I have MS Removal Tool stuck on my PC, tried to remove but failed ...

Hello there, I have, as the title suggests, the ''MS Renoval Tool' stuck on my PC. It landed about 2hrs ago and I've tried, unsucessfully, to remove it by following the suggestion you've kindly provided, ie running the Malwarebytes programme.

The virus is on my PC with Win 7 and whilst I can start it in safe networking move, my internet connection is via a USB dongle which is unavailable in that safe mode.

This means that when I load MAM it first prompts to say the database is 100+ days out of date and I then can run the apparent latest database, which is no 6092 dated 3/17/2011. That's the newest I can install.

Question: When I ran MAM on my XP netbook , which can connect to the web, I was able to download up to version 6355 dated 4/3/2011, could this be the reason I've still got the virus on my PC and if so, do you know a way to download as a file rather than a straight install, the newer database? This might not be the reason I'm still stuck with the virus, but it would be a quick fix if it were.

Anyhow, I then run MAM on my PC and whilst it did find 4 old adware items, it can't find or therefore remove the ''MS Renoval Tool'.

I've therefore loaded OTL and below listed are the contents of the two txt files.

BTW I am sending this to you via my netbook, rather than the PC that's currently infected.

If you can help I'd be mega happy.

OTL.txt first, extras.txt is at the bottom

I hope you understand some of this, it's all gobbledegook to me so I'm in your hands, treat me gentle.

Kind regards

Thanks in advance,

cashpoortimerich

- - - - - - - - - - - - - - - - -

OTL logfile created on: 14/04/2011 02:16:47 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = I:\downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,013.00 Mb Total Physical Memory | 665.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 20.74 Gb Free Space | 34.56% Space Free | Partition Type: NTFS
Drive D: | 60.01 Gb Total Space | 12.76 Gb Free Space | 21.26% Space Free | Partition Type: NTFS
Drive I: | 1.89 Gb Total Space | 1.71 Gb Free Space | 90.04% Space Free | Partition Type: FAT32

Computer Name: ZOOSTORM-PC | User Name: Parent | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/14 02:14:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- I:\downloads\OTL.com
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/14 02:14:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- I:\downloads\OTL.com
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NILiteClient)
SRV - File not found [On_Demand | Stopped] -- -- (getPlusHelper)
SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/06/07 17:14:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/28 14:47:44 | 001,737,464 | ---- | M] () [Auto | Stopped] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2009/08/25 11:45:24 | 000,712,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvmon.exe -- (ServiceMonitor)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/06/14 18:02:12 | 000,017,408 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- c:\xampp\apache\bin\apache.exe -- (Apache2.2)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/01/28 14:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2010/01/28 13:34:30 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/01/28 13:34:30 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2010/01/19 12:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:48 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:48 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/08/01 17:10:10 | 000,058,400 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/10 22:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/03/30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/09/26 18:06:24 | 000,129,824 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2008/09/26 18:06:24 | 000,032,048 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2007/06/25 06:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 2F 7D 46 BF 92 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: foxyseotool@foxyseotool.com:0.8.5
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/15 19:34:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/12 11:41:21 | 000,000,000 | ---D | M]

[2011/03/15 19:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Parent\AppData\Roaming\mozilla\Extensions
[2011/03/16 10:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Parent\AppData\Roaming\mozilla\Firefox\Profiles\t6eyg30a.default\extensions
[2011/03/16 10:16:19 | 000,000,000 | ---D | M] (Foxy SEO Tool) -- C:\Users\Parent\AppData\Roaming\mozilla\Firefox\Profiles\t6eyg30a.default\extensions\foxyseotool@foxyseotool.com
[2011/03/15 19:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/03 17:43:40 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/03/03 17:43:40 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/03/03 17:43:40 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/03 17:43:40 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NIHomeAM] File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\RunOnce: [lOf01804hEcMk01804] C:\ProgramData\lOf01804hEcMk01804\lOf01804hEcMk01804.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1a653164-1cd4-11df-9b38-002268830b13}\Shell - "" = AutoRun
O33 - MountPoints2\{1a653164-1cd4-11df-9b38-002268830b13}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1baba7f0-a524-11df-b788-002268830b13}\Shell - "" = AutoRun
O33 - MountPoints2\{1baba7f0-a524-11df-b788-002268830b13}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{22b47024-a585-11df-a4c4-002268830b13}\Shell - "" = AutoRun
O33 - MountPoints2\{22b47024-a585-11df-a4c4-002268830b13}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{742c055d-1bc7-11df-bbb7-002268830b13}\Shell - "" = AutoRun
O33 - MountPoints2\{742c055d-1bc7-11df-bbb7-002268830b13}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{742c0599-1bc7-11df-bbb7-002268830b13}\Shell - "" = AutoRun
O33 - MountPoints2\{742c0599-1bc7-11df-bbb7-002268830b13}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{75d7f1d1-31a4-11df-9a77-002268830b13}\Shell - "" = AutoRun
O33 - MountPoints2\{75d7f1d1-31a4-11df-9a77-002268830b13}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{95ea1251-ff4c-11de-97d8-002268830b8e}\Shell - "" = AutoRun
O33 - MountPoints2\{95ea1251-ff4c-11de-97d8-002268830b8e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{95ea1254-ff4c-11de-97d8-002268830b8e}\Shell - "" = AutoRun
O33 - MountPoints2\{95ea1254-ff4c-11de-97d8-002268830b8e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ad46391a-47e2-11e0-b10e-937a6d7bdd2a}\Shell - "" = AutoRun
O33 - MountPoints2\{ad46391a-47e2-11e0-b10e-937a6d7bdd2a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cc7a40cd-0c9e-11e0-b7ca-924b77dcc052}\Shell - "" = AutoRun
O33 - MountPoints2\{cc7a40cd-0c9e-11e0-b7ca-924b77dcc052}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fd893a7d-1bba-11df-a460-002268830b13}\Shell - "" = AutoRun
O33 - MountPoints2\{fd893a7d-1bba-11df-a460-002268830b13}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/14 01:58:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/14 01:58:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/14 01:58:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/04/14 01:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/14 00:03:17 | 000,000,000 | ---D | C] -- C:\Users\Parent\AppData\Roaming\Malwarebytes
[2011/04/14 00:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/13 23:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\lOf01804hEcMk01804
[2011/04/12 11:33:25 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV
[2011/04/07 09:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youda Farmer 2 Save the Village
[2011/04/05 14:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Youdagames
[2011/04/05 14:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Youdagames
[2011/04/05 14:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youda Survivor
[2011/03/15 19:35:17 | 000,000,000 | ---D | C] -- C:\Users\Parent\AppData\Roaming\Mozilla
[2011/03/15 19:35:17 | 000,000,000 | ---D | C] -- C:\Users\Parent\AppData\Local\Mozilla
[2011/03/15 19:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/03/15 19:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2011/04/14 02:11:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/14 02:11:46 | 796,794,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/14 02:10:39 | 000,013,888 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/14 02:10:39 | 000,013,888 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/14 02:07:44 | 000,695,436 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/14 02:07:44 | 000,135,610 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/14 01:58:45 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/09 09:13:27 | 000,025,256 | ---- | M] () -- C:\windows\System32\srvmon.startuplog
[2011/04/04 01:32:28 | 000,000,632 | RHS- | M] () -- C:\Users\Parent\ntuser.pol

========== Files Created - No Company Name ==========

[2011/04/14 01:58:45 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/07 13:41:53 | 000,010,240 | ---- | C] () -- C:\windows\System32\drivers\mdvrmng.sys
[2011/03/06 17:42:11 | 000,069,632 | ---- | C] () -- C:\windows\System32\xmltok.dll
[2011/03/06 17:42:10 | 000,036,864 | ---- | C] () -- C:\windows\System32\xmlparse.dll
[2010/12/22 20:29:22 | 000,000,000 | ---- | C] () -- C:\windows\iplayer.INI
[2010/02/18 00:02:27 | 000,007,602 | ---- | C] () -- C:\Users\Parent\AppData\Local\Resmon.ResmonCfg
[2010/02/17 16:45:35 | 001,956,841 | ---- | C] () -- C:\Users\Parent\AppData\Roaming\UserTile.png
[2010/01/19 12:49:54 | 000,466,944 | ---- | C] () -- C:\windows\System32\RemoveDevice.dll
[2010/01/12 09:54:29 | 000,712,704 | ---- | C] () -- C:\windows\System32\srvmon.exe
[2010/01/12 08:59:41 | 000,071,259 | ---- | C] () -- C:\windows\Huawei ModemsUninstall.exe
[2010/01/11 13:18:06 | 000,140,288 | ---- | C] () -- C:\windows\System32\igfxtvcx.dll
[2009/11/04 16:40:15 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,357,384 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,695,436 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,135,610 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:19:49 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

< End of report >
OTL Extras logfile created on: 14/04/2011 02:16:47 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = I:\downloads
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,013.00 Mb Total Physical Memory | 665.00 Mb Available Physical Memory | 66.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 20.74 Gb Free Space | 34.56% Space Free | Partition Type: NTFS
Drive D: | 60.01 Gb Total Space | 12.76 Gb Free Space | 21.26% Space Free | Partition Type: NTFS
Drive I: | 1.89 Gb Total Space | 1.71 Gb Free Space | 90.04% Space Free | Partition Type: FAT32

Computer Name: ZOOSTORM-PC | User Name: Parent | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{080FA612-A404-417E-A76B-7B6B0A8F3B64}" = Youda Survivor
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29031977-EF5E-446E-B3E1-E66B6FA3895D}" = SCRABBLE® 2005 EDITION
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3350C8F4-61A6-4EE5-BB2B-DF74BF918974}" = Schoolhouse Bingo 2
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3620A7E6-E6ED-4D74-B609-5A8130F54ABB}" = Youda Farmer 2 Save the Village
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{66F4E59B-6022-4BC0-B500-27ABA9EFF6E6}" = Math Resource Studio
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C8A611-8059-44EB-8513-C86A6B3A9C5F}" = Mathcad 2001i Professional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{89BDD6F0-A337-4081-8A42-9AD8B9C5D1B3}" = Vocabulary Worksheet Factory 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B39B512-1E22-45B6-9561-83DBFEA00A33}" = BECTA Home Access Activation Tool
"{9B6063C2-2194-486B-89B6-75AFD269029C}" = Skies of War
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F73FDEF-DDC1-4307-9D96-13AB3254641A}_is1" = Doctor Who: The Adventure Games
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0183E30-0E7C-4745-B3AC-F570C2D34D81}" = Design Tools - 2D Design V2 Student
"{B09B47DC-8775-9A6D-C482-1265E615E87D}" = Creeper World DEMO
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB8CEC42-30B1-4F49-BD06-9393EB81CCF7}" = SPSS 13.0 for Windows
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
"{DF204E20-C29C-4434-BCFE-D9BAF76CEF8D}" = Sun ODF Plugin for Microsoft Office 3.1
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E99EB1FA-FD6B-4451-9860-4BDF6A42D9CA}" = Schoolhouse Test 3
"{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F3B899DB-B138-4698-BE99-A4271BCA47A4}" = MatchWare MindView 3.0 Home Access
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FBD24C29-4277-4EEF-ACA9-0C302D939B1B}_is1" = Telepath Psy Arena 2 Demo 1.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CreeperWorldDEMO.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1" = Creeper World DEMO
"Finale SongWriter 2010" = Finale SongWriter 2010
"Foxit Reader" = Foxit Reader
"GamersFirst LIVE!" = GamersFirst LIVE!
"Huawei Modems" = Huawei modem
"InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III Complete Edition
"InstallShield_{76C8A611-8059-44EB-8513-C86A6B3A9C5F}" = Mathcad 2001i Professional
"InstallShield_{DE057B84-3977-4107-AA5C-BD0600CDC8DF}" = MINITAB 14 Student
"InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"InterActual Player" = InterActual Player
"M248 Data Files" = M248 Data Files
"M248 SUStats" = M248 SUStats
"M249 CD-ROM 1" = M249 CD-ROM 1
"M249 CD-ROM 2" = M249 CD-ROM 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"STANDARD" = Microsoft Office Standard 2007
"TVWiz" = Intel(R) TV Wizard
"WinBUGS 1.4" = WinBUGS 1.4
"WinLiveSuite" = Windows Live Essentials
"xampp" = XAMPP 1.6.7
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Power Loader" = Power Challenge Game Plugin

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/04/2011 20:11:14 | Computer Name = Zoostorm-PC | Source = EventSystem | ID = 4621
Description =

Error - 11/04/2011 15:59:59 | Computer Name = Zoostorm-PC | Source = EventSystem | ID = 4622
Description =

Error - 12/04/2011 16:15:55 | Computer Name = Zoostorm-PC | Source = EventSystem | ID = 4621
Description =

Error - 12/04/2011 16:36:39 | Computer Name = Zoostorm-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 12/04/2011 16:40:33 | Computer Name = Zoostorm-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\Issist\izoom
standard 3b\InProc.exe". Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/04/2011 16:40:38 | Computer Name = Zoostorm-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search box extension\SrchBxEx.dll".Error in manifest or policy
file "c:\program files\microsoft\search enhancement pack\search box extension\SrchBxEx.dll"
on line 2. Invalid Xml syntax.

Error - 12/04/2011 16:40:38 | Computer Name = Zoostorm-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
enhancement pack\search helper\SearchHelper.dll".Error in manifest or policy file
"c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
on line 2. Invalid Xml syntax.

Error - 12/04/2011 16:41:12 | Computer Name = Zoostorm-PC | Source = System Restore | ID = 8193
Description =

Error - 12/04/2011 19:00:04 | Computer Name = Zoostorm-PC | Source = System Restore | ID = 8193
Description =

Error - 13/04/2011 11:04:55 | Computer Name = Zoostorm-PC | Source = EventSystem | ID = 4621
Description =

[ OSession Events ]
Error - 04/01/2011 13:52:41 | Computer Name = Zoostorm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04/01/2011 13:59:15 | Computer Name = Zoostorm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04/01/2011 13:59:32 | Computer Name = Zoostorm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04/01/2011 14:00:10 | Computer Name = Zoostorm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04/01/2011 14:00:16 | Computer Name = Zoostorm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04/02/2011 08:38:42 | Computer Name = Zoostorm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/02/2011 13:49:52 | Computer Name = Zoostorm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 23/02/2011 16:27:47 | Computer Name = Zoostorm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/03/2011 17:00:40 | Computer Name = Zoostorm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 443
seconds with 420 seconds of active time. This session ended with a crash.

Error - 11/03/2011 07:22:41 | Computer Name = Zoostorm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 30 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 13/04/2011 19:50:23 | Computer Name = Zoostorm-PC | Source = DCOM | ID = 10005
Description =

Error - 13/04/2011 19:50:25 | Computer Name = Zoostorm-PC | Source = DCOM | ID = 10005
Description =

Error - 13/04/2011 19:50:25 | Computer Name = Zoostorm-PC | Source = DCOM | ID = 10005
Description =

Error - 13/04/2011 21:05:06 | Computer Name = Zoostorm-PC | Source = DCOM | ID = 10010
Description =

Error - 13/04/2011 21:06:09 | Computer Name = Zoostorm-PC | Source = DCOM | ID = 10016
Description =

Error - 13/04/2011 21:11:59 | Computer Name = Zoostorm-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache MpFilter spldr UimBus Uim_IM Wanarpv6

Error - 13/04/2011 21:12:06 | Computer Name = Zoostorm-PC | Source = DCOM | ID = 10005
Description =

Error - 13/04/2011 21:12:13 | Computer Name = Zoostorm-PC | Source = DCOM | ID = 10005
Description =

Error - 13/04/2011 21:12:15 | Computer Name = Zoostorm-PC | Source = DCOM | ID = 10005
Description =

Error - 13/04/2011 21:12:16 | Computer Name = Zoostorm-PC | Source = DCOM | ID = 10005
Description =


< End of report >

whilst waiting for a reply (no offence meant, it's just that I couldn't sleep) I found further info from others who had also had the same virus.

The method that worked for me (hopefully permanently) and had worked for them was listed here

http://www.precisesecurity.com/rogue/microsoft-removal-tool/

The basic steps are

- reboot in safe mode
- open windows explorer
- take a look through the folders to see what names exist
- then open the options tab to allow hidden files and folders to be seen
- look through again to see what's now turned up
- you should see a folder \ProgramData (or suchlike)
- open that and you'll find a folder with a very long string of random nos and letters
- check it's time stamp and this should be around about when your kit was infected.
Assuming you're in safe mode you can simply delete the two files that are in the folder, one is the virus with the initial date and the other will show a date round about the last time you booted in normal mode.
- then go into recycle bin and chuck those two #%6~* away!
- a reboot in normal mode now follows

If you're lucky this will have cleared out the problem.

It worked for me, however, my personal preferences for screen backgrounds etc, were lost (I'm on Win 7 pro) so I needed to reselect them in control panel, but that's a minor problem compared to where I was about 7 hours previously.

A big caveat - I am NOT a pc pro so what I write might be wrong, check the link above for further info, but this did work for me.

Good luck all

cashpoortimerich

Status update: my first two posts were made from my XP netbook, this is being made via my Win7 PC. It is now free from the virus (at least as far as I can tell.)

I used the steps as listed above and then was able to log in under normal (not safe) mode and then download the latest config file for MWM.

However, since I had deleted the rogue files by selecting them, the virus prog came up blank (which is a sort of good thing, anyhow)

I've run this, plus microsofts own prog (the one with the green flag in the taskbar) and also Ccleaner and now when rebooting I have the display settings I want.

BTW if you too lose your display settings, just go into control panel, pick them again and remember to re-save them, perhaps giving them a new name such as today's date.

Then if you reboot you should find all is well.

Obviously take my ideas with a pinch of salt, as I'm not one of the gurus on here, but I hope this can be verified as I found it has worked for me.

HTH

PS got infected 11:23pm last night and clean by about 6pm this morning (that's cold, Peterborough, UK time)

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Belahzur, thanks for the post and suggestions. May I check I'm correctly following your advice:

1. I've downloaded the renamed commy.exe file to my desktop and after disabling MSE I've run it via start with the string as given, being, "%userprofile%\desktop\commy.exe" /stepdel

2. I then get a blue screen ( like an old MS DOS screen ) appearing and commy.exe says it's preparing to work and then a second screen states it's making a back up of 16 registry files, which closes when complete

3. Commy.exe then appears to stop.

4. I let it sit there for about 5 mins and there was no change to the DOS style screen so I X'd out and re-run it with the same result.

Am I meant to let it run and the lack of a change to the text in that box is ok, or am I doing something wrong?

Many thanks,

cashpoortimerich

Hello.

Please download TDSSKiller from here and save it to your Desktop.

• Doubleclick TDSSKiller.exe to run the tool
  
• Click the Start Scan button
  
• After the scan has finished, click the Close button
  
• Click the Report button and copy/paste the contents of it into your next reply
  

Note:It will also create a log in the C:\ directory.

Thanks Belahzur, sorry for the delay in my reply ( it's 3:55 am here inthe UK ) I just checked this page and have now downloaded TDSSKiller.exe as you suggested and run that prog.

When it finished it reported 'nothing found' in its own screen.

Below is the log file that it created:

2011/04/16 03:47:23.0006 5904 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/16 03:47:25.0010 5904 ================================================================================
2011/04/16 03:47:25.0010 5904 SystemInfo:
2011/04/16 03:47:25.0010 5904
2011/04/16 03:47:25.0010 5904 OS Version: 6.1.7601 ServicePack: 1.0
2011/04/16 03:47:25.0010 5904 Product type: Workstation
2011/04/16 03:47:25.0011 5904 ComputerName: ZOOSTORM-PC
2011/04/16 03:47:25.0011 5904 UserName: Parent
2011/04/16 03:47:25.0011 5904 Windows directory: C:\windows
2011/04/16 03:47:25.0011 5904 System windows directory: C:\windows
2011/04/16 03:47:25.0011 5904 Processor architecture: Intel x86
2011/04/16 03:47:25.0011 5904 Number of processors: 2
2011/04/16 03:47:25.0011 5904 Page size: 0x1000
2011/04/16 03:47:25.0011 5904 Boot type: Normal boot
2011/04/16 03:47:25.0011 5904 ================================================================================
2011/04/16 03:47:27.0536 5904 Initialize success
2011/04/16 03:47:55.0996 3352 ================================================================================
2011/04/16 03:47:55.0996 3352 Scan started
2011/04/16 03:47:55.0996 3352 Mode: Manual;
2011/04/16 03:47:55.0996 3352 ================================================================================
2011/04/16 03:47:56.0394 3352 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
2011/04/16 03:47:56.0475 3352 61883 (beb5e6a8c17c3c7485563281e0f9e77e) C:\windows\system32\DRIVERS\61883.sys
2011/04/16 03:47:56.0560 3352 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
2011/04/16 03:47:56.0622 3352 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
2011/04/16 03:47:56.0699 3352 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/04/16 03:47:56.0746 3352 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/04/16 03:47:56.0784 3352 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/04/16 03:47:56.0867 3352 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\windows\system32\drivers\afd.sys
2011/04/16 03:47:56.0927 3352 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
2011/04/16 03:47:56.0985 3352 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/04/16 03:47:57.0055 3352 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
2011/04/16 03:47:57.0089 3352 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
2011/04/16 03:47:57.0124 3352 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
2011/04/16 03:47:57.0194 3352 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/04/16 03:47:57.0214 3352 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/04/16 03:47:57.0296 3352 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys
2011/04/16 03:47:57.0343 3352 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/04/16 03:47:57.0395 3352 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys
2011/04/16 03:47:57.0465 3352 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
2011/04/16 03:47:57.0549 3352 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/04/16 03:47:57.0567 3352 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/04/16 03:47:57.0630 3352 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/04/16 03:47:57.0670 3352 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
2011/04/16 03:47:57.0749 3352 Avc (c44bdd77e06053cf5afe046f3a47c16b) C:\windows\system32\DRIVERS\avc.sys
2011/04/16 03:47:57.0831 3352 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/04/16 03:47:57.0893 3352 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/04/16 03:47:57.0986 3352 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/04/16 03:47:58.0048 3352 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/04/16 03:47:58.0088 3352 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
2011/04/16 03:47:58.0119 3352 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/04/16 03:47:58.0145 3352 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/04/16 03:47:58.0186 3352 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/04/16 03:47:58.0218 3352 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/04/16 03:47:58.0259 3352 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/04/16 03:47:58.0280 3352 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/04/16 03:47:58.0314 3352 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/04/16 03:47:58.0386 3352 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/04/16 03:47:58.0446 3352 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
2011/04/16 03:47:58.0484 3352 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/04/16 03:47:58.0539 3352 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/04/16 03:47:58.0602 3352 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/04/16 03:47:58.0642 3352 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
2011/04/16 03:47:58.0689 3352 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/04/16 03:47:58.0719 3352 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/04/16 03:47:58.0794 3352 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
2011/04/16 03:47:58.0853 3352 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/04/16 03:47:58.0923 3352 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\windows\system32\drivers\csc.sys
2011/04/16 03:47:58.0993 3352 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
2011/04/16 03:47:59.0044 3352 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/04/16 03:47:59.0084 3352 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/04/16 03:47:59.0152 3352 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/04/16 03:47:59.0209 3352 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
2011/04/16 03:47:59.0338 3352 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/04/16 03:47:59.0442 3352 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/04/16 03:47:59.0499 3352 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
2011/04/16 03:47:59.0594 3352 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/04/16 03:47:59.0658 3352 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/04/16 03:47:59.0697 3352 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/04/16 03:47:59.0745 3352 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/04/16 03:47:59.0772 3352 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/04/16 03:47:59.0797 3352 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/04/16 03:47:59.0846 3352 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/04/16 03:47:59.0899 3352 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/04/16 03:47:59.0982 3352 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
2011/04/16 03:48:00.0040 3352 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/04/16 03:48:00.0099 3352 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
2011/04/16 03:48:00.0152 3352 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/04/16 03:48:00.0228 3352 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/04/16 03:48:00.0308 3352 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
2011/04/16 03:48:00.0385 3352 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
2011/04/16 03:48:00.0420 3352 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/04/16 03:48:00.0472 3352 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/04/16 03:48:00.0557 3352 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/04/16 03:48:00.0770 3352 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
2011/04/16 03:48:00.0863 3352 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
2011/04/16 03:48:00.0945 3352 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
2011/04/16 03:48:01.0015 3352 hwdatacard (988c0a49f09d75d3341cb419141793c1) C:\windows\system32\DRIVERS\ewusbmdm.sys
2011/04/16 03:48:01.0066 3352 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
2011/04/16 03:48:01.0139 3352 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\windows\system32\DRIVERS\ewusbdev.sys
2011/04/16 03:48:01.0293 3352 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
2011/04/16 03:48:01.0347 3352 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys
2011/04/16 03:48:01.0516 3352 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/04/16 03:48:01.0682 3352 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/04/16 03:48:01.0799 3352 IntcAzAudAddService (0a0e3c041c20c4175e1cc6580138ca38) C:\windows\system32\drivers\RTKVHDA.sys
2011/04/16 03:48:02.0074 3352 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
2011/04/16 03:48:02.0131 3352 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/04/16 03:48:02.0175 3352 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/04/16 03:48:02.0246 3352 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
2011/04/16 03:48:02.0302 3352 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/04/16 03:48:02.0354 3352 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/04/16 03:48:02.0390 3352 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
2011/04/16 03:48:02.0430 3352 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
2011/04/16 03:48:02.0470 3352 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
2011/04/16 03:48:02.0536 3352 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
2011/04/16 03:48:02.0593 3352 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
2011/04/16 03:48:02.0643 3352 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
2011/04/16 03:48:02.0734 3352 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/04/16 03:48:02.0792 3352 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/04/16 03:48:02.0834 3352 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/04/16 03:48:02.0877 3352 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/04/16 03:48:02.0900 3352 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/04/16 03:48:02.0951 3352 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/04/16 03:48:03.0014 3352 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\windows\system32\drivers\massfilter.sys
2011/04/16 03:48:03.0080 3352 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\windows\system32\drivers\mdvrmng.sys
2011/04/16 03:48:03.0416 3352 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/04/16 03:48:03.0468 3352 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/04/16 03:48:03.0519 3352 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/04/16 03:48:03.0543 3352 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/04/16 03:48:03.0605 3352 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
2011/04/16 03:48:03.0655 3352 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/04/16 03:48:03.0702 3352 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
2011/04/16 03:48:03.0835 3352 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\windows\system32\DRIVERS\MpFilter.sys
2011/04/16 03:48:03.0894 3352 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
2011/04/16 03:48:04.0523 3352 MpKsle7dd92fb (5f53edfead46fa7adb78eee9ecce8fdf) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{417497F2-2F0D-4ACD-8FAF-D181AD476295}\MpKsle7dd92fb.sys
2011/04/16 03:48:04.0675 3352 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\windows\system32\DRIVERS\MpNWMon.sys
2011/04/16 03:48:04.0724 3352 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/04/16 03:48:04.0789 3352 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
2011/04/16 03:48:04.0850 3352 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/04/16 03:48:04.0880 3352 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/04/16 03:48:04.0909 3352 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/04/16 03:48:04.0957 3352 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
2011/04/16 03:48:05.0008 3352 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
2011/04/16 03:48:05.0077 3352 MSDV (114b67c324d64c8195fd3bf93b4df02a) C:\windows\system32\DRIVERS\msdv.sys
2011/04/16 03:48:05.0130 3352 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/04/16 03:48:05.0167 3352 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/04/16 03:48:05.0216 3352 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
2011/04/16 03:48:05.0266 3352 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/04/16 03:48:05.0316 3352 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/04/16 03:48:05.0348 3352 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/04/16 03:48:05.0384 3352 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/04/16 03:48:05.0438 3352 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
2011/04/16 03:48:05.0478 3352 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/04/16 03:48:05.0501 3352 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/04/16 03:48:05.0534 3352 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/04/16 03:48:05.0585 3352 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/04/16 03:48:05.0685 3352 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
2011/04/16 03:48:05.0733 3352 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/04/16 03:48:05.0761 3352 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/04/16 03:48:05.0804 3352 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
2011/04/16 03:48:05.0846 3352 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
2011/04/16 03:48:05.0885 3352 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
2011/04/16 03:48:05.0924 3352 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/04/16 03:48:05.0970 3352 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
2011/04/16 03:48:06.0052 3352 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/04/16 03:48:06.0121 3352 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\windows\system32\DRIVERS\NisDrvWFP.sys
2011/04/16 03:48:06.0185 3352 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/04/16 03:48:06.0231 3352 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/04/16 03:48:06.0295 3352 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys
2011/04/16 03:48:06.0346 3352 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/04/16 03:48:06.0556 3352 nvlddmkm (b0881dda5a8160422561ffab7f0008b1) C:\windows\system32\DRIVERS\nvlddmkm.sys
2011/04/16 03:48:06.0762 3352 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys
2011/04/16 03:48:06.0811 3352 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys
2011/04/16 03:48:06.0856 3352 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
2011/04/16 03:48:06.0904 3352 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
2011/04/16 03:48:06.0991 3352 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/04/16 03:48:07.0043 3352 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
2011/04/16 03:48:07.0076 3352 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/04/16 03:48:07.0125 3352 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
2011/04/16 03:48:07.0175 3352 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
2011/04/16 03:48:07.0207 3352 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/04/16 03:48:07.0262 3352 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/04/16 03:48:07.0296 3352 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/04/16 03:48:07.0414 3352 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/04/16 03:48:07.0440 3352 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/04/16 03:48:07.0510 3352 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/04/16 03:48:07.0560 3352 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/04/16 03:48:07.0604 3352 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/04/16 03:48:07.0636 3352 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/04/16 03:48:07.0694 3352 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/04/16 03:48:07.0875 3352 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/04/16 03:48:07.0949 3352 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/04/16 03:48:07.0988 3352 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/04/16 03:48:08.0017 3352 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/04/16 03:48:08.0070 3352 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
2011/04/16 03:48:08.0106 3352 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/04/16 03:48:08.0158 3352 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/04/16 03:48:08.0209 3352 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\windows\system32\drivers\rdpdr.sys
2011/04/16 03:48:08.0245 3352 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/04/16 03:48:08.0276 3352 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/04/16 03:48:08.0331 3352 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
2011/04/16 03:48:08.0394 3352 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
2011/04/16 03:48:08.0478 3352 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\windows\system32\DRIVERS\RsFx0103.sys
2011/04/16 03:48:08.0512 3352 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/04/16 03:48:08.0560 3352 RTL8167 (05c2613f661584190c752f6184d1c8ef) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/04/16 03:48:08.0629 3352 RTL8169 (b7e1c523e2f7787d700766fc78e01f77) C:\windows\system32\DRIVERS\Rtlh86.sys
2011/04/16 03:48:08.0675 3352 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\windows\system32\drivers\vms3cap.sys
2011/04/16 03:48:08.0754 3352 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
2011/04/16 03:48:08.0800 3352 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
2011/04/16 03:48:08.0883 3352 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/04/16 03:48:08.0932 3352 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/04/16 03:48:08.0960 3352 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/04/16 03:48:09.0021 3352 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/04/16 03:48:09.0102 3352 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
2011/04/16 03:48:09.0126 3352 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
2011/04/16 03:48:09.0186 3352 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
2011/04/16 03:48:09.0219 3352 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/04/16 03:48:09.0270 3352 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
2011/04/16 03:48:09.0301 3352 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/04/16 03:48:09.0340 3352 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/04/16 03:48:09.0375 3352 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/04/16 03:48:09.0428 3352 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/04/16 03:48:09.0521 3352 srv (4e636465a8653ba3bf29f929aa578e6f) C:\windows\system32\DRIVERS\srv.sys
2011/04/16 03:48:09.0557 3352 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\windows\system32\DRIVERS\srv2.sys
2011/04/16 03:48:09.0603 3352 srvnet (1346dff5be932939997d373d61a35626) C:\windows\system32\DRIVERS\srvnet.sys
2011/04/16 03:48:09.0648 3352 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/04/16 03:48:09.0726 3352 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\windows\system32\drivers\vmstorfl.sys
2011/04/16 03:48:09.0762 3352 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\windows\system32\drivers\storvsc.sys
2011/04/16 03:48:09.0797 3352 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
2011/04/16 03:48:09.0907 3352 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\windows\system32\drivers\tcpip.sys
2011/04/16 03:48:09.0987 3352 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\windows\system32\DRIVERS\tcpip.sys
2011/04/16 03:48:10.0038 3352 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
2011/04/16 03:48:10.0091 3352 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
2011/04/16 03:48:10.0112 3352 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
2011/04/16 03:48:10.0159 3352 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
2011/04/16 03:48:10.0205 3352 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
2011/04/16 03:48:10.0294 3352 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/04/16 03:48:10.0356 3352 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
2011/04/16 03:48:10.0393 3352 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
2011/04/16 03:48:10.0441 3352 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/04/16 03:48:10.0497 3352 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
2011/04/16 03:48:10.0584 3352 UimBus (a25e0481da469c3af6ad18c1534b874c) C:\windows\system32\DRIVERS\UimBus.sys
2011/04/16 03:48:10.0621 3352 Uim_IM (ec2ede874e0eb50a509269676cf5f4bd) C:\windows\system32\Drivers\Uim_IM.sys
2011/04/16 03:48:10.0713 3352 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
2011/04/16 03:48:10.0776 3352 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
2011/04/16 03:48:10.0832 3352 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/04/16 03:48:10.0891 3352 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\drivers\usbccgp.sys
2011/04/16 03:48:10.0928 3352 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
2011/04/16 03:48:10.0960 3352 usbehci (cfbce999c057d78979a181c9c60f208e) C:\windows\system32\drivers\usbehci.sys
2011/04/16 03:48:10.0995 3352 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\drivers\usbhub.sys
2011/04/16 03:48:11.0026 3352 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/04/16 03:48:11.0077 3352 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/04/16 03:48:11.0121 3352 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
2011/04/16 03:48:11.0183 3352 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\drivers\USBSTOR.SYS
2011/04/16 03:48:11.0234 3352 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\drivers\usbuhci.sys
2011/04/16 03:48:11.0287 3352 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
2011/04/16 03:48:11.0327 3352 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/04/16 03:48:11.0361 3352 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/04/16 03:48:11.0408 3352 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
2011/04/16 03:48:11.0453 3352 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
2011/04/16 03:48:11.0491 3352 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/04/16 03:48:11.0516 3352 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
2011/04/16 03:48:11.0571 3352 vmbus (c2f2911156fdc7817c52829c86da494e) C:\windows\system32\drivers\vmbus.sys
2011/04/16 03:48:11.0615 3352 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\windows\system32\drivers\VMBusHID.sys
2011/04/16 03:48:11.0657 3352 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
2011/04/16 03:48:11.0695 3352 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/04/16 03:48:11.0745 3352 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
2011/04/16 03:48:11.0791 3352 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/04/16 03:48:11.0829 3352 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\System32\drivers\vwifibus.sys
2011/04/16 03:48:11.0866 3352 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/04/16 03:48:11.0928 3352 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/04/16 03:48:11.0944 3352 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
2011/04/16 03:48:12.0026 3352 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/04/16 03:48:12.0083 3352 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/04/16 03:48:12.0170 3352 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/04/16 03:48:12.0225 3352 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/04/16 03:48:12.0325 3352 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\drivers\WinUSB.SYS
2011/04/16 03:48:12.0379 3352 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
2011/04/16 03:48:12.0448 3352 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/04/16 03:48:12.0526 3352 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
2011/04/16 03:48:12.0589 3352 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/04/16 03:48:12.0724 3352 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/04/16 03:48:12.0769 3352 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\windows\system32\DRIVERS\ZTEusbnmea.sys
2011/04/16 03:48:12.0812 3352 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\windows\system32\DRIVERS\ZTEusbser6k.sys
2011/04/16 03:48:12.0861 3352 ================================================================================
2011/04/16 03:48:12.0861 3352 Scan finished
2011/04/16 03:48:12.0861 3352 ================================================================================

It seems that the steps I took, that of finding the 'hidden' subfolder and deleting the two files, appears to have removed the MS Removal Tool file.

I appreciate your help and if you think there is anything else I should check, please let me know.

Okay, looks good.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

• Check (tick) this box: YES, I accept the Terms of Use.
  
• Click on the Start button next to it.
  
• When prompted to run ActiveX. click Yes.
  
• You will be asked to install an ActiveX. Click Install.
  
• Once installed, the scanner will be initialized.
  
• After the scanner is initialized, click Start.
  
• Check (tick) Remove found threats box.
  
• Check (tick) Scan unwanted applications.
  
• Click on Scan.
  
• It will start scanning. Please be patient.
  
• Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.
  

Hi there Belahzur, thanks for the suggested tool.

I followed the steps you suggested but whilst I could
Check (tick) Remove found threats box, I didn't see the
Check (tick) Scan unwanted applications

Anyhow, I let it run ... and run ... and run. It certainly took a while, 1:58 all in.

At the end the prog reported no viruses found.

When I opened the .txt file to post it in here I could see that all it contained was these two lines:

"ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK"

Possibly I did something wrong but as it didn't find anything that might be why this was all that was in log.txt

What's your take on the situation now?

It seems that all's well, but if you have any further suggested tests you might recommend I'm quite happy to run them.

Please let me know what you think.

Many thanks for your help,

cashpoortimerich

How is the machine running now?

Hi Belahzur, the PC seems A ok now.

We've got it set up with users for each of our family and all of us have been using it without any problems.

As I had mentioned earlier, it did appear that the " go into the hidden folder and delete the files directly " approach had cured the problem, however, I realised that this could have been too simple and that was why I'd asked for help on here.

All the progs we use are ok and there's no issues regarding speed or unexpected programs starting or stopping.

I think it's all ok now.

Okay then, you should be fine to go now.