Author Topic: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove (Read 4431 times)

Armaneus · « **on:** February 27, 2012, 11:41:54 AM »

Yesterday, ESET flagged a possible virus, but was unable to remove it. It gave this exact message:

Active boot sector of the 0. physical disk - probably unknown TSR.BOOT virus [7] - unable to clean

I have been having an issue with a particular update for Internet Explorer, which might be (or probably is the cause). I have been unable to fix it on my own.

My DDS is:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_31
Run by Josh at 8:36:11 on 2012-02-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.1250 [GMT -8:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\TAMSvr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\authServer.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\ThpSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files (x86)\CE\CovenantEyes.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\CE\CovenantEyesHelper.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [EPSON NX410 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFCA.EXE /FU "C:\Windows\TEMP\E_SA446.tmp" /EF "HKCU"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [NMSVC] "C:\Program Files (x86)\CE\CovenantEyes.exe"
mRun: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
mRun: [BrStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=
StartupFolder: C:\Users\Josh\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe
StartupFolder: C:\Users\Josh\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: CESpy.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{43C616D4-6918-44B7-8965-0A49D8565508} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [NDSTray.exe] NDSTray.exe
mRun-x64: [cfFncEnabler.exe] cfFncEnabler.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun-x64: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun-x64: [NMSVC] "C:\Program Files (x86)\CE\CovenantEyes.exe"
mRun-x64: [ControlCenter4] "C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe" /autorun
mRun-x64: [BrStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
mRun-x64: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun-x64: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
mRun-x64: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT"&"inst=
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\pwglhhij.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Josh\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Josh\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\Josh\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Josh\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Josh\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Move Media Player: moveplayer@movenetworks.com - C:\Users\Josh\AppData\Roaming\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\system32\DRIVERS\thpdrv.sys --> C:\Windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS --> C:\Windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys --> C:\Windows\system32\DRIVERS\ehdrv.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Auth Service;Auth Service;C:\Windows\System32\authServer.exe [2011-7-3 290816]
R2 Authentec memory manager;Authentec memory manager service;C:\Windows\system32\TAMSvr.exe --> C:\Windows\system32\TAMSvr.exe [?]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-6-27 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-7-10 40960]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-1-12 810144]
R2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2152152]
R2 OpenLibSys;OpenLibSys;C:\Program Files (x86)\NXP\FM Radio\OpenLibSysX64.sys [2009-1-4 14544]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-18 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-18 399416]
R2 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-9-9 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-7-17 139776]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-8-5 245760]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-1 17152]
R3 NETwNv64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETwNv64.sys --> C:\Windows\system32\DRIVERS\NETwNv64.sys [?]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-8-25 89600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-22 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-22 135664]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 KR10I64;KR10I64;C:\Windows\system32\drivers\kr10i64.sys --> C:\Windows\system32\drivers\kr10i64.sys [?]
S4 KR10N64;KR10N64;C:\Windows\system32\drivers\kr10n64.sys --> C:\Windows\system32\drivers\kr10n64.sys [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-27 10:24:21   69000   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8C46BA19-3BCD-49C1-8C61-41198957ECB2}\offreg.dll
2012-02-27 05:59:10   --------   d-----w-   C:\Users\Josh\AppData\Local\{B3702AE1-6034-415A-B851-EB16BAB0D434}
2012-02-25 19:55:10   --------   d-----w-   C:\Users\Josh\AppData\Local\{82E8FAF8-69CC-4E21-85B6-1B08F0007689}
2012-02-25 19:54:33   --------   d-----w-   C:\Users\Josh\AppData\Local\{D7DDC9F0-AC04-460B-8DFA-CA4F66966DF3}
2012-02-25 04:07:00   8643640   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8C46BA19-3BCD-49C1-8C61-41198957ECB2}\mpengine.dll
2012-02-25 03:38:48   --------   d-----w-   C:\Users\Josh\AppData\Local\{5404B7F9-F280-45CC-8DEA-233AAD4BDB32}
2012-02-25 03:37:52   --------   d-----w-   C:\Users\Josh\AppData\Local\{C0233D05-AC11-4F19-B53E-B59C14F0B6CE}
2012-02-15 18:11:08   680448   ----a-w-   C:\Windows\SysWow64\msvcrt.dll
2012-02-15 18:11:08   621056   ----a-w-   C:\Windows\System32\msvcrt.dll
2012-02-15 18:11:07   2765824   ----a-w-   C:\Windows\System32\win32k.sys
2012-02-15 18:11:06   404992   ----a-w-   C:\Windows\System32\drivers\afd.sys
2012-02-15 18:10:38   2409784   ----a-w-   C:\Program Files\Windows Mail\OESpamFilter.dat
2012-02-15 18:10:38   2409784   ----a-w-   C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2012-02-15 16:42:27   --------   d-----w-   C:\Users\Josh\AppData\Local\{D111033E-A5CF-406E-B46E-C927975689BA}
2012-02-15 16:41:57   --------   d-----w-   C:\Users\Josh\AppData\Local\{E1E640B4-A09A-4410-B9F7-E612A92CB88E}
2012-02-06 04:02:20   --------   d-----w-   C:\Users\Josh\AppData\Local\{A977A132-7C3F-49DC-ACCB-AE59D395DA5F}
2012-02-06 04:01:50   --------   d-----w-   C:\Users\Josh\AppData\Local\{47792703-9448-4D90-804A-0ED6196163DF}
.
==================== Find3M ====================
.
2012-02-20 08:59:26   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-02-19 00:45:38   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 13:10:42   279656   ------w-   C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 8:36:28.78 ===============

The attachment log is:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/4/2009 06:18:04
System Uptime: 2/26/2012 21:37:47 (11 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | CPU | 2267/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 297 GiB total, 126.571 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP714: 2/6/2012 12:25:17 - Scheduled Checkpoint
RP715: 2/7/2012 12:49:58 - Windows Update
RP716: 2/7/2012 18:29:36 - Windows Update
RP717: 2/10/2012 03:00:30 - Windows Update
RP718: 2/10/2012 16:43:46 - Windows Update
RP719: 2/11/2012 10:29:03 - Scheduled Checkpoint
RP720: 2/12/2012 15:04:34 - Scheduled Checkpoint
RP721: 2/13/2012 20:02:28 - Scheduled Checkpoint
RP722: 2/14/2012 02:01:09 - Windows Update
RP723: 2/14/2012 03:01:25 - Windows Update
RP724: 2/15/2012 15:16:29 - Scheduled Checkpoint
RP725: 2/17/2012 16:22:28 - Windows Update
RP726: 2/19/2012 00:39:37 - Scheduled Checkpoint
RP727: 2/20/2012 00:56:44 - Installed Java(TM) 6 Update 31
RP728: 2/21/2012 10:08:12 - Windows Update
RP729: 2/23/2012 12:57:37 - Scheduled Checkpoint
RP730: 2/24/2012 03:01:23 - Windows Update
RP731: 2/24/2012 19:38:57 - Windows Update
RP732: 2/24/2012 20:05:14 - Windows Update
RP733: 2/26/2012 03:00:24 - Windows Update
RP734: 2/26/2012 21:34:34 - Windows Update
RP735: 2/27/2012 03:00:14 - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Age of Empires Online
Amazon MP3 Uploader
Apple Application Support
Apple Software Update
BlueJ 3.0.2
Boingo Wi-Fi
Brother MFL-Pro Suite DCP-7065DN
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
Covenant Eyes
CyberLink PowerCinema for TOSHIBA
D3DX10
Dropbox
DVD MovieFactory for TOSHIBA
EPSON Scan
Facebook Plug-In
FM Tuner Utility
Geek Squad 24 Hour Computer Support
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GP5 Web Conferencing
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Impulse
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 6
Junk Mail filter update
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Miners4k
Move Media Player
Mozilla Firefox (3.6.27)
Mozilla Thunderbird (3.1.19)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Nuance PaperPort 12
Nuance PDF Viewer Plus
Pando Media Booster
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Samsung PC Studio 3 USB Driver Installer
Scansoft PDF Professional
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Sins of a Solar Empire
Sins of a Solar Empire - Entrenchment
Skype Click to Call
Skype™ 5.5
StarCraft
swMSM
System Requirements Lab for Intel
The Lord of the Rings Online™ v03.03.00.8048
The Sims Complete Collection
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrueCrypt
TrueSuite Access Manager
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Warcraft III
Warcraft III: All Products
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinEdt
Wolfram Notebook Indexer 2.0
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
2/27/2012 03:15:18, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007371c: Cumulative Security Update for Internet Explorer 8 for Windows Vista for x64-based Systems (KB2647516).
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-8_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-6_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-51_neutral_PACKAGE from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-50_neutral_PACKAGE from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-49_neutral_PACKAGE from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-48_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-46_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-44_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-42_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-40_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-4_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-38_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-36_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-34_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-32_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-30_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-28_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-26_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-24_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-22_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-20_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-2_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-18_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-16_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-14_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-12_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-10_neutral_GDR from package KB2647516(Security Update) into Staged(Staged) state
2/27/2012 03:08:51, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2647516 (Security Update) into Install Requested(Install Requested) state
2/26/2012 21:46:42, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
2/24/2012 19:49:36, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-51_neutral_PACKAGE from package KB2647516(Security Update) into Resolved(Resolved) state
2/24/2012 19:49:36, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-50_neutral_PACKAGE from package KB2647516(Security Update) into Resolved(Resolved) state
2/24/2012 19:49:36, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2647516-49_neutral_PACKAGE from package KB2647516(Security Update) into Resolved(Resolved) state
2/24/2012 19:42:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Software Shadow Copy Provider service to connect.
2/24/2012 19:42:52, Error: Service Control Manager [7000] - The Microsoft Software Shadow Copy Provider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/24/2012 19:42:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
2/24/2012 19:39:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
2/24/2012 19:39:42, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/24/2012 19:39:41, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
2/24/2012 19:32:48, Error: EventLog [6008] - The previous system shutdown at 3:07:56 AM on 2/24/2012 was unexpected.
.
==== End Of File ===========================

Thank you so much in advance.

kevinf80 · « **Reply #1 on:** February 27, 2012, 12:15:17 PM »

Hello Armaneus and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin. Go Here and follow the instructions specific for your operating system.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Kevin

Armaneus · « **Reply #2 on:** February 27, 2012, 01:39:27 PM »

Thank you for your willingness to help me. I'm currently backing up, I will tell you when I've attempted to fix the problem.

kevinf80 · « **Reply #3 on:** February 27, 2012, 01:42:55 PM »

OK, Post log from TDSSKiller when you`re ready, i`ll be here

Armaneus · « **Reply #4 on:** February 27, 2012, 02:20:22 PM »

Apparently SpywareHammer is not letting me post the log, as it says it exceeds 50,000 characters. I will post in two replies. It did not find any errors in it. Here is the log, part 1:

12:24:51.0466 6024   TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
12:24:51.0988 6024   ============================================================
12:24:51.0988 6024   Current date / time: 2012/02/27 12:24:51.0988
12:24:51.0988 6024   SystemInfo:
12:24:51.0988 6024
12:24:51.0988 6024   OS Version: 6.0.6002 ServicePack: 2.0
12:24:51.0988 6024   Product type: Workstation
12:24:51.0988 6024   ComputerName: ATLAS
12:24:51.0989 6024   UserName: Josh
12:24:51.0989 6024   Windows directory: C:\Windows
12:24:51.0989 6024   System windows directory: C:\Windows
12:24:51.0989 6024   Running under WOW64
12:24:51.0989 6024   Processor architecture: Intel x64
12:24:51.0989 6024   Number of processors: 2
12:24:51.0989 6024   Page size: 0x1000
12:24:51.0989 6024   Boot type: Normal boot
12:24:51.0989 6024   ============================================================
12:24:52.0367 6024   Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:24:52.0374 6024   \Device\Harddisk0\DR0:
12:24:52.0374 6024   MBR used
12:24:52.0374 6024   \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x25140000
12:24:52.0404 6024   Initialize success
12:24:52.0404 6024   ============================================================
12:25:00.0502 5492   ============================================================
12:25:00.0503 5492   Scan started
12:25:00.0503 5492   Mode: Manual; SigCheck; TDLFS;
12:25:00.0503 5492   ============================================================
12:25:00.0774 5492   ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
12:25:00.0864 5492   ACPI - ok
12:25:00.0954 5492   adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
12:25:01.0019 5492   adp94xx - ok
12:25:01.0112 5492   adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
12:25:01.0160 5492   adpahci - ok
12:25:01.0214 5492   adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
12:25:01.0241 5492   adpu160m - ok
12:25:01.0337 5492   adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
12:25:01.0350 5492   adpu320 - ok
12:25:01.0572 5492   AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
12:25:01.0598 5492   AFD - ok
12:25:01.0693 5492   agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
12:25:01.0721 5492   agp440 - ok
12:25:01.0815 5492   aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
12:25:01.0827 5492   aic78xx - ok
12:25:01.0941 5492   aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
12:25:01.0950 5492   aliide - ok
12:25:01.0980 5492   amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
12:25:02.0009 5492   amdide - ok
12:25:02.0071 5492   AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
12:25:02.0121 5492   AmdK8 - ok
12:25:02.0239 5492   arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
12:25:02.0270 5492   arc - ok
12:25:02.0338 5492   arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
12:25:02.0364 5492   arcsas - ok
12:25:02.0496 5492   AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
12:25:02.0538 5492   AsyncMac - ok
12:25:02.0582 5492   atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
12:25:02.0613 5492   atapi - ok
12:25:02.0672 5492   ATSWPDRV (4b947a0ecc4a0d0349034a67e5c78dcc) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
12:25:02.0701 5492   ATSWPDRV - ok
12:25:02.0849 5492   blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
12:25:02.0888 5492   blbdrive - ok
12:25:02.0940 5492   bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
12:25:02.0957 5492   bowser - ok
12:25:02.0999 5492   BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
12:25:03.0022 5492   BrFiltLo - ok
12:25:03.0098 5492   BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
12:25:03.0121 5492   BrFiltUp - ok
12:25:03.0185 5492   Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
12:25:03.0235 5492   Brserid - ok
12:25:03.0273 5492   BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
12:25:03.0340 5492   BrSerWdm - ok
12:25:03.0425 5492   BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
12:25:03.0491 5492   BrUsbMdm - ok
12:25:03.0514 5492   BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
12:25:03.0566 5492   BrUsbSer - ok
12:25:03.0627 5492   BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
12:25:03.0680 5492   BTHMODEM - ok
12:25:03.0787 5492   cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
12:25:03.0841 5492   cdfs - ok
12:25:03.0881 5492   cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
12:25:03.0924 5492   cdrom - ok
12:25:04.0023 5492   circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
12:25:04.0055 5492   circlass - ok
12:25:04.0107 5492   CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
12:25:04.0125 5492   CLFS - ok
12:25:04.0246 5492   CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
12:25:04.0281 5492   CmBatt - ok
12:25:04.0312 5492   cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
12:25:04.0337 5492   cmdide - ok
12:25:04.0366 5492   Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
12:25:04.0379 5492   Compbatt - ok
12:25:04.0422 5492   crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
12:25:04.0449 5492   crcdisk - ok
12:25:04.0578 5492   DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
12:25:04.0611 5492   DfsC - ok
12:25:04.0742 5492   disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
12:25:04.0753 5492   disk - ok
12:25:04.0823 5492   drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
12:25:04.0846 5492   drmkaud - ok
12:25:04.0918 5492   DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
12:25:04.0950 5492   DXGKrnl - ok
12:25:05.0034 5492   E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
12:25:05.0068 5492   E1G60 - ok
12:25:05.0121 5492   eamonm (aca3fe4f18a945b7bf2618a79f6f670b) C:\Windows\system32\DRIVERS\eamonm.sys
12:25:05.0149 5492   eamonm - ok
12:25:05.0247 5492   Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
12:25:05.0275 5492   Ecache - ok
12:25:05.0319 5492   ehdrv (6672438bdcbfd87250d22112d458294d) C:\Windows\system32\DRIVERS\ehdrv.sys
12:25:05.0328 5492   ehdrv - ok
12:25:05.0413 5492   elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
12:25:05.0445 5492   elxstor - ok
12:25:05.0523 5492   epfw (443805b5b11c859ac8ca35297648ff0c) C:\Windows\system32\DRIVERS\epfw.sys
12:25:05.0533 5492   epfw - ok
12:25:05.0637 5492   Epfwndis (66e61bc6c9f519a99275eb0f0e530bf4) C:\Windows\system32\DRIVERS\Epfwndis.sys
12:25:05.0674 5492   Epfwndis - ok
12:25:05.0763 5492   epfwwfp (f72c97f3d34ea5ec919c73e3901266bb) C:\Windows\system32\DRIVERS\epfwwfp.sys
12:25:05.0771 5492   epfwwfp - ok
12:25:05.0847 5492   ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
12:25:05.0896 5492   ErrDev - ok
12:25:05.0999 5492   exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
12:25:06.0046 5492   exfat - ok
12:25:06.0109 5492   fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
12:25:06.0155 5492   fastfat - ok
12:25:06.0234 5492   fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
12:25:06.0265 5492   fdc - ok
12:25:06.0297 5492   FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
12:25:06.0323 5492   FileInfo - ok
12:25:06.0387 5492   Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
12:25:06.0418 5492   Filetrace - ok
12:25:06.0467 5492   flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:25:06.0514 5492   flpydisk - ok
12:25:06.0551 5492   FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
12:25:06.0566 5492   FltMgr - ok
12:25:06.0637 5492   Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
12:25:06.0675 5492   Fs_Rec - ok
12:25:06.0709 5492   FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
12:25:06.0735 5492   FwLnk - ok
12:25:06.0769 5492   gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
12:25:06.0809 5492   gagp30kx - ok
12:25:06.0955 5492   HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
12:25:07.0004 5492   HdAudAddService - ok
12:25:07.0063 5492   HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:25:07.0105 5492   HDAudBus - ok
12:25:07.0172 5492   HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
12:25:07.0220 5492   HidBth - ok
12:25:07.0263 5492   HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
12:25:07.0325 5492   HidIr - ok
12:25:07.0394 5492   HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
12:25:07.0417 5492   HidUsb - ok
12:25:07.0524 5492   HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
12:25:07.0549 5492   HpCISSs - ok
12:25:07.0603 5492   HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
12:25:07.0671 5492   HTTP - ok
12:25:07.0766 5492   i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
12:25:07.0777 5492   i2omp - ok
12:25:07.0840 5492   i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
12:25:07.0881 5492   i8042prt - ok
12:25:07.0921 5492   iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\DRIVERS\iaStor.sys
12:25:07.0962 5492   iaStor - ok
12:25:08.0069 5492   iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
12:25:08.0081 5492   iaStorV - ok
12:25:08.0327 5492   igfx (663e7364f650a915d415eeb2da98d86a) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:25:08.0704 5492   igfx - ok
12:25:08.0801 5492   iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
12:25:08.0811 5492   iirsp - ok
12:25:08.0959 5492   IntcAzAudAddService (f64254b9ac03d1009e82ea174d4ec10d) C:\Windows\system32\drivers\RTKVHD64.sys
12:25:09.0005 5492   IntcAzAudAddService - ok
12:25:09.0121 5492   IntcHdmiAddService (bd37227c07179b1040a8896b9c0c146b) C:\Windows\system32\drivers\IntcHdmi.sys
12:25:09.0152 5492   IntcHdmiAddService - ok
12:25:09.0215 5492   intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
12:25:09.0225 5492   intelide - ok
12:25:09.0253 5492   intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
12:25:09.0300 5492   intelppm - ok
12:25:09.0395 5492   IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:25:09.0432 5492   IpFilterDriver - ok
12:25:09.0445 5492   IpInIp - ok
12:25:09.0498 5492   IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
12:25:09.0560 5492   IPMIDRV - ok
12:25:09.0587 5492   IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
12:25:09.0653 5492   IPNAT - ok
12:25:09.0689 5492   IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
12:25:09.0719 5492   IRENUM - ok
12:25:09.0836 5492   isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
12:25:09.0863 5492   isapnp - ok
12:25:09.0924 5492   iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
12:25:09.0936 5492   iScsiPrt - ok
12:25:09.0959 5492   iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
12:25:09.0970 5492   iteatapi - ok
12:25:10.0071 5492   iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
12:25:10.0083 5492   iteraid - ok
12:25:10.0107 5492   kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
12:25:10.0133 5492   kbdclass - ok
12:25:10.0153 5492   kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:25:10.0184 5492   kbdhid - ok
12:25:10.0225 5492   KR10I64 (7c999f96b239e214154db3c808e6736a) C:\Windows\system32\drivers\kr10i64.sys
12:25:10.0237 5492   KR10I64 - ok
12:25:10.0270 5492   KR10N64 (8cb9a9164d4e789424f943fa718fa3f2) C:\Windows\system32\drivers\kr10n64.sys
12:25:10.0282 5492   KR10N64 - ok
12:25:10.0376 5492   KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
12:25:10.0397 5492   KSecDD - ok
12:25:10.0433 5492   ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
12:25:10.0464 5492   ksthunk - ok
12:25:10.0541 5492   Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
12:25:10.0550 5492   Lavasoft Kernexplorer - ok
12:25:10.0623 5492   Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
12:25:10.0631 5492   Lbd - ok
12:25:10.0673 5492   lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
12:25:10.0720 5492   lltdio - ok
12:25:10.0748 5492   LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
12:25:10.0758 5492   LSI_FC - ok
12:25:10.0793 5492   LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
12:25:10.0803 5492   LSI_SAS - ok
12:25:10.0905 5492   LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
12:25:10.0915 5492   LSI_SCSI - ok
12:25:10.0949 5492   luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
12:25:10.0982 5492   luafv - ok
12:25:11.0028 5492   megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
12:25:11.0067 5492   megasas - ok
12:25:11.0095 5492   MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
12:25:11.0131 5492   MegaSR - ok
12:25:11.0217 5492   Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
12:25:11.0263 5492   Modem - ok
12:25:11.0288 5492   monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
12:25:11.0320 5492   monitor - ok
12:25:11.0369 5492   motmodem (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motmodem.sys
12:25:11.0396 5492   motmodem - ok
12:25:11.0483 5492   mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
12:25:11.0522 5492   mouclass - ok
12:25:11.0547 5492   mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
12:25:11.0579 5492   mouhid - ok
12:25:11.0601 5492   MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
12:25:11.0611 5492   MountMgr - ok
12:25:11.0657 5492   mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
12:25:11.0683 5492   mpio - ok
12:25:11.0718 5492   mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
12:25:11.0771 5492   mpsdrv - ok
12:25:11.0865 5492   Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
12:25:11.0875 5492   Mraid35x - ok
12:25:11.0916 5492   MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
12:25:11.0946 5492   MRxDAV - ok
12:25:12.0004 5492   mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:25:12.0040 5492   mrxsmb - ok
12:25:12.0154 5492   mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:25:12.0184 5492   mrxsmb10 - ok
12:25:12.0252 5492   mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:25:12.0265 5492   mrxsmb20 - ok
12:25:12.0318 5492   msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys
12:25:12.0327 5492   msahci - ok
12:25:12.0430 5492   msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
12:25:12.0440 5492   msdsm - ok
12:25:12.0483 5492   Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
12:25:12.0513 5492   Msfs - ok
12:25:12.0560 5492   msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
12:25:12.0571 5492   msisadrv - ok
12:25:12.0686 5492   MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
12:25:12.0731 5492   MSKSSRV - ok
12:25:12.0762 5492   MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
12:25:12.0808 5492   MSPCLOCK - ok
12:25:12.0833 5492   MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
12:25:12.0867 5492   MSPQM - ok
12:25:12.0919 5492   MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
12:25:12.0934 5492   MsRPC - ok
12:25:13.0015 5492   mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
12:25:13.0025 5492   mssmbios - ok
12:25:13.0089 5492   MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
12:25:13.0136 5492   MSTEE - ok
12:25:13.0179 5492   Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
12:25:13.0206 5492   Mup - ok
12:25:13.0302 5492   NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
12:25:13.0318 5492   NativeWifiP - ok
12:25:13.0370 5492   NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
12:25:13.0404 5492   NDIS - ok
12:25:13.0487 5492   NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
12:25:13.0511 5492   NdisTapi - ok
12:25:13.0546 5492   Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
12:25:13.0593 5492   Ndisuio - ok
12:25:13.0626 5492   NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
12:25:13.0650 5492   NdisWan - ok
12:25:13.0674 5492   NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
12:25:13.0713 5492   NDProxy - ok
12:25:13.0812 5492   NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
12:25:13.0843 5492   NetBIOS - ok
12:25:13.0883 5492   netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
12:25:13.0909 5492   netbt - ok
12:25:13.0946 5492   NETw5v64 - ok
12:25:14.0144 5492   NETwNv64 (75700ccbcbc93ebe422e6589b70f97f0) C:\Windows\system32\DRIVERS\NETwNv64.sys
12:25:14.0560 5492   NETwNv64 - ok
12:25:14.0653 5492   nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
12:25:14.0693 5492   nfrd960 - ok
12:25:14.0736 5492   Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
12:25:14.0774 5492   Npfs - ok
12:25:14.0792 5492   nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
12:25:14.0824 5492   nsiproxy - ok
12:25:14.0895 5492   Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
12:25:14.0946 5492   Ntfs - ok
12:25:15.0076 5492   Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
12:25:15.0109 5492   Null - ok
12:25:15.0144 5492   nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
12:25:15.0154 5492   nvraid - ok
12:25:15.0185 5492   nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
12:25:15.0195 5492   nvstor - ok
12:25:15.0212 5492   nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
12:25:15.0224 5492   nv_agp - ok
12:25:15.0235 5492   NwlnkFlt - ok
12:25:15.0247 5492   NwlnkFwd - ok
12:25:15.0280 5492   ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
12:25:15.0343 5492   ohci1394 - ok
12:25:15.0406 5492   OpenLibSys (ccf523b951afaa0147f22e2a7aae4976) C:\Program Files (x86)\NXP\FM Radio\OpenLibSysX64.sys
12:25:15.0432 5492   OpenLibSys - ok
12:25:15.0546 5492   Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
12:25:15.0594 5492   Parport - ok
12:25:15.0627 5492   partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
12:25:15.0655 5492   partmgr - ok
12:25:15.0691 5492   pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
12:25:15.0718 5492   pci - ok
12:25:15.0802 5492   pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
12:25:15.0827 5492   pciide - ok
12:25:15.0842 5492   pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
12:25:15.0884 5492   pcmcia - ok
12:25:15.0922 5492   PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
12:25:15.0984 5492   PEAUTH - ok
12:25:16.0130 5492   PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
12:25:16.0169 5492   PptpMiniport - ok
12:25:16.0206 5492   Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
12:25:16.0252 5492   Processor - ok
12:25:16.0297 5492   PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
12:25:16.0321 5492   PSched - ok
12:25:16.0414 5492   PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
12:25:16.0422 5492   PSI - ok
12:25:16.0504 5492   ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
12:25:16.0558 5492   ql2300 - ok
12:25:16.0653 5492   ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
12:25:16.0664 5492   ql40xx - ok
12:25:16.0696 5492   QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
12:25:16.0710 5492   QWAVEdrv - ok
12:25:16.0725 5492   RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
12:25:16.0771 5492   RasAcd - ok
12:25:16.0795 5492   Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:25:16.0819 5492   Rasl2tp - ok
12:25:16.0851 5492   RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
12:25:16.0875 5492   RasPppoe - ok
12:25:16.0968 5492   RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
12:25:16.0981 5492   RasSstp - ok
12:25:17.0020 5492   rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
12:25:17.0045 5492   rdbss - ok
12:25:17.0076 5492   RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:25:17.0123 5492   RDPCDD - ok
12:25:17.0212 5492   rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
12:25:17.0245 5492   rdpdr - ok
12:25:17.0265 5492   RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
12:25:17.0297 5492   RDPENCDD - ok
12:25:17.0341 5492   RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
12:25:17.0367 5492   RDPWD - ok
12:25:17.0471 5492   rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
12:25:17.0497 5492   rimmptsk - ok
12:25:17.0529 5492   rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
12:25:17.0551 5492   rimsptsk - ok
12:25:17.0569 5492   rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
12:25:17.0595 5492   rismxdp - ok
12:25:17.0665 5492   ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
12:25:17.0696 5492   ROOTMODEM - ok
12:25:17.0720 5492   rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
12:25:17.0781 5492   rspndr - ok
12:25:17.0837 5492   RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
12:25:17.0849 5492   RTL8169 - ok
12:25:17.0927 5492   sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
12:25:17.0968 5492   sbp2port - ok
12:25:18.0044 5492   sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
12:25:18.0069 5492   sdbus - ok
12:25:18.0085 5492   secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:25:18.0147 5492   secdrv - ok
12:25:18.0228 5492   Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
12:25:18.0276 5492   Serenum - ok
12:25:18.0301 5492   Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
12:25:18.0349 5492   Serial - ok
12:25:18.0373 5492   sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
12:25:18.0434 5492   sermouse - ok
12:25:18.0472 5492   sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
12:25:18.0495 5492   sffdisk - ok
12:25:18.0514 5492   sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
12:25:18.0546 5492   sffp_mmc - ok
12:25:18.0624 5492   sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:25:18.0661 5492   sffp_sd - ok
12:25:18.0688 5492   sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
12:25:18.0749 5492   sfloppy - ok
12:25:18.0777 5492   SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
12:25:18.0803 5492   SiSRaid2 - ok
12:25:18.0825 5492   SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
12:25:18.0851 5492   SiSRaid4 - ok
12:25:18.0937 5492   Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
12:25:18.0991 5492   Smb - ok
12:25:19.0028 5492   spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
12:25:19.0038 5492   spldr - ok
12:25:19.0088 5492   srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
12:25:19.0131 5492   srv - ok
12:25:19.0237 5492   srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
12:25:19.0273 5492   srv2 - ok
12:25:19.0309 5492   srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
12:25:19.0321 5492   srvnet - ok
12:25:19.0455 5492   ss_bus (f5cb1651a046370739995015122c0b7e) C:\Windows\system32\DRIVERS\ss_bus.sys
12:25:19.0464 5492   ss_bus - ok
12:25:19.0492 5492   ss_mdfl (7e08ae04093bce4ac93ea179b58526f9) C:\Windows\system32\DRIVERS\ss_mdfl.sys
12:25:19.0515 5492   ss_mdfl - ok
12:25:19.0542 5492   ss_mdm (052bf246422b007d3b827ed2a306c859) C:\Windows\system32\DRIVERS\ss_mdm.sys
12:25:19.0552 5492   ss_mdm - ok
12:25:19.0609 5492   SVRPEDRV - ok
12:25:19.0691 5492   swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
12:25:19.0700 5492   swenum - ok
12:25:19.0743 5492   Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
12:25:19.0752 5492   Symc8xx - ok
12:25:19.0777 5492   Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
12:25:19.0788 5492   Sym_hi - ok
12:25:19.0815 5492   Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
12:25:19.0824 5492   Sym_u3 - ok
12:25:19.0863 5492   SynTP (d8edb37f6e235a47e12f1eafd85c2b6f) C:\Windows\system32\DRIVERS\SynTP.sys
12:25:19.0891 5492   SynTP - ok
12:25:20.0013 5492   Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
12:25:20.0061 5492   Tcpip - ok
12:25:20.0213 5492   Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
12:25:20.0257 5492   Tcpip6 - ok
12:25:20.0388 5492   tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
12:25:20.0413 5492   tcpipreg - ok
12:25:20.0455 5492   tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
12:25:20.0478 5492   tdcmdpst - ok
12:25:20.0509 5492   TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
12:25:20.0540 5492   TDPIPE - ok
12:25:20.0613 5492   TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
12:25:20.0645 5492   TDTCP - ok
12:25:20.0677 5492   tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
12:25:20.0716 5492   tdx - ok
12:25:20.0747 5492   TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
12:25:20.0774 5492   TermDD - ok
12:25:20.0888 5492   Thpdrv (da4084c3d84bc2688a680bfd46a63b87) C:\Windows\system32\DRIVERS\thpdrv.sys
12:25:20.0896 5492   Thpdrv - ok
12:25:20.0943 5492   Thpevm (d6704940a79831b4fa271d7a73d291d8) C:\Windows\system32\DRIVERS\Thpevm.SYS
12:25:20.0951 5492   Thpevm - ok
12:25:21.0097 5492   tosporte (0e8a784713a08b39e39565c91ece48ba) C:\Windows\system32\DRIVERS\tosporte.sys
12:25:21.0128 5492   tosporte - ok
12:25:21.0171 5492   tosrfbd (829f72ee6977b13969803a82359c56a0) C:\Windows\system32\DRIVERS\tosrfbd.sys
12:25:21.0206 5492   tosrfbd - ok
12:25:21.0243 5492   tosrfbnp (b955484f53de2dbb481f99ad10867ebe) C:\Windows\system32\Drivers\tosrfbnp.sys
12:25:21.0275 5492   tosrfbnp - ok
12:25:21.0375 5492   Tosrfcom (5eab16f461d026660b78b5bfcab7b549) C:\Windows\system32\Drivers\tosrfcom.sys
12:25:21.0386 5492   Tosrfcom - ok
12:25:21.0439 5492   tosrfec (fa427f666e4d425acb193e406f2c3fa1) C:\Windows\system32\DRIVERS\tosrfec.sys
12:25:21.0446 5492   tosrfec - ok
12:25:21.0479 5492   Tosrfhid (f3c57806b7ecd2101387b9af39059ff3) C:\Windows\system32\DRIVERS\Tosrfhid.sys
12:25:21.0512 5492   Tosrfhid - ok
12:25:21.0597 5492   tosrfnds (95552d0b11c70846299dca2ff0082205) C:\Windows\system32\DRIVERS\tosrfnds.sys
12:25:21.0634 5492   tosrfnds - ok
12:25:21.0709 5492   TosRfSnd (25bd441f1cec311648df259b9df2999b) C:\Windows\system32\drivers\tosrfsnd.sys
12:25:21.0738 5492   TosRfSnd - ok
12:25:21.0820 5492   Tosrfusb (c62c9f662ccdbdce0d9bbcb4e882ca34) C:\Windows\system32\DRIVERS\tosrfusb.sys
12:25:21.0853 5492   Tosrfusb - ok
12:25:21.0907 5492   tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
12:25:21.0925 5492   tos_sps64 - ok
12:25:21.0994 5492   truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
12:25:22.0036 5492   truecrypt - ok
12:25:22.0117 5492   tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:25:22.0149 5492   tssecsrv - ok
12:25:22.0186 5492   tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
12:25:22.0214 5492   tunmp - ok
12:25:22.0247 5492   tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
12:25:22.0275 5492   tunnel - ok
12:25:22.0349 5492   TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
12:25:22.0357 5492   TVALZ - ok
12:25:22.0399 5492   uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
12:25:22.0425 5492   uagp35 - ok
12:25:22.0467 5492   udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
12:25:22.0493 5492   udfs - ok
12:25:22.0587 5492   uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
12:25:22.0597 5492   uliagpkx - ok
12:25:22.0630 5492   uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
12:25:22.0658 5492   uliahci - ok
12:25:22.0684 5492   UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
12:25:22.0709 5492   UlSata - ok
12:25:22.0737 5492   ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
12:25:22.0764 5492   ulsata2 - ok
12:25:22.0843 5492   umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
12:25:22.0876 5492   umbus - ok
12:25:22.0918 5492   usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
12:25:22.0941 5492   usbccgp - ok
12:25:22.0998 5492   usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
12:25:23.0045 5492   usbcir - ok
12:25:23.0120 5492   usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
12:25:23.0143 5492   usbehci - ok
12:25:23.0174 5492   usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
12:25:23.0199 5492   usbhub - ok
12:25:23.0228 5492   usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
12:25:23.0305 5492   usbohci - ok
12:25:23.0333 5492   usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
12:25:23.0364 5492   usbprint - ok
12:25:23.0446 5492   usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
12:25:23.0470 5492   usbscan - ok
12:25:23.0515 5492   USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:25:23.0538 5492   USBSTOR - ok
12:25:23.0585 5492   usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
12:25:23.0608 5492   usbuhci - ok
12:25:23.0637 5492   usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
12:25:23.0669 5492   usbvideo - ok
12:25:23.0760 5492   UVCFTR (56ed086f1300ecb1e6f67ac43955e5e9) C:\Windows\system32\Drivers\UVCFTR_S.SYS
12:25:23.0768 5492   UVCFTR - ok
12:25:23.0816 5492   vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
12:25:23.0847 5492   vga - ok
12:25:23.0860 5492   VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
12:25:23.0892 5492   VgaSave - ok
12:25:23.0924 5492   viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
12:25:23.0952 5492   viaide - ok
12:25:23.0997 5492   volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
12:25:24.0008 5492   volmgr - ok
12:25:24.0095 5492   volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
12:25:24.0114 5492   volmgrx - ok
12:25:24.0149 5492   volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
12:25:24.0178 5492   volsnap - ok
12:25:24.0219 5492   vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
12:25:24.0231 5492   vsmraid - ok
12:25:24.0319 5492   WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
12:25:24.0367 5492   WacomPen - ok
12:25:24.0405 5492   Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
12:25:24.0429 5492   Wanarp - ok
12:25:24.0433 5492   Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
12:25:24.0456 5492   Wanarpv6 - ok
12:25:24.0493 5492   Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
12:25:24.0518 5492   Wd - ok
12:25:24.0573 5492   Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:25:24.0598 5492   Wdf01000 - ok
12:25:24.0756 5492   WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys
12:25:24.0779 5492   WinUSB - ok
12:25:24.0813 5492   WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
12:25:24.0851 5492   WmiAcpi - ok
12:25:24.0932 5492   WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
12:25:24.0962 5492   WpdUsb - ok
12:25:25.0036 5492   ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
12:25:25.0082 5492   ws2ifsl - ok
12:25:25.0157 5492   WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:25:25.0182 5492   WudfPf - ok
12:25:25.0284 5492   WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:25:25.0297 5492   WUDFRd - ok
12:25:25.0336 5492   MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
12:25:25.0515 5492   \Device\Harddisk0\DR0 - ok
12:25:25.0518 5492   Boot (0x1200) (cefd2b83879a8f11645765ec8f8d15ef) \Device\Harddisk0\DR0\Partition0
12:25:25.0519 5492   \Device\Harddisk0\DR0\Partition0 - ok
12:25:25.0520 5492   ============================================================
12:25:25.0520 5492   Scan finished
12:25:25.0520 5492   ============================================================
12:25:25.0530 2756   Detected object count: 0
12:25:25.0530 2756   Actual detected object count: 0

Edit: made a mistake first time, rescanned

Armaneus · « **Reply #5 on:** February 27, 2012, 02:21:53 PM »

double post.

kevinf80 · « **Reply #6 on:** February 27, 2012, 02:34:53 PM »

Thanks for the log, continue a follows:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

Ensure that Combofix is saved directly to the Desktop <--- Very important
Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
Close any open browsers and any other programs you might have running
Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
Instructions for running Combofix available Here if required.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin

Armaneus · « **Reply #7 on:** February 27, 2012, 03:21:08 PM »

Here is the combofix log:

ComboFix 12-02-25.02 - Josh 02/27/2012 12:46:56.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.2119 [GMT -8:00]
Running from: c:\users\Josh\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-27 20:59 . 2012-02-27 20:59   --------   d-----w-   c:\users\Josh\AppData\Local\temp
2012-02-27 20:59 . 2012-02-27 20:59   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-02-25 04:07 . 2012-02-08 07:13   8643640   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C46BA19-3BCD-49C1-8C61-41198957ECB2}\mpengine.dll
2012-02-15 18:11 . 2011-12-14 16:38   621056   ----a-w-   c:\windows\system32\msvcrt.dll
2012-02-15 18:11 . 2011-12-14 16:17   680448   ----a-w-   c:\windows\SysWow64\msvcrt.dll
2012-02-15 18:11 . 2012-01-12 20:16   2765824   ----a-w-   c:\windows\system32\win32k.sys
2012-02-15 18:11 . 2012-01-03 14:25   404992   ----a-w-   c:\windows\system32\drivers\afd.sys
2012-02-15 18:10 . 2011-12-20 10:56   2409784   ----a-w-   c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-02-15 18:10 . 2011-12-20 10:56   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 08:59 . 2010-07-10 19:23   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-02-19 00:45 . 2011-08-29 01:22   414368   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 13:10 . 2009-10-02 21:47   279656   ------w-   c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   94208   ----a-w-   c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-09 68856]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-08-14 417792]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-12-21 1804]
"NMSVC"="c:\program files (x86)\CE\CovenantEyes.exe" [2011-07-28 1298688]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2010-10-27 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-01-20 296056]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctNzAzNjYwNzkwLUJBKzEtS1YzKzctWEwrMS1UMy1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzQtWDIwMTArMi1GMTBNMTBDKzItTElDKzc3LVNQMSsxLVNVRCsxLVMxSSsxLVNVMysxLUZMMTArMS1UVUcrMy1MU0QrMi1ERFQrNTUxMzItREQxMEYrMQ&prod=55&ver=10.0.1392" [?]
.
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files (x86)\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-5 419104]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-18 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 14487662
*NewlyCreated* - 38384370
*Deregistered* - 14487662
*Deregistered* - 38384370
*Deregistered* - Lavasoft Kernexplorer
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 04:41]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 00:01]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-23 00:01]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1896370233-46711099-3527320237-1000Core.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-01 06:58]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1896370233-46711099-3527320237-1000UA.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-01 06:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12   97792   ----a-w-   c:\users\Josh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="RAVCpl64.exe" [2008-08-21 6456864]
"Skytel"="Skytel.exe" [2008-08-21 1833504]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-09-03 885248]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2008-07-25 94208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-15 1573160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-13 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-13 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-13 181784]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.toshibadirect.com/dpdstart
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: CESpy.dll
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\pwglhhij.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Josh\AppData\Roaming\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-27 13:14:41
ComboFix-quarantined-files.txt 2012-02-27 21:14
.
Pre-Run: 135,174,180,864 bytes free
Post-Run: 135,281,172,480 bytes free
.
- - End Of File - - 8B79F3A7B38053281821584EC9C2F1D7

Thank you very much.

kevinf80 · « **Reply #8 on:** February 27, 2012, 03:53:56 PM »

Can you run a full scan with your AV program (preferably ESET) and let me know what it reports.

One other point, you have a second AV program running, LavaSoft AdWatch Live AV, that will clash with ESET and may cause issues for your system.

It is possible to turn off the AV component of that application as follows:

Open Ad-Aware
Click on switch to advanced mode
Click on Settings
Click on the Ad-watch live! tab and under Detection layers ensure Antivirus engine is UNchecked
Click OK and close Ad-Aware

Thanks,

Kevin

Armaneus · « **Reply #9 on:** February 28, 2012, 11:29:28 PM »

Still trying to scan with ESET. It keeps getting hung up around 59%. Going to let it sit out overnight while scanning to see if it finishes.

kevinf80 · « **Reply #10 on:** February 28, 2012, 11:35:54 PM »

If your onboard security program will not complete try their online scanner:

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

Check
Click the button.
Accept any security warnings from your browser.
Check
Leave the tick out of remove found threats
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Armaneus · « **Reply #11 on:** February 29, 2012, 11:45:22 AM »

It finished this morning. Said there were no infected files, and did not give a log viewing option. Should I scan again?

kevinf80 · « **Reply #12 on:** February 29, 2012, 12:59:02 PM »

No need for a second scan, if it found nothing that is OK, Continue as follows please:

Step 1

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

The above procedure will delete the following:

ComboFix and its associated files and folders.
VundoFix backups, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.

It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.

Step 2

Download OTC by OldTimer and save it to your desktop. Alternative mirror
Double click icon to start the program.
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big button.
You will get a prompt saying "Begining Cleanup Process". Please select Yes.
Restart your computer when prompted.
This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.

Step 3

If you used ESET online scan UNinstall as follows, if you did not use it then just ignore this step....

Remove ESET Online Scanner

Click Start, type programs and features in the Search box, and then press ENTER.
Click to select the product to be uninstalled from the listing of installed products(ESET Online Scanner), and then click Uninstall/Change from the bar that displays the available tasks to remove ESET. Only re-boot if prompted

Step 4

You have an olde version of Java installed, please uninstall it Java(TM) 6 Update 6

Step 5

Download

TFC to your desktop, from either of the following links
Link 1
Link 2

Save any open work. TFC will close all open application windows.
Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
If prompted, click "Yes" to reboot.

TFC will automatically close any open programs, including your Desktop. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not Re-boot it yourself to complete cleaning process <---- Very Important

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. Always remember to re-boot after a run, even if not prompted

Let me know if those steps complete OK, also if any remaining issues or concerns...

Kevin

Armaneus · « **Reply #13 on:** March 03, 2012, 08:15:02 PM »

I went ahead and followed all the steps, no issues occurred. Thank you very much.

Armaneus · « **Reply #14 on:** March 03, 2012, 11:40:10 PM »

I'm actually having an issue with ESET scanning still. It gets hung up on java update 26, I believe. I will re-scan to confirm.

Thank you very much.

News:

Author Topic: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove (Read 4431 times)

Armaneus

[Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove

kevinf80

Re: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove

Armaneus

Re: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove

kevinf80

Re: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove

Armaneus

Re: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove

Armaneus

Re: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove

kevinf80

Re: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove

Armaneus

Re: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove

kevinf80

Re: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove

Armaneus

Re: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove

kevinf80

Re: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove

Armaneus

Re: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove

kevinf80

Re: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove

Armaneus

Re: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove

Armaneus

Re: [Resolved K]Probable unknown TSR.BOOT virus, ESET unable to remove