Solved Still getting pop-up ad on reboot from Antimalware Doctor

shbshg · 2010/06/04

[Resolved] Still getting pop-up ad on reboot from Antimalware Doctor

Hi everyone,

My first post here.

My computer was infected with Antimalware Doctor and its evil cousin Antivirus Soft.

I followed the removal steps outlined on bleepingcomputer using RKill and MalwareBytes to some success. With RKill I was able to get rid of the annoying pop-ups, I regained control of my browser and I removed 11 threats with MalwareBytes.

Unfortunately, every time I reboot I still get pop-ups. Of course I can kill these by just running RKill once but it's annoying to have to do on every reboot and I don't like the fact that my computer may still be infected with various malware even if it's only low-threat stuff.

When I run scan with Spyware Doctor, it still detects a couple of threats. Most of them seem to be cookie related, but I also get a threat called Hijacker.DosPop_Toolbar which I suspect is responsible for the pop-up madness.

I'm hoping someone here will be able to help me.

Do I have to use that HijackThis tool to post a log for you to assess?

broni · 2010/06/04

Read this post, then post the requested log(s).

shbshg · 2010/06/05

Okay guys... here's the logs. I don't gather a lot from them, but hopefully they can help you help me

DDS log:

DDS (Ver_10-03-17.01) - NTFSX64
Run by Peter at 20:23:22,08 on 05-06-2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.45.1030.18.6142.3637 [GMT 2:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Pixologic\ZBrush 3.5 R3\ZBrush.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Peter\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://audioz.info/audiosoft/9979-soniccouture-glass-works-kontakt-dynamics.html
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files (x86)\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: SBCONVERT Class: {31b27f2d-6bc6-451b-b3d2-4eab36b2fc3b} - c:\program files (x86)\speedbit video downloader\toolbar\tbcore3.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~2\speedb~1\toolbar\grabber.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files (x86)\speedbit video downloader\toolbar\tbcore3.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files (x86)\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [DAEMON Tools Lite] "c:\program files (x86)\daemon tools lite\DTLite.exe" -autorun
uRun: [Octoshape Streaming Services] "c:\users\peter\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files (x86)\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [gotnewupdate000.exe] c:\users\peter\appdata\roaming\d68026598fff76577425119b13f9140f\gotnewupdate000.exe
mRun: [WinampAgent] "c:\program files (x86)\winamp\winampa.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [NWEReboot]
mRun: [NBKeyScan] "c:\program files (x86)\nero\nero8\nero backitup\NBKeyScan.exe "
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [SwitchBoard] c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files (x86)\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [ISTray] "c:\program files (x86)\spyware doctor\pctsTray.exe "
StartupFolder: c:\users\peter\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files (x86)\magicdisc\MagicDisc.exe
StartupFolder: c:\users\peter\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files (x86)\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki ... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
LSP: c:\program files (x86)\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: danskebank.dk
Trusted Zone: danskebank.dk\www
Trusted Zone: danskebank.dk\www-2
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files (x86)\norton 360\engine\3.8.0.41\CoIEPlg.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
TB-X64: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [AdobeAAMUpdater-1.0] "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe "

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-6-4 233488]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0308000.029\SymEFA64.sys [2010-1-28 402992]
R1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\n360x64\0308000.029\BHDrvx64.sys [2010-1-28 334384]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0308000.029\cchpx64.sys [2010-1-28 583296]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100528.003\IDSviA64.sys [2010-5-28 463408]
R2 ASKService;ASKService;c:\program files (x86)\askbardis\bar\bin\AskService.exe [2010-1-9 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files (x86)\askbardis\bar\bin\ASKUpgrade.exe [2010-1-9 234888]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\spyware doctor\bdt\BDTUpdateService.exe [2010-6-4 112592]
R2 N360;Norton 360;c:\program files (x86)\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-1-28 117640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe [2010-6-4 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe [2010-6-4 1142224]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-11-20 240232]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-12-28 5521192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 132656]
R3 RTL8167;Realtek 8167 NT-driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360x64\0308000.029\symndisv.sys [2010-1-28 56880]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-12-28 18216]
S2 gupdate;Tjenesten Google Update (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-1-9 1315592]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 29720]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RDID1079;UA-25EX;c:\windows\system32\drivers\Rdwm1079.sys [2009-12-28 199296]
S3 SwitchBoard;SwitchBoard;c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 synusb64;eLicenser;c:\windows\system32\drivers\synusb64.sys [2009-12-31 30352]
S3 WatAdminSvc;Tjenesten Windows Aktivering;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-20 1255736]

=============== Created Last 30 ================

2010-06-04 14:32:15 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-06-04 14:32:15 767952 ----a-w- c:\windows\BDTSupport.dll
2010-06-04 14:32:14 882 ----a-w- c:\windows\RegSDImport.xml
2010-06-04 14:32:14 879 ----a-w- c:\windows\RegISSImport.xml
2010-06-04 14:32:14 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-06-04 14:32:14 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-06-04 14:32:14 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-06-04 14:32:14 131 ----a-w- c:\windows\IDB.zip
2010-06-04 14:32:14 1152444 ----a-w- c:\windows\UDB.zip
2010-06-04 14:30:48 7357 ----a-w- c:\windows\system32\drivers\pctgntdi64.cat
2010-06-04 14:30:48 306648 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2010-06-04 14:30:48 133072 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2010-06-04 14:30:46 7353 ----a-w- c:\windows\system32\drivers\pctcore64.cat
2010-06-04 14:30:46 233488 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2010-06-04 14:30:42 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2010-06-04 14:30:42 7353 ----a-w- c:\windows\system32\drivers\pctplsg64.cat
2010-06-04 14:30:37 0 d-----w- c:\users\peter\appdata\roaming\PC Tools
2010-06-04 14:30:37 0 d-----w- c:\programdata\PC Tools
2010-06-04 14:30:37 0 d-----w- c:\program files (x86)\Spyware Doctor
2010-06-04 14:30:37 0 d-----w- c:\program files (x86)\common files\PC Tools
2010-06-04 14:30:23 0 d---a-w- c:\programdata\TEMP
2010-06-04 14:25:49 0 d-----w- c:\users\peter\appdata\roaming\Uniblue
2010-06-04 12:52:02 0 d-----w- c:\users\peter\appdata\roaming\Malwarebytes
2010-06-04 12:51:52 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-04 12:51:52 0 d-----w- c:\programdata\Malwarebytes
2010-06-04 12:51:52 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-06-04 05:19:06 1997 ----a-w- c:\windows\lsrslt.ini
2010-06-03 22:41:08 0 d-----w- c:\users\peter\appdata\roaming\D68026598FFF76577425119B13F9140F
2010-06-03 19:43:26 0 d-----w- c:\program files\Chaos Group
2010-06-02 11:06:14 2132 ----a-w- c:\users\peter\Rendition-Plug-In-Record.mi
2010-06-02 10:31:53 0 d-----w- c:\program files\Rendition
2010-05-26 06:12:23 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-05-26 06:12:23 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 08:06:46 0 d-----w- c:\program files\common files\ChaosGroup
2010-05-23 14:42:29 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2010-05-20 07:27:45 0 d-----w- c:\windows\syswow64\Wat
2010-05-20 07:27:45 0 d-----w- c:\windows\system32\Wat
2010-05-11 23:23:09 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-11 23:23:09 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-05-09 03:36:26 0 d-----w- c:\program files (x86)\SopCast
2010-05-06 18:53:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== Find3M ====================

2010-06-05 09:15:43 76536 ----a-w- c:\windows\system32\perfc006.dat
2010-06-05 09:15:43 461038 ----a-w- c:\windows\system32\perfh006.dat
2010-03-11 06:28:20 737280 ----a-w- c:\windows\iun6002.exe
2010-03-08 21:59:59 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2009-07-14 07:34:23 39236 ----a-w- c:\windows\inf\perflib\0406\perfd.dat
2009-07-14 07:34:23 39236 ----a-w- c:\windows\inf\perflib\0406\perfc.dat
2009-07-14 07:34:23 306636 ----a-w- c:\windows\inf\perflib\0406\perfi.dat
2009-07-14 07:34:23 306636 ----a-w- c:\windows\inf\perflib\0406\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-14 21:15:24 5719400 ----a-w- c:\program files\common files\adlmint_libFNP.dll
2009-05-14 21:15:24 4397928 ----a-w- c:\program files\common files\adlmint.dll
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-22 20:59:27 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-26 13:27:01 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 20:24:16,59 ===============

Attach log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 27-12-2009 22:52:46
System Uptime: 06-05-2010 10:55:17 (730 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | P35C-DS3R
Processor: Intel(R) Core(TM)2 Quad CPU @ 2.66GHz | Socket 775 | 2666/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 9,318 GiB free.
D: is FIXED (NTFS) - 73 GiB total, 1,689 GiB free.
E: is FIXED (NTFS) - 76 GiB total, 5,954 GiB free.
F: is FIXED (NTFS) - 49 GiB total, 46,069 GiB free.
G: is FIXED (NTFS) - 298 GiB total, 7,363 GiB free.
H: is CDROM ()
I: is FIXED (NTFS) - 141 GiB total, 3,441 GiB free.
J: is CDROM ()
K: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe AIR
Adobe Anchor Service CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Reader 9.2 - Dansk
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Software Update
aTube Catcher
Audio Speed Changer Pro 1.0
Browser Defender 2.0.6.15
Bytescout SWF To Video Scout
Connect
eLicenser Control
ffdshow [rev 1523] [2007-10-09]
Google Toolbar for Internet Explorer
Google Update Helper
HotFile AutoDownloader
Java(TM) 6 Update 15
JDownloader
kuler
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Guitar Rig 4
Native Instruments Komplete 6
Native Instruments Kontakt 4
Native Instruments Kontakt 4 Factory Content
Native Instruments Service Center
neroxml
Norton 360
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Octoshape Streaming Services
OpenOffice.org 3.2
PDF Settings CS4
PDF Settings CS5
Phat Chord Voicings Chapter 2
Photoshop Camera Raw
Pixel Bender Toolkit
QuickTime
Sibelius Scorch (ActiveX Only)
SopCast 3.2.9
SpeedBit Video Downloader
Spyware Doctor 7.0
Suite Shared Configuration CS4
System Requirements Lab
TopoGun 1.05 W32
Veetle TV 0.9.17
VLC media player 1.0.3
Vuze
Vuze Toolbar
Wacom Tablet
WebTablet IE Plugin
WebTablet Netscape Plugin
Winamp
Winamp Application Detect
x264vfw - H.264/MPEG-4 AVC codec (remove only)
x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only)
xNormal 3.17.0 Beta 2
Xvid 1.2.2 final uninstall
ZBrush 3.5 R3

==== End Of File ===========================

Thanks in advance. I'll be very grateful for any help I can get.

If you would like I can also post the "threats" that PCTools Spyware Doctor finds and the registry locations of these infections, but I don't know if that's relevant to you. Let me know.

broni · 2010/06/05

I can also post the "threats" that PCTools Spyware Doctor finds and the registry locations of these infections
Click to expand...

Sure thing.

Please, uninstall AskBarDis through "Programs & Features" (if present).

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
userinit.exe
explorer.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

shbshg · 2010/06/05

OTL.txt (part 1)

OTL logfile created on: 06-06-2010 02:00:37 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Peter\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 69,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,53 Gb Total Space | 8,89 Gb Free Space | 11,93% Space Free | Partition Type: NTFS
Drive D: | 73,25 Gb Total Space | 1,69 Gb Free Space | 2,31% Space Free | Partition Type: NTFS
Drive E: | 75,79 Gb Total Space | 5,95 Gb Free Space | 7,86% Space Free | Partition Type: NTFS
Drive F: | 49,13 Gb Total Space | 46,07 Gb Free Space | 93,76% Space Free | Partition Type: NTFS
Drive G: | 298,08 Gb Total Space | 7,36 Gb Free Space | 2,47% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 140,78 Gb Total Space | 3,44 Gb Free Space | 2,44% Space Free | Partition Type: NTFS

Computer Name: PETERKONTOR
Current User Name: Peter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-06-06 01:57:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
PRC - [2010-05-11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2010-03-06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010-02-01 23:56:06 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010-02-01 23:56:04 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010-01-27 02:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2010-01-22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010-01-15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009-12-28 13:48:12 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009-12-28 00:01:22 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009-12-21 07:45:56 | 000,039,424 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009-11-20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009-07-14 03:14:42 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
PRC - [2009-04-02 13:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009-04-02 13:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
PRC - [2009-02-23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe

========== Modules (SafeList) ==========

MOD - [2010-06-06 01:57:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
MOD - [2010-02-26 07:16:18 | 000,213,912 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\smum32.dll
MOD - [2009-10-30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctgmhk.dll
MOD - [2009-07-14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010-05-20 09:27:45 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2010-01-09 12:51:12 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009-11-24 12:25:32 | 005,521,192 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2009-07-14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009-07-14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009-07-14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009-07-14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009-07-14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009-07-14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009-07-14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009-07-14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009-07-14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009-07-14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009-07-14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009-07-14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009-07-14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009-07-14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009-07-14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009-07-14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009-07-14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009-07-14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009-07-14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009-07-14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009-07-14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009-07-14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009-07-14 03:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010-04-13 02:49:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010-01-22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009-12-28 13:48:12 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009-11-20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) DTC (Distributed Transaction Coordinator)
SRV - [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009-06-10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009-04-02 13:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009-04-02 13:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe -- (ASKService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010-03-29 10:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010-03-10 08:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009-12-31 22:53:59 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009-12-28 14:59:36 | 000,199,296 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1079.sys -- (RDID1079)
DRV:64bit: - [2009-12-28 13:48:15 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009-12-28 13:48:13 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\cchpx64.sys -- (ccHP)
DRV:64bit: - [2009-12-28 13:48:13 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009-12-28 13:48:13 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009-12-28 13:48:13 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009-12-28 13:48:13 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2009-12-28 13:48:13 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symfw.sys -- (SYMFW)
DRV:64bit: - [2009-12-28 13:48:13 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2009-12-28 13:48:13 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-12-28 13:48:13 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009-12-28 13:48:13 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009-12-11 12:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009-09-26 08:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009-08-27 16:06:34 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009-07-14 03:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009-07-14 03:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009-07-14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009-07-14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009-07-14 03:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009-07-14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 03:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009-07-14 03:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009-07-14 03:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009-07-14 02:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009-07-14 02:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009-07-14 02:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009-07-14 02:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009-07-14 02:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009-07-14 02:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009-07-14 02:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009-07-14 02:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009-07-14 02:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009-07-14 02:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009-07-14 02:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009-07-14 02:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009-07-14 02:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009-07-14 02:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009-07-14 01:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009-07-14 01:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009-07-14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009-07-14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009-07-14 01:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009-07-14 01:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009-07-14 01:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009-07-14 01:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009-07-14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009-07-14 01:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009-06-26 15:36:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64)
DRV:64bit: - [2009-06-10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-20 12:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007-02-16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010-05-28 21:33:18 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100528.003\IDSviA64.sys -- (IDSVia64)
DRV - [2010-05-26 10:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010-05-26 10:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010-05-13 13:36:00 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100605.003\EX64.SYS -- (NAVEX15)
DRV - [2010-05-13 13:36:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100605.003\ENG64.SYS -- (NAVENG)
DRV - [2009-12-27 23:40:48 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009-07-14 03:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009-06-10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009-06-10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://audioz.info/audiosoft/9979-soniccouture-glass-works-kontakt-dynamics.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 F8 53 5D 61 C5 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010-04-27 09:38:38 | 000,000,000 | ---D | M]

[2010-01-09 12:05:16 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\extensions
[2010-01-09 12:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010-04-13 02:56:52 | 000,001,306 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\SPEEDB~1\Toolbar\grabber.dll (Speedbit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [gotnewupdate000.exe] C:\Users\Peter\AppData\Roaming\D68026598FFF76577425119B13F9140F\gotnewupdate000.exe ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Peter\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: danskebank.dk ([]* in Websteder, du har tillid til)
O15 - HKCU\..Trusted Domains: danskebank.dk ([www] https in Websteder, du har tillid til)
O15 - HKCU\..Trusted Domains: danskebank.dk ([www-2] https in Websteder, du har tillid til)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab (e-Safekey)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk G:\
O33 - MountPoints2\{b00d494e-fe57-11de-9427-001a4d444e53}\Shell - " " = AutoRun
O33 - MountPoints2\{b00d494e-fe57-11de-9427-001a4d444e53}\Shell\AutoRun\command - " " = M:\LaunchU3.exe -- File not found
O33 - MountPoints2\M\Shell - " " = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - " " = M:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009-07-14 05:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

shbshg · 2010/06/05

OTL.txt (part 2)

========== Files/Folders - Created Within 90 Days ==========

[2010-06-06 01:57:22 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2010-06-04 16:32:14 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010-06-04 16:32:14 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010-06-04 16:32:14 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010-06-04 16:30:48 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010-06-04 16:30:48 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010-06-04 16:30:46 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010-06-04 16:30:42 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010-06-04 16:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010-06-04 16:30:37 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\PC Tools
[2010-06-04 16:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010-06-04 16:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010-06-04 16:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010-06-04 16:25:49 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Uniblue
[2010-06-04 14:52:02 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2010-06-04 14:51:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010-06-04 14:51:52 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010-06-04 14:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010-06-04 14:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-06-04 14:48:57 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\cleaner
[2010-06-04 00:41:49 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\cxvpchyby
[2010-06-04 00:41:08 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\D68026598FFF76577425119B13F9140F
[2010-06-03 21:43:26 | 000,000,000 | ---D | C] -- C:\Programmer\Chaos Group
[2010-06-02 12:31:53 | 000,000,000 | ---D | C] -- C:\Programmer\Rendition
[2010-05-25 10:06:46 | 000,000,000 | ---D | C] -- C:\Programmer\Common Files\ChaosGroup
[2010-05-23 16:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010-05-23 16:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010-05-23 16:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010-05-22 15:43:27 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Apple Computer
[2010-05-20 09:27:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010-05-20 09:27:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010-05-13 17:10:20 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Mpc-Samples.Sense.of.Rhythm.Inspired.By.Timbaland.for.MPC4000-ViH
[2010-05-10 06:58:40 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Andrea_poses
[2010-05-10 06:55:24 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Andrea
[2010-05-10 06:38:03 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Humen - Aneta
[2010-05-10 06:35:51 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Humen - Renata
[2010-05-09 05:36:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast
[2010-05-06 20:55:05 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\pose_ref
[2010-05-01 11:47:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Best Service
[2010-04-30 17:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010-04-28 13:43:31 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Sarah
[2010-04-23 08:56:53 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\SuperUtils.com
[2010-04-23 08:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperUtils.com
[2010-04-22 12:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DsNET Corp
[2010-04-15 04:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010-04-15 04:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010-04-15 04:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010-04-15 04:12:13 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Apple
[2010-04-15 04:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010-04-15 04:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010-04-13 02:51:09 | 000,000,000 | ---D | C] -- C:\Programmer\Common Files\Adobe
[2010-04-13 02:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010-04-12 04:48:22 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Adobe Flash CS4 Professionall
[2010-04-12 04:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2010-04-10 15:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010-04-10 13:47:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010-04-10 01:49:45 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2010-04-10 01:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2010-04-10 01:27:19 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Nero
[2010-04-10 01:23:15 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Ahead
[2010-04-10 01:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010-04-10 01:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010-04-10 01:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010-04-09 23:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2010-04-09 23:21:36 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2010-04-08 04:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProjectSAM
[2010-04-08 00:32:32 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Media
[2010-03-25 11:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010-03-22 11:00:04 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Mental_Ray_production_shader_in_Maya
[2010-03-17 05:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sibelius Software
[2010-03-11 08:28:32 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010-03-11 08:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlayPianoTODAY
[2010-03-11 07:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Piano Lessons Unlimited
[2010-03-10 18:30:38 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\OpenOffice.org
[2010-03-10 18:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010-03-10 08:16:36 | 000,029,720 | ---- | C] (Initio Corporation) -- C:\Windows\SysNative\drivers\ivusb.sys

========== Files - Modified Within 90 Days ==========

[2010-06-06 02:00:45 | 003,145,728 | -HS- | M] () -- C:\Users\Peter\NTUSER.DAT
[2010-06-06 01:57:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2010-06-06 01:36:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-06-05 20:27:33 | 000,001,867 | ---- | M] () -- C:\Users\Peter\Desktop\Attach.rar
[2010-06-05 20:23:15 | 000,525,824 | ---- | M] () -- C:\Users\Peter\Desktop\dds.scr
[2010-06-05 11:15:43 | 001,240,086 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-06-05 11:15:43 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-06-05 11:15:43 | 000,461,038 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2010-06-05 11:15:43 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-06-05 11:15:43 | 000,076,536 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2010-06-05 11:02:52 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-06-05 11:02:52 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-06-05 10:55:42 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-05 10:55:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-06-05 10:55:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-06-05 10:55:27 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2010-06-05 03:03:29 | 002,758,858 | -H-- | M] () -- C:\Users\Peter\AppData\Local\IconCache.db
[2010-06-05 00:51:20 | 019,717,298 | ---- | M] () -- C:\Users\Peter\Desktop\pb062010czech.rar
[2010-06-04 16:30:48 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010-06-04 14:51:54 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-06-04 07:19:06 | 000,001,997 | ---- | M] () -- C:\Windows\lsrslt.ini
[2010-06-04 00:41:17 | 000,000,032 | --S- | M] () -- C:\Users\Peter\AppData\Local\766143154.dat
[2010-06-04 00:35:30 | 000,020,292 | ---- | M] () -- C:\Users\Peter\Desktop\Digital_Tutors_Render_Passes_in_Maya_2009-[Demonoid.com].torrent
[2010-06-03 22:29:30 | 007,680,539 | ---- | M] () -- C:\Users\Peter\Desktop\test2.tga
[2010-06-03 17:43:15 | 003,345,452 | ---- | M] () -- C:\Users\Peter\Desktop\test.tga
[2010-06-02 23:30:34 | 000,002,132 | ---- | M] () -- C:\Users\Peter\Rendition-Plug-In-Record.mi
[2010-06-02 15:37:10 | 000,000,132 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2010-05-23 16:42:30 | 000,077,072 | ---- | M] () -- C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-05-23 16:24:56 | 004,876,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-05-09 05:36:27 | 000,000,991 | ---- | M] () -- C:\Users\Peter\Desktop\SopCast.lnk
[2010-05-06 20:53:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010-05-04 19:31:55 | 524,193,883 | ---- | M] () -- C:\Users\Peter\Desktop\ACA01_ch01.flv
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010-04-29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010-04-23 08:56:50 | 000,001,289 | ---- | M] () -- C:\Users\Peter\Desktop\Audio Speed Changer Pro.lnk
[2010-04-22 12:53:12 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2010-04-15 04:12:44 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010-04-13 23:43:18 | 000,043,969 | ---- | M] () -- C:\Users\Peter\Documents\ss_logo5.png
[2010-04-13 10:27:32 | 000,093,258 | ---- | M] () -- C:\Users\Peter\Desktop\ss_logo.jpg
[2010-04-13 08:12:12 | 001,817,088 | ---- | M] () -- C:\Users\Peter\Documents\ss_logo5.fla
[2010-04-13 07:15:09 | 001,819,136 | ---- | M] () -- C:\Users\Peter\Documents\ss_logo4.fla
[2010-04-13 06:58:27 | 000,952,695 | ---- | M] () -- C:\Users\Peter\Documents\shutterstock_w2.jpg
[2010-04-13 06:56:10 | 003,460,443 | ---- | M] () -- C:\Users\Peter\Documents\shutterstock_w.jpg
[2010-04-13 06:34:02 | 001,335,296 | ---- | M] () -- C:\Users\Peter\Documents\ss_logo3.fla
[2010-04-13 05:34:58 | 001,168,384 | ---- | M] () -- C:\Users\Peter\Documents\ss_logo2.fla
[2010-04-13 04:27:16 | 001,223,680 | ---- | M] () -- C:\Users\Peter\Documents\ss_logo.fla
[2010-04-13 02:56:52 | 000,001,306 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010-04-12 02:00:10 | 000,174,072 | ---- | M] () -- C:\Users\Peter\Desktop\ss.jpg
[2010-04-10 13:46:46 | 000,001,024 | ---- | M] () -- C:\Users\Peter\.rnd
[2010-04-10 01:49:47 | 000,000,989 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2010-04-10 01:49:47 | 000,000,953 | ---- | M] () -- C:\Users\Peter\Desktop\MagicDisc.lnk
[2010-04-10 01:48:22 | 677,251,228 | ---- | M] () -- C:\Users\Peter\Documents\Image.nrg
[2010-04-10 01:20:32 | 000,000,026 | ---- | M] () -- C:\Windows\Irremote.ini
[2010-04-09 23:37:34 | 000,001,799 | ---- | M] () -- C:\Users\Peter\Desktop\MagicISO.lnk
[2010-04-09 23:37:23 | 003,067,400 | ---- | M] () -- C:\Users\Peter\Desktop\Setup_MagicISO.exe
[2010-04-09 23:21:23 | 001,352,435 | ---- | M] () -- C:\Users\Peter\Desktop\setup_magicdisc106.exe
[2010-04-09 21:56:23 | 000,090,610 | ---- | M] () -- C:\Users\Peter\Desktop\es.jpg
[2010-04-08 15:06:46 | 000,092,896 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010-03-30 21:45:44 | 007,218,319 | ---- | M] () -- C:\Users\Peter\Desktop\movie_3.mov
[2010-03-30 18:54:58 | 000,968,983 | ---- | M] () -- C:\Users\Peter\Desktop\Europe_Rebate_(3-10)_.pdf
[2010-03-30 18:07:01 | 000,002,002 | -H-- | M] () -- C:\Users\Peter\Documents\Default.rdp
[2010-03-30 15:53:56 | 000,811,339 | ---- | M] () -- C:\Users\Peter\Desktop\eastwest0310play.pdf
[2010-03-30 15:52:18 | 000,023,241 | ---- | M] () -- C:\Users\Peter\Desktop\CasperInvoice.pdf
[2010-03-29 16:18:17 | 000,110,138 | ---- | M] () -- C:\Users\Peter\Desktop\lulz.jpg
[2010-03-29 10:06:06 | 000,233,488 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010-03-17 11:58:19 | 004,730,941 | ---- | M] () -- C:\Users\Peter\Desktop\Poserfinal.swf
[2010-03-14 21:48:09 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Valg af webbrowser.lnk
[2010-03-11 08:28:20 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010-03-11 03:41:23 | 000,007,303 | ---- | M] () -- C:\Users\Peter\Documents\medievidenskab5b.rtf
[2010-03-11 00:58:40 | 000,020,452 | ---- | M] () -- C:\Users\Peter\Documents\cv.odt
[2010-03-11 00:01:42 | 000,026,524 | ---- | M] () -- C:\Users\Peter\Documents\medievidenskab5.odt
[2010-03-10 21:09:17 | 000,229,141 | ---- | M] () -- C:\Users\Peter\Documents\ansogning-KOT.pdf
[2010-03-10 18:31:34 | 000,002,299 | ---- | M] () -- C:\Users\Peter\Documents\Ny database.odb
[2010-03-10 18:30:53 | 000,001,235 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010-03-10 18:27:24 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010-03-10 08:16:36 | 000,029,720 | ---- | M] (Initio Corporation) -- C:\Windows\SysNative\drivers\ivusb.sys
[2010-03-09 10:39:00 | 000,000,275 | ---- | M] () -- C:\Users\Peter\Documents\Dokument.rtf

========== Files Created - No Company Name ==========

[2010-06-05 20:27:33 | 000,001,867 | ---- | C] () -- C:\Users\Peter\Desktop\Attach.rar
[2010-06-05 20:23:02 | 000,525,824 | ---- | C] () -- C:\Users\Peter\Desktop\dds.scr
[2010-06-05 00:51:11 | 019,717,298 | ---- | C] () -- C:\Users\Peter\Desktop\pb062010czech.rar
[2010-06-04 16:32:15 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010-06-04 16:32:15 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010-06-04 16:32:14 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010-06-04 16:32:14 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010-06-04 16:32:14 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010-06-04 16:32:14 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010-06-04 16:30:48 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010-06-04 16:30:46 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010-06-04 16:30:44 | 000,002,136 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010-06-04 16:30:42 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010-06-04 14:51:54 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-06-04 07:19:06 | 000,001,997 | ---- | C] () -- C:\Windows\lsrslt.ini
[2010-06-04 00:41:17 | 000,000,032 | --S- | C] () -- C:\Users\Peter\AppData\Local\766143154.dat
[2010-06-04 00:35:27 | 000,020,292 | ---- | C] () -- C:\Users\Peter\Desktop\Digital_Tutors_Render_Passes_in_Maya_2009-[Demonoid.com].torrent
[2010-06-03 22:29:30 | 007,680,539 | ---- | C] () -- C:\Users\Peter\Desktop\test2.tga
[2010-06-03 16:42:23 | 003,345,452 | ---- | C] () -- C:\Users\Peter\Desktop\test.tga
[2010-06-02 23:30:33 | 000,004,209 | ---- | C] () -- C:\Users\Peter\Rendition-2010-06-02-23-30-33.log
[2010-06-02 15:37:10 | 000,000,132 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2010-06-02 13:06:14 | 000,002,132 | ---- | C] () -- C:\Users\Peter\Rendition-Plug-In-Record.mi
[2010-06-02 12:47:21 | 002,117,785 | ---- | C] () -- C:\Users\Peter\Rendition-2010-06-02-12-47-21.log
[2010-06-02 12:32:37 | 000,006,515 | ---- | C] () -- C:\Users\Peter\Rendition-2010-06-02-12-32-37.log
[2010-06-01 17:58:33 | 007,218,319 | ---- | C] () -- C:\Users\Peter\Desktop\movie_3.mov
[2010-06-01 17:25:14 | 524,193,883 | ---- | C] () -- C:\Users\Peter\Desktop\ACA01_ch01.flv
[2010-05-09 05:36:27 | 000,000,991 | ---- | C] () -- C:\Users\Peter\Desktop\SopCast.lnk
[2010-05-06 20:53:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010-04-23 08:56:50 | 000,001,289 | ---- | C] () -- C:\Users\Peter\Desktop\Audio Speed Changer Pro.lnk
[2010-04-22 12:53:12 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2010-04-15 04:12:44 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010-04-13 23:43:10 | 000,043,969 | ---- | C] () -- C:\Users\Peter\Documents\ss_logo5.png
[2010-04-13 08:10:37 | 001,817,088 | ---- | C] () -- C:\Users\Peter\Documents\ss_logo5.fla
[2010-04-13 08:07:52 | 000,053,072 | ---- | C] () -- C:\Users\Peter\Desktop\Trajan-Regular.otf
[2010-04-13 07:07:03 | 000,093,258 | ---- | C] () -- C:\Users\Peter\Desktop\ss_logo.jpg
[2010-04-13 07:03:11 | 001,819,136 | ---- | C] () -- C:\Users\Peter\Documents\ss_logo4.fla
[2010-04-13 06:59:32 | 003,460,443 | ---- | C] () -- C:\Users\Peter\Documents\shutterstock_w.jpg
[2010-04-13 06:59:32 | 000,952,695 | ---- | C] () -- C:\Users\Peter\Documents\shutterstock_w2.jpg
[2010-04-13 05:40:31 | 001,335,296 | ---- | C] () -- C:\Users\Peter\Documents\ss_logo3.fla
[2010-04-13 04:36:04 | 001,168,384 | ---- | C] () -- C:\Users\Peter\Documents\ss_logo2.fla
[2010-04-13 04:19:06 | 001,223,680 | ---- | C] () -- C:\Users\Peter\Documents\ss_logo.fla
[2010-04-12 02:00:10 | 000,174,072 | ---- | C] () -- C:\Users\Peter\Desktop\ss.jpg
[2010-04-10 13:46:55 | 000,773,120 | ---- | C] () -- C:\Windows\SysWow64\NEROINSTAEC43759.DB
[2010-04-10 01:49:47 | 000,000,989 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2010-04-10 01:49:47 | 000,000,953 | ---- | C] () -- C:\Users\Peter\Desktop\MagicDisc.lnk
[2010-04-10 01:48:09 | 677,251,228 | ---- | C] () -- C:\Users\Peter\Documents\Image.nrg
[2010-04-10 01:20:32 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010-04-10 01:20:21 | 000,001,024 | ---- | C] () -- C:\Users\Peter\.rnd
[2010-04-09 23:37:34 | 000,001,799 | ---- | C] () -- C:\Users\Peter\Desktop\MagicISO.lnk
[2010-04-09 23:37:14 | 003,067,400 | ---- | C] () -- C:\Users\Peter\Desktop\Setup_MagicISO.exe
[2010-04-09 23:21:09 | 001,352,435 | ---- | C] () -- C:\Users\Peter\Desktop\setup_magicdisc106.exe
[2010-04-09 21:56:23 | 000,090,610 | ---- | C] () -- C:\Users\Peter\Desktop\es.jpg
[2010-03-30 18:54:54 | 000,968,983 | ---- | C] () -- C:\Users\Peter\Desktop\Europe_Rebate_(3-10)_.pdf
[2010-03-30 15:53:50 | 000,811,339 | ---- | C] () -- C:\Users\Peter\Desktop\eastwest0310play.pdf
[2010-03-30 15:52:17 | 000,023,241 | ---- | C] () -- C:\Users\Peter\Desktop\CasperInvoice.pdf
[2010-03-29 16:18:17 | 000,110,138 | ---- | C] () -- C:\Users\Peter\Desktop\lulz.jpg
[2010-03-17 11:58:19 | 004,730,941 | ---- | C] () -- C:\Users\Peter\Desktop\Poserfinal.swf
[2010-03-14 21:48:09 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Valg af webbrowser.lnk
[2010-03-11 03:41:23 | 000,007,303 | ---- | C] () -- C:\Users\Peter\Documents\medievidenskab5b.rtf
[2010-03-10 21:09:15 | 000,229,141 | ---- | C] () -- C:\Users\Peter\Documents\ansogning-KOT.pdf
[2010-03-10 20:05:05 | 000,020,452 | ---- | C] () -- C:\Users\Peter\Documents\cv.odt
[2010-03-10 18:39:30 | 000,026,524 | ---- | C] () -- C:\Users\Peter\Documents\medievidenskab5.odt
[2010-03-10 18:31:24 | 000,002,299 | ---- | C] () -- C:\Users\Peter\Documents\Ny database.odb
[2010-03-10 18:30:53 | 000,001,235 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010-03-10 18:27:24 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010-03-09 10:39:00 | 000,000,275 | ---- | C] () -- C:\Users\Peter\Documents\Dokument.rtf
[2010-02-08 11:46:47 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010-02-08 11:46:47 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009-12-31 14:31:34 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009-12-31 14:31:34 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009-08-03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009-08-03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009-08-03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009-07-29 08:35:54 | 002,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\vbzlib1.dll

========== LOP Check ==========

[2010-01-18 08:52:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Autodesk
[2010-06-05 03:03:33 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Azureus
[2010-01-18 11:31:35 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Bytescout SWF To Video Scout
[2010-06-04 00:48:32 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\D68026598FFF76577425119B13F9140F
[2010-01-01 03:57:14 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DAEMON Tools Lite
[2010-01-21 18:35:02 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Octoshape
[2010-03-10 18:30:38 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\OpenOffice.org
[2010-04-23 08:56:53 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\SuperUtils.com
[2010-02-08 14:22:54 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TopoGun32
[2010-06-04 16:25:49 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Uniblue
[2009-12-31 18:25:01 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\VSL
[2010-05-06 08:25:52 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009-07-14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009-07-14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009-07-14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009-07-14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2009-07-14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009-10-31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009-08-03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009-08-03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009-10-31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009-10-31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009-10-31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009-08-03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009-07-14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009-10-31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009-08-03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTORV.SYS >
[2009-07-14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009-07-14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-07-14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009-07-14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009-07-14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009-07-14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USERINIT.EXE >
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009-07-14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009-07-14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

shbshg · 2010/06/05

Extras.txt

OTL Extras logfile created on: 06-06-2010 02:00:37 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Peter\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 69,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,53 Gb Total Space | 8,89 Gb Free Space | 11,93% Space Free | Partition Type: NTFS
Drive D: | 73,25 Gb Total Space | 1,69 Gb Free Space | 2,31% Space Free | Partition Type: NTFS
Drive E: | 75,79 Gb Total Space | 5,95 Gb Free Space | 7,86% Space Free | Partition Type: NTFS
Drive F: | 49,13 Gb Total Space | 46,07 Gb Free Space | 93,76% Space Free | Partition Type: NTFS
Drive G: | 298,08 Gb Total Space | 7,36 Gb Free Space | 2,47% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 140,78 Gb Total Space | 3,44 Gb Free Space | 2,44% Space Free | Partition Type: NTFS

Computer Name: PETERKONTOR
Current User Name: Peter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1 "
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{284B452E-075E-4C7B-B8EE-E4A798CC3772}" = Maya 2010 (64-bit)
"{2B80C356-CA93-433D-814C-BF4CBF3195C2}" = Maya 2010 (64-bit) Documentation (en_US)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{65B7E38D-10F8-4B1A-8EE3-BF2362CF12AE}" = Native Instruments Kontakt 4 Factory Content
"{731F7C21-A8D9-465B-B558-3D4D575B62BD}" = Autodesk Mudbox 2010 (64bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{833B98DC-A851-43D3-B22C-9C7B815520E3}" = Autodesk DirectConnect 2010 (64-bit)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95F7167A-4EE4-4829-AA43-79C47B5C9FDC}" = OMP Index Reference Increment (64-bit)
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D799CC16-F3B5-468D-AC67-6F77AAA98173}" = Native Instruments Komplete 6
"{EC015649-3B3C-4611-9C66-453F8011E944}" = Native Instruments Kontakt 4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"RolandRDID0079" = UA-25EX Driver
"Vienna Ensemble Pro_is1" = Vienna Ensemble Pro 4.0
"V-Ray for Maya 2010 for x64" = V-Ray for Maya 2010 for x64
"WinRAR archiver" = WinRAR arkivering

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A856E11-228D-459F-A196-6F4F7E104FFC}" = ZBrush 3.5 R3
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F31A1CD-57BC-47AD-B403-C6BD29FF1E2D}" = Sibelius Scorch (ActiveX Only)
"{A20DF6AC-0300-45E2-8152-7D677E4E8CF5}" = HotFile AutoDownloader
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1030-7B44-A92000000001}" = Adobe Reader 9.2 - Dansk
"{B1E7A909-0809-469E-B025-0AC7CD856FEC}" = OpenOffice.org 3.2
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Ask Toolbar_is1" = Vuze Toolbar
"aTube Catcher" = aTube Catcher
"Audio Speed Changer Pro" = Audio Speed Changer Pro 1.0
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Bytescout SWF To Video Scout (demo)_is1" = Bytescout SWF To Video Scout
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"eLicenser Control" = eLicenser Control
"ffdshow_is1" = ffdshow [rev 1523] [2007-10-09]
"InstallShield_{2A856E11-228D-459F-A196-6F4F7E104FFC}" = ZBrush 3.5 R3
"JDownloader" = JDownloader
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"N360" = Norton 360
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments Komplete 6" = Native Instruments Komplete 6
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Kontakt 4 Factory Content" = Native Instruments Kontakt 4 Factory Content
"Native Instruments Service Center" = Native Instruments Service Center
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Phat Chord Voicings Chapter 21.0" = Phat Chord Voicings Chapter 2
"SopCast" = SopCast 3.2.9
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Spyware Doctor" = Spyware Doctor 7.0
"SystemRequirementsLab" = System Requirements Lab
"TopoGun1.05 W32" = TopoGun 1.05 W32
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.0.3
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"x264vfw64" = x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only)
"xNormal 3.17.0 Beta 2" = xNormal 3.17.0 Beta 2
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
"Winamp Detect" = Winamp Application Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03-06-2010 18:41:17 | Computer Name = PeterKontor | Source = Application Error | ID = 1000
Description = Navn pÃ¥ program med fejl: cxgxdna.exe, version: 2.4.4587.1000, tidsstempel:
0x479804d5 Navn pÃ¥ modul med fejl: unknown, version: 0.0.0.0, tidsstempel: 0x00000000
Undtagelseskode:
0xc0000005 Forskydning med fejl 0x0022135c Proces-id 0x186c Programmets starttidspunkt
0x01cb036de036e104 Programsti: C:\Users\Peter\AppData\Local\Temp\cxgxdna.exe Modulsti:
unknown Rapport-id: 1ea8a330-6f61-11df-a8a2-001a4d444e53

Error - 03-06-2010 18:41:17 | Computer Name = PeterKontor | Source = Application Error | ID = 1000
Description = Navn pÃ¥ program med fejl: ecpaagh.exe, version: 2.4.4587.1000, tidsstempel:
0x479e902e Navn pÃ¥ modul med fejl: unknown, version: 0.0.0.0, tidsstempel: 0x00000000
Undtagelseskode:
0xc0000005 Forskydning med fejl 0x0016135c Proces-id 0x1efc Programmets starttidspunkt
0x01cb036de04f4b5f Programsti: C:\Users\Peter\AppData\Local\Temp\ecpaagh.exe Modulsti:
unknown Rapport-id: 1eac25ad-6f61-11df-a8a2-001a4d444e53

Error - 04-06-2010 10:39:11 | Computer Name = PeterKontor | Source = Application Hang | ID = 1002
Description = Programmet iexplore.exe version 8.0.7600.16385 afbrÃ¸d kommunikationen
med Windows og blev afsluttet. Hvis du vil se, om der findes flere oplysninger
om problemet, kan du lÃ¦se om problemets historik via LÃ¸sningscenter. Proces-id: a4

Starttidspunkt:
01cb03f0995ae2ac Afslutningstidspunkt: 10 Programsti: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Rapport-id: db659538-6fe6-11df-8e99-001a4d444e53

Error - 04-06-2010 15:31:30 | Computer Name = PeterKontor | Source = SideBySide | ID = 16842815
Description = Aktiveringskontekstgenereringen mislykkedes for "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ". Der er en fejl i manifestet
eller politikfilen "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" i linje 3. VÃ¦rdien "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR "
for attributten "version" i elementet "assemblyIdentity" er ugyldig.

Error - 04-06-2010 15:31:51 | Computer Name = PeterKontor | Source = SideBySide | ID = 16842815
Description = Aktiveringskontekstgenereringen mislykkedes for "c:\program files
(x86)\spyware doctor\avdb\temp\adobe_fl-b73f2\2190-Adobe_AIR.dll ". Der er en fejl
i manifestet eller politikfilen "c:\program files (x86)\spyware doctor\avdb\temp\adobe_fl-b73f2\2190-Adobe_AIR.dll "
i linje 3. VÃ¦rdien "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR "
for attributten "version" i elementet "assemblyIdentity" er ugyldig.

Error - 04-06-2010 15:31:53 | Computer Name = PeterKontor | Source = SideBySide | ID = 16842815
Description = Aktiveringskontekstgenereringen mislykkedes for "c:\program files
(x86)\spyware doctor\avdb\temp\adobe_fl-b73f2\Adobe_AIR.dll ". Der er en fejl i manifestet
eller politikfilen "c:\program files (x86)\spyware doctor\avdb\temp\adobe_fl-b73f2\Adobe_AIR.dll "
i linje 3. VÃ¦rdien "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR "
for attributten "version" i elementet "assemblyIdentity" er ugyldig.

Error - 05-06-2010 07:14:15 | Computer Name = PeterKontor | Source = Application Error | ID = 1000
Description = Navn pÃ¥ program med fejl: maya.exe, version: 2009.7.28.308, tidsstempel:
0x4a6eb726 Navn pÃ¥ modul med fejl: PolyEngine.dll, version: 2009.7.28.308, tidsstempel:
0x4a6eb280 Undtagelseskode: 0xc0000005 Forskydning med fejl 0x00000000000db958 Proces-id
0x1578 Programmets starttidspunkt 0x01cb048fe2841966 Programsti: C:\Program Files\Autodesk\Maya2010\bin\maya.exe
Modulsti:
C:\Program Files\Autodesk\Maya2010\bin\PolyEngine.dll Rapport-id: 79bcebd8-7093-11df-b6f3-001a4d444e53

Error - 05-06-2010 08:01:33 | Computer Name = PeterKontor | Source = Application Error | ID = 1000
Description = Navn pÃ¥ program med fejl: maya.exe, version: 2009.7.28.308, tidsstempel:
0x4a6eb726 Navn pÃ¥ modul med fejl: PolyEngine.dll, version: 2009.7.28.308, tidsstempel:
0x4a6eb280 Undtagelseskode: 0xc0000005 Forskydning med fejl 0x00000000000db958 Proces-id
0xc58 Programmets starttidspunkt 0x01cb04a064116bc4 Programsti: C:\Program Files\Autodesk\Maya2010\bin\maya.exe
Modulsti:
C:\Program Files\Autodesk\Maya2010\bin\PolyEngine.dll Rapport-id: 15412d41-709a-11df-b6f3-001a4d444e53

Error - 05-06-2010 15:46:30 | Computer Name = PeterKontor | Source = SideBySide | ID = 16842815
Description = Aktiveringskontekstgenereringen mislykkedes for "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ". Der er en fejl i manifestet
eller politikfilen "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" i linje 3. VÃ¦rdien "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR "
for attributten "version" i elementet "assemblyIdentity" er ugyldig.

Error - 05-06-2010 17:57:30 | Computer Name = PeterKontor | Source = Application Error | ID = 1000
Description = Navn pÃ¥ program med fejl: iexplore.exe, version: 8.0.7600.16385, tidsstempel:
0x4a5bc69e Navn pÃ¥ modul med fejl: jscript.dll, version: 5.8.7600.16475, tidsstempel:
0x4b1620f9 Undtagelseskode: 0xc0000005 Forskydning med fejl 0x0001ec3e Proces-id 0x1130
Programmets
starttidspunkt 0x01cb04aff3d735c0 Programsti: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Modulsti:
C:\Windows\SysWow64\jscript.dll Rapport-id: 561f5e30-70ed-11df-b6f3-001a4d444e53

[ System Events ]
Error - 21-04-2010 10:12:01 | Computer Name = PeterKontor | Source = Disk | ID = 262155
Description = Driveren detekterede en controllerfejl pÃ¥ \Device\Harddisk4\DR4.

Error - 21-04-2010 11:01:40 | Computer Name = PeterKontor | Source = Disk | ID = 262155
Description = Driveren detekterede en controllerfejl pÃ¥ \Device\Harddisk4\DR5.

Error - 21-04-2010 12:17:09 | Computer Name = PeterKontor | Source = Service Control Manager | ID = 7023
Description = Tjenesten Server blev afbrudt med fÃ¸lgende fejl: %%14

Error - 22-04-2010 06:56:07 | Computer Name = PeterKontor | Source = Disk | ID = 262155
Description = Driveren detekterede en controllerfejl pÃ¥ \Device\Harddisk4\DR4.

Error - 24-04-2010 01:16:54 | Computer Name = PeterKontor | Source = Disk | ID = 262155
Description = Driveren detekterede en controllerfejl pÃ¥ \Device\Harddisk5\DR5.

Error - 24-04-2010 02:12:48 | Computer Name = PeterKontor | Source = Disk | ID = 262155
Description = Driveren detekterede en controllerfejl pÃ¥ \Device\Harddisk5\DR6.

Error - 24-04-2010 02:12:51 | Computer Name = PeterKontor | Source = Disk | ID = 262155
Description = Driveren detekterede en controllerfejl pÃ¥ \Device\Harddisk4\DR4.

Error - 24-04-2010 03:09:41 | Computer Name = PeterKontor | Source = Disk | ID = 262155
Description = Driveren detekterede en controllerfejl pÃ¥ \Device\Harddisk4\DR7.

Error - 24-04-2010 07:14:15 | Computer Name = PeterKontor | Source = Disk | ID = 262155
Description = Driveren detekterede en controllerfejl pÃ¥ \Device\Harddisk4\DR8.

Error - 30-04-2010 16:36:47 | Computer Name = PeterKontor | Source = volsnap | ID = 393252
Description = Ã˜jebliksbillederne af diskenheden C: blev afbrudt, fordi Ã¸jebliksbilledelageret
ikke kunne Ã¸ges pÃ¥ grund af en brugerangivet grÃ¦nse.

< End of report >

shbshg · 2010/06/05

btw. I couldn't find any "AskBarDis" in Programs and Features

Also, posting the registry values / locations for infected files turned out to be difficult as Spyware Doctor wouldn't simply let me simply copy/paste the list.

broni · 2010/06/05

You're running out of free space on your C partition:

You know, Windows likes to operate at at least 15% of a free space.

=================================================================

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:

:OTL
PRC - [2009-04-02 13:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009-04-02 13:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
SRV - [2009-04-02 13:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009-04-02 13:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe -- (ASKService)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:5555
[2010-01-09 12:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKCU..\Run: [gotnewupdate000.exe] C:\Users\Peter\AppData\Roaming\D68026598FFF76577425119B13F9140F\gotnewupdat e000.exe ()
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab  (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{b00d494e-fe57-11de-9427-001a4d444e53}\Shell - " " = AutoRun
O33 - MountPoints2\{b00d494e-fe57-11de-9427-001a4d444e53}\Shell\AutoRun\command - " " = M:\LaunchU3.exe -- File not found
O33 - MountPoints2\M\Shell - " " = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - " " = M:\LaunchU3.exe -- File not found
[2010-06-04 00:41:49 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\cxvpchyby
[2010-06-04 00:41:08 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\D68026598FFF76577425119B13F9140F
[2010-06-04 07:19:06 | 000,001,997 | ---- | M] () -- C:\Windows\lsrslt.ini
[2010-06-04 00:41:17 | 000,000,032 | --S- | M] () -- C:\Users\Peter\AppData\Local\766143154.dat
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8


:Services
ASKUpgrade
ASKService


:Reg

:Files
C:\Program Files (x86)\AskBarDis

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

shbshg · 2010/06/06

Roger.

Here's the log:

All processes killed
========== OTL ==========
Process ASKUpgrade.exe killed successfully!
No active process named AskService.exe was found!
Service ASKUpgrade stopped successfully!
Service ASKUpgrade deleted successfully!
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe moved successfully.
Service ASKService stopped successfully!
Service ASKService deleted successfully!
C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome folder moved successfully.
C:\Users\Peter\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NBKeyScan deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\gotnewupdate000.exe deleted successfully.
File C:\Users\Peter\AppData\Roaming\D68026598FFF76577425119B13F9140F\gotnewupdat e000.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\symres\ scheduled to be deleted on reboot.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA1061FE-6C41-421f-9344-69640C9732AB}\ .
File {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b00d494e-fe57-11de-9427-001a4d444e53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b00d494e-fe57-11de-9427-001a4d444e53}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b00d494e-fe57-11de-9427-001a4d444e53}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b00d494e-fe57-11de-9427-001a4d444e53}\ not found.
File M:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
File M:\LaunchU3.exe not found.
C:\Users\Peter\AppData\Local\cxvpchyby folder moved successfully.
C:\Users\Peter\AppData\Roaming\D68026598FFF76577425119B13F9140F folder moved successfully.
C:\Windows\lsrslt.ini moved successfully.
C:\Users\Peter\AppData\Local\766143154.dat moved successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
========== SERVICES/DRIVERS ==========
Error: No service named ASKUpgrade was found to stop!
Service\Driver key ASKUpgrade not found.
Error: No service named ASKService was found to stop!
Service\Driver key ASKService not found.
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\AskBarDis\bar\Settings folder moved successfully.
C:\Program Files (x86)\AskBarDis\bar\bin folder moved successfully.
Folder move failed. C:\Program Files (x86)\AskBarDis\bar scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\AskBarDis scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Peter
->Temp folder emptied: 478530 bytes
->Temporary Internet Files folder emptied: 53688892 bytes
->Java cache emptied: 18195277 bytes
->Flash cache emptied: 112090 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 67218 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67663 bytes
RecycleBin emptied: 5850500945 bytes

Total Files Cleaned = 5.649,00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Peter
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.5.3 log created on 06072010_005326

Files\Folders moved on Reboot...
C:\Program Files (x86)\AskBarDis\bar\bin folder moved successfully.
C:\Program Files (x86)\AskBarDis\bar folder moved successfully.
C:\Program Files (x86)\AskBarDis folder moved successfully.
C:\Users\Peter\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\JET4DF0.tmp not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\symres\ scheduled to be deleted on reboot.

broni · 2010/06/06

Still...

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Click to expand...

How is computer doing at the moment?

shbshg · 2010/06/07

Ah, yea, I see I forgot the last step. My bad.

Computer is doing pretty good. The annoying pop-up ad no longer shows its ugly mug upon reboot but I noticed Windows hangs a lot longer on the "Welcome..." screen right before the desktop appears. It also seems to be trying to auto-load OTL on reboot so maybe that has something to do with it. And Norton / Spyware Doctor scan still detects some kind of malware infection.

btw. thanks again for taking your time to do this. It's quite remarkable to receive this kind of free support.

Anyway, here's another quick scan log:

OTL.txt (part1)

OTL logfile created on: 07-06-2010 20:08:35 - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Peter\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000406 | Country: Danmark | Language: DAN | Date Format: dd-MM-yyyy

6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 74,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,53 Gb Total Space | 1,63 Gb Free Space | 2,19% Space Free | Partition Type: NTFS
Drive D: | 73,25 Gb Total Space | 12,34 Gb Free Space | 16,85% Space Free | Partition Type: NTFS
Drive E: | 75,79 Gb Total Space | 5,95 Gb Free Space | 7,86% Space Free | Partition Type: NTFS
Drive F: | 49,13 Gb Total Space | 46,07 Gb Free Space | 93,76% Space Free | Partition Type: NTFS
Drive G: | 298,08 Gb Total Space | 7,36 Gb Free Space | 2,47% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 140,78 Gb Total Space | 2,49 Gb Free Space | 1,77% Space Free | Partition Type: NTFS

Computer Name: PETERKONTOR
Current User Name: Peter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-06-06 01:57:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
PRC - [2010-05-11 11:51:52 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2010-02-01 23:56:06 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010-02-01 23:56:04 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010-01-27 02:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2010-01-22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010-01-15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009-12-28 13:48:12 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009-12-28 00:01:22 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009-12-21 07:45:56 | 000,039,424 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009-11-20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009-07-14 03:14:42 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
PRC - [2009-02-23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2009-01-08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Peter\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

========== Modules (SafeList) ==========

MOD - [2010-06-06 01:57:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
MOD - [2010-02-26 07:16:18 | 000,213,912 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\smum32.dll
MOD - [2009-10-30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctgmhk.dll
MOD - [2009-07-14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009-07-14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009-07-14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009-07-14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010-05-20 09:27:45 | 001,255,736 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV:64bit: - [2010-01-09 12:51:12 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009-11-24 12:25:32 | 005,521,192 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2009-07-14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009-07-14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009-07-14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009-07-14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009-07-14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009-07-14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009-07-14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009-07-14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009-07-14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009-07-14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009-07-14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009-07-14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009-07-14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009-07-14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009-07-14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009-07-14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009-07-14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009-07-14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009-07-14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009-07-14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009-07-14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009-07-14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009-07-14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009-07-14 03:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010-04-13 02:49:28 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-03-15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010-03-11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010-01-22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009-12-28 13:48:12 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009-11-20 20:17:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009-07-14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) DTC (Distributed Transaction Coordinator)
SRV - [2009-07-14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009-06-10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010-03-29 10:06:06 | 000,233,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010-03-10 08:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009-12-31 22:53:59 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009-12-28 14:59:36 | 000,199,296 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1079.sys -- (RDID1079)
DRV:64bit: - [2009-12-28 13:48:15 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2009-12-28 13:48:13 | 000,583,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\cchpx64.sys -- (ccHP)
DRV:64bit: - [2009-12-28 13:48:13 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009-12-28 13:48:13 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009-12-28 13:48:13 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009-12-28 13:48:13 | 000,278,576 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2009-12-28 13:48:13 | 000,120,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symfw.sys -- (SYMFW)
DRV:64bit: - [2009-12-28 13:48:13 | 000,056,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\symndisv.sys -- (SYMNDISV)
DRV:64bit: - [2009-12-28 13:48:13 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009-12-28 13:48:13 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0308000.029\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009-12-28 13:48:13 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009-12-11 12:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009-09-26 08:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009-08-27 16:06:34 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009-07-14 03:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009-07-14 03:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009-07-14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009-07-14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009-07-14 03:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009-07-14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 03:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009-07-14 03:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009-07-14 03:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009-07-14 02:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009-07-14 02:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009-07-14 02:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009-07-14 02:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009-07-14 02:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009-07-14 02:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009-07-14 02:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009-07-14 02:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009-07-14 02:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009-07-14 02:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009-07-14 02:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009-07-14 02:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009-07-14 02:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009-07-14 02:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009-07-14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009-07-14 01:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009-07-14 01:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009-07-14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009-07-14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009-07-14 01:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009-07-14 01:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009-07-14 01:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009-07-14 01:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009-07-14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009-07-14 01:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009-06-26 15:36:32 | 000,030,352 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\synusb64.sys -- (synusb64)
DRV:64bit: - [2009-06-10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-20 12:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2007-02-16 11:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010-05-28 21:33:18 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100528.003\IDSviA64.sys -- (IDSVia64)
DRV - [2010-05-26 10:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010-05-26 10:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010-05-13 13:36:00 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100607.006\EX64.SYS -- (NAVEX15)
DRV - [2010-05-13 13:36:00 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100607.006\ENG64.SYS -- (NAVENG)
DRV - [2009-12-27 23:40:48 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009-07-14 03:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009-06-10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009-06-10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009-02-24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://audioz.info/audiosoft/9979-soniccouture-glass-works-kontakt-dynamics.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = da
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 F8 53 5D 61 C5 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010-04-27 09:38:38 | 000,000,000 | ---D | M]

[2010-06-07 00:53:30 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\mozilla\Firefox\extensions

O1 HOSTS File: ([2010-06-07 00:54:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmer\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\SPEEDB~1\Toolbar\grabber.dll (Speedbit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Peter\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: danskebank.dk ([]* in Websteder, du har tillid til)
O15 - HKCU\..Trusted Domains: danskebank.dk ([www] https in Websteder, du har tillid til)
O15 - HKCU\..Trusted Domains: danskebank.dk ([www-2] https in Websteder, du har tillid til)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab (e-Safekey)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\coIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk G:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010-06-07 00:53:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-06-06 06:59:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-06-06 01:57:22 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2010-06-04 16:32:14 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010-06-04 16:32:14 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010-06-04 16:32:14 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010-06-04 16:30:48 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010-06-04 16:30:48 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010-06-04 16:30:46 | 000,233,488 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010-06-04 16:30:42 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010-06-04 16:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2010-06-04 16:30:37 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\PC Tools
[2010-06-04 16:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010-06-04 16:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010-06-04 16:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010-06-04 16:25:49 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Uniblue
[2010-06-04 14:52:02 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2010-06-04 14:51:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010-06-04 14:51:52 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010-06-04 14:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010-06-04 14:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-06-04 14:48:57 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\cleaner
[2010-06-03 21:43:26 | 000,000,000 | ---D | C] -- C:\Programmer\Chaos Group
[2010-06-02 12:31:53 | 000,000,000 | ---D | C] -- C:\Programmer\Rendition
[2010-05-25 10:06:46 | 000,000,000 | ---D | C] -- C:\Programmer\Common Files\ChaosGroup
[2010-05-23 16:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010-05-23 16:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010-05-23 16:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010-05-22 15:43:27 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Apple Computer
[2010-05-20 09:27:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010-05-20 09:27:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010-05-13 17:10:20 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Mpc-Samples.Sense.of.Rhythm.Inspired.By.Timbaland.for.MPC4000-ViH
[2010-05-10 06:58:40 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Andrea_poses
[2010-05-10 06:55:24 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Andrea
[2010-05-10 06:38:03 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Humen - Aneta
[2010-05-10 06:35:51 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Humen - Renata
[2010-05-09 05:36:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast
[2010-05-06 20:55:05 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\pose_ref
[2010-05-01 11:47:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Best Service
[2010-04-30 17:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010-04-28 13:43:31 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Sarah
[2010-04-23 08:56:53 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\SuperUtils.com
[2010-04-23 08:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperUtils.com
[2010-04-22 12:53:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DsNET Corp
[2010-04-15 04:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010-04-15 04:12:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010-04-15 04:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010-04-15 04:12:13 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Apple
[2010-04-15 04:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010-04-15 04:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010-04-13 02:51:09 | 000,000,000 | ---D | C] -- C:\Programmer\Common Files\Adobe
[2010-04-13 02:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010-04-12 04:48:22 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Adobe Flash CS4 Professionall
[2010-04-12 04:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2010-04-10 15:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010-04-10 13:47:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010-04-10 01:49:45 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2010-04-10 01:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2010-04-10 01:27:19 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Nero
[2010-04-10 01:23:15 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\Ahead
[2010-04-10 01:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010-04-10 01:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010-04-10 01:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010-04-09 23:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2010-04-09 23:21:36 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2010-04-08 04:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProjectSAM
[2010-04-08 00:32:32 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Media
[2010-03-25 11:47:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010-03-22 11:00:04 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Mental_Ray_production_shader_in_Maya
[2010-03-17 05:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sibelius Software
[2010-03-11 08:28:32 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010-03-11 08:28:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlayPianoTODAY
[2010-03-11 07:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Piano Lessons Unlimited
[2010-03-10 18:30:38 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\OpenOffice.org
[2010-03-10 18:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2010-03-10 08:16:36 | 000,029,720 | ---- | C] (Initio Corporation) -- C:\Windows\SysNative\drivers\ivusb.sys

shbshg · 2010/06/07

OTL.txt (part2)

========== Files - Modified Within 90 Days ==========

[2010-06-07 20:10:40 | 003,145,728 | -HS- | M] () -- C:\Users\Peter\NTUSER.DAT
[2010-06-07 19:36:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-06-07 14:01:21 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-06-07 14:01:21 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-06-07 14:00:29 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-07 13:58:13 | 001,240,086 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010-06-07 13:58:13 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010-06-07 13:58:13 | 000,461,038 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat
[2010-06-07 13:58:13 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010-06-07 13:58:13 | 000,076,536 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat
[2010-06-07 13:54:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-06-07 13:54:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-06-07 13:54:01 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2010-06-07 02:21:00 | 003,074,681 | -H-- | M] () -- C:\Users\Peter\AppData\Local\IconCache.db
[2010-06-07 00:54:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010-06-06 07:00:38 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010-06-06 01:57:26 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\OTL.exe
[2010-06-05 20:27:33 | 000,001,867 | ---- | M] () -- C:\Users\Peter\Desktop\Attach.rar
[2010-06-05 20:23:15 | 000,525,824 | ---- | M] () -- C:\Users\Peter\Desktop\dds.scr
[2010-06-05 00:51:20 | 019,717,298 | ---- | M] () -- C:\Users\Peter\Desktop\pb062010czech.rar
[2010-06-04 16:30:48 | 000,002,136 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010-06-04 14:51:54 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-06-03 22:29:30 | 007,680,539 | ---- | M] () -- C:\Users\Peter\Desktop\test2.tga
[2010-06-03 17:43:15 | 003,345,452 | ---- | M] () -- C:\Users\Peter\Desktop\test.tga
[2010-06-02 23:30:34 | 000,002,132 | ---- | M] () -- C:\Users\Peter\Rendition-Plug-In-Record.mi
[2010-06-02 15:37:10 | 000,000,132 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2010-05-23 16:42:30 | 000,077,072 | ---- | M] () -- C:\Users\Peter\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-05-23 16:24:56 | 004,876,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010-05-09 05:36:27 | 000,000,991 | ---- | M] () -- C:\Users\Peter\Desktop\SopCast.lnk
[2010-05-06 20:53:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010-05-04 19:31:55 | 524,193,883 | ---- | M] () -- C:\Users\Peter\Desktop\ACA01_ch01.flv
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010-04-29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010-04-23 08:56:50 | 000,001,289 | ---- | M] () -- C:\Users\Peter\Desktop\Audio Speed Changer Pro.lnk
[2010-04-22 12:53:12 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2010-04-15 04:12:44 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010-04-13 23:43:18 | 000,043,969 | ---- | M] () -- C:\Users\Peter\Documents\ss_logo5.png
[2010-04-13 10:27:32 | 000,093,258 | ---- | M] () -- C:\Users\Peter\Desktop\ss_logo.jpg
[2010-04-13 08:12:12 | 001,817,088 | ---- | M] () -- C:\Users\Peter\Documents\ss_logo5.fla
[2010-04-13 07:15:09 | 001,819,136 | ---- | M] () -- C:\Users\Peter\Documents\ss_logo4.fla
[2010-04-13 06:58:27 | 000,952,695 | ---- | M] () -- C:\Users\Peter\Documents\shutterstock_w2.jpg
[2010-04-13 06:56:10 | 003,460,443 | ---- | M] () -- C:\Users\Peter\Documents\shutterstock_w.jpg
[2010-04-13 06:34:02 | 001,335,296 | ---- | M] () -- C:\Users\Peter\Documents\ss_logo3.fla
[2010-04-13 05:34:58 | 001,168,384 | ---- | M] () -- C:\Users\Peter\Documents\ss_logo2.fla
[2010-04-13 04:27:16 | 001,223,680 | ---- | M] () -- C:\Users\Peter\Documents\ss_logo.fla
[2010-04-12 02:00:10 | 000,174,072 | ---- | M] () -- C:\Users\Peter\Desktop\ss.jpg
[2010-04-10 13:46:46 | 000,001,024 | ---- | M] () -- C:\Users\Peter\.rnd
[2010-04-10 01:49:47 | 000,000,989 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2010-04-10 01:49:47 | 000,000,953 | ---- | M] () -- C:\Users\Peter\Desktop\MagicDisc.lnk
[2010-04-10 01:48:22 | 677,251,228 | ---- | M] () -- C:\Users\Peter\Documents\Image.nrg
[2010-04-10 01:20:32 | 000,000,026 | ---- | M] () -- C:\Windows\Irremote.ini
[2010-04-09 23:37:34 | 000,001,799 | ---- | M] () -- C:\Users\Peter\Desktop\MagicISO.lnk
[2010-04-09 23:37:23 | 003,067,400 | ---- | M] () -- C:\Users\Peter\Desktop\Setup_MagicISO.exe
[2010-04-09 23:21:23 | 001,352,435 | ---- | M] () -- C:\Users\Peter\Desktop\setup_magicdisc106.exe
[2010-04-09 21:56:23 | 000,090,610 | ---- | M] () -- C:\Users\Peter\Desktop\es.jpg
[2010-04-08 15:06:46 | 000,092,896 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010-03-30 21:45:44 | 007,218,319 | ---- | M] () -- C:\Users\Peter\Desktop\movie_3.mov
[2010-03-30 18:54:58 | 000,968,983 | ---- | M] () -- C:\Users\Peter\Desktop\Europe_Rebate_(3-10)_.pdf
[2010-03-30 18:07:01 | 000,002,002 | -H-- | M] () -- C:\Users\Peter\Documents\Default.rdp
[2010-03-30 15:53:56 | 000,811,339 | ---- | M] () -- C:\Users\Peter\Desktop\eastwest0310play.pdf
[2010-03-30 15:52:18 | 000,023,241 | ---- | M] () -- C:\Users\Peter\Desktop\CasperInvoice.pdf
[2010-03-29 16:18:17 | 000,110,138 | ---- | M] () -- C:\Users\Peter\Desktop\lulz.jpg
[2010-03-29 10:06:06 | 000,233,488 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010-03-17 11:58:19 | 004,730,941 | ---- | M] () -- C:\Users\Peter\Desktop\Poserfinal.swf
[2010-03-14 21:48:09 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Valg af webbrowser.lnk
[2010-03-11 08:28:20 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010-03-11 03:41:23 | 000,007,303 | ---- | M] () -- C:\Users\Peter\Documents\medievidenskab5b.rtf
[2010-03-11 00:58:40 | 000,020,452 | ---- | M] () -- C:\Users\Peter\Documents\cv.odt
[2010-03-11 00:01:42 | 000,026,524 | ---- | M] () -- C:\Users\Peter\Documents\medievidenskab5.odt
[2010-03-10 21:09:17 | 000,229,141 | ---- | M] () -- C:\Users\Peter\Documents\ansogning-KOT.pdf
[2010-03-10 18:31:34 | 000,002,299 | ---- | M] () -- C:\Users\Peter\Documents\Ny database.odb
[2010-03-10 18:30:53 | 000,001,235 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010-03-10 18:27:24 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010-03-10 08:16:36 | 000,029,720 | ---- | M] (Initio Corporation) -- C:\Windows\SysNative\drivers\ivusb.sys

========== Files Created - No Company Name ==========

[2010-06-06 07:00:08 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010-06-05 20:27:33 | 000,001,867 | ---- | C] () -- C:\Users\Peter\Desktop\Attach.rar
[2010-06-05 20:23:02 | 000,525,824 | ---- | C] () -- C:\Users\Peter\Desktop\dds.scr
[2010-06-05 00:51:11 | 019,717,298 | ---- | C] () -- C:\Users\Peter\Desktop\pb062010czech.rar
[2010-06-04 16:32:15 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010-06-04 16:32:15 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010-06-04 16:32:14 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010-06-04 16:32:14 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010-06-04 16:32:14 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010-06-04 16:32:14 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010-06-04 16:30:48 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2010-06-04 16:30:46 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2010-06-04 16:30:44 | 000,002,136 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010-06-04 16:30:42 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2010-06-04 14:51:54 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-06-03 22:29:30 | 007,680,539 | ---- | C] () -- C:\Users\Peter\Desktop\test2.tga
[2010-06-03 16:42:23 | 003,345,452 | ---- | C] () -- C:\Users\Peter\Desktop\test.tga
[2010-06-02 23:30:33 | 000,004,209 | ---- | C] () -- C:\Users\Peter\Rendition-2010-06-02-23-30-33.log
[2010-06-02 15:37:10 | 000,000,132 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2010-06-02 13:06:14 | 000,002,132 | ---- | C] () -- C:\Users\Peter\Rendition-Plug-In-Record.mi
[2010-06-02 12:47:21 | 002,117,785 | ---- | C] () -- C:\Users\Peter\Rendition-2010-06-02-12-47-21.log
[2010-06-02 12:32:37 | 000,006,515 | ---- | C] () -- C:\Users\Peter\Rendition-2010-06-02-12-32-37.log
[2010-06-01 17:58:33 | 007,218,319 | ---- | C] () -- C:\Users\Peter\Desktop\movie_3.mov
[2010-06-01 17:25:14 | 524,193,883 | ---- | C] () -- C:\Users\Peter\Desktop\ACA01_ch01.flv
[2010-05-09 05:36:27 | 000,000,991 | ---- | C] () -- C:\Users\Peter\Desktop\SopCast.lnk
[2010-05-06 20:53:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010-04-23 08:56:50 | 000,001,289 | ---- | C] () -- C:\Users\Peter\Desktop\Audio Speed Changer Pro.lnk
[2010-04-22 12:53:12 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2010-04-15 04:12:44 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010-04-13 23:43:10 | 000,043,969 | ---- | C] () -- C:\Users\Peter\Documents\ss_logo5.png
[2010-04-13 08:10:37 | 001,817,088 | ---- | C] () -- C:\Users\Peter\Documents\ss_logo5.fla
[2010-04-13 08:07:52 | 000,053,072 | ---- | C] () -- C:\Users\Peter\Desktop\Trajan-Regular.otf
[2010-04-13 07:07:03 | 000,093,258 | ---- | C] () -- C:\Users\Peter\Desktop\ss_logo.jpg
[2010-04-13 07:03:11 | 001,819,136 | ---- | C] () -- C:\Users\Peter\Documents\ss_logo4.fla
[2010-04-13 06:59:32 | 003,460,443 | ---- | C] () -- C:\Users\Peter\Documents\shutterstock_w.jpg
[2010-04-13 06:59:32 | 000,952,695 | ---- | C] () -- C:\Users\Peter\Documents\shutterstock_w2.jpg
[2010-04-13 05:40:31 | 001,335,296 | ---- | C] () -- C:\Users\Peter\Documents\ss_logo3.fla
[2010-04-13 04:36:04 | 001,168,384 | ---- | C] () -- C:\Users\Peter\Documents\ss_logo2.fla
[2010-04-13 04:19:06 | 001,223,680 | ---- | C] () -- C:\Users\Peter\Documents\ss_logo.fla
[2010-04-12 02:00:10 | 000,174,072 | ---- | C] () -- C:\Users\Peter\Desktop\ss.jpg
[2010-04-10 13:46:55 | 000,773,120 | ---- | C] () -- C:\Windows\SysWow64\NEROINSTAEC43759.DB
[2010-04-10 01:49:47 | 000,000,989 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2010-04-10 01:49:47 | 000,000,953 | ---- | C] () -- C:\Users\Peter\Desktop\MagicDisc.lnk
[2010-04-10 01:48:09 | 677,251,228 | ---- | C] () -- C:\Users\Peter\Documents\Image.nrg
[2010-04-10 01:20:32 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010-04-10 01:20:21 | 000,001,024 | ---- | C] () -- C:\Users\Peter\.rnd
[2010-04-09 23:37:34 | 000,001,799 | ---- | C] () -- C:\Users\Peter\Desktop\MagicISO.lnk
[2010-04-09 23:37:14 | 003,067,400 | ---- | C] () -- C:\Users\Peter\Desktop\Setup_MagicISO.exe
[2010-04-09 23:21:09 | 001,352,435 | ---- | C] () -- C:\Users\Peter\Desktop\setup_magicdisc106.exe
[2010-04-09 21:56:23 | 000,090,610 | ---- | C] () -- C:\Users\Peter\Desktop\es.jpg
[2010-03-30 18:54:54 | 000,968,983 | ---- | C] () -- C:\Users\Peter\Desktop\Europe_Rebate_(3-10)_.pdf
[2010-03-30 15:53:50 | 000,811,339 | ---- | C] () -- C:\Users\Peter\Desktop\eastwest0310play.pdf
[2010-03-30 15:52:17 | 000,023,241 | ---- | C] () -- C:\Users\Peter\Desktop\CasperInvoice.pdf
[2010-03-29 16:18:17 | 000,110,138 | ---- | C] () -- C:\Users\Peter\Desktop\lulz.jpg
[2010-03-17 11:58:19 | 004,730,941 | ---- | C] () -- C:\Users\Peter\Desktop\Poserfinal.swf
[2010-03-14 21:48:09 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Valg af webbrowser.lnk
[2010-03-11 03:41:23 | 000,007,303 | ---- | C] () -- C:\Users\Peter\Documents\medievidenskab5b.rtf
[2010-03-10 21:09:15 | 000,229,141 | ---- | C] () -- C:\Users\Peter\Documents\ansogning-KOT.pdf
[2010-03-10 20:05:05 | 000,020,452 | ---- | C] () -- C:\Users\Peter\Documents\cv.odt
[2010-03-10 18:39:30 | 000,026,524 | ---- | C] () -- C:\Users\Peter\Documents\medievidenskab5.odt
[2010-03-10 18:31:24 | 000,002,299 | ---- | C] () -- C:\Users\Peter\Documents\Ny database.odb
[2010-03-10 18:30:53 | 000,001,235 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010-03-10 18:27:24 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010-02-08 11:46:47 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010-02-08 11:46:47 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009-12-31 14:31:34 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009-12-31 14:31:34 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009-08-03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009-08-03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009-08-03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009-08-03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009-07-29 08:35:54 | 002,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\vbzlib1.dll

========== LOP Check ==========

[2010-01-18 08:52:09 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Autodesk
[2010-06-05 03:03:33 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Azureus
[2010-01-18 11:31:35 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Bytescout SWF To Video Scout
[2010-01-01 03:57:14 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\DAEMON Tools Lite
[2010-01-21 18:35:02 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Octoshape
[2010-03-10 18:30:38 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\OpenOffice.org
[2010-04-23 08:56:53 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\SuperUtils.com
[2010-02-08 14:22:54 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\TopoGun32
[2010-06-04 16:25:49 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Uniblue
[2009-12-31 18:25:01 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\VSL
[2010-05-06 08:25:52 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

broni · 2010/06/07

And Norton / Spyware Doctor scan still detects some kind of malware infection.
Click to expand...

I'd like to know more details...

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

shbshg · 2010/06/10

Like I wrote in my first post, I already used Malwarebytes. It doesn't seem to find anything anymore (should I post a log anyway even though it finds nothing?), but like I said, Spyware Doctor and Norton seems to find stuff.

Since I couldn't copy/paste from spyware doctor I took some screen grabs instead. Perhaps they can help...

It shows the three detected "threats ". It says their threat level is "low ".

I opened the lists of the registry values and keys for the third threat (Hijacker.DosPop_Toolbar)

registreringsvÃ¦rdi = registry value
registeringsnÃ¸gle = registry key

Main
Registry Values
Registry Values Continued
Registry Keys
Registry Keys Continued

As for Norton, it finds a "Trojan" and says it has to be removed manually.

EDIT: hmm, just did a quick scan with Norton and it didn't find anything this time. Seems a bit random.

I must say, though, the computer seems to be running pretty well now and the pop-up madness is gone for good. I'm not sure there's anything seriously wrong with it, but Spyware Doctor does find that stuff above every time I scan with it...

broni · 2010/06/10

I'm glad to see your computer in better shape

OTL is very thorough with showing all kind of stuff, but I don't see any trace of Hijacker.DosPop_Toolbar

We'll still run couple more scans to see, if anything is hiding...

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences ", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan ", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK ".
* Make sure everything has a checkmark next to it and click "Next ".
* A notification will appear that "Quarantine and Removal is Complete ". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes ".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs
[*] Archives
[*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

broni · 2010/06/17

Are you still out there?

shbshg · 2010/06/18

Yes, I am, sorry. I meant to get back to you, but I've been terribly busy with work. I'll try to do all that stuff in about an hour or so. Hold on.

shbshg · 2010/06/18

Okay, I went through the scanning procedure with SUPERAntiSpyware. It found a bunch of "threats" and I think deleted a lot. Here's the log:

(I'm going to use the Kaspersky program now)

SUPERAntiSpyware log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/18/2010 at 11:23 PM

Application Version : 4.39.1002

Core Rules Database Version : 5089
Trace Rules Database Version: 2901

Scan type : Complete Scan
Total Scan Time : 00:41:21

Memory items scanned : 336
Memory threats detected : 0
Registry items scanned : 12288
Registry threats detected : 20
File items scanned : 150073
File threats detected : 293

Adware.HBHelper
(x86) HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
(x86) HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
(x86) HKCR\URLSearchHook.ToolbarURLSearchHook.1
(x86) HKCR\URLSearchHook.ToolbarURLSearchHook
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
(x86) HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
C:\PROGRAM FILES (X86)\SPEEDBIT VIDEO DOWNLOADER\TOOLBAR\TBHELPER.DLL

Adware.Tracking Cookie
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@www.sexandsubmission[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@adtech[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@bluestreak[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@content.yieldmanager[3].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@click.erotik[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@adserve.mizzenmedia[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@www.toontrack[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@tradedoubler[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@clickorlando[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@chitika[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@youporn[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@ad.yieldmanager[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@sexandsubmission[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@content.yieldmanager[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\peter@adbrite[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@006.free-counters.co[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@2hotporn[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@a1.interclick[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@account.betfair[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ad.adocean[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ad.bold[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ad.ebook30[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ad.kommunikationsforum[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ad.sbnation[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ad.slobodnadalmacija[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ad.vecernji[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ad.wsod[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ad.yieldmanager[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ad.youporn.videobox[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ad.zanox[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ad1.emediate[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ad2.clickhype[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ad2.doublepimp[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adbrite[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adinterax[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adply.plymedia[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.ad4game[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.adfox[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.adfox[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.adgoto[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.adultadvertising[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.associatedcontent[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.audience2media[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.avusa.co[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.bnmedia[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.bootcampmedia[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.cgsociety[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.cnn[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.combatlifestyle[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.creafi[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.digital-digest[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.digitalmedianet[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.filthdump[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.fleshbot[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.gamersmedia[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.glispa[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.gmodules[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.gossipcenter[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.infinisource[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.intergi[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.kelbymediagroup[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.pointroll[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.pubmatic[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.smartadx[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.stackoverflow[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.start[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.undertone[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.us.e-planning[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.vg.basefarm[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.vidsense[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.watchmygf[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.welovetennis[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.whaleads[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.xapads[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.youporn[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads.zeusclicks[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads1.adultadvertising[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ads2.adultadvertising[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adsby.webtraffic[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adserv3.muchosucko[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adserve.mizzenmedia[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adserver.adreactor[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adserver.karamco[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adserver.redkaraoke[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adserver3.openadex[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adserver3.openadex[3].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adservicemedia[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adsrv.admediate[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adtech[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adultadworld[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adulttubex[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adv.exbii[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@advertising[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adviva[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adxpansion[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@adxpose[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@alldirtyteens[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@amateursexy[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@amateursex[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@apmebf[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@asianbabemedia[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@at.atwola[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@atdmt[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@audience2media[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@avl.112.2o7[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@beacon.dmsinsights[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@bestporncinema[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@bluestreak[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@boards.polycount[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@braidbanner850[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@bs.serving-sys[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@burstnet[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@bwincom.122.2o7[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@casalemedia[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@cdn1.trafficmp[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@cdn4.specificclick[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@cdn5.specificclick[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@chitika[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@click.erotik[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@click.mediadome[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@click.onlinepaysys[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@click.tvprocessing[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@click2go[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@clickaider[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@clickorlando[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@clicksor[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@clicktorrent[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@cltomedia[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@collective-media[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@content.yieldmanager[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@content.yieldmanager[3].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@cracked[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@d.jambomedia[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@dc.tremormedia[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@delivery-media.surftown[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@digitalmedianet[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@doubleclick[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@dr.adservinginternational[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@e2.emediate[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@eas.apm.emediate[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@eas4.emediate[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@eas8.emediate[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ero-advertising[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@escortsexvideos[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@eyewonder[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@f.blogads[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@f.d.e.cltomedia[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@fastclick[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@fidelity.rotator.hadj7.adjuggler[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@findvej[3].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@forlagetksi.adservinginternational[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@forums.digitalmedianet[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@freesexycomics[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@****overmyexgf[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@****tapes[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@****video[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@gearslutz.advertserve[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@google.lucidmedia[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@hippocounter[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@hornygasm[3].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@hornymatches[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ie-stat.bmmetrix[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@ikmultimedia[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@imagevenue.advertserve[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@imrworldwide[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@in.getclicky[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@interclick[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@invitemedia[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@junkieporn[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@kanoodle[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@kontera[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@legolas-media[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@lfstmedia[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@lstat.youku[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@lucidmedia[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@m2.sexgarantie[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@m2.sexgarantie[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@media.fragster[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@media.photobucket[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@media.ps3.ign[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@media.quakelive[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@media6degrees[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@mediafire[3].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@mediaplex[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@mmaadnet.ad-control-panel[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@mmedia.t134[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@mofosex[3].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@mollporn[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@mp3-find[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@mutekki-media[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@my-pornbase[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@my.adservinginternational[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@naked[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@needporn[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@newmediazine[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@nextag[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@onetwoporn[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@openx.camelmedia[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@openx.newzmedia[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@optimize.indieclick[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@partner.smartresponse-media[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@partyaccount[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@pluckit.demandmedia[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@pointroll[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@pornbb[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@porndad[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@****[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@****[3].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@premiumtv.122.2o7[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@promisland.user.madbanner[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@questionmarket[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@realgfporn[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@realteengirlfriends[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@revsci[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@richmedia.yahoo[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@rotator.adjuggler[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@rts.pgmediaserve[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@secure.partyaccount[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@selfshotteenies[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@server.cpmstar[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@serving-sys[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@sex-porno-film[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@sexyshare[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@smartadserver[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@smartadx[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@soundclick[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@specificclick[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@specificmedia[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@stat.katalysatormedia[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@stat.youku[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@statcounter[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@stats.ownednetworks[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@stats.paypal[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@tacoda[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@teenmpegs[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@thefind[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@timesofindia.indiatimes[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@toontrack[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@track.adform[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@track.adform[3].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@trackalyzer[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@tracking.foxnews[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@tracking.gonetwork[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@tracking.iqmedier[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@tradedoubler[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@traffic.tcmagnet[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@trafficmp[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@tribalfusion[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@tubepornstars[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@uberkant.adservinginternational[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@usatoday1.112.2o7[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@webmasterplan[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.adulttubex[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.amateursex[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.asianbabemedia[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.burstnet[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.clickorlando[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.cracked[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.ctrackz[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.escortsexvideos[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.freesexycomics[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.****video[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.googleadservices[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.googleadservices[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.googleadservices[3].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.googleadservices[4].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.mofosex[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.mp3-find[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.newmediazine[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.onetwoporn[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.otbsportsmedia[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.pornbb[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.pornrabbit[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.****[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.pxtrack[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.realgfporn[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.teenmpegs[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.toontrack[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.vertadnet[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.xxxporn[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@www.zanox-affiliate[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@xiti[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@xm.xtendmedia[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@xxxdex[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@xxxprivates[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@yadro[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@yieldmanager[1].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@youporn.videobox[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@youporn[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@zanox[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@zedo[2].txt
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Cookies\Low\peter@zoomin.advertserve[1].txt

Browser Hijacker.Deskbar
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

shbshg · 2010/06/18

Kaspersky found nothing. It looks like my comp is pretty clean now. So thanks again

Kaspersky log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, June 19, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, June 18, 2010 15:59:06
Records in database: 4291682
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Objects scanned: 154920
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 00:51:13

No threats found. Scanned area is clean.

Selected area has been scanned.

Log in or Sign up

Solved Still getting pop-up ad on reboot from Antimalware Doctor

shbshg Inactive Thread Starter

broni Moderator Malware Analyst

shbshg Inactive Thread Starter

broni Moderator Malware Analyst

shbshg Inactive Thread Starter

shbshg Inactive Thread Starter

shbshg Inactive Thread Starter

shbshg Inactive Thread Starter

broni Moderator Malware Analyst

shbshg Inactive Thread Starter

broni Moderator Malware Analyst

shbshg Inactive Thread Starter

shbshg Inactive Thread Starter

broni Moderator Malware Analyst

shbshg Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

shbshg Inactive Thread Starter

shbshg Inactive Thread Starter

shbshg Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Still getting pop-up ad on reboot from Antimalware Doctor

shbshg Inactive Thread Starter

broni Moderator Malware Analyst

shbshg Inactive Thread Starter

broni Moderator Malware Analyst

shbshg Inactive Thread Starter

shbshg Inactive Thread Starter

shbshg Inactive Thread Starter

shbshg Inactive Thread Starter

broni Moderator Malware Analyst

shbshg Inactive Thread Starter

broni Moderator Malware Analyst

shbshg Inactive Thread Starter

shbshg Inactive Thread Starter

broni Moderator Malware Analyst

shbshg Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

shbshg Inactive Thread Starter

shbshg Inactive Thread Starter

shbshg Inactive Thread Starter

Share This Page

Useful Searches