Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirect Virus

Started by Tombomb7 , Jul 12 2011 10:13 AM

  • This topic is locked This topic is locked

#1
Tombomb7
Posted 12 July 2011 - 10:13 AM

Tombomb7

    New Member

  • Member
  • Pip
  • 6 posts
Hi, I hope that someone can help me.

When I run Mozilla Firefox or Google Chrome at home, perform a search using google, yahoo or something similar and click on any of the items which pop up in the resulting search, I am redirected to a random site. I have followed the recommended steps on this website including running TDSS killer. I have half a dozen virus/anti-spymare/malware softwares on my PC at this point. They include:

Hitman Pro 3.5
SUPERAntiSpyware Free Edition
MaleWarebyte's Anti-Malware
Sophos Anti-Rootkit
SpyBot-Search and Destroy
McAfee Security Scan Plus
Lavasoft Adaware
TDSS Killer

I had SpyDoctor and Avast Anti-Virus but I deleted them. I have run ERUNT, HiJackThis, OTM and OTL. I notice my browser is unaffected by this problem when I use it in work, it only happens at home. I ran ComboFix but that didn't help, and I had to use my drive's image to boot the PC afterwards.

When I run any number of the above scans they turn up clean. If they didn't I would have deleted/quarantined anything. I would restart my PC after removing anything that cropped up the the scans and perform a rescan. These scans are clear, but when I perform a google search and click on any of the items in the resulting search list the redirect virus kicks in again. I perform more scans and some find more stuff (seems to be the same as found before). This is the cycle I have now entered. Scan - delete clear - reboot - scan - clear - browse - redirect still occurs.

When a page is being redirected I notice a couple of ip addresses and website name not related to what I have clicked on appear in the bottom left hand corner. From what I have noted these are;

184.171.168.194
67.201.62.69
100ksearches.com

Note that my microsoft internet explorer is unaffected by this redirect virus.

I have uninstalled Mozilla Firefox and Google Chrome. I have deleted the temp folder at the same time, and deleted any of the installer .exe files I had relating to Mozilla before I performed a fresh install.
I've been trying to sort this problem since Firday and have been working on it until the early hours of each night since.
Thanking you for any help in advance it's very much appreciated.

Here is the OTL Logfile.

OTL logfile created on: 7/12/2011 11:56:17 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Tommy\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.97 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 59.31% Memory free
7.93 Gb Paging File | 5.96 Gb Available in Paging File | 75.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 19.41 Gb Free Space | 8.33% Space Free | Partition Type: NTFS
Drive D: | 232.49 Gb Total Space | 4.99 Gb Free Space | 2.15% Space Free | Partition Type: NTFS

Computer Name: TOMMY-TOSH | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/12 11:55:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe
PRC - [2011/07/11 16:58:52 | 001,436,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tommy\Desktop\TDSSKiller\TDSSKiller.exe
PRC - [2011/07/04 12:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/16 05:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2009/09/03 16:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/29 17:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/13 21:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2007/08/07 11:38:06 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe


========== Modules (SafeList) ==========

MOD - [2011/07/12 11:55:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/05/05 16:04:46 | 000,148,800 | ---- | M] (TechSmith Corporation) -- C:\Windows\SysWOW64\TSCUGP.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/05/04 18:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/09/03 21:38:26 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/21 10:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/08 09:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/03/23 21:16:05 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/13 19:23:02 | 000,129,440 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/09/02 21:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/07/29 12:19:46 | 000,394,560 | ---- | M] (DT Soft Ltd) [Auto | Stopped] -- C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe -- (DTNetService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/26 01:30:38 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/22 18:01:32 | 000,064,272 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 10:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/06/16 15:42:52 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/06/16 15:42:52 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/05/20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/02/03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/08/26 19:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/17 13:15:44 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/01 02:13:00 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/26 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:46 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/02/13 11:35:46 | 012,379,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2011/06/22 18:01:32 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/06/22 18:01:32 | 000,052,496 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2008/02/13 11:34:50 | 012,067,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2790392
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Tommy\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tommy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Tommy\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/11 12:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/11 14:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/07/11 14:09:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Extensions
[2011/07/11 14:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/07/11 12:55:42 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/06/16 05:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/12 11:37:21 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Tommy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (TSCUGP.dll) - C:\Windows\SysWow64\TSCUGP.dll (TechSmith Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{080cfeaf-a261-11df-aeb8-d740ec9db8d7}\Shell - "" = AutoRun
O33 - MountPoints2\{080cfeaf-a261-11df-aeb8-d740ec9db8d7}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{31de129b-7953-11df-823b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{31de129b-7953-11df-823b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{5480393c-8db3-11df-945b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5480393c-8db3-11df-945b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{9d05234b-2180-11e0-a30f-81b96fbeabd4}\Shell - "" = AutoRun
O33 - MountPoints2\{9d05234b-2180-11e0-a30f-81b96fbeabd4}\Shell\AutoRun\command - "" = I:\launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast") - C:\Windows\SysWow64\aswBoot.exe (AVAST Software)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/12 11:56:00 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe
[2011/07/12 11:51:31 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\TDSSKiller
[2011/07/12 11:40:29 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\GooredFix Backups
[2011/07/12 11:39:03 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Tommy\Desktop\GooredFix.exe
[2011/07/12 11:37:20 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/12 11:36:29 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTM.exe
[2011/07/12 11:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/07/12 11:32:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/12 11:22:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/12 11:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/07/11 14:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2011/07/11 14:31:55 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\Anti-Malware
[2011/07/11 14:08:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/07/11 12:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/07/11 12:55:31 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/11 12:55:31 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/11 12:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/07/11 12:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/11 12:16:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/07/11 11:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/07/11 11:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/07/11 10:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/07/09 19:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/07/09 19:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/07/09 19:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/07/09 19:02:39 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/09 19:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/09 19:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/09 19:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/07/09 19:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/09 03:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/08 18:26:13 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/07/06 23:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/06 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Local\Facebook
[2011/07/04 01:59:49 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\Wizards of the Coast
[2011/06/30 11:49:27 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\Byrnefamily
[2011/06/30 01:07:16 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\MnD2
[2011/06/30 00:07:17 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\MnD
[2011/06/28 18:34:00 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\New folder
[2011/06/22 02:54:44 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
[2011/06/22 02:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCP
[2011/06/22 01:34:23 | 000,000,000 | ---D | C] -- C:\Program1
[2011/06/16 23:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2011/06/15 00:11:54 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\EVE
[2011/06/14 21:49:34 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\Games
[2011/06/13 16:37:33 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\Morae Observer
[2011/05/24 15:56:34 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll

========== Files - Modified Within 30 Days ==========

[2011/07/12 11:55:24 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe
[2011/07/12 11:55:24 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/12 11:55:24 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/12 11:47:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/12 11:47:28 | 3193,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/12 11:39:02 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Tommy\Desktop\GooredFix.exe
[2011/07/12 11:37:21 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/07/12 11:36:29 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTM.exe
[2011/07/12 11:25:04 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000UA.job
[2011/07/12 11:22:22 | 000,002,975 | ---- | M] () -- C:\Users\Tommy\Desktop\HiJackThis.lnk
[2011/07/12 05:25:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000Core.job
[2011/07/11 14:08:58 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/11 13:52:27 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/07/11 13:00:34 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/07/11 12:56:32 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/11 12:56:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/11 11:25:39 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/07/09 19:27:37 | 001,707,578 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/07/09 19:23:46 | 000,512,992 | ---- | M] () -- C:\Users\Tommy\Desktop\sdasetup_revwire207.exe
[2011/07/09 19:02:34 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/09 03:25:12 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/09 03:21:19 | 000,001,293 | ---- | M] () -- C:\Users\Tommy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/09 03:21:19 | 000,001,269 | ---- | M] () -- C:\Users\Tommy\Desktop\Spybot - Search & Destroy.lnk
[2011/07/08 21:10:08 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/07/05 16:06:34 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/07/05 16:06:34 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/07/04 12:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/07/04 12:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/07/04 01:20:22 | 000,000,221 | ---- | M] () -- C:\Users\Tommy\Desktop\Magic The Gathering - Duels of the Planeswalker 2012.url
[2011/07/01 16:11:14 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/06/30 11:34:40 | 000,361,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/30 01:07:31 | 013,298,268 | ---- | M] () -- C:\Users\Tommy\Desktop\MnD (2).zip
[2011/06/30 01:07:27 | 019,093,697 | ---- | M] () -- C:\Users\Tommy\Desktop\MnD2.zip
[2011/06/30 00:34:01 | 000,791,870 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/30 00:34:01 | 000,673,428 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/30 00:34:01 | 000,129,390 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/29 22:25:39 | 000,568,320 | ---- | M] () -- C:\Users\Tommy\Desktop\IMG_0750.JPG
[2011/06/28 19:30:32 | 000,001,838 | ---- | M] () -- C:\Users\Tommy\Desktop\fm - Shortcut.lnk
[2011/06/28 18:52:06 | 000,000,221 | ---- | M] () -- C:\Users\Tommy\Desktop\Football Manager 2011.url
[2011/06/22 18:01:32 | 000,064,272 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/06/22 02:54:44 | 000,001,902 | ---- | M] () -- C:\Users\Tommy\Desktop\EVE.lnk
[2011/06/20 22:32:08 | 001,036,088 | ---- | M] () -- C:\Users\Tommy\Desktop\SBU attack.png
[2011/06/16 23:38:40 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011/06/15 01:03:29 | 000,032,640 | ---- | M] () -- C:\Users\Tommy\Desktop\Gates_1.jpg
[2011/06/15 01:03:21 | 000,040,354 | ---- | M] () -- C:\Users\Tommy\Desktop\orig_steel_driveway_gate2.jpg
[2011/06/15 01:03:18 | 000,048,050 | ---- | M] () -- C:\Users\Tommy\Desktop\Forged_gate_10.jpg
[2011/06/15 00:58:35 | 000,189,899 | ---- | M] () -- C:\Users\Tommy\Desktop\Director.jpg
[2011/06/15 00:23:43 | 000,000,231 | ---- | M] () -- C:\Users\Tommy\Desktop\webpage.html

========== Files Created - No Company Name ==========

[2011/07/12 11:22:22 | 000,002,975 | ---- | C] () -- C:\Users\Tommy\Desktop\HiJackThis.lnk
[2011/07/11 14:08:58 | 000,001,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/11 14:08:58 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/11 13:00:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/11 12:56:32 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/07/11 11:25:43 | 000,023,112 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/07/11 11:25:39 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/07/11 06:07:13 | 3193,593,856 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/09 19:26:21 | 001,707,578 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/07/09 19:23:51 | 000,512,992 | ---- | C] () -- C:\Users\Tommy\Desktop\sdasetup_revwire207.exe
[2011/07/09 19:02:34 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/09 03:25:12 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/09 03:21:19 | 000,001,293 | ---- | C] () -- C:\Users\Tommy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/09 03:21:19 | 000,001,269 | ---- | C] () -- C:\Users\Tommy\Desktop\Spybot - Search & Destroy.lnk
[2011/07/08 17:27:35 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/07/06 20:03:15 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000UA.job
[2011/07/06 20:03:14 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000Core.job
[2011/07/04 01:20:22 | 000,000,221 | ---- | C] () -- C:\Users\Tommy\Desktop\Magic The Gathering - Duels of the Planeswalker 2012.url
[2011/06/30 01:07:29 | 013,298,268 | ---- | C] () -- C:\Users\Tommy\Desktop\MnD (2).zip
[2011/06/30 01:07:26 | 019,093,697 | ---- | C] () -- C:\Users\Tommy\Desktop\MnD2.zip
[2011/06/29 22:25:05 | 000,568,320 | ---- | C] () -- C:\Users\Tommy\Desktop\IMG_0750.JPG
[2011/06/28 18:58:23 | 000,001,838 | ---- | C] () -- C:\Users\Tommy\Desktop\fm - Shortcut.lnk
[2011/06/28 18:52:05 | 000,000,221 | ---- | C] () -- C:\Users\Tommy\Desktop\Football Manager 2011.url
[2011/06/23 22:50:45 | 002,740,601 | ---- | C] () -- C:\Users\Tommy\Desktop\P5300049.JPG
[2011/06/23 22:48:07 | 001,163,966 | ---- | C] () -- C:\Users\Tommy\Desktop\P8060055.JPG
[2011/06/22 02:54:44 | 000,001,902 | ---- | C] () -- C:\Users\Tommy\Desktop\EVE.lnk
[2011/06/20 22:32:07 | 001,036,088 | ---- | C] () -- C:\Users\Tommy\Desktop\SBU attack.png
[2011/06/16 23:38:40 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011/06/15 01:03:29 | 000,032,640 | ---- | C] () -- C:\Users\Tommy\Desktop\Gates_1.jpg
[2011/06/15 01:03:21 | 000,040,354 | ---- | C] () -- C:\Users\Tommy\Desktop\orig_steel_driveway_gate2.jpg
[2011/06/15 01:03:16 | 000,048,050 | ---- | C] () -- C:\Users\Tommy\Desktop\Forged_gate_10.jpg
[2011/06/15 00:58:34 | 000,189,899 | ---- | C] () -- C:\Users\Tommy\Desktop\Director.jpg
[2011/06/15 00:23:43 | 000,000,231 | ---- | C] () -- C:\Users\Tommy\Desktop\webpage.html
[2011/05/24 15:56:35 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2011/05/24 15:56:34 | 012,067,328 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2011/05/24 15:56:34 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2011/05/16 15:52:21 | 000,007,462 | -HS- | C] () -- C:\Users\Tommy\AppData\Local\43uo14r40s476e1175l1y71o
[2011/05/16 15:52:21 | 000,007,462 | -HS- | C] () -- C:\ProgramData\43uo14r40s476e1175l1y71o
[2011/05/09 22:55:53 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/05/09 22:55:53 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/06 11:05:27 | 000,000,093 | ---- | C] () -- C:\Users\Tommy\AppData\Local\fusioncache.dat
[2011/04/26 15:51:04 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/26 15:51:04 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/13 03:15:15 | 000,009,184 | -HS- | C] () -- C:\Users\Tommy\AppData\Local\R_+N.`,Z]JO
[2011/03/13 03:15:15 | 000,009,184 | -HS- | C] () -- C:\ProgramData\R_+N.`,Z]JO
[2011/03/09 16:49:39 | 000,003,584 | ---- | C] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/15 00:25:08 | 000,800,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/30 02:08:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/26 17:52:41 | 000,007,605 | ---- | C] () -- C:\Users\Tommy\AppData\Local\resmon.resmoncfg
[2010/06/16 02:08:23 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2010/06/07 22:01:10 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/05 16:04:46 | 000,000,056 | ---- | C] () -- C:\Windows\TscUgp.ini
[2010/02/19 22:01:05 | 000,000,524 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\wklnhst.dat
[2009/12/07 13:11:17 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/09/23 17:21:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2011/05/04 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\.minecraft
[2010/06/29 00:04:55 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\AimOne
[2011/03/09 17:15:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Audacity
[2011/06/01 02:15:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\BitTorrent
[2011/02/06 23:39:46 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\CountdownTimer
[2010/08/07 21:22:19 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DAEMON Tools Net
[2010/06/16 15:32:10 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DAEMON Tools Pro
[2011/02/16 18:00:26 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\dasher.rc
[2011/07/12 11:48:24 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Dropbox
[2011/05/21 13:55:40 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DVDVideoSoft
[2010/10/02 14:17:56 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Electronic Arts
[2011/07/11 22:19:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\EVEMon
[2011/05/12 15:31:12 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\GazeTracker
[2011/06/20 21:34:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mumble
[2010/05/25 22:30:17 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Octoshape
[2010/06/02 12:47:20 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OpenOffice.org
[2011/05/11 18:34:32 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Sports Interactive
[2011/07/04 12:44:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\SystemRequirementsLab
[2010/02/19 22:21:58 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Template
[2011/02/23 19:38:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\The Creative Assembly
[2010/02/01 18:54:51 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Toshiba
[2010/08/31 14:37:49 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Trusteer
[2011/06/11 21:06:59 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TS3Client
[2011/06/08 15:30:21 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ts3overlay
[2010/11/24 18:22:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\WildTangent
[2011/07/08 21:10:08 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/07/12 05:25:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000Core.job
[2011/07/12 11:25:04 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000UA.job
[2011/05/22 12:37:20 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B63300D1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

#2
ali.B
Posted 13 July 2011 - 05:52 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O33 - MountPoints2\{080cfeaf-a261-11df-aeb8-d740ec9db8d7}\Shell - "" = AutoRun
O33 - MountPoints2\{080cfeaf-a261-11df-aeb8-d740ec9db8d7}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{31de129b-7953-11df-823b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{31de129b-7953-11df-823b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{5480393c-8db3-11df-945b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5480393c-8db3-11df-945b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{9d05234b-2180-11e0-a30f-81b96fbeabd4}\Shell - "" = AutoRun
O33 - MountPoints2\{9d05234b-2180-11e0-a30f-81b96fbeabd4}\Shell\AutoRun\command - "" = I:\launcher.exe
[2011/05/16 15:52:21 | 000,007,462 | -HS- | C] () -- C:\Users\Tommy\AppData\Local\43uo14r40s476e1175l1y71o
[2011/05/16 15:52:21 | 000,007,462 | -HS- | C] () -- C:\ProgramData\43uo14r40s476e1175l1y71o
[2011/03/13 03:15:15 | 000,009,184 | -HS- | C] () -- C:\Users\Tommy\AppData\Local\R_+N.`,Z]JO
[2011/03/13 03:15:15 | 000,009,184 | -HS- | C] () -- C:\ProgramData\R_+N.`,Z]JO
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B63300D1
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2


Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Things I would like to see in your reply:
  • OTL log
  • aswMBR l

  • 0

#3
Tombomb7
Posted 13 July 2011 - 07:06 AM

Tombomb7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

Many thanks for the help! Here is the OTL log file:

OTL logfile created on: 7/13/2011 1:59:40 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Tommy\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.97 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.78% Memory free
7.93 Gb Paging File | 5.96 Gb Available in Paging File | 75.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 19.17 Gb Free Space | 8.23% Space Free | Partition Type: NTFS
Drive D: | 232.49 Gb Total Space | 4.99 Gb Free Space | 2.15% Space Free | Partition Type: NTFS

Computer Name: TOMMY-TOSH | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/13 13:54:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Downloads\OTL.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/16 05:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2009/09/03 16:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/29 17:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/13 21:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2007/08/07 11:38:06 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe


========== Modules (SafeList) ==========

MOD - [2011/07/13 13:54:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Downloads\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/05/05 16:04:46 | 000,148,800 | ---- | M] (TechSmith Corporation) -- C:\Windows\SysWOW64\TSCUGP.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/04 18:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/09/03 21:38:26 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/21 10:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Start_Pending] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/08 09:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/03/23 21:16:05 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/13 19:23:02 | 000,129,440 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/09/02 21:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/07/29 12:19:46 | 000,394,560 | ---- | M] (DT Soft Ltd) [Auto | Stopped] -- C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe -- (DTNetService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/26 01:30:38 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/22 18:01:32 | 000,064,272 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 10:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/06/16 15:42:52 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/06/16 15:42:52 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/05/20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/02/03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/08/26 19:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/17 13:15:44 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/01 02:13:00 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/26 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:46 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/02/13 11:35:46 | 012,379,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2011/06/22 18:01:32 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/06/22 18:01:32 | 000,052,496 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2008/02/13 11:34:50 | 012,067,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2790392
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Tommy\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tommy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Tommy\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/11 14:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/07/11 14:09:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Extensions
[2011/07/11 14:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/16 05:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/13 13:54:37 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Tommy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (TSCUGP.dll) - C:\Windows\SysWow64\TSCUGP.dll (TechSmith Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast") - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/13 13:54:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/13 00:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/07/12 20:00:49 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
[2011/07/12 17:02:43 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/07/12 11:51:31 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\TDSSKiller
[2011/07/12 11:40:29 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\GooredFix Backups
[2011/07/12 11:39:03 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Tommy\Desktop\GooredFix.exe
[2011/07/12 11:37:20 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/12 11:36:29 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTM.exe
[2011/07/12 11:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/07/12 11:32:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/12 11:22:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/12 11:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/07/11 14:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2011/07/11 14:31:55 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\Anti-Malware
[2011/07/11 14:08:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/07/11 12:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/07/11 12:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/11 12:16:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/07/11 11:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/07/11 11:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/07/11 10:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/07/09 19:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/07/09 19:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/07/09 19:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/07/09 19:02:39 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/09 19:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/09 19:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/09 19:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/07/09 19:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/09 03:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/08 18:26:13 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/07/06 23:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/06 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Local\Facebook
[2011/07/04 01:59:49 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\Wizards of the Coast
[2011/06/30 11:49:27 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\Byrnefamily
[2011/06/30 01:07:16 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\MnD2
[2011/06/30 00:07:17 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\MnD
[2011/06/28 18:34:00 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\New folder
[2011/06/22 02:54:44 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
[2011/06/22 02:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCP
[2011/06/22 01:34:23 | 000,000,000 | ---D | C] -- C:\Program1
[2011/06/16 23:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2011/06/15 00:11:54 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\EVE
[2011/06/14 21:49:34 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\Games
[2011/06/13 16:37:33 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\Morae Observer
[2011/05/24 15:56:34 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll

========== Files - Modified Within 30 Days ==========

[2011/07/13 13:57:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/13 13:57:07 | 3193,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/13 13:54:37 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/07/13 11:25:10 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000UA.job
[2011/07/13 11:13:29 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000Core.job
[2011/07/12 19:59:47 | 000,102,683 | ---- | M] () -- C:\Users\Tommy\Documents\EVEMon_Settings_2798.xml.bak
[2011/07/12 18:42:06 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/12 18:42:06 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/12 17:02:43 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/07/12 16:46:13 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/07/12 11:39:02 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Tommy\Desktop\GooredFix.exe
[2011/07/12 11:36:29 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTM.exe
[2011/07/12 11:22:22 | 000,002,975 | ---- | M] () -- C:\Users\Tommy\Desktop\HiJackThis.lnk
[2011/07/11 14:08:58 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/11 13:00:34 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/07/11 12:56:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/11 11:25:39 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/07/09 19:27:37 | 001,707,578 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/07/09 19:23:46 | 000,512,992 | ---- | M] () -- C:\Users\Tommy\Desktop\sdasetup_revwire207.exe
[2011/07/09 19:02:34 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/09 03:25:12 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/09 03:21:19 | 000,001,293 | ---- | M] () -- C:\Users\Tommy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/09 03:21:19 | 000,001,269 | ---- | M] () -- C:\Users\Tommy\Desktop\Spybot - Search & Destroy.lnk
[2011/07/08 21:10:08 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/07/05 16:06:34 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/07/05 16:06:34 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/07/04 01:20:22 | 000,000,221 | ---- | M] () -- C:\Users\Tommy\Desktop\Magic The Gathering - Duels of the Planeswalker 2012.url
[2011/07/01 16:11:14 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/06/30 11:34:40 | 000,361,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/30 01:07:31 | 013,298,268 | ---- | M] () -- C:\Users\Tommy\Desktop\MnD (2).zip
[2011/06/30 01:07:27 | 019,093,697 | ---- | M] () -- C:\Users\Tommy\Desktop\MnD2.zip
[2011/06/30 00:34:01 | 000,791,870 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/30 00:34:01 | 000,673,428 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/30 00:34:01 | 000,129,390 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/29 22:25:39 | 000,568,320 | ---- | M] () -- C:\Users\Tommy\Desktop\IMG_0750.JPG
[2011/06/28 19:30:32 | 000,001,838 | ---- | M] () -- C:\Users\Tommy\Desktop\fm - Shortcut.lnk
[2011/06/28 18:52:06 | 000,000,221 | ---- | M] () -- C:\Users\Tommy\Desktop\Football Manager 2011.url
[2011/06/22 18:01:32 | 000,064,272 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/06/22 02:54:44 | 000,001,902 | ---- | M] () -- C:\Users\Tommy\Desktop\EVE.lnk
[2011/06/20 22:32:08 | 001,036,088 | ---- | M] () -- C:\Users\Tommy\Desktop\SBU attack.png
[2011/06/16 23:38:40 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011/06/15 01:03:29 | 000,032,640 | ---- | M] () -- C:\Users\Tommy\Desktop\Gates_1.jpg
[2011/06/15 01:03:21 | 000,040,354 | ---- | M] () -- C:\Users\Tommy\Desktop\orig_steel_driveway_gate2.jpg
[2011/06/15 01:03:18 | 000,048,050 | ---- | M] () -- C:\Users\Tommy\Desktop\Forged_gate_10.jpg
[2011/06/15 00:58:35 | 000,189,899 | ---- | M] () -- C:\Users\Tommy\Desktop\Director.jpg
[2011/06/15 00:23:43 | 000,000,231 | ---- | M] () -- C:\Users\Tommy\Desktop\webpage.html

========== Files Created - No Company Name ==========

[2011/07/12 20:31:36 | 000,102,683 | ---- | C] () -- C:\Users\Tommy\Documents\EVEMon_Settings_2798.xml.bak
[2011/07/12 11:22:22 | 000,002,975 | ---- | C] () -- C:\Users\Tommy\Desktop\HiJackThis.lnk
[2011/07/11 14:08:58 | 000,001,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/11 14:08:58 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/11 13:00:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/11 11:25:43 | 000,023,112 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/07/11 11:25:39 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/07/11 06:07:13 | 3193,593,856 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/09 19:26:21 | 001,707,578 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/07/09 19:23:51 | 000,512,992 | ---- | C] () -- C:\Users\Tommy\Desktop\sdasetup_revwire207.exe
[2011/07/09 19:02:34 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/09 03:25:12 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/09 03:21:19 | 000,001,293 | ---- | C] () -- C:\Users\Tommy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/09 03:21:19 | 000,001,269 | ---- | C] () -- C:\Users\Tommy\Desktop\Spybot - Search & Destroy.lnk
[2011/07/08 17:27:35 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/07/06 20:03:15 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000UA.job
[2011/07/06 20:03:14 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000Core.job
[2011/07/04 01:20:22 | 000,000,221 | ---- | C] () -- C:\Users\Tommy\Desktop\Magic The Gathering - Duels of the Planeswalker 2012.url
[2011/06/30 01:07:29 | 013,298,268 | ---- | C] () -- C:\Users\Tommy\Desktop\MnD (2).zip
[2011/06/30 01:07:26 | 019,093,697 | ---- | C] () -- C:\Users\Tommy\Desktop\MnD2.zip
[2011/06/29 22:25:05 | 000,568,320 | ---- | C] () -- C:\Users\Tommy\Desktop\IMG_0750.JPG
[2011/06/28 18:58:23 | 000,001,838 | ---- | C] () -- C:\Users\Tommy\Desktop\fm - Shortcut.lnk
[2011/06/28 18:52:05 | 000,000,221 | ---- | C] () -- C:\Users\Tommy\Desktop\Football Manager 2011.url
[2011/06/23 22:50:45 | 002,740,601 | ---- | C] () -- C:\Users\Tommy\Desktop\P5300049.JPG
[2011/06/23 22:48:07 | 001,163,966 | ---- | C] () -- C:\Users\Tommy\Desktop\P8060055.JPG
[2011/06/22 02:54:44 | 000,001,902 | ---- | C] () -- C:\Users\Tommy\Desktop\EVE.lnk
[2011/06/20 22:32:07 | 001,036,088 | ---- | C] () -- C:\Users\Tommy\Desktop\SBU attack.png
[2011/06/16 23:38:40 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011/06/15 01:03:29 | 000,032,640 | ---- | C] () -- C:\Users\Tommy\Desktop\Gates_1.jpg
[2011/06/15 01:03:21 | 000,040,354 | ---- | C] () -- C:\Users\Tommy\Desktop\orig_steel_driveway_gate2.jpg
[2011/06/15 01:03:16 | 000,048,050 | ---- | C] () -- C:\Users\Tommy\Desktop\Forged_gate_10.jpg
[2011/06/15 00:58:34 | 000,189,899 | ---- | C] () -- C:\Users\Tommy\Desktop\Director.jpg
[2011/06/15 00:23:43 | 000,000,231 | ---- | C] () -- C:\Users\Tommy\Desktop\webpage.html
[2011/05/24 15:56:35 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2011/05/24 15:56:34 | 012,067,328 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2011/05/24 15:56:34 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2011/05/09 22:55:53 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/05/09 22:55:53 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/06 11:05:27 | 000,000,093 | ---- | C] () -- C:\Users\Tommy\AppData\Local\fusioncache.dat
[2011/04/26 15:51:04 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/26 15:51:04 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/09 16:49:39 | 000,003,584 | ---- | C] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/15 00:25:08 | 000,800,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/30 02:08:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/26 17:52:41 | 000,007,605 | ---- | C] () -- C:\Users\Tommy\AppData\Local\resmon.resmoncfg
[2010/06/16 02:08:23 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2010/06/07 22:01:10 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/05 16:04:46 | 000,000,056 | ---- | C] () -- C:\Windows\TscUgp.ini
[2010/02/19 22:01:05 | 000,000,524 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\wklnhst.dat
[2009/12/07 13:11:17 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/09/23 17:21:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2011/05/04 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\.minecraft
[2010/06/29 00:04:55 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\AimOne
[2011/03/09 17:15:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Audacity
[2011/06/01 02:15:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\BitTorrent
[2011/02/06 23:39:46 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\CountdownTimer
[2010/08/07 21:22:19 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DAEMON Tools Net
[2010/06/16 15:32:10 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DAEMON Tools Pro
[2011/02/16 18:00:26 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\dasher.rc
[2011/07/13 13:58:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Dropbox
[2011/05/21 13:55:40 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DVDVideoSoft
[2010/10/02 14:17:56 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Electronic Arts
[2011/07/12 21:35:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\EVEMon
[2011/05/12 15:31:12 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\GazeTracker
[2011/06/20 21:34:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mumble
[2010/05/25 22:30:17 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Octoshape
[2010/06/02 12:47:20 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OpenOffice.org
[2011/05/11 18:34:32 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Sports Interactive
[2011/07/04 12:44:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\SystemRequirementsLab
[2010/02/19 22:21:58 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Template
[2011/02/23 19:38:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\The Creative Assembly
[2010/02/01 18:54:51 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Toshiba
[2010/08/31 14:37:49 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Trusteer
[2011/06/11 21:06:59 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TS3Client
[2011/06/08 15:30:21 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ts3overlay
[2010/11/24 18:22:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\WildTangent
[2011/07/08 21:10:08 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/07/13 11:13:29 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000Core.job
[2011/07/13 11:25:10 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000UA.job
[2011/05/22 12:37:20 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Here is the aswMBR log file:

aswMBR version 0.9.7.707 Copyright© 2011 AVAST Software
Run date: 2011-07-13 14:05:19
-----------------------------
14:05:19.289 OS Version: Windows x64 6.1.7600
14:05:19.289 Number of processors: 2 586 0x170A
14:05:19.290 ComputerName: TOMMY-TOSH UserName: Tommy
14:05:20.172 Initialize success
14:05:34.557 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:05:34.562 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
14:05:34.580 Disk 0 MBR read successfully
14:05:34.585 Disk 0 MBR scan
14:05:34.591 Disk 0 Windows 7 default MBR code
14:05:34.598 Service scanning
14:05:38.369 Disk 0 trace - called modules:
14:05:38.412 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys
14:05:38.420 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b63790]
14:05:38.423 3 CLASSPNP.SYS[fffff88000db443f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004b61060]
14:05:38.427 5 thpdrv.sys[fffff88001680cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004734050]
14:05:38.431 Scan finished successfully
14:06:01.105 Disk 0 MBR has been saved successfully to "C:\Users\Tommy\Desktop\MBR.dat"
14:06:01.105 The log file has been saved successfully to "C:\Users\Tommy\Desktop\aswMBR.txt"
  • 0

#4
ali.B
Posted 13 July 2011 - 07:42 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Step 2

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Things i would like to see in your reply:
  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

  • 0

#5
Tombomb7
Posted 13 July 2011 - 04:16 PM

Tombomb7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

Thanks for this help.
Here is the Malwarebyte log file:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7112

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13/07/2011 18:52:27
mbam-log-2011-07-13 (18-52-27).txt

Scan type: Quick scan
Objects scanned: 172611
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is the ESET lof file:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-13 09:32:49
# local_time=2011-07-13 10:32:49 (+0000, GMT Daylight Time)
# country="Ireland"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 113360 113360 0 0
# compatibility_mode=768 16777215 100 0 41831164 41831164 0 0
# compatibility_mode=5121 16777214 0 3 41827535 41827535 0 0
# compatibility_mode=5893 16776574 66 94 10733243 63044551 0 0
# compatibility_mode=8192 67108863 100 0 13163 13163 0 0
# scanned=441579
# found=4
# cleaned=4
# scan_time=13267
C:\Users\Tommy\Downloads\registrybooster2rrlab.exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Tommy\Downloads\VA - Now That's What I Call Music! 78 (2011)\Extras.7z multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\Installer\52278.msi a variant of Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\system64\consrv.dll Win64/Agent.AC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

PC seems to be running is as normal, I'm going to restart the PC now and update this post with how it's running then too. Will also check the Firefox to see if the problem is now gone.

Cheers again!.

Edit: The PC was shutdown and turned on again by me. It couldn't boot, and tried to restore from my last point (yesterday I think). I couldn't do that either. I restarted it again and it booted fine this time.

The redirect virus is still on the PC. I'm not sure if they PC managed to reboot successfully after restoring some files from yesterdays image drive backup. Is that possible?

Cheers

Edited by Tombomb7, 13 July 2011 - 05:36 PM.

  • 0

#6
ali.B
Posted 14 July 2011 - 01:07 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Next

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  • 0

#7
Tombomb7
Posted 14 July 2011 - 08:02 AM

Tombomb7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

Here is teh MBRCheckfile:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite A500
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 166):
0x03601000 \SystemRoot\system32\ntoskrnl.exe
0x03BDD000 \SystemRoot\system32\hal.dll
0x00BD2000 \SystemRoot\system32\kdcom.dll
0x00C1B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C5F000 \SystemRoot\system32\PSHED.dll
0x00C73000 \SystemRoot\system32\CLFS.SYS
0x00CD1000 \SystemRoot\system32\CI.dll
0x00E2A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ECE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EDD000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F34000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F3D000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F47000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F54000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F87000 \SystemRoot\System32\drivers\partmgr.sys
0x00F9C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FA5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB1000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D91000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FC6000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FE0000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FE7000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010C1000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011DD000 \SystemRoot\system32\DRIVERS\atapi.sys
0x01000000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x0102A000 \SystemRoot\system32\DRIVERS\msahci.sys
0x01035000 \SystemRoot\system32\drivers\amdxata.sys
0x01040000 \SystemRoot\system32\drivers\fltmgr.sys
0x0108C000 \SystemRoot\system32\drivers\fileinfo.sys
0x010A0000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01254000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01432000 \SystemRoot\System32\Drivers\msrpc.sys
0x01490000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014AA000 \SystemRoot\System32\Drivers\cng.sys
0x0151D000 \SystemRoot\System32\drivers\pcw.sys
0x0152E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01641000 \SystemRoot\system32\drivers\ndis.sys
0x01733000 \SystemRoot\system32\drivers\NETIO.SYS
0x01793000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01538000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017BE000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x01584000 \SystemRoot\system32\DRIVERS\tos_sps64.sys
0x017C3000 \SystemRoot\system32\DRIVERS\Thpevm.SYS
0x017C5000 \SystemRoot\system32\DRIVERS\thpdrv.sys
0x017D1000 \SystemRoot\System32\Drivers\spldr.sys
0x01600000 \SystemRoot\System32\drivers\rdyboost.sys
0x017D9000 \SystemRoot\System32\Drivers\RapportKE64.sys
0x017EC000 \SystemRoot\System32\Drivers\mup.sys
0x01400000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01200000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01409000 \SystemRoot\system32\DRIVERS\disk.sys
0x01840000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x019AD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x019D7000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
0x019EA000 \SystemRoot\System32\Drivers\Null.SYS
0x019F3000 \SystemRoot\System32\Drivers\Beep.SYS
0x01800000 \SystemRoot\System32\drivers\vga.sys
0x0180E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0141F000 \SystemRoot\System32\drivers\watchdog.sys
0x01833000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0123A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01243000 \SystemRoot\system32\drivers\rdprefmp.sys
0x010B5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x011E6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C00000 \SystemRoot\System32\drivers\tcpip.sys
0x03AEF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x03B39000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03B57000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03B64000 \SystemRoot\system32\drivers\afd.sys
0x03A00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A45000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03A4E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03A74000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03A8A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03A99000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03AB4000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03AC8000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x03AD2000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x03C07000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C58000 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
0x03C6B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03C77000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03C82000 \SystemRoot\System32\drivers\discache.sys
0x03C91000 \SystemRoot\System32\Drivers\dfsc.sys
0x03CAF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03CC0000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0480C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05311000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03CE6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05313000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05359000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0537D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0538A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x053E0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03ED5000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04083000 \SystemRoot\system32\DRIVERS\rtl8192se.sys
0x0418A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04197000 \SystemRoot\system32\DRIVERS\jmcr.sys
0x041BE000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x041ED000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x04000000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x0400A000 \SystemRoot\system32\DRIVERS\TVALZFL.sys
0x04011000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04027000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04037000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0404D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04071000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03F0E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03F3D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03F58000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03F79000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03F93000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x03F9E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03FAD000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0407D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03FBC000 \SystemRoot\system32\DRIVERS\ks.sys
0x03E00000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03E12000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03E6C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03E81000 \SystemRoot\system32\drivers\nvhda64v.sys
0x05E94000 \SystemRoot\system32\drivers\portcls.sys
0x05ED1000 \SystemRoot\system32\drivers\drmk.sys
0x05EF3000 \SystemRoot\system32\drivers\ksthunk.sys
0x0601E000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06000000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05EF9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05F17000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x06005000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05F63000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05F80000 \SystemRoot\System32\Drivers\usbvideo.sys
0x06007000 \SystemRoot\system32\DRIVERS\pgeffect.sys
0x0600E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05FAE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05FC7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05FD0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05FDD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x01870000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05FEB000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x05E00000 \SystemRoot\System32\drivers\Dxapi.sys
0x05E0C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00580000 \SystemRoot\System32\TSDDD.dll
0x006E0000 \SystemRoot\System32\cdd.dll
0x05E1A000 \SystemRoot\system32\drivers\luafv.sys
0x05E3D000 \SystemRoot\system32\drivers\WudfPf.sys
0x05E5E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06231000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06284000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x06297000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x062AF000 \SystemRoot\system32\drivers\HTTP.sys
0x06377000 \SystemRoot\system32\DRIVERS\bowser.sys
0x063AD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0843D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0848B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x084AE000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x084FD000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x0850A000 \SystemRoot\system32\drivers\peauth.sys
0x085B0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x085BB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x085E8000 \SystemRoot\System32\drivers\tcpipreg.sys
0x08C19000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08C80000 \SystemRoot\System32\DRIVERS\srv.sys
0x08D15000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x774A0000 \Windows\System32\ntdll.dll
0x47F30000 \Windows\System32\smss.exe
0xFF7C0000 \Windows\System32\apisetschema.dll

Processes (total 82):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
500 csrss.exe
564 C:\Windows\System32\wininit.exe
584 csrss.exe
644 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\nvvsvc.exe
868 C:\Windows\System32\svchost.exe
924 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
1008 C:\Windows\System32\winlogon.exe
752 C:\Windows\System32\svchost.exe
556 C:\Windows\System32\svchost.exe
1048 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\audiodg.exe
1152 C:\Windows\servicing\TrustedInstaller.exe
1176 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\svchost.exe
1420 C:\Windows\System32\spoolsv.exe
1472 C:\Windows\System32\svchost.exe
1524 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1612 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
1652 C:\Program Files\Microsoft LifeCam\MSCamS64.exe
1704 C:\Windows\System32\svchost.exe
1748 C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
1948 C:\Windows\System32\ThpSrv.exe
1972 C:\Windows\System32\TODDSrv.exe
2000 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
1184 C:\Program Files\TOSHIBA\TECO\TecoService.exe
1580 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2280 C:\Windows\System32\SearchIndexer.exe
2408 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2596 C:\Windows\System32\nvvsvc.exe
2704 C:\Windows\System32\taskhost.exe
2768 C:\Windows\System32\dwm.exe
2812 C:\Windows\explorer.exe
2876 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
2068 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
2144 C:\Windows\System32\ThpSrv.exe
2216 C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
1608 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
1904 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
1872 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1568 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
2328 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2520 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
2552 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1512 C:\Program Files\TOSHIBA\TECO\Teco.exe
2808 C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
2928 C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
2460 C:\Windows\vsnp2std.exe
504 C:\Program Files\Windows Sidebar\sidebar.exe
3168 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3196 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
3244 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
3252 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
3300 C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe
3472 WmiPrvSE.exe
3752 C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
3812 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3844 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
4040 C:\Windows\System32\svchost.exe
3664 C:\Windows\System32\VSSVC.exe
3372 C:\Windows\System32\svchost.exe
4224 C:\Users\Tommy\AppData\Local\Temp\SSUPDATE64.EXE
4328 C:\Windows\System32\taskeng.exe
4364 C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
4440 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
4560 C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
4716 C:\Windows\System32\wuauclt.exe
252 C:\Windows\System32\svchost.exe
792 C:\Windows\System32\dllhost.exe
3840 C:\Windows\System32\svchost.exe
2484 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
4052 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
4028 C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
4764 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
3344 C:\Users\Tommy\Desktop\MBRCheck.exe
2500 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`19100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003a`51700000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK5055GSX, Rev: FG001M
PhysicalDrive1 Model Number: HitachiHTS542516K9SA00, Rev:

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
149 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


Here is the OTL Log file:

OTL logfile created on: 7/14/2011 12:50:53 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Tommy\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.97 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 59.67% Memory free
7.93 Gb Paging File | 6.09 Gb Available in Paging File | 76.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 18.69 Gb Free Space | 8.02% Space Free | Partition Type: NTFS
Drive D: | 232.49 Gb Total Space | 4.99 Gb Free Space | 2.15% Space Free | Partition Type: NTFS
Drive F: | 149.05 Gb Total Space | 0.61 Gb Free Space | 0.41% Space Free | Partition Type: NTFS

Computer Name: TOMMY-TOSH | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/13 13:54:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Downloads\OTL.exe
PRC - [2011/06/22 18:01:18 | 001,550,136 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/06/16 05:32:38 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/05/25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2009/09/03 16:06:32 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/07/29 17:42:06 | 000,705,880 | ---- | M] (TOSHIBA Corporation.) -- C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
PRC - [2009/07/28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/26 16:31:16 | 002,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/13 21:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2007/08/07 11:38:06 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2std.exe


========== Modules (SafeList) ==========

MOD - [2011/07/13 13:54:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Downloads\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/05/05 16:04:46 | 000,148,800 | ---- | M] (TechSmith Corporation) -- C:\Windows\SysWOW64\TSCUGP.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/04 18:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/09/03 21:38:26 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/21 10:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 12:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 18:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 15:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/08 09:41:02 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV - [2011/06/22 18:01:18 | 000,870,200 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/05/25 17:29:52 | 002,275,720 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/03/23 21:16:05 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/13 19:23:02 | 000,129,440 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/12/21 06:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/09/02 21:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/07/29 12:19:46 | 000,394,560 | ---- | M] (DT Soft Ltd) [Auto | Stopped] -- C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe -- (DTNetService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/26 01:30:38 | 000,116,104 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO)
SRV - [2009/08/17 11:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 20:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 20:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/22 18:01:32 | 000,064,272 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 10:05:34 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/06/16 15:42:52 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/06/16 15:42:52 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/05/20 15:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2010/02/17 19:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 19:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/02/03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/08/26 19:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/17 13:15:44 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/01 02:13:00 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/30 21:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 16:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 22:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 16:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/29 10:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2009/06/26 16:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:46 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/22 22:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/02/13 11:35:46 | 012,379,136 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2011/06/22 18:01:32 | 000,061,200 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2011/06/22 18:01:32 | 000,052,496 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2008/02/13 11:34:50 | 012,067,328 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSEH&bmod=TSEH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2790392
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - Reg Error: Value error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Tommy\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tommy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Tommy\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/11 14:08:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/07/11 14:09:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\Mozilla\Extensions
[2011/07/11 14:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/16 05:32:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 09:00:00 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2010/01/01 09:00:00 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/01/01 09:00:00 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/07/13 13:54:37 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\Windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Tommy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tommy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} Reg Error: Value error. (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (TSCUGP.dll) - TSCUGP.dll (TechSmith Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1033" /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast") - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/13 15:12:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/07/13 14:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/13 14:54:49 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/13 14:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/13 13:54:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/13 00:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/07/12 20:00:49 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
[2011/07/12 17:02:43 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/07/12 11:51:31 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\TDSSKiller
[2011/07/12 11:40:29 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\GooredFix Backups
[2011/07/12 11:39:03 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Tommy\Desktop\GooredFix.exe
[2011/07/12 11:37:20 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/12 11:36:29 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTM.exe
[2011/07/12 11:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/07/12 11:32:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/12 11:22:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/12 11:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/07/11 14:31:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2011/07/11 14:31:55 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\Anti-Malware
[2011/07/11 14:08:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/07/11 12:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/07/11 12:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/07/11 12:16:31 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/07/11 11:25:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman Pro 3.5
[2011/07/11 11:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/07/11 10:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/07/09 19:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/07/09 19:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/07/09 19:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2011/07/09 19:02:39 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/09 19:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/07/09 19:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/07/09 19:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/07/09 19:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/07/09 03:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/08 18:26:13 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/07/06 23:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/06 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Local\Facebook
[2011/07/04 01:59:49 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\Wizards of the Coast
[2011/06/30 11:49:27 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\Byrnefamily
[2011/06/30 01:07:16 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\MnD2
[2011/06/30 00:07:17 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\MnD
[2011/06/28 18:34:00 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\New folder
[2011/06/22 02:54:44 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVE
[2011/06/22 02:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCP
[2011/06/22 01:34:23 | 000,000,000 | ---D | C] -- C:\Program1
[2011/06/16 23:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2011/06/15 00:11:54 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\EVE
[2011/06/14 21:49:34 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\Games
[2011/05/24 15:56:34 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll

========== Files - Modified Within 30 Days ==========

[2011/07/14 12:54:40 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/14 12:54:40 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/14 12:50:27 | 000,791,870 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/07/14 12:50:27 | 000,673,428 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/07/14 12:50:27 | 000,129,390 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/07/14 12:47:57 | 000,080,384 | ---- | M] () -- C:\Users\Tommy\Desktop\MBRCheck.exe
[2011/07/14 12:46:57 | 000,361,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/14 12:46:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/14 12:46:40 | 3193,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/13 17:25:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000UA.job
[2011/07/13 14:54:50 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/13 14:06:01 | 000,000,512 | ---- | M] () -- C:\Users\Tommy\Desktop\MBR.dat
[2011/07/13 13:54:37 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/07/13 11:13:29 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000Core.job
[2011/07/12 19:59:47 | 000,102,683 | ---- | M] () -- C:\Users\Tommy\Documents\EVEMon_Settings_2798.xml.bak
[2011/07/12 17:02:43 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2011/07/12 16:46:13 | 000,023,112 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/07/12 11:39:02 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Tommy\Desktop\GooredFix.exe
[2011/07/12 11:36:29 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTM.exe
[2011/07/12 11:22:22 | 000,002,975 | ---- | M] () -- C:\Users\Tommy\Desktop\HiJackThis.lnk
[2011/07/11 14:08:58 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/11 13:00:34 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/07/11 12:56:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/07/11 11:25:39 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/07/09 19:27:37 | 001,707,578 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/07/09 19:23:46 | 000,512,992 | ---- | M] () -- C:\Users\Tommy\Desktop\sdasetup_revwire207.exe
[2011/07/09 19:02:34 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/09 03:21:19 | 000,001,293 | ---- | M] () -- C:\Users\Tommy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/09 03:21:19 | 000,001,269 | ---- | M] () -- C:\Users\Tommy\Desktop\Spybot - Search & Destroy.lnk
[2011/07/08 21:10:08 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/07/05 16:06:34 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/07/05 16:06:34 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/07/04 01:20:22 | 000,000,221 | ---- | M] () -- C:\Users\Tommy\Desktop\Magic The Gathering - Duels of the Planeswalker 2012.url
[2011/07/01 16:11:14 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/06/30 01:07:31 | 013,298,268 | ---- | M] () -- C:\Users\Tommy\Desktop\MnD (2).zip
[2011/06/30 01:07:27 | 019,093,697 | ---- | M] () -- C:\Users\Tommy\Desktop\MnD2.zip
[2011/06/29 22:25:39 | 000,568,320 | ---- | M] () -- C:\Users\Tommy\Desktop\IMG_0750.JPG
[2011/06/28 19:30:32 | 000,001,838 | ---- | M] () -- C:\Users\Tommy\Desktop\fm - Shortcut.lnk
[2011/06/28 18:52:06 | 000,000,221 | ---- | M] () -- C:\Users\Tommy\Desktop\Football Manager 2011.url
[2011/06/22 18:01:32 | 000,064,272 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
[2011/06/22 02:54:44 | 000,001,902 | ---- | M] () -- C:\Users\Tommy\Desktop\EVE.lnk
[2011/06/20 22:32:08 | 001,036,088 | ---- | M] () -- C:\Users\Tommy\Desktop\SBU attack.png
[2011/06/16 23:38:40 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011/06/15 01:03:29 | 000,032,640 | ---- | M] () -- C:\Users\Tommy\Desktop\Gates_1.jpg
[2011/06/15 01:03:21 | 000,040,354 | ---- | M] () -- C:\Users\Tommy\Desktop\orig_steel_driveway_gate2.jpg
[2011/06/15 01:03:18 | 000,048,050 | ---- | M] () -- C:\Users\Tommy\Desktop\Forged_gate_10.jpg
[2011/06/15 00:58:35 | 000,189,899 | ---- | M] () -- C:\Users\Tommy\Desktop\Director.jpg
[2011/06/15 00:23:43 | 000,000,231 | ---- | M] () -- C:\Users\Tommy\Desktop\webpage.html

========== Files Created - No Company Name ==========

[2011/07/14 12:47:57 | 000,080,384 | ---- | C] () -- C:\Users\Tommy\Desktop\MBRCheck.exe
[2011/07/13 14:54:50 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/13 14:06:01 | 000,000,512 | ---- | C] () -- C:\Users\Tommy\Desktop\MBR.dat
[2011/07/12 20:31:36 | 000,102,683 | ---- | C] () -- C:\Users\Tommy\Documents\EVEMon_Settings_2798.xml.bak
[2011/07/12 11:22:22 | 000,002,975 | ---- | C] () -- C:\Users\Tommy\Desktop\HiJackThis.lnk
[2011/07/11 14:08:58 | 000,001,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/07/11 14:08:58 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/07/11 13:00:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/07/11 11:25:43 | 000,023,112 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/07/11 11:25:39 | 000,001,985 | ---- | C] () -- C:\Users\Public\Desktop\Hitman Pro 3.5.lnk
[2011/07/11 06:07:13 | 3193,593,856 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/09 19:26:21 | 001,707,578 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2011/07/09 19:23:51 | 000,512,992 | ---- | C] () -- C:\Users\Tommy\Desktop\sdasetup_revwire207.exe
[2011/07/09 19:02:34 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/07/09 03:21:19 | 000,001,293 | ---- | C] () -- C:\Users\Tommy\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/09 03:21:19 | 000,001,269 | ---- | C] () -- C:\Users\Tommy\Desktop\Spybot - Search & Destroy.lnk
[2011/07/08 17:27:35 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/07/06 20:03:15 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000UA.job
[2011/07/06 20:03:14 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000Core.job
[2011/07/04 01:20:22 | 000,000,221 | ---- | C] () -- C:\Users\Tommy\Desktop\Magic The Gathering - Duels of the Planeswalker 2012.url
[2011/06/30 01:07:29 | 013,298,268 | ---- | C] () -- C:\Users\Tommy\Desktop\MnD (2).zip
[2011/06/30 01:07:26 | 019,093,697 | ---- | C] () -- C:\Users\Tommy\Desktop\MnD2.zip
[2011/06/29 22:25:05 | 000,568,320 | ---- | C] () -- C:\Users\Tommy\Desktop\IMG_0750.JPG
[2011/06/28 18:58:23 | 000,001,838 | ---- | C] () -- C:\Users\Tommy\Desktop\fm - Shortcut.lnk
[2011/06/28 18:52:05 | 000,000,221 | ---- | C] () -- C:\Users\Tommy\Desktop\Football Manager 2011.url
[2011/06/23 22:50:45 | 002,740,601 | ---- | C] () -- C:\Users\Tommy\Desktop\P5300049.JPG
[2011/06/23 22:48:07 | 001,163,966 | ---- | C] () -- C:\Users\Tommy\Desktop\P8060055.JPG
[2011/06/22 02:54:44 | 000,001,902 | ---- | C] () -- C:\Users\Tommy\Desktop\EVE.lnk
[2011/06/20 22:32:07 | 001,036,088 | ---- | C] () -- C:\Users\Tommy\Desktop\SBU attack.png
[2011/06/16 23:38:40 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
[2011/06/15 01:03:29 | 000,032,640 | ---- | C] () -- C:\Users\Tommy\Desktop\Gates_1.jpg
[2011/06/15 01:03:21 | 000,040,354 | ---- | C] () -- C:\Users\Tommy\Desktop\orig_steel_driveway_gate2.jpg
[2011/06/15 01:03:16 | 000,048,050 | ---- | C] () -- C:\Users\Tommy\Desktop\Forged_gate_10.jpg
[2011/06/15 00:58:34 | 000,189,899 | ---- | C] () -- C:\Users\Tommy\Desktop\Director.jpg
[2011/06/15 00:23:43 | 000,000,231 | ---- | C] () -- C:\Users\Tommy\Desktop\webpage.html
[2011/05/24 15:56:35 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2011/05/24 15:56:34 | 012,067,328 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2011/05/24 15:56:34 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2011/05/09 22:55:53 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/05/09 22:55:53 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/06 11:05:27 | 000,000,093 | ---- | C] () -- C:\Users\Tommy\AppData\Local\fusioncache.dat
[2011/04/26 15:51:04 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/26 15:51:04 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/09 16:49:39 | 000,003,584 | ---- | C] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/15 00:25:08 | 000,800,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/30 02:08:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/26 17:52:41 | 000,007,605 | ---- | C] () -- C:\Users\Tommy\AppData\Local\resmon.resmoncfg
[2010/06/16 02:08:23 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2010/06/07 22:01:10 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/05 16:04:46 | 000,000,056 | ---- | C] () -- C:\Windows\TscUgp.ini
[2010/02/19 22:01:05 | 000,000,524 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\wklnhst.dat
[2009/12/07 13:11:17 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2009/09/23 17:21:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 17:24:18 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/28 04:37:00 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

========== LOP Check ==========

[2011/05/04 18:10:00 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\.minecraft
[2010/06/29 00:04:55 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\AimOne
[2011/03/09 17:15:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Audacity
[2011/06/01 02:15:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\BitTorrent
[2011/02/06 23:39:46 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\CountdownTimer
[2010/08/07 21:22:19 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DAEMON Tools Net
[2010/06/16 15:32:10 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DAEMON Tools Pro
[2011/02/16 18:00:26 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\dasher.rc
[2011/07/13 23:57:24 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Dropbox
[2011/05/21 13:55:40 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DVDVideoSoft
[2010/10/02 14:17:56 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Electronic Arts
[2011/07/12 21:35:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\EVEMon
[2011/05/12 15:31:12 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\GazeTracker
[2011/06/20 21:34:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mumble
[2010/05/25 22:30:17 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Octoshape
[2010/06/02 12:47:20 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OpenOffice.org
[2011/05/11 18:34:32 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Sports Interactive
[2011/07/04 12:44:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\SystemRequirementsLab
[2010/02/19 22:21:58 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Template
[2011/02/23 19:38:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\The Creative Assembly
[2010/02/01 18:54:51 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Toshiba
[2010/08/31 14:37:49 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Trusteer
[2011/06/11 21:06:59 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TS3Client
[2011/06/08 15:30:21 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ts3overlay
[2010/11/24 18:22:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\WildTangent
[2011/07/08 21:10:08 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/07/13 11:13:29 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000Core.job
[2011/07/13 17:25:00 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2479228247-1290946097-2114432855-1000UA.job
[2011/05/22 12:37:20 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Cheers
  • 0

#8
ali.B
Posted 14 July 2011 - 12:35 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
hi

Step 1

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image


  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 2

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Things I would like to see in your reply:
  • TDSSKiller log
  • Combofix log

  • 0

#9
ali.B
Posted 17 July 2011 - 04:28 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#10
ali.B
Posted 23 July 2011 - 12:20 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
topic reopened

post the logs
  • 0

#11
Tombomb7
Posted 24 July 2011 - 12:51 PM

Tombomb7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,

Thanks again for reopening the thread.
Here is the TDSS Killer log:

2011/07/24 18:01:09.0543 0948 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/24 18:01:09.0895 0948 ================================================================================
2011/07/24 18:01:09.0895 0948 SystemInfo:
2011/07/24 18:01:09.0895 0948
2011/07/24 18:01:09.0895 0948 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/24 18:01:09.0895 0948 Product type: Workstation
2011/07/24 18:01:09.0895 0948 ComputerName: TOMMY-TOSH
2011/07/24 18:01:09.0896 0948 UserName: Tommy
2011/07/24 18:01:09.0896 0948 Windows directory: C:\Windows
2011/07/24 18:01:09.0896 0948 System windows directory: C:\Windows
2011/07/24 18:01:09.0896 0948 Running under WOW64
2011/07/24 18:01:09.0896 0948 Processor architecture: Intel x64
2011/07/24 18:01:09.0896 0948 Number of processors: 2
2011/07/24 18:01:09.0896 0948 Page size: 0x1000
2011/07/24 18:01:09.0896 0948 Boot type: Normal boot
2011/07/24 18:01:09.0896 0948 ================================================================================
2011/07/24 18:01:10.0519 0948 Initialize success
2011/07/24 18:01:13.0642 3120 ================================================================================
2011/07/24 18:01:13.0642 3120 Scan started
2011/07/24 18:01:13.0642 3120 Mode: Manual;
2011/07/24 18:01:13.0642 3120 ================================================================================
2011/07/24 18:01:15.0073 3120 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/24 18:01:15.0198 3120 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/24 18:01:15.0296 3120 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/24 18:01:15.0339 3120 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/24 18:01:15.0447 3120 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/24 18:01:15.0561 3120 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/24 18:01:15.0698 3120 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
2011/07/24 18:01:15.0816 3120 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/07/24 18:01:15.0920 3120 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/24 18:01:16.0051 3120 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/24 18:01:16.0156 3120 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/24 18:01:16.0188 3120 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/24 18:01:16.0300 3120 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/24 18:01:16.0476 3120 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
2011/07/24 18:01:16.0585 3120 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/24 18:01:16.0709 3120 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
2011/07/24 18:01:16.0812 3120 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/24 18:01:16.0915 3120 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/24 18:01:17.0009 3120 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/24 18:01:17.0125 3120 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/24 18:01:17.0229 3120 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/24 18:01:17.0423 3120 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/24 18:01:17.0665 3120 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
2011/07/24 18:01:17.0790 3120 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/24 18:01:17.0909 3120 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/24 18:01:17.0962 3120 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/24 18:01:18.0080 3120 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/24 18:01:18.0195 3120 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/24 18:01:18.0294 3120 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/24 18:01:18.0384 3120 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/24 18:01:18.0497 3120 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/24 18:01:18.0592 3120 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/24 18:01:18.0682 3120 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/24 18:01:18.0770 3120 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/24 18:01:18.0869 3120 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/24 18:01:18.0972 3120 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/24 18:01:19.0062 3120 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/24 18:01:19.0179 3120 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/24 18:01:19.0272 3120 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/24 18:01:19.0383 3120 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/24 18:01:19.0479 3120 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/24 18:01:19.0587 3120 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/24 18:01:19.0681 3120 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/24 18:01:19.0771 3120 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/24 18:01:20.0134 3120 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/24 18:01:20.0285 3120 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
2011/07/24 18:01:20.0386 3120 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/24 18:01:20.0481 3120 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/24 18:01:20.0591 3120 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/24 18:01:20.0664 3120 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/24 18:01:20.0840 3120 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/24 18:01:21.0049 3120 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/24 18:01:21.0150 3120 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/24 18:01:21.0272 3120 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/24 18:01:21.0374 3120 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/24 18:01:21.0474 3120 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/24 18:01:21.0583 3120 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/24 18:01:21.0684 3120 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/24 18:01:21.0784 3120 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/24 18:01:21.0881 3120 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/24 18:01:21.0983 3120 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/24 18:01:22.0082 3120 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/24 18:01:22.0218 3120 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/24 18:01:22.0325 3120 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/24 18:01:22.0444 3120 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
2011/07/24 18:01:22.0605 3120 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/24 18:01:22.0720 3120 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/24 18:01:22.0821 3120 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/24 18:01:22.0926 3120 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/24 18:01:23.0025 3120 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/24 18:01:23.0121 3120 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/24 18:01:23.0235 3120 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/24 18:01:23.0348 3120 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/24 18:01:23.0456 3120 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/24 18:01:23.0557 3120 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/24 18:01:23.0651 3120 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/24 18:01:23.0752 3120 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/24 18:01:23.0895 3120 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
2011/07/24 18:01:24.0023 3120 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/24 18:01:24.0213 3120 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
2011/07/24 18:01:24.0357 3120 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/24 18:01:24.0453 3120 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/24 18:01:24.0533 3120 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/24 18:01:24.0631 3120 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/24 18:01:24.0727 3120 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/24 18:01:24.0824 3120 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/24 18:01:24.0925 3120 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/24 18:01:25.0022 3120 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/24 18:01:25.0133 3120 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
2011/07/24 18:01:25.0233 3120 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/24 18:01:25.0326 3120 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/24 18:01:25.0428 3120 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/24 18:01:25.0542 3120 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/24 18:01:25.0645 3120 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/24 18:01:25.0772 3120 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
2011/07/24 18:01:25.0895 3120 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/07/24 18:01:26.0003 3120 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/24 18:01:26.0138 3120 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\Windows\system32\DRIVERS\LPCFilter.sys
2011/07/24 18:01:26.0286 3120 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/24 18:01:26.0329 3120 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/24 18:01:26.0448 3120 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/24 18:01:26.0541 3120 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/24 18:01:26.0582 3120 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/24 18:01:26.0722 3120 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/24 18:01:26.0825 3120 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/24 18:01:27.0078 3120 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/24 18:01:27.0177 3120 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/24 18:01:27.0265 3120 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/24 18:01:27.0364 3120 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/24 18:01:27.0490 3120 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/24 18:01:27.0590 3120 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/24 18:01:27.0696 3120 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/24 18:01:27.0736 3120 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/24 18:01:27.0895 3120 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/24 18:01:28.0048 3120 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/24 18:01:28.0176 3120 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/24 18:01:28.0281 3120 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/24 18:01:28.0426 3120 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/24 18:01:28.0466 3120 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/24 18:01:28.0564 3120 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/24 18:01:28.0787 3120 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/24 18:01:28.0992 3120 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/24 18:01:29.0176 3120 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/24 18:01:29.0482 3120 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/24 18:01:29.0710 3120 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/24 18:01:29.0885 3120 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/24 18:01:30.0063 3120 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/24 18:01:30.0253 3120 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/24 18:01:30.0420 3120 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/24 18:01:30.0598 3120 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/24 18:01:30.0861 3120 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/24 18:01:31.0060 3120 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/24 18:01:31.0257 3120 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/24 18:01:31.0475 3120 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/24 18:01:31.0657 3120 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/24 18:01:31.0855 3120 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/24 18:01:32.0018 3120 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/24 18:01:32.0229 3120 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/24 18:01:32.0444 3120 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/24 18:01:32.0749 3120 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/24 18:01:32.0875 3120 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/24 18:01:33.0125 3120 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
2011/07/24 18:01:33.0353 3120 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/24 18:01:33.0574 3120 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
2011/07/24 18:01:34.0327 3120 nvlddmkm (7a0fa5fe8b2904cdf3e375f45c23a858) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/24 18:01:34.0827 3120 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
2011/07/24 18:01:35.0030 3120 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
2011/07/24 18:01:35.0184 3120 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/24 18:01:35.0388 3120 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/24 18:01:35.0581 3120 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/24 18:01:35.0744 3120 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/24 18:01:35.0897 3120 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/24 18:01:36.0078 3120 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/24 18:01:36.0214 3120 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/24 18:01:36.0368 3120 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/24 18:01:36.0506 3120 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/24 18:01:36.0702 3120 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys
2011/07/24 18:01:36.0936 3120 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/24 18:01:37.0171 3120 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/24 18:01:37.0353 3120 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/24 18:01:37.0634 3120 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/24 18:01:37.0892 3120 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/24 18:01:38.0072 3120 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/24 18:01:38.0334 3120 RapportCerberus_28711 (e0974d0548a4c698b8e67d71c521de1a) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\28711\RapportCerberus64_28711.sys
2011/07/24 18:01:38.0613 3120 RapportEI64 (230fdd5894be098dcc4d1d3a79a2b6ee) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
2011/07/24 18:01:38.0777 3120 RapportKE64 (f52e5a070e5be367db3124118b12f51d) C:\Windows\system32\Drivers\RapportKE64.sys
2011/07/24 18:01:38.0991 3120 RapportPG64 (03fc5131a18b97d0cf63d9df37a35d52) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
2011/07/24 18:01:39.0117 3120 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/24 18:01:39.0255 3120 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/24 18:01:39.0448 3120 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/24 18:01:39.0631 3120 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/24 18:01:39.0780 3120 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/24 18:01:39.0904 3120 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/24 18:01:40.0086 3120 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/24 18:01:40.0236 3120 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/24 18:01:40.0286 3120 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/24 18:01:40.0454 3120 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/24 18:01:40.0613 3120 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/24 18:01:40.0834 3120 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/24 18:01:41.0055 3120 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/24 18:01:41.0269 3120 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/07/24 18:01:41.0487 3120 RTL8187B (f70a9384917659a4c5ef30f0f4ec484d) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/07/24 18:01:41.0693 3120 rtl8192se (a9ede191b5478d18f0a1bff3b822f7a5) C:\Windows\system32\DRIVERS\rtl8192se.sys
2011/07/24 18:01:42.0010 3120 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/07/24 18:01:42.0434 3120 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/07/24 18:01:42.0732 3120 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/24 18:01:43.0119 3120 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/24 18:01:43.0399 3120 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/24 18:01:43.0587 3120 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/24 18:01:43.0831 3120 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/24 18:01:44.0066 3120 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/24 18:01:44.0221 3120 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/24 18:01:44.0433 3120 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/24 18:01:44.0643 3120 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/24 18:01:44.0925 3120 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/24 18:01:45.0214 3120 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/24 18:01:45.0420 3120 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/24 18:01:45.0622 3120 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/24 18:01:45.0871 3120 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/24 18:01:47.0421 3120 SNP2STD (ac8f1ef394faf226b64a8e937e6d812b) C:\Windows\system32\DRIVERS\snp2sxp.sys
2011/07/24 18:01:48.0165 3120 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/24 18:01:48.0790 3120 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
2011/07/24 18:01:49.0364 3120 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/24 18:01:49.0539 3120 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/24 18:01:49.0680 3120 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/24 18:01:49.0847 3120 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/24 18:01:50.0100 3120 SynTP (0faa1933fbcf916c301ff94acc623031) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/24 18:01:50.0708 3120 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
2011/07/24 18:01:51.0231 3120 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/24 18:01:51.0521 3120 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/24 18:01:51.0994 3120 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/07/24 18:01:52.0409 3120 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/24 18:01:52.0711 3120 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/24 18:01:52.0972 3120 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/24 18:01:53.0225 3120 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/24 18:01:53.0479 3120 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\Windows\system32\DRIVERS\thpdrv.sys
2011/07/24 18:01:53.0661 3120 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\Windows\system32\DRIVERS\Thpevm.SYS
2011/07/24 18:01:54.0135 3120 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
2011/07/24 18:01:54.0674 3120 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/24 18:01:55.0175 3120 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/24 18:01:55.0612 3120 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/07/24 18:01:56.0022 3120 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys
2011/07/24 18:01:56.0395 3120 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/24 18:01:56.0694 3120 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/24 18:01:57.0206 3120 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/24 18:01:57.0614 3120 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/24 18:01:57.0985 3120 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/24 18:01:58.0413 3120 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/07/24 18:01:58.0548 3120 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/24 18:01:58.0616 3120 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/24 18:01:59.0032 3120 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/24 18:01:59.0566 3120 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/24 18:01:59.0948 3120 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
2011/07/24 18:02:00.0311 3120 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/24 18:02:00.0610 3120 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/24 18:02:00.0869 3120 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/24 18:02:01.0150 3120 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/24 18:02:01.0467 3120 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/24 18:02:01.0709 3120 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/24 18:02:01.0905 3120 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/24 18:02:02.0061 3120 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/24 18:02:02.0359 3120 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/24 18:02:02.0583 3120 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/24 18:02:02.0769 3120 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/24 18:02:02.0967 3120 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/24 18:02:03.0200 3120 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/24 18:02:03.0410 3120 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/24 18:02:03.0636 3120 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/24 18:02:03.0898 3120 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/24 18:02:04.0048 3120 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/07/24 18:02:04.0425 3120 VX1000 (ce6c085771812d5ee863cc7ef93caef2) C:\Windows\system32\DRIVERS\VX1000.sys
2011/07/24 18:02:04.0723 3120 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/24 18:02:04.0942 3120 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/24 18:02:04.0962 3120 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/24 18:02:05.0203 3120 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/24 18:02:05.0444 3120 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/24 18:02:05.0663 3120 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/24 18:02:05.0816 3120 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/24 18:02:06.0109 3120 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/24 18:02:06.0330 3120 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/24 18:02:06.0618 3120 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/24 18:02:06.0845 3120 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/24 18:02:07.0027 3120 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/24 18:02:07.0161 3120 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/24 18:02:07.0225 3120 Boot (0x1200) (2cb4ab6ab81f86f340368bd26e69ea57) \Device\Harddisk0\DR0\Partition0
2011/07/24 18:02:07.0257 3120 Boot (0x1200) (e9f08fff37de046155602ad32f6b799d) \Device\Harddisk0\DR0\Partition1
2011/07/24 18:02:07.0264 3120 ================================================================================
2011/07/24 18:02:07.0264 3120 Scan finished
2011/07/24 18:02:07.0264 3120 ================================================================================
2011/07/24 18:02:07.0280 2448 Detected object count: 0
2011/07/24 18:02:07.0280 2448 Actual detected object count: 0


Here is the Combofix.txt file:

ComboFix 11-07-24.01 - Tommy 24/07/2011 19:24:33.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.353.1033.18.4061.2499 [GMT 1:00]
Running from: C:\Users\Tommy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


Many thanks again.

PS I can't find the Lavasoft Ad-Watch Live! software in my program files list in control panel, and I cannot find it when I type Lavasoft in the search bar in "start" (bottom left button).
  • 0

#12
ali.B
Posted 24 July 2011 - 03:52 PM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
are you still getting redirected ?
  • 0

#13
Tombomb7
Posted 24 July 2011 - 03:59 PM

Tombomb7

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Im afraid so.
I'm sorry I don't know why I am.
  • 0

#14
ali.B
Posted 25 July 2011 - 05:15 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
what do you have on the 149 GB drive ?
  • 0

#15
ali.B
Posted 02 August 2011 - 07:34 AM

ali.B

    Trusted Helper

  • Malware Removal
  • 3,086 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP