21s58w moved successfully.
C:\ProgramData\bn5b6b462h21s58w moved successfully.
C:\Users\Theo\AppData\Roaming\Cyzuy folder moved successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Theo
->Temp folder emptied: 1368925790 bytes
->Temporary Internet Files folder emptied: 123732781 bytes
->Java cache emptied: 1214544 bytes
->FireFox cache emptied: 57913247 bytes
->Flash cache emptied: 48981 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2483739 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 136169 bytes

Total Files Cleaned = 1,482.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Theo
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.29.1 log created on 10082011_012413

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Gremmy]

SystemLook 30.07.11 by jpshortstuff
Log created at 01:35 on 08/10/2011 by Theo
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts --a---- 759 bytes [00:34 08/10/2011] [00:34 08/10/2011]
hosts.msn --a---- 761 bytes [18:26 25/04/2010] [21:41 18/09/2006]
lmhosts.sam --a---- 3683 bytes [06:38 02/11/2006] [21:41 18/09/2006]
networks --a---- 407 bytes [10:23 02/11/2006] [21:41 18/09/2006]
protocol --a---- 1358 bytes [10:23 02/11/2006] [21:41 18/09/2006]
services --a---- 17244 bytes [10:23 02/11/2006] [21:41 18/09/2006]

---Folders---
None found.

-= EOF =-

 

[Broni]

Make sure you read my reply #35.

 

[Broni]

Good ............

 

[Gremmy]

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 13
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

 

[Broni]

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

============================================================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

 

[Broni]

Still with me?

 

[Gremmy]

Sorry Broni, I've been away on vacation... i'll update as soon as I have a minute. Thanks for your patience

 

[Broni]

OK..........................

 

[Broni]

The issue seems to be resolved.